Tip

This is the documentation for the 19.12 version. Looking for the documentation of the latest version? Have a look here.

VXLAN Interfaces

Virtual Extensible LAN, or VXLAN, interfaces can be used to encapsulate Layer 2 frames inside UDP, carrying traffic for multiple L2 networks across Layer 3 connections such as between routed areas of a datacenter, leased lines, or VPNs.

VXLAN tunnels are commonly used to bypass limitations of traditional VLANs on multi-tenant networks and other areas that require large scale L2 connectivity without direct connections.

There are two main components to a VXLAN tunnel: The VXLAN tunnel itself, and the bridge domain used to terminate the tunneled traffic to another local interface.

VXLAN Configuration

A new VXLAN tunnel is created with the vxlan <tunnel-name> command in config mode, which then enters config-vxlan mode.

In config-vxlan mode, the following commands are available:

instance <id>:

Required instance identifier configured on the VXLAN tunnel. Based on this, a new interface will be available in TNSR named vxlan_tunnel<id>. For example, with instance 0 the interface is named vxlan_tunnel0.

vni <u24>:

Required VXLAN Network Identifier

source <ip-addr>:

Required source IP address on TNSR used to send VXLAN tunnel traffic.

destination <ip-addr>:

Required destination IP address for the far side of the tunnel. This can be a multicast address, but if it is, then the multicast interface must also be defined.

encapsulation route-table <rt-table-name>:

Routing table used for VXLAN encapsulation.

multicast interface <if-name>:

Interface used for multicast. Required if the destination address is a multicast address. If defined, the destination address must be multicast.

Note

The source IP address, destination IP address and encapsulation route table must all be of the same address family, either IPv4 or IPv6.

VXLAN-Related Settings

In addition to the VXLAN settings, there are related settings in bridges and interfaces which are used with VXLAN tunnels.

In config-bridge mode, the arp term command to enable ARP termination is needed for bridges used with VXLAN tunnels.

In config-interface mode, when adding an interface to a bridge, the shg (Split Horizon Group) parameter is required for VXLAN tunnels. This number must be non-zero and the same number must be used on each VXLAN tunnel added to a bridge domain. This prevents packets from looping back across VXLAN interfaces which are meshed between peers.

VXLAN Example

First, create the bridge with the desired set of options:

tnsr(config)# interface bridge domain 10
tnsr(config-bridge)# arp term
tnsr(config-bridge)# flood
tnsr(config-bridge)# uu-flood
tnsr(config-bridge)# forward
tnsr(config-bridge)# learn
tnsr(config-bridge)# exit

Add host interface to bridge domain:

tnsr(config)# int GigabitEthernet3/0/0
tnsr(config-interface)# bridge domain 10 shg 1
tnsr(config-interface)# exit

Create the VXLAN tunnel:

tnsr(config)# vxlan xmpl
tnsr(config-vxlan)# instance 0
tnsr(config-vxlan)# vni 10
tnsr(config-vxlan)# source 203.0.110.2
tnsr(config-vxlan)# destination 203.0.110.25
tnsr(config-vxlan)# exit

Add the VXLAN tunnel to bridge domain:

tnsr(config)# int vxlan_tunnel0
tnsr(config-interface)# bridge domain 10 shg 1
tnsr(config-interface)# exit

VXLAN Status

To view the status of VXLAN tunnels, use the show vxlan command:

tnsr# show vxlan
Name Instance Source IP   Dest IP      Encap Rt   Decap Node IF Name       Mcast IF VNI
---- -------- ----------- ------------ ---------- ---------- ------------- -------- ---
xmpl 0        203.0.110.2 203.0.110.25 ipv4-VRF:0 1          vxlan_tunnel0          10