VMware Networking Community
rajeevsrikant
Expert
Expert
‎01-23-2017 02:28 PM
Jump to solution

L2 Extension to NSX

I have a network which is out of NSX. Say Network A with VLAN 100

I am planning to extend this network into NSX with L2 extension. (Not using L2 Bridging or L2 VPN)

If i do this my understanding is as below for that VLAN.

VMs -> Will be part of VLAN or VXLAN

D.G -> Physical L3 Switch (Not DLR)

NSX Firewall MicroSegmentation - Yes possible

Routing -> Physical L3 Switch (Not DLR)

One Arm Load Balancer - Not possible

Inline Load Balancer - Not possibile

Let me know if my above understanding is right.

0 Kudos
1 Solution

Accepted Solutions
ddesmidt
VMware Employee
VMware Employee
‎01-23-2017 05:45 PM
Jump to solution

Yes you can do that.

In that case, you do NOT configure any logical switch on NSX.

You simply plug the VMs on the vSphere VDS Port Group associated to that VLAN (nothing to do with NSX).

Then about:

. DFW:

You can still use DFW even for VMs plugged on VDS-VLAN_PortGroup.

. LB

You can still do it in one-arm mode (with the Edge-LB connected to the VDS-VLAN_ProtGroup

All good 🙂

Dimitri

View solution in original post

0 Kudos
4 Replies
ddesmidt
VMware Employee
VMware Employee
‎01-23-2017 03:28 PM
Jump to solution

I understand you have your VLAN A (10.1.1.0/24).

And you want to do an L2 extension to VXLAN B. So VXLAN B has the same subnet 10.1.1.0/24.

But you don't explain how you configure the L2 extension.

If that's NOT with L2 Bridging NOR L2 VPN, how is it done?

DImitri

0 Kudos
rajeevsrikant
Expert
Expert
‎01-23-2017 03:54 PM
Jump to solution

My thought process is as below.

I wanted to extend the VLAN A which is currently configured in the Physical L3 switch.

I will extend this VLAN into the ESXi hosts where the NSX are configured. But I will not configure VXLAN for this.

It will be VLAN A with distributed port group.

The D.G will be the physical L3. Its like a simple L2 extension into my ESXi hosts or clusters which are part of NSX.

Let me know if this is correct and can be achieved ?

0 Kudos
ddesmidt
VMware Employee
VMware Employee
‎01-23-2017 05:45 PM
Jump to solution

Yes you can do that.

In that case, you do NOT configure any logical switch on NSX.

You simply plug the VMs on the vSphere VDS Port Group associated to that VLAN (nothing to do with NSX).

Then about:

. DFW:

You can still use DFW even for VMs plugged on VDS-VLAN_PortGroup.

. LB

You can still do it in one-arm mode (with the Edge-LB connected to the VDS-VLAN_ProtGroup

All good 🙂

Dimitri

0 Kudos
cnrz
Expert
Expert
‎01-23-2017 08:53 PM
Jump to solution

If same can be achieved without bridgig, then this option may be preferred. Bridging is appropriate for P-V conversion and during the time that Physical and Virtual machines exist on the same IP subnet, but after the VMs are migrated to VXLAN and no other physical machines remain for this subnet bridging for this Vlan-Vxlan pair may be turned off. One use case may be if there is a site without NSX, and this site has some VMs (as hyperv, kvm  or cloud)  there a need to keep these  VMs on Vlan side, and using other L2 extension technologies for making these segments connected. Even for this scenario L2VPN edge can be installed as a standalone edge to provide this connectivity. If vSphere, I can't think of neccessity of keepeing the  some VMs for certain subnet on Vlan side, and some others on Vxlan side other than during migration.

If the default gateway is Physical L3 switch, for the Vxlan VMs as well as Vlan VMs and Physical Machines, the benefit of using Distributed Routing to increase throughpu is lost t,  as it decrease delay between VMs  and load on the Physical L3 switch.

Load Balancing to Vlan and vxlan VMs might be possible, but again best practice may be to keep VMs on Vxlan side

Regards,