ä»æ¥ã¯ãNSX Edge ãæäŸãã VPN æ§æãªãã·ã§ã³ãèŠãŠãããŸãã
äžè¬ã«ãVPN ãã¯ãããžãŒã¯ XNUMX ã€ã®äž»èŠãªã¿ã€ãã«åé¡ã§ããŸãã
- ãµã€ãé VPNã IPSec ã®æãäžè¬çãªçšéã¯ãããšãã°ãæ¬ç€Ÿãããã¯ãŒã¯ãšãªã¢ãŒã ãµã€ããŸãã¯ã¯ã©ãŠãå ã®ãããã¯ãŒã¯ãšã®éã«å®å šãªãã³ãã«ãäœæããããšã§ãã
- ãªã¢ãŒãã¢ã¯ã»ã¹VPNã VPN ã¯ã©ã€ã¢ã³ã ãœãããŠã§ã¢ã䜿çšããŠãåã ã®ãŠãŒã¶ãŒãäŒæ¥ã®ãã©ã€ããŒã ãããã¯ãŒã¯ã«æ¥ç¶ããããã«äœ¿çšãããŸãã
NSX Edge ã§ã¯ãäž¡æ¹ã®ãªãã·ã§ã³ã䜿çšã§ããŸãã
XNUMX ã€ã® NSX EdgeãããŒã¢ã³ãã€ã³ã¹ããŒã«ããã Linux ãµãŒããŒãåãããã¹ããã³ãã䜿çšããŠæ§æããŸãã
IPsec
- vCloud Director ã€ã³ã¿ãŒãã§ã€ã¹ã§ã[管ç] ã»ã¯ã·ã§ã³ã«ç§»åããvDC ãéžæããŸãã [Edge Gateways] ã¿ãã§ãå¿
èŠãª Edge ãéžæããå³ã¯ãªãã¯ã㊠[Edge Gateway Services] ãéžæããŸãã
- NSX Edge ã€ã³ã¿ãŒãã§ã€ã¹ã§ã[VPN-IPsec VPN] ã¿ãã«ç§»åãã[IPsec VPN ãµã€ã] ã»ã¯ã·ã§ã³ã«ç§»åããŠã[+] ãã¯ãªãã¯ããŠæ°ãããµã€ããè¿œå ããŸãã
- å¿
é ãã£ãŒã«ãã«å
¥åããŸãã
- 䜿çšå¯èœ â ãªã¢ãŒã ãµã€ããã¢ã¯ãã£ãã«ããŸãã
- PFS â æ°ããæå·ããŒã以åã®ããŒã«é¢é£ä»ããããŠããªãããšãä¿èšŒããŸãã
- ããŒã«ã« ID ãšããŒã«ã« ãšã³ããã€ã³ãt ã¯ãNSX Edge ã®å€éšã¢ãã¬ã¹ã§ãã
- ããŒã«ã«ãµããããs - IPsec VPN ã䜿çšããããŒã«ã« ãããã¯ãŒã¯ã
- ã㢠ID ãšã㢠ãšã³ããã€ã³ã â ãªã¢ãŒã ãµã€ãã®ã¢ãã¬ã¹ã
- ãã¢ãµãããã â ãªã¢ãŒãåŽã§ IPsec VPN ã䜿çšãããããã¯ãŒã¯ã
- æå·åã¢ã«ãŽãªãºã â ãã³ãã«æå·åã¢ã«ãŽãªãºã ã
- èªèšŒ - ãã¢ãèªèšŒããæ¹æ³ã äºåå ±æããŒãŸãã¯èšŒææžã䜿çšã§ããŸãã
- äºåå ±æéµ - èªèšŒã«äœ¿çšãããäž¡åŽã§äžèŽããå¿ èŠãããããŒãæå®ããŸãã
- ãã£ãã£ãŒã»ãã«ãã³ã»ã°ã«ãŒã â éµäº€æã¢ã«ãŽãªãºã ã
å¿ é ãã£ãŒã«ãã«å ¥åãããããä¿æããã¯ãªãã¯ããŸãã
- å®äºããŸããã
- ãµã€ããè¿œå ããåŸããã¢ã¯ãã£ãåã¹ããŒã¿ã¹ãã¿ãã«ç§»åããŠãIPsec ãµãŒãã¹ãã¢ã¯ãã£ãåããŸãã
- èšå®ãé©çšããããã[çµ±èš] -> [IPsec VPN] ã¿ãã«ç§»åãããã³ãã«ã®ã¹ããŒã¿ã¹ã確èªããŸãã ãã³ãã«ãéèµ·ããŠããã®ãããããŸãã
