This is going to be a short blog post to announce the availability of the NSX vLAB 2.5. In this release i have introduced the following NSX features:
- Site-to-Site L2VPN between the two datacenters. In the Cairo site we have the L2VPN “server” while in the Alexandria site we have the L2VPN “client”.
- I’ve configured the above tunnel to stretch a VXLAN to VXLAN across the two sites. This is to showcase the ability to stretch your L2 networks between sites that have more than 150ms RTT which is the requirement for the native Cross-vCenter NSX universal logical switches.
- In addition to the above site-to-site L2VPN using the NSX full Edge Services Gateways, I have deployed also a new NSX Standalone L2VPN Edge in the remote site as a client connecting to the first L2VPN server in the Cairo site. This is to form a hub-spoke topology and demonstrate also the fact that you can stretch your networks with remote offices (or external clouds) without the need to have a full blown NSX infrastructure running there.
- Last but definitely not least, I have configured a VPN Gateway at the Alexandria site to enable the SSL-VPN for remote users. In the diagram below you can see that the user in the remote office can initiate a dial-in VPN connection to connect to a secured network(s) in the Alexandria site. The user is also authenticated using his/her own active directory domain account and can download his/her VPN client from a self-service portal. The latter is provided as part of the services running on the NSX VPN Gateway (aka ESG).