EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

LAB NSX Configuring L2VPN

LAB NSX Configuring L2VPN

Posted on Jan 17, 2020 (0)

NSX Configuring L2VPN

Task : 

  • Deploy an NSX Edge L2VPN Server on the RegionA01-MGMT01
  • Deploy NSX Edge L2VPN Client on the RegionA01-COMP01 cluster
  • Test the tunnel status to verify a successful configuration.

Solution:

Open the Google Chrome web browser from the desktop

  1. Click Home icon.
  2. Click Networking & Security.

To create the L2VPN Server service, we must first deploy an NSX Edge Gateway for the service to run on.

  1. Click on NSX Edges.
  2. Click on Green Plus icon.

  1. Enter DClessons-L2VPN-Server for Name.
  2. Click Next.

  1. Enter XXXXXXXXXX for Password.
  2. Enter XXXXXXXXXX for Confirm password.
  3. Check Enable SSH access.
  4. Click Next.
  5. Click the Green Plus icon.
  6. Select RegionA01-MGMT01 for Cluster/Resource Pool.
  7. Select RegionA01-ISCSI01-COMP01 for Datastore.
  8. Select esx-05a.corp.local for Host.
  9. Click OK. | Click Next

  1. Click Green Plus icon.
  2. Enter DClessons-L2VPN-Uplink for Name.
  3. Select Uplink for Type.
  4. Click the Green Plus icon.
  5. Enter 192.168.5.5 for Primary IP Address.
  6. Enter 29 for Subnet Prefix Length.
  7. Click the Select link to the right of Connected To. Click the radio button to the left of Transit_Network_01 (5005) to select it.
  8. Click OK | Click OK.

  1. Click Next.
  2. Enter 192.168.5.1 for the Gateway IP.
  3. Click Next.

  1. Check Configure Firewall default policy.
  2. Select Accept for Default Traffic Policy.
  3. Click Next.

Click Finish

 Preparing DClessons-L2VPN-Server NSX Edge for L2VPN Connections

Before we configure the newly deployed NSX Edge for L2VPN connections, we need to complete the following steps:

  1. Adding a Trunk Interface to the L2VPN-Server Edge Gateway.
  2. Adding a Sub Interface to the L2VPN-Server Edge Gateway.
  3. Configuring dynamic routing (OSPF) on the L2VPN-Server Edge Gateway.

Double-click DClessons-L2VPN-Server.

  1. Click Manage.
  2. Click Settings.
  3. Click Interfaces.
  4. Click vnic1.
  5. Click the pencil icon.

Enter L2VPN-Server-Trunk for Name.

  1. Select Trunk for Type.
  2. Click the Select link to the right of Connected To.
  3. Click Distributed Virtual Portgroup.
  4. Click the radio button to the left of Trunk-Network-RegionA01-vDS-MGMT to select it.
  5. Click OK.

Adding a Sub Interface to the Trunk Interface

  1. Click Green Plus icon. This will open the Add Sub Interface pop-up window.
  2. Enter DClessons-L2VPN-SubInterface for Name.
  3. Enter 1 for Tunnel Id.
  4. Select Network for Backing Type.
  5. Click the Green Plus icon.
  6. Enter 172.16.10.1 for Primary IP Address.
  7. Enter 24 for Subnet Prefix Length.
  8. Click the Select link to the right of Network
  9. Click Logical Switch.
  10. Click the radio button to the left of Web_Tier_Logical_Switch (5006) to select it.
  11. Click OK.

Setting the Router ID for this NSX Edge

 Next, we will be configuring dynamic routing on this Edge Gateway.

  1. Click Routing.
  2. Click Global Configuration.
  3. Click Edit to change Dynamic Routing Configuration.

  1. Add DClessons-L2VPNServer-Uplink
  2. Click OK

Click Publish Changes.

Configuring OSPF on the Dclessons-L2VPN-Server NSX Edge

  1. Click OSPF.
  2. Click Green Plus icon under Area to Interface Mapping.
  3. Select DClessons-L2VPN-Uplink as the vNIC.
  4. Enter 0 as the Area.
  5. Click OK.

Click Edit to change OSPF Configuration.

  1. Check Enable OSPF.
  2. Click OK.

Click Publish Changes.

Enable OSPF Route Redistribution

  1. Click Route Redistribution.
  2. Click Edit to change Route Redistribution Status.
  3. Check OSPF.
  4. Click OK.

  1. Click Green Plus icon under Route Redistribution Status.
  2. Check Connected.
  3. Click OK.

  1. Click Publish Changes
  2.  We have performed all prerequisites and will now configure the L2VPN service on this Edge Gateway.

Configuring L2VPN Service on L2VPN-Server NSX Edge

The 172.16.10.1 address belongs to the L2VPN-Server Edge Gateway and routes are being distributed dynamically via OSPF. Next, we will configure the L2VPN service on this Edge Gateway so that the Edge acts as "Server" in the L2VPN connection.

  1. Click VPN.
  2. Click L2 VPN.
  3. Click Change to edit Global Configuration Details.

For the L2 VPN server settings, configure the following values:

  1. Select ECDHE-RSA-AES256-GCM-SHA384 as the Encryption Algorithm.
  2. Click OK.

Add a new Site Configuration

 Click Green Plus icon under Site Configuration Details.

  1. Check Enable Peer Site.
  2. Enter DClessons-Site-2 as the Name.
  3. Enter siteadmin as the User Id.
  4. Enter XXXXXXXXXXXXXX as the Password.
  5. Confirm XXXXXXXXXXX as the Password.
  6. Click Select Sub Interfaces. This will open the Select Object pop-up window.
  7. Select the DClessons-L2VPN-SubInterface object.
  8. Click the Right Arrow to move the selected Available Objects to Selected Objects.
  9. Click OK.