- Edge Gateway ã³ã³ãœãŒã«ãããã³ãã«ã®ã¹ããŒã¿ã¹ã確èªããŸãã
- show service ipsec - ãµãŒãã¹ã®ã¹ããŒã¿ã¹ã確èªããŸãã
- show service ipsec site - ãµã€ãã®ç¶æ ãšããŽã·ãšãŒãããããã©ã¡ãŒã¿ã«é¢ããæ å ±ã
- show service ipsec sa - ã»ãã¥ãªã㣠ã¢ãœã·ãšãŒã·ã§ã³ (SA) ã®ã¹ããŒã¿ã¹ã確èªããŸãã
- ãªã¢ãŒã ãµã€ããšã®æ¥ç¶ã確èªããŠããŸãã
root@racoon:~# ifconfig eth0:1 | grep inet inet 10.255.255.1 netmask 255.255.255.0 broadcast 0.0.0.0 root@racoon:~# ping -c1 -I 10.255.255.1 192.168.0.10 PING 192.168.0.10 (192.168.0.10) from 10.255.255.1 : 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=63 time=59.9 ms --- 192.168.0.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 59.941/59.941/59.941/0.000 ms
ãªã¢ãŒã Linux ãµãŒããŒããã®èšºæçšã®æ§æãã¡ã€ã«ãšè¿œå ã³ãã³ã:
root@racoon:~# cat /etc/racoon/racoon.conf log debug; path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; listen { isakmp 80.211.43.73 [500]; strict_address; } remote 185.148.83.16 { exchange_mode main,aggressive; proposal { encryption_algorithm aes256; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1536; } generate_policy on; } sainfo address 10.255.255.0/24 any address 192.168.0.0/24 any { encryption_algorithm aes256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } === root@racoon:~# cat /etc/racoon/psk.txt 185.148.83.16 testkey === root@racoon:~# cat /etc/ipsec-tools.conf #!/usr/sbin/setkey -f flush; spdflush; spdadd 192.168.0.0/24 10.255.255.0/24 any -P in ipsec esp/tunnel/185.148.83.16-80.211.43.73/require; spdadd 10.255.255.