Layer2 Connection between 2 Sites

[wal_ter]

Hello,

Scenario: A few VMs are running in production site. If a VM fail I want to failover certain VMs to DR-site. To avoid complex changes in routing i want to connect the sites with layer2. What is the best practise to span a Ethernet layer2 over two sites?

I know there's a solution with MPLS-VPN (VPLS) or a LanLink. Both are dedicated connections which will come with high costs.
Can I span a Layer2 Connection with a GRE over IPsec Tunnel?
Are there any further possibilitys to get a Layer2 through the internet?

Thanks in advance!

[dellock6]

Hi,
over public internet connections you can also use L2TP or OpenVPN, they have both the ability to create L2 networks over L3 routed internet connections.

Luca.

[tsightler]

My absolute favorite free Layer-2 VPN is Tinc. I have been using it to build Layer-2 mesh networks over Internet connections for years and it has proven to be robust and reliable. It's a simple SSL VPN that allows creation of full mesh networks of pretty much any topology unlike the hub-and-spoke oriented OpenVPN where there's a central server. This allows it to survive the loss of major nodes while maintaining connectivity of the remaining network nodes.

Don't get me wrong, OpenVPN is great too, and can be configured with multiple servers with some redundancy, and is probably all you need for simple point-to-point, but Tinc has saved the day for me during major storms and network outages many times and I've come to trust it.

[dellock6]

Never knew about it, thanks Tom for the hint, I will try it for sure in the future.

Luca.

[wal_ter]

Thanks for the information.
@Luca: If you say L2TP you mean L2TPv3? I've read that L2TP is only for Client VPNs and L2TPv3 is for connection between locations. Do I need additional encryption for this (like IPsec)?

In summary I can use:
VPLS
LANLink
GRE over IPsec
L2TPv3
SSL VPN

Thanks

[dellock6]

Yes it is that one, I've used it once at a customer, created between two Cisco appliances. We were able to replicate an entire datacenter to its new location, 400km apart from each other, by using Veeam replica jobs (and obviously no network reconfiguration).

Luca.

[wal_ter]

Thank you! That's what i need!