Configuring L2VPN on Standalone NSX-ESG with vSS
search cancel

Configuring L2VPN on Standalone NSX-ESG with vSS

book

Article ID: 315185

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
How to configure L2VPN on Standalone ESG with vSS

Resolution


From the NSX ESG (Server Side):

  • Configure Uplink and Trunk Interface.
  • On The Trunk Interface create Sub-Interface (Take a note of VLAN/VNI and Tunnel ID).
  • On the L2VPN side check the tunnel status and check the Stretched Interfaces from Site Configuration Details.
  • Run following to verify:
    NSX-edge-8-0> show service l2vpn conversion-table
    vid1 vid2 Tag Type action
    =================================

    Egress VLAN Entries
    vid1 vid2 Tag Type action
    =================================
    1201 5000 VLAN TO_VXLAN

    VXLAN Table Entries
    vid1 vid2 Tag Type action
    =================================
    5000 1201 VXLAN TO_VLAN

From Standalone ESG (Client Side):

  • Create a vSS with Trunk (Set VLAN ID to ALL 4095), Uplink and a PG with specific VLAN (Eg: VLAN 250 - Where the VMs will be connected - Behind the Standalone ESG).
  • Deploy the OVA for Standalone L2VPN client (Note: In the vApp options add the Tunnel id matching on Server side).
  • For the Trunk Portgroup on the vSS set Promiscous mode : Check Override : Accept and Rest all can be Unchecked.
  • For the Uplink Portgroup on the vSS keep the settings to default.
  • For the PG created on vSS with specific VLAN keep the settings to default.
  • Attach a VM to PG created with Specific VLAN (e.g.: 250).
  • Run the following:
    nsx-l2vpn-edge> show service l2vpn
    L2 VPN is running.
    ----------------------------------------
    L2 VPN type            : Client
    Tunnel status          : up
    Total bytes sent       : 2651460638
    Total bytes received   : 33559947
    Tx Packet drop         : 5327
    Rx Packet drop         : 0
    Encryption Cipher      : AES128-GCM-SHA256

     ============================

  • Run following:
    nsx-l2vpn-edge> show service l2vpn conversion-table ------------------------> Verify if it has right VLAN and Tunnel ID

    nsx-l2vpn-edge> show service l2vpn conversion-table 
  • If above command is blank perform following:
     
    nsx-l2vpn-edge> en --> enter password --> config t

    nsx-l2vpn-edge> show service l2vpn conversion-table
    vid1 vid2 Tag Type action
    =================================
                                            ------------------------> You will see it doesn't have the records even if the vAPP options were configured correctly
    Egress VLAN Entries
    vid1 vid2 Tag Type action
    =================================
                                            ------------------------> You will see it doesn't have the records even if the vAPP options were configured correctly
    VXLAN Table Entries
    vid1 vid2 Tag Type action
    =================================
    nsx-l2vpn-edge>

    =================================

    nsx-l2vpn-edge(config)# show sub-interface
    Name        Index  TunnelId  NetworkId
    ----------  -----  --------  ---------
    vNic_210    210    200       200       ------------------------> Verify if the Network ID  (VLAN) and Tunnel ID is correct
    ------------- total 1    -------------
  • If above command is not correct perform the following:

         nsx-l2vpn-edge(config)# no sub-interface pairs 200:200  ------------------------> This will remove the existing config

         nsx-l2vpn-edge(config)# show sub-interface
         Name        Index  TunnelId  NetworkId
         ----------  -----  --------  ---------
         ------------- total 0    ------------

  • Then perform following with right config and verify:
    nsx-l2vpn-edge(config)# sub-interface pairs 200:1201
    nsx-l2vpn-edge(config)# show sub-interface
    Name        Index  TunnelId  NetworkId
    ----------  -----  --------  ---------
    vNic_1211   1211   1201      200
    ------------- total 1    -------------
    nsx-l2vpn-edge(config)#

    nsx-l2vpn-edge(config)# l2vpn
    nsx-l2vpn-edge(config-l2vpn)# commit
    nsx-l2vpn-edge(config-l2vpn)# show service l2vpn  conversion-table
    vid1 vid2 Tag Type action
    =================================
    200 1201 VLAN TO_VLAN

    Egress VLAN Entries
    vid1 vid2 Tag Type action
    =================================
    1201 200 VLAN TO_VLAN

    VXLAN Table Entries
    vid1 vid2 Tag Type action
    =================================
    nsx-l2vpn-edge(config-l2vpn)#
  • VMs behind Standalone ESG (Client) and NSX ESG (Server) will then be able to communicate with each other
  • In order to add multiple networks, add Sub-interface to the existing Trunk interface (on the ESG - Server side) with multiple VLAN/VNI and unique tunnel ID and accordingly set the Configs (VLAN and Matching Tunnel ID) on Standalone ESG.

Powered by Wolken Software