PrepAway - Latest Free Exam Questions & Answers

Which two statements are true regarding Layer 2 VPNs?

Which two statements are true regarding Layer 2 VPNs? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.

B.
The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical
appliance.

C.
The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge
Service Gateway.

D.
Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.

8 Comments on “Which two statements are true regarding Layer 2 VPNs?

  1. nebula says:

    Agreed A and B.

    From Design Guide:

    The deployment of an L2 VPN service allows extending L2 connectivity across two separate data center locations.

    There are several use cases that can benefit from this functionality, both for enterprise and SP deployments:
    • Enterprise Workload migration/DC Consolidation
    • Service Provider Tenant On-boarding
    • Cloud Bursting (Hybrid Cloud)
    • Stretched

    Some considerations for this specific deployment are listed below:
    • The L2 VPN connection is an SSL tunnel connecting separate networks in each location. The connected separate
    networks offer connectivity to the same address space (IP subnet), which is the characteristic that makes this a L2
    VPN service.
    • The local networks can be of any nature, VLAN or VXLAN and the L2 VPN service can also interconnect networks
    of different nature (VLAN on one site, VXLAN on the other site).
    • Currently this is only a point-to-point service that can be established between two locations. The NSX Edge
    deployed in one DC site takes the role of the L2 VPN server, whereas the NSX Edge in the second site is the L2
    VPN client initiating the connection to the server.
    • The NSX L2 VPN is usually deployed across a network infrastructure interconnecting the sites, provided by a
    Service Provider or owned by the Enterprise. Independently from who owns and manages this network, no specific
    requirements are put on it in terms of latency and bandwidth, nor in terms of MTU. The NSX L2 VPN solution is
    built with much robustness to work pretty much across any available network connection.
    The NSX 6.1 Software release brings many improvements to the L2 VPN solution. Some of the most relevant ones are:
    • With 6.0 releases, it is required to deploy two independent NSX Domains in the two sites that need to be connected.

    This implies the deployment of separate vCenter, NSX Manager and NSX Controller clusters in each location, and
    this may become an issue especially in service provider deployments (as for example for Hybrid Cloud use cases).
    From NSX 6.1 software release onward, it is allowed for a remote NSX Edge deployment (functioning as L2 VPN
    client) without the requirement of NSX at the remote site, basically allowing extending the solution to vSphere-only
    customers.
    • NSX 6.1 release also introduces a third type of interface on the NSX Edge (in addition to the Uplink and Internal
    ones), named Trunk. Leveraging Trunks it is possible to extend L2 connectivity between multiple networks (VLAN
    or VXLAN backed port-groups) deployed on each site (in 6.0 the networks extended were limited to one
    VLAN/VXLAN per NSX Edge).
    • Full HA support for NSX Edge deployed as L2 VPN server or client is introduced from 6.1. A pair of NSX Edges
    working in Active/Standby can hence be deployed in each site.




    0



    0
  2. GoGo says:

    Could anybody please explain why B?
    I thought L2VPN uses proprietary protocol and isn’t compatible with other vendors. So it can’t form L2VPN with any other standard physical appliance. NSX Edge or standalone Edge client is needed on the other side.




    0



    0
  3. arinbiorn says:

    GoGo is correct in that L2VPN uses proprietary protocol. https://communities.vmware.com/message/2456284: “However L2VPN is using proprietary tunneling protocol and not using L2TP or GRE or standard tunneling protocols. The functionality is developed by extending SSLVPN engine of edge; therefore L2VPN uses SSL as transport. And so there is no interop with our SSLVPN & L2VPN since it is proprietary implementation.”




    0



    0

Leave a Reply