Which two statements are true regarding Layer 2 VPNs? (Choose two.)
A.
Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.
B.
The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical
appliance.
C.
The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge
Service Gateway.
D.
Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.
Agreed A and B.
From Design Guide:
The deployment of an L2 VPN service allows extending L2 connectivity across two separate data center locations.
There are several use cases that can benefit from this functionality, both for enterprise and SP deployments:
• Enterprise Workload migration/DC Consolidation
• Service Provider Tenant On-boarding
• Cloud Bursting (Hybrid Cloud)
• Stretched
Some considerations for this specific deployment are listed below:
• The L2 VPN connection is an SSL tunnel connecting separate networks in each location. The connected separate
networks offer connectivity to the same address space (IP subnet), which is the characteristic that makes this a L2
VPN service.
• The local networks can be of any nature, VLAN or VXLAN and the L2 VPN service can also interconnect networks
of different nature (VLAN on one site, VXLAN on the other site).
• Currently this is only a point-to-point service that can be established between two locations. The NSX Edge
deployed in one DC site takes the role of the L2 VPN server, whereas the NSX Edge in the second site is the L2
VPN client initiating the connection to the server.
• The NSX L2 VPN is usually deployed across a network infrastructure interconnecting the sites, provided by a
Service Provider or owned by the Enterprise. Independently from who owns and manages this network, no specific
requirements are put on it in terms of latency and bandwidth, nor in terms of MTU. The NSX L2 VPN solution is
built with much robustness to work pretty much across any available network connection.
The NSX 6.1 Software release brings many improvements to the L2 VPN solution. Some of the most relevant ones are:
• With 6.0 releases, it is required to deploy two independent NSX Domains in the two sites that need to be connected.
This implies the deployment of separate vCenter, NSX Manager and NSX Controller clusters in each location, and
this may become an issue especially in service provider deployments (as for example for Hybrid Cloud use cases).
From NSX 6.1 software release onward, it is allowed for a remote NSX Edge deployment (functioning as L2 VPN
client) without the requirement of NSX at the remote site, basically allowing extending the solution to vSphere-only
customers.
• NSX 6.1 release also introduces a third type of interface on the NSX Edge (in addition to the Uplink and Internal
ones), named Trunk. Leveraging Trunks it is possible to extend L2 connectivity between multiple networks (VLAN
or VXLAN backed port-groups) deployed on each site (in 6.0 the networks extended were limited to one
VLAN/VXLAN per NSX Edge).
• Full HA support for NSX Edge deployed as L2 VPN server or client is introduced from 6.1. A pair of NSX Edges
working in Active/Standby can hence be deployed in each site.
Could anybody please explain why B?
I thought L2VPN uses proprietary protocol and isn’t compatible with other vendors. So it can’t form L2VPN with any other standard physical appliance. NSX Edge or standalone Edge client is needed on the other side.
I agree with GoGo – it does not state it can be any third party.
GoGo is correct in that L2VPN uses proprietary protocol. https://communities.vmware.com/message/2456284: “However L2VPN is using proprietary tunneling protocol and not using L2TP or GRE or standard tunneling protocols. The functionality is developed by extending SSLVPN engine of edge; therefore L2VPN uses SSL as transport. And so there is no interop with our SSLVPN & L2VPN since it is proprietary implementation.”
so which one is correct option A and C?
Very confusing but it seems that EDGE to physical appliance is supported, so yes A,B:
https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUID-989DAA5D-E1DD-46A1-83DC-E56A23D34D76.html
Edge to Physical appliance with IPSec could be, but I think that for L2VPN an NSX Edge is needed on each side
You’ve the most effective web sites
my blog http://wt-forum.com/index.php/topic/5058/