Tip

This is the documentation for the 20.02 version. Looking for the documentation of the latest version? Have a look here.

VXLAN Interfaces

Virtual Extensible LAN, or VXLAN, interfaces can be used to encapsulate Layer 2 frames inside UDP, carrying traffic for multiple L2 networks across Layer 3 connections such as between routed areas of a datacenter, leased lines, or VPNs.

VXLAN tunnels are commonly used to bypass limitations of traditional VLANs on multi-tenant networks and other areas that require large scale L2 connectivity without direct connections.

There are two main components to a VXLAN tunnel: The VXLAN tunnel itself, and the bridge domain used to terminate the tunneled traffic to another local interface.

VXLAN Configuration

A new VXLAN tunnel is created with the vxlan <if-id> command in config mode, which then enters config-vxlan mode.

Note

An <if-id> is a string which starts with a letter (a-z or A-Z) or underscore followed by letters, digits (0-9), or any of the following allowed characters: _, /, ., and -. For VXLAN interfaces, the string may be at most 63 characters long.

In config-vxlan mode, the following commands are available:

instance <id>:

Required instance identifier configured on the VXLAN tunnel. Based on this, a new interface will be available in TNSR named vxlan_tunnel<id>. For example, with instance 0 the interface is named vxlan_tunnel0.

vni <u24>:

Required VXLAN Network Identifier

source <ip-addr>:

Required source IP address on TNSR used to send VXLAN tunnel traffic.

destination <ip-addr>:

Required destination IP address for the far side of the tunnel. This can be a multicast address, but if it is, then the multicast interface must also be defined.

encapsulation route-table <rt-table-name>:

Routing table used for VXLAN encapsulation.

multicast interface <if-name>:

Interface used for multicast. Required if the destination address is a multicast address. If defined, the destination address must be multicast.

Note

The source IP address, destination IP address and encapsulation route table must all be of the same address family, either IPv4 or IPv6.

VXLAN Examples

The following examples demonstrate common ways that VXLAN interfaces can be used on TNSR.

VXLAN Bridging Example

VXLAN Bridge Configuration

First, create the bridge with the desired set of options:

tnsr(config)# interface bridge domain 10
tnsr(config-bridge)# arp term
tnsr(config-bridge)# flood
tnsr(config-bridge)# uu-flood
tnsr(config-bridge)# forward
tnsr(config-bridge)# learn
tnsr(config-bridge)# exit

Add host interface to bridge domain:

tnsr(config)# int GigabitEthernet3/0/0
tnsr(config-interface)# bridge domain 10 shg 1
tnsr(config-interface)# exit

Create the VXLAN tunnel:

tnsr(config)# vxlan xmpl
tnsr(config-vxlan)# instance 0
tnsr(config-vxlan)# vni 10
tnsr(config-vxlan)# source 203.0.110.2
tnsr(config-vxlan)# destination 203.0.110.25
tnsr(config-vxlan)# exit

Add the VXLAN tunnel to bridge domain:

tnsr(config)# int vxlan_tunnel0
tnsr(config-interface)# bridge domain 10 shg 1
tnsr(config-interface)# exit

VXLAN SPAN Example

VXLAN can be used to transport traffic in a manner similar to GRE, which can be useful in environments incompatible with GRE. For example, this type of setup can be used in place of the ERSPAN/GRE recipe example for use on Azure which does not allow GRE.

On TNSR, setup a VXLAN tunnel to the remote peer

tnsr(config)# vxlan vxlan1
tnsr(config-vxlan)# instance 1
tnsr(config-vxlan)# vni 13
tnsr(config-vxlan)# source 203.0.110.2
tnsr(config-vxlan)# destination 203.0.110.27
tnsr(config-vxlan)# exit

Now setup a SPAN on TNSR between a local interface and the newly created VXLAN

tnsr(config)# span GigabitEthernet3/0/0
tnsr(config-span)# onto vxlan_tunnel1 hw both
tnsr(config-span)# exit

On the remote peer, which in this example is a CentOS host acting as a VXLAN tunnel endpoint, configure a matching VXLAN interface:

$ sudo ip link add vxlan1 type vxlan id 13 dev ens192 remote 203.0.110.2 dstport 4789
$ sudo ip link set dev vxlan1 up

VXLAN Status

To view the status of VXLAN tunnels, use the show vxlan command:

tnsr# show vxlan
Name Instance Source IP   Dest IP      Encap Rt   Decap Node IF Name       Mcast IF VNI
---- -