L2 TunnelMulti-sito

Multi-site L2 tunnels: extending several LANs into the same cloud

One head office, two branches, one shared DR cloud. How to do it with the Connector without creating IP collisions.

2 min read

TL;DR

Extending several sites into the same DR cloud without IP collisions: one Connector per site, distinct subnets per site, smart routing in the datacentre. Sefthy automatically handles subnet conflicts.

The typical scenario

A company with:

  • main office Bari, LAN 192.168.1.0/24;
  • Milan office, LAN 192.168.10.0/24;
  • Turin office, LAN 192.168.20.0/24;
  • shared DR cloud.

Three Connectors (one per site), three distinct L2 tunnels. In the cloud, three separate VRFs that can communicate via routing controlled by the Sefthy datacentre.

The duplicate subnet problem

What happens if two sites accidentally have the same subnet (classic case: M&A-acquired customers)?

  • address collisions;
  • unstable ARP;
  • packets routing to the wrong place.

Sefthy handles it with two mechanisms:

  1. 1:1 NAT in tunnel: each site keeps its own subnet but is "renumbered" in the datacentre before routing.
  2. Dedicated VRFs: the three sites do not see each other directly, must pass through explicit routing rules.

The typical setup

  1. Connector install at site A → tunnel active;
  2. Connector install at site B → tunnel active;
  3. Connector install at site C → tunnel active;
  4. Console policy configuration: which sites can talk to which;
  5. independent failover drill per site.

Time: 1 day for 3 sites (each Connector activates in 30-60 minutes).

When each site does independent DR

  • site A primary down → VM cloud recovery in A's VRF;
  • site B operates normally;
  • no interference.

Multi-site L2 does not mean "all sites fail together". They are independent events.

When coordinated failover is needed instead

For scenarios where the event impacts multiple sites (e.g. cyber attack on the central corporate network):

  • orchestrated failover of all critical VMs across all sites;
  • restart order defined in the central runbook;
  • cross-site communication in the cloud.

Costs

Three Connectors → three separate fees. Volume discount typically 10-15% above 3 Connectors. Centralised DR cloud remains single.

FAQ

Can I add sites later?

Yes, any time. New site onboarding: 1 day.

External site (e.g. critical supplier)?

Yes, the Connector can also be installed on a supplier's network with their consent.

Thousands of small sites (e.g. retail outlets)?

Yes, Sefthy supports multi-tenant with thousands of Connectors. Retail architecture.

For the L2 pillar, L2 tunnel for DR. For the Connector hardware, NanoPi R3S Connector.

Want to see Sefthy in action?

Same IP, same subnet, RTO in minutes. Try it free for 7 days or talk to one of our specialists.

See pricing Request a demo