Configuring L2VPN on Standalone NSX-ESG with vSS
search cancel

Configuring L2VPN on Standalone NSX-ESG with vSS

book

Article ID: 315185

calendar_today

Updated On:

Products

VMware NSX VMware vSphere ESXi

Issue/Introduction

This article provides information on how to configure L2VPN on Standalone ESG with Standard switch.

Environment

VMware NSX
VMware vSphere ESXi

Resolution

From the NSX ESG (Server Side):

  • Configure Uplink and Trunk Interface.
  • On The Trunk Interface create Sub-Interface (Take a note of VLAN/VNI and Tunnel ID).
  • On the L2VPN side check the tunnel status and check the Stretched Interfaces from Site Configuration Details.
  • Run following to verify:
    • NSX-edge-8-0> show service l2vpn conversion-table
      vid1 vid2 Tag Type action
      =================================

      Egress VLAN Entries
      vid1 vid2 Tag Type action
      =================================
      1201 5000 VLAN TO_VXLAN

      VXLAN Table Entries
      vid1 vid2 Tag Type action
      =================================
      5000 1201 VXLAN TO_VLAN

From Standalone ESG (Client Side):

  • Create a vSS with Trunk (Set VLAN ID to ALL 4095), Uplink and a PG with specific VLAN (Eg: VLAN 250 - Where the VMs will be connected - Behind the Standalone ESG).
  • Deploy the OVA for Standalone L2VPN client (Note: In the vApp options add the Tunnel id matching on Server side).
  • For the Trunk Portgroup on the vSS set Promiscous mode : Check Override : Accept and Rest all can be Unchecked.
  • For the Uplink Portgroup on the vSS keep the settings to default.
  • For the PG created on vSS with specific VLAN keep the settings to default.
  • Attach a VM to PG created with Specific VLAN (e.g.: 250).
  • Run the following:
    • nsx-l2vpn-edge> show service l2vpn
      L2 VPN is running.
      ----------------------------------------
      L2 VPN type            : Client
      Tunnel status          : up
      Total bytes sent       : 2651460638
      Total bytes received   : 33559947
      Tx Packet drop         : 5327
      Rx Packet drop         : 0
      Encryption Cipher      : AES128-GCM-SHA256

     ============================

  • Run following:
    • nsx-l2vpn-edge> show service l2vpn conversion-table ------------------------> Verify if it has right VLAN and Tunnel ID
    • nsx-l2vpn-edge> show service l2vpn conversion-table 
  • If above command is blank perform following:
    • nsx-l2vpn-edge> en --> enter password --> config t
    • nsx-l2vpn-edge> show service l2vpn conversion-table

vid1 vid2 Tag Type action
=================================
                                        ------------------------> You will see it doesn't have the records even if the vAPP options were configured correctly
Egress VLAN Entries
vid1 vid2 Tag Type action
=================================
                                        ------------------------> You will see it doesn't have the records even if the vAPP options were configured correctly
VXLAN Table Entries
vid1 vid2 Tag Type action
=================================
nsx-l2vpn-edge>

=================================

nsx-l2vpn-edge(config)# show sub-interface
Name        Index  TunnelId  NetworkId
----------  -----  --------  ---------
vNic_210    210    200       200       ------------------------> Verify if the Network ID  (VLAN) and Tunnel ID is correct
------------- total 1    -------------

  • If above command is not correct perform the following:
    • nsx-l2vpn-edge(config)# no sub-interface pairs 200:200  ------------------------> This will remove the existing config
    • nsx-l2vpn-edge(config)# show sub-interface
      • Name        Index  TunnelId  NetworkId

         ----------  -----  --------  ---------
         ------------- total 0    ------------

  • Then perform following with right config and verify:
    • nsx-l2vpn-edge(config)# sub-interface pairs 200:1201
    • nsx-l2vpn-edge(config)# show sub-interface
      • Name        Index  TunnelId  NetworkId
        ----------  -----  --------  ---------
        vNic_1211   1211   1201      200
        ------------- total 1    -------------
    • nsx-l2vpn-edge(config)#
    • nsx-l2vpn-edge(config)# l2vpn
    • nsx-l2vpn-edge(config-l2vpn)# commit
    • nsx-l2vpn-edge(config-l2vpn)# show service l2vpn  conversion-table
      • vid1 vid2 Tag Type action
        =================================
        200 1201 VLAN TO_VLAN

        Egress VLAN Entries
        vid1 vid2 Tag Type action
        =================================
        1201 200 VLAN TO_VLAN

        VXLAN Table Entries
        vid1 vid2 Tag Type action
        =================================
    • nsx-l2vpn-edge(config-l2vpn)#
  • VMs behind Standalone ESG (Client) and NSX ESG (Server) will then be able to communicate with each other
  • In order to add multiple networks, add Sub-interface to the existing Trunk interface (on the ESG - Server side) with multiple VLAN/VNI and unique tunnel ID and accordingly set the Configs (VLAN and Matching Tunnel ID) on Standalone ESG.

Additional Information

For more information on L2VPN, please refer article: Understanding Layer 2 VPN

Powered by Wolken Software