namespace:sd-wan_multi-site_l2vpn_service_with_routeros_7.x_part_2

SD-WAN multi-site L2VPN service with RouterOS 7.x (Part 2)

Hello all,

In the previous post I showed you how to create a SD-WAN multi-site L2VPN service using RouterOS7.x, with Wireguard and EoIP. However, I mentioned that there are other technologies/protocols that allow to create the same services. One example is VxLAN (Virtual Extensible Local Area Network), another protocol that allows to encapsulate a layer-2 broadcast domain on top of a layer-3 network (i.e., IP), effectively creating an overlay network. In VxLANs each tunnel is identified by a VNI (VxLAN Network Identifier) and the encapsulation/decapsulation is performed by a VTEP (VxLAN Tunnel End-Point).

To allow comparing both configuration we will use the same topolgoy as in the previous post, as depicted next. As you can see, we have three customer sites (i.e., pink, blue, green boxes) and the SD-WAN core (i.e., grey box). Eeach site has a Mikrotik router running RouterOS 7.x and is connected to the SD-WAN core, which is also running a router with RouterOS 7.x. For the IP addressing we use the CG-NAT address space (i.e., 100.64.0.0/8), but the same would work with a public address space; all is assumed is that the customer sites have IP connectivity over the Internet and that the SD-WAN core and the customer sites can be reached (i.e., required UDP ports on the firewall are open on both ends).

  • namespace/sd-wan_multi-site_l2vpn_service_with_routeros_7.x_part_2.txt
  • Last modified: 2022/05/04 08:56
  • by pere