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/80.211.43.73-185.148.83.16/require; === root@racoon:~# racoonctl show-sa isakmp Destination Cookies Created 185.148.83.16.500 2088977aceb1b512:a4c470cb8f9d57e9 2019-05-22 13:46:13 === root@racoon:~# racoonctl show-sa esp 80.211.43.73 185.148.83.16 esp mode=tunnel spi=1646662778(0x6226147a) reqid=0(0x00000000) E: aes-cbc 00064df4 454d14bc 9444b428 00e2296e c7bb1e03 06937597 1e522ce0 641e704d A: hmac-sha1 aa9e7cd7 51653621 67b3b2e9 64818de5 df848792 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 22 13:46:13 2019 current: May 22 14:07:43 2019 diff: 1290(s) hard: 3600(s) soft: 2880(s) last: May 22 13:46:13 2019 hard: 0(s) soft: 0(s) current: 72240(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 860 hard: 0 soft: 0 sadb_seq=1 pid=7739 refcnt=0 185.148.83.16 80.211.43.73 esp mode=tunnel spi=88535449(0x0546f199) reqid=0(0x00000000) E: aes-cbc c812505a 9c30515e 9edc8c4a b3393125 ade4c320 9bde04f0 94e7ba9d 28e61044 A: hmac-sha1 cd9d6f6e 06dbcd6d da4d14f8 6d1a6239 38589878 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 22 13:46:13 2019 current: May 22 14:07:43 2019 diff: 1290(s) hard: 3600(s) soft: 2880(s) last: May 22 13:46:13 2019 hard: 0(s) soft: 0(s) current: 72240(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 860 hard: 0 soft: 0 sadb_seq=0 pid=7739 refcnt=0
- ãã¹ãŠã®æºåãæŽãããµã€ãéã® IPsec VPN ã皌åããŠããŸãã
ãã®äŸã§ã¯ãã¢èªèšŒã« PSK ã䜿çšããŸãããã蚌ææžèªèšŒãå¯èœã§ãã ãããè¡ãã«ã¯ããã°ããŒãã«æ§æãã¿ãã«ç§»åãã蚌ææžèªèšŒãæå¹ã«ããŠã蚌ææžèªäœãéžæããŸãã
ãŸãããµã€ãã®èšå®ã§èªèšŒæ¹æ³ãå€æŽããå¿ èŠããããŸãã