  1. Select Server as the L2VPN Mode.
  2. Click Publish Changes.

Enable L2VPN Server Service

  1.  Click the Start button next to L2 VPN Service Status. This will enable the L2VPNServer service.
  2. Click Publish Changes.

We have completed the configuration for the L2 VPN Server. Next, we will be deploying a new NSX Edge Gateway to act as the L2 VPN Client.

Deploying the L2VPN-Client NSX Edge Gateway

Now that the server side of the L2VPN is configured, we will deploy a new NSX Edge Gateway to act as the L2 VPN client. Before deploying the NSX Edge Gateway L2 VPN Client, we need to configure the Uplink and Trunk distributed port groups on the distributed virtual switch.

Configure Uplink and Trunk Port Groups

  1.  Click Home icon.
  2. Click Networking.

Configure Uplink distributed port group

  1.  Select RegionA01-vDS-COMP.
  2. Click Create a new port group.

Name New Distributed Port Group

  1. Enter Uplink-RegionA01-vDS-COMP for Name.
  2. Click Next.
  3. Click Next. Leave the settings as default.
  4. Click Finish.

We will need to configure another distributed port group named Trunk-Network- RegionA01-vDS-COMP. Repeat the previous steps to create Trunk-Network- RegionA01-vDS-COMP.

Return to Networking & Security

  1. Click Home icon.
  2. Click Networking & Security.
  3.  Click NSX Edges.
  4. Click the Green Plus icon to create a new NSX Edge.

Select Edge Services Gateway as Install Type.

  1. Enter L2VPN-Client as the Name.
  2. Click Next.
  3. Enter XXXXXXXXX for Password.
  4. Enter XXXXXXXXX for Confirm password.
  5. Click Next.
  6. Click Green Plus icon. This will open the Add NSX Edge Appliance pop-up window.
  7. Select RegionA01-COMP02 for Cluster/Resource Pool.
  8. Select RegionA01-ISCSI01-COMP01 for Datastore.
  9. Select esx-03a.corp.local for Host.
  10. Select Discovered virtual machine for Folder.
  11. Click OK.
  12. Click Next.

Configure Interfaces for the L2VPN-Client NSX Edge

  1. Click Green Plus icon.
  2. Enter L2VPN-Client-Uplink as the Name.
  3. Select Uplink as the Type.
  4. Click Green Plus icon to add a new IP address.
  5. Enter 192.168.200.5 as the Primary IP Address.
  6. Enter 24 as the Subnet Prefix Length.
  7. Click the Select link to the right of Connected To.
  8. Click Distributed Virtual Port Group.
  9. Click the radio button to the left of Uplink-RegionA01-vDS-COMP to select it.
  10. Click OK.
  11. Click Next.

Configure Default Gateway

  1. Enter 192.168.200.1 as the Gateway IP.
  2. Click Next.

Firewall and HA Settings

  1. Check Configure Firewall default policy.
  2. Select Accept for Default Traffic Policy.
  3. Click Next.
  4. Click Finish.

Configuring the L2VPN-Client NSX Edge Gateway

 Double-click L2VPN-Client. , Similar to the configuration for L2VPN-Server Edge Gateway, we will also need to add a Trunk interface to this Edge:

  1. Click Manage.
  2. Click Settings.
  3. Click Interfaces.
  4. Click vnic1.
  5. Click the pencil icon.

Configuring the Trunk Interface

  1.  Enter L2PVN-Client-Trunk for Name.
  2. Select Trunk for Type.
  3. Click the Select link to the right of Connected To.
  4. Click Distributed Virtual Port Group.
  5. Select the radio button to the left of Trunk-Network-RegionA01-vDS-COMP.
  6. Click OK.

Configuring Sub Interface

Configure the Sub Interface with the following values Click Green Plus icon.

  1. Enter L2VPN-Client-SubInterface as the Name.
  2. Enter 1 as the Tunnel Id.
  3. Select Network as the Backing Type.
  4. Click Green Plus icon.
  5. Enter 172.16.10.1 as the Primary IP Address.
  6. Enter 24 as the Subnet Prefix Length.
  7. Click the Select link to the right of Network.

Click Distributed Portgroup.

  1. Select the radio button to the left of VM-RegionA01-vDS-COMP.
  2. Click OK.
  3. Click OK.

Configure L2VPN Client Services

  1. Click VPN. | Click L2 VPN.
  2. Select Client for L2VPN Mode.
  3. Click Change to edit the Global Configuration Details.
  4. Enter 192.168.5.5 for Server Address.
  5. Select ECDHE-RSA-AES256-GCM-SHA384 for Encryption algorithm.
  6. Enter siteadmin for User Id.
  7. Enter XXXXXXXX for Password.
  8. Enter XXXXXX for Confirm Password.
  9. Click the Select Sub Interfaces link to the right of Stretched Interfaces.
  10. Select L2VPN-Client-SubInterface from the list of Available Objects.
  11. Click the Right Arrow. This will move the selected objects from Available Objects to Selected Objects.
  12. Click OK.

Click OK.

Enable L2VPN Client Service

  1. Click the Start button to the right of L2VPN Service Status. This will enable the L2VPN Client service.
  2. Click Publish Changes.

 Fetch Status of L2VPN Click the arrow to expand the Tunnel Status view.

  1. Click the Refresh button to update the displayed statistics.
  2. Ensure that the Status is shown as "Up" after the service has been enabled. You may need to click Refresh a few times to observe the updated status.




Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.