IPsec ãã³ãã«ã®æ°ã¯ããããã€ããã Edge Gateway ã®ãµã€ãºã«ãã£ãŠç°ãªãããšã«æ³šæããŠãã ãã (ããã«ã€ããŠã¯ããæåã®èšäº ).
SSL-VPN
SSL VPN-Plus ã¯ããªã¢ãŒã ã¢ã¯ã»ã¹ VPN ãªãã·ã§ã³ã® XNUMX ã€ã§ãã ããã«ãããåã ã®ãªã¢ãŒã ãŠãŒã¶ãŒã NSX Edge Gateway ã®èåŸã«ãããã©ã€ããŒã ãããã¯ãŒã¯ã«å®å šã«æ¥ç¶ã§ããããã«ãªããŸãã SSL VPN-plus ã®å Žåãæå·åããããã³ãã«ãã¯ã©ã€ã¢ã³ã (WindowsãLinuxãMac) ãš NSX Edge ã®éã«ç¢ºç«ãããŸãã
- ã»ããã¢ãããå§ããŸãããã Edge Gateway ãµãŒãã¹ã®ã³ã³ãããŒã« ããã«ã§ã[SSL VPN-Plus] ã¿ãã«ç§»åãã[ãµãŒããŒèšå®] ã«ç§»åããŸãã ãµãŒããŒãåä¿¡æ¥ç¶ããªãã¹ã³ããã¢ãã¬ã¹ãšããŒããéžæãããã°ãæå¹ã«ããŠãå¿
èŠãªæå·åã¢ã«ãŽãªãºã ãéžæããŸãã
ããã§ããµãŒããŒã䜿çšãã蚌ææžãå€æŽããããšãã§ããŸãã - ãã¹ãŠã®æºåãå®äºãããããµãŒããŒã®é»æºãå ¥ããèšå®ãä¿åããããšãå¿ããªãã§ãã ããã
- 次ã«ãæ¥ç¶æã«ã¯ã©ã€ã¢ã³ãã«çºè¡ããã¢ãã¬ã¹ã®ããŒã«ãèšå®ããå¿
èŠããããŸãã ãã®ãããã¯ãŒã¯ã¯ãNSX ç°å¢å
ã®æ¢åã®ãµããããããåé¢ãããŠããããããæãã«ãŒããé€ããç©çãããã¯ãŒã¯äžã®ä»ã®ããã€ã¹ã§æ§æããå¿
èŠã¯ãããŸããã
[IP ããŒã«] ã¿ãã«ç§»åãã[+] ãã¯ãªãã¯ããŸãã
- ã¢ãã¬ã¹ããµãããããã¹ã¯ãã²ãŒããŠã§ã€ãéžæããŸãã ããã§ãDNS ãµãŒããŒãš WINS ãµãŒããŒã®èšå®ãå€æŽããããšãã§ããŸãã
- çµæãšããŠåŸãããããŒã«ã
- 次ã«ãVPN ã«æ¥ç¶ãããŠãŒã¶ãŒãã¢ã¯ã»ã¹ã§ãããããã¯ãŒã¯ãè¿œå ããŸãããã [ãã©ã€ããŒã ãããã¯ãŒã¯] ã¿ãã«ç§»åãã[+] ãã¯ãªãã¯ããŸãã
- èšå
¥ããŸãïŒ
- ãããã¯ãŒã¯ - ãªã¢ãŒã ãŠãŒã¶ãŒãã¢ã¯ã»ã¹ã§ããããŒã«ã« ãããã¯ãŒã¯ã
- ãã©ãã£ãã¯ãéä¿¡ããã«ã¯ã次㮠XNUMX ã€ã®ãªãã·ã§ã³ããããŸãã
- ãã³ãã«çµç± - ãã³ãã«çµç±ã§ãããã¯ãŒã¯ã«ãã©ãã£ãã¯ãéä¿¡ããŸãã
â ãã€ãã¹ ãã³ãã« â ãã³ãã«ãçŽæ¥ãã€ãã¹ããŠãã©ãã£ãã¯ããããã¯ãŒã¯ã«éä¿¡ããŸãã - TCP æé©åãæå¹ã«ãã - ãã³ãã«çµç±ãªãã·ã§ã³ãéžæãããã©ããã確èªããŸãã æé©åãæå¹ãªå Žåããã©ãã£ãã¯ãæé©åããããŒãçªå·ãæå®ã§ããŸãã ãã®ç¹å®ã®ãããã¯ãŒã¯äžã®æ®ãã®ããŒãã®ãã©ãã£ãã¯ã¯æé©åãããŸããã ããŒãçªå·ãæå®ããªãå Žåããã¹ãŠã®ããŒãã®ãã©ãã£ãã¯ãæé©åãããŸãã ãã®æ©èœã«ã€ããŠè©³ããèªã
ãã㧠.
- 次ã«ããèªèšŒãã¿ãã«ç§»åããã+ããã¯ãªãã¯ããŸãã èªèšŒã«ã¯ãNSX Edge èªäœã®ããŒã«ã« ãµãŒããŒã䜿çšããŸãã
- ããã§ã¯ãæ°ãããã¹ã¯ãŒããçæããããã®ããªã·ãŒãéžæãããŠãŒã¶ãŒ ã¢ã«ãŠã³ãããããã¯ããããã®ãªãã·ã§ã³ (ãã¹ã¯ãŒããééã£ãŠå
¥åãããå Žåã®åè©Šè¡åæ°ãªã©) ãæ§æã§ããŸãã
- ããŒã«ã«èªèšŒã䜿çšããŠããããããŠãŒã¶ãŒãäœæããå¿ èŠããããŸãã
- ããã§ã¯ãååããã¹ã¯ãŒããªã©ã®åºæ¬çãªãã®ã«å ããŠãããšãã°ãŠãŒã¶ãŒã«ãããã¹ã¯ãŒãã®å€æŽãçŠæ¢ããããéã«æ¬¡åãã°ã€ã³æã«ãã¹ã¯ãŒãã®å€æŽã匷å¶ãããããããšãã§ããŸãã
- å¿ èŠãªãŠãŒã¶ãŒããã¹ãŠè¿œå ãããã[ã€ã³ã¹ããŒã« ããã±ãŒãž] ã¿ãã«ç§»åãã[+] ãã¯ãªãã¯ããŠã€ã³ã¹ããŒã©ãŒèªäœãäœæããŸããããã¯ãªã¢ãŒãã®åŸæ¥å¡ã«ãã£ãŠã€ã³ã¹ããŒã«çšã«ããŠã³ããŒããããŸãã
- +ãæŒããŸãã ã¯ã©ã€ã¢ã³ããæ¥ç¶ãããµãŒããŒã®ã¢ãã¬ã¹ãšããŒããããã³ã€ã³ã¹ããŒã« ããã±ãŒãžãçæãããã©ãããã©ãŒã ãéžæããŸãã
ãã®ãŠã£ã³ããŠã®äžã§ãWindows ã®ã¯ã©ã€ã¢ã³ãèšå®ãæå®ã§ããŸãã éžã¶ïŒ- ãã°ãªã³æã«ã¯ã©ã€ã¢ã³ããéå§ â VPN ã¯ã©ã€ã¢ã³ãããªã¢ãŒã ãã·ã³ã®èµ·åã«è¿œå ãããŸãã
- ãã¹ã¯ããã ã¢ã€ã³ã³ã®äœæ - ãã¹ã¯ãããã« VPN ã¯ã©ã€ã¢ã³ã ã¢ã€ã³ã³ãäœæããŸãã
- ãµãŒã㌠ã»ãã¥ãªãã£èšŒææžã®æ€èšŒ - æ¥ç¶æã«ãµãŒããŒèšŒææžãæ€èšŒããŸãã
ãµãŒããŒã®ã»ããã¢ãããå®äºããŸããã
- 次ã«ãæåŸã®æé ã§äœæããã€ã³ã¹ããŒã« ããã±ãŒãžããªã¢ãŒã PC ã«ããŠã³ããŒãããŸãããã ãµãŒããŒãã»ããã¢ãããããšãã«ããã®å€éšã¢ãã¬ã¹ (185.148.83.16) ãšããŒã (445) ãæå®ããŸããã Web ãã©ãŠã¶ã§ãã®ã¢ãã¬ã¹ã«ã¢ã¯ã»ã¹ããå¿
èŠããããŸãã ç§ã®å Žåã¯ããã§ã
185.148.83.16 ïŒ445ãèªèšŒãŠã£ã³ããŠã§ã¯ãåã«äœæãããŠãŒã¶ãŒèªèšŒæ å ±ãå ¥åããå¿ èŠããããŸãã
- èªèšŒåŸãããŠã³ããŒãå¯èœãªäœæãããã€ã³ã¹ããŒã« ããã±ãŒãžã®ãªã¹ãã衚瀺ãããŸãã XNUMX ã€ã ãäœæããŸããã®ã§ããããããŠã³ããŒãããŸãã
- ãªã³ã¯ãã¯ãªãã¯ãããšãã¯ã©ã€ã¢ã³ãã®ããŠã³ããŒããå§ãŸããŸãã
- ããŠã³ããŒãããã¢ãŒã«ã€ãã解åããã€ã³ã¹ããŒã©ãŒãå®è¡ããŸãã
- ã€ã³ã¹ããŒã«åŸãã¯ã©ã€ã¢ã³ããèµ·åããèªèšŒãŠã£ã³ããŠã§ããã°ã€ã³ããã¯ãªãã¯ããŸãã
- 蚌ææžã®æ€èšŒãŠã£ã³ããŠã§ [ã¯ã] ãéžæããŸãã
- 以åã«äœæãããŠãŒã¶ãŒã®è³æ Œæ
å ±ãå
¥åãããšãæ¥ç¶ãæ£åžžã«å®äºããããšã確èªãããŸãã
- ããŒã«ã« ã³ã³ãã¥ãŒã¿ãŒäžã® VPN ã¯ã©ã€ã¢ã³ãã®çµ±èšã確èªããŸãã
- Windows ã³ãã³ã ã©ã€ã³ (ipconfig / all) ã§ã¯ãè¿œå ã®ä»®æ³ã¢ããã¿ãŒã衚瀺ããããªã¢ãŒã ãããã¯ãŒã¯ãžã®æ¥ç¶ãããããã¹ãŠãæ©èœããŠããããšãããããŸãã
- æåŸã«ãEdge Gateway ã³ã³ãœãŒã«ãã確èªããŸãã
L2 VPN
L2VPN ã¯ãå°ççã«è€æ°ãçµã¿åãããå¿
èŠãããå Žåã«å¿
èŠã«ãªããŸãã
åæ£ãããã¯ãŒã¯ã XNUMX ã€ã®ãããŒããã£ã¹ã ãã¡ã€ã³ã«çµ±åããŸãã
ããã¯ãããšãã°ä»®æ³ãã·ã³ã移è¡ããå Žåã«åœ¹ç«ã¡ãŸããVM ãå¥ã®å°ççé åã«ç§»åããŠãããã·ã³ã¯ãã® IP ã¢ãã¬ã¹èšå®ãä¿æããåã L2 ãã¡ã€ã³å ã«ããä»ã®ãã·ã³ãšã®æ¥ç¶ã倱ããŸããã
ãã®ãã¹ãç°å¢ã§ã¯ã10.10.10.250 ã€ã®ãµã€ããçžäºã«æ¥ç¶ãããããã A ãš B ãšåŒã³ãŸãã24 ã€ã® NSX ãšãåãããã«äœæããã 10.10.10.2 ã€ã®ã«ãŒãã£ã³ã°ããããããã¯ãŒã¯ãç°ãªã Edge ã«æ¥ç¶ãããŠããŸãã ãã·ã³ A ã®ã¢ãã¬ã¹ã¯ 24/XNUMXããã·ã³ B ã®ã¢ãã¬ã¹ã¯ XNUMX/XNUMX ã§ãã
- vCloud Director ã§ã[管ç] ã¿ãã«ç§»åããå¿ èŠãª VDC ã«ç§»åããŠã[çµç¹ VDC ãããã¯ãŒã¯] ã¿ãã«ç§»åããŠãXNUMX ã€ã®æ°ãããããã¯ãŒã¯ãè¿œå ããŸãã
- ã«ãŒãã£ã³ã°ããããããã¯ãŒã¯ ã¿ã€ããéžæãããã®ãããã¯ãŒã¯ã NSX ã«ãã€ã³ãããŸãã [ãµãã€ã³ã¿ãŒãã§ã€ã¹ãšããŠäœæ] ãã§ãã¯ããã¯ã¹ããªã³ã«ããŸãã
- çµæãšããŠãXNUMX ã€ã®ãããã¯ãŒã¯ãåŸãããã¯ãã§ãã ãã®äŸã§ã¯ããããã¯åãã²ãŒããŠã§ã€èšå®ãšåããã¹ã¯ãæ〠network-a ãš network-b ãšåŒã°ããŸãã
- ããã§ã¯ãæåã® NSX ã®èšå®ã«é²ã¿ãŸãããã ããã¯ãããã¯ãŒã¯ A ãæ¥ç¶ãããŠãã NSX ã§ããããµãŒããŒãšããŠæ©èœããŸãã
NSx Edge ã€ã³ã¿ãŒãã§ã€ã¹ã«æ»ãã[VPN] ã¿ã -> [L2VPN] ã«ç§»åããŸãã L2VPN ããªã³ã«ãããµãŒããŒåäœã¢ãŒããéžæãããµãŒããŒã®ã°ããŒãã«èšå®ã§ãã³ãã«ã®ããŒãããªãã¹ã³ããå€éš NSX IP ã¢ãã¬ã¹ãæå®ããŸãã ããã©ã«ãã§ã¯ããœã±ããã¯ããŒã 443 ã§éããŸãããããã¯å€æŽã§ããŸãã ä»åŸã®ãã³ãã«ã®æå·åèšå®ãéžæããããšãå¿ããªãã§ãã ããã
- [ãµãŒã㌠ãµã€ã] ã¿ãã«ç§»åãããã¢ãè¿œå ããŸãã
- ãã¢ããªã³ã«ããååãšèª¬æãèšå®ããå¿
èŠã«å¿ããŠãŠãŒã¶ãŒåãšãã¹ã¯ãŒããèšå®ããŸãã ãã®ããŒã¿ã¯ãåŸã§ã¯ã©ã€ã¢ã³ã ãµã€ããèšå®ãããšãã«å¿
èŠã«ãªããŸãã
[Egress Optimization Gateway Address] ã§ã²ãŒããŠã§ã€ ã¢ãã¬ã¹ãèšå®ããŸãã ããã¯ããããã¯ãŒã¯ã®ã²ãŒããŠã§ã€ãåãã¢ãã¬ã¹ãæã£ãŠãããããIP ã¢ãã¬ã¹ã®ç«¶åãé¿ããããã«å¿ èŠã§ãã 次ã«ãããµãã€ã³ã¿ãŒãã§ãŒã¹ã®éžæããã¿ã³ãã¯ãªãã¯ããŸãã
- ããã§ãç®çã®ãµãã€ã³ã¿ãŒãã§ã€ã¹ãéžæããŸãã èšå®ãä¿åããŸãã
- æ°ããäœæãããã¯ã©ã€ã¢ã³ã ãµã€ããèšå®ã«è¡šç€ºãããŠããããšãããããŸãã
- 次ã«ãã¯ã©ã€ã¢ã³ãåŽããã® NSX ã®æ§æã«é²ã¿ãŸãã
NSX ãµã€ã B ã«ç§»åããVPN -> L2VPN ã«ç§»åããL2VPN ãæå¹ã«ããŠãL2VPN ã¢ãŒããã¯ã©ã€ã¢ã³ã ã¢ãŒãã«èšå®ããŸãã [ã¯ã©ã€ã¢ã³ã ã°ããŒãã«] ã¿ãã§ãNSX A ã®ã¢ãã¬ã¹ãšããŒããèšå®ããŸããããã¯ããµãŒããŒåŽã®ãªã¹ãã³ã° IP ãšããŒããšããŠåã«æå®ããŸããã ãã³ãã«ã確ç«ããããšãã«äžè²«æ§ãä¿ãããããã«ãåãæå·åèšå®ãèšå®ããããšãå¿ èŠã§ãã
äžã«ã¹ã¯ããŒã«ããŠãL2VPN ã®ãã³ãã«ãæ§ç¯ãããµãã€ã³ã¿ãŒãã§ã€ã¹ãéžæããŸãã
[Egress Optimization Gateway Address] ã§ã²ãŒããŠã§ã€ ã¢ãã¬ã¹ãèšå®ããŸãã ãŠãŒã¶ãŒIDãšãã¹ã¯ãŒããèšå®ããŸãã ãµãã€ã³ã¿ãŒãã§ãŒã¹ãéžæããå¿ããã«èšå®ãä¿åããŸãã - å®ã¯ããã ãã§ãã ã¯ã©ã€ã¢ã³ãåŽãšãµãŒããŒåŽã®èšå®ã¯ãããã€ãã®ãã¥ã¢ã³ã¹ãé€ããŠã»ãŒåãã§ãã
- ä»»æã® NSX 㧠[çµ±èš] -> [L2VPN] ã«ç§»åãããšããã³ãã«ãæ©èœããŠããããšãããããŸãã
- ããã§ãEdge Gateway ã®ã³ã³ãœãŒã«ã«ç§»åãããšãARP ããŒãã«å ã®å Edge Gateway ã®äž¡æ¹ã® VM ã®ã¢ãã¬ã¹ã衚瀺ãããŸãã
NSX Edge äžã® VPN ã«ã€ããŠã¯ä»¥äžã§ãã äžæãªç¹ãããå Žåã¯è³ªåããŠãã ããã ããã¯ãNSX Edge ã®äœ¿çšã«é¢ããäžé£ã®èšäºã®æçµéšåã§ããããŸãã ã圹ã«ç«ãŠã°å¹žãã§ã ð
åºæïŒ habr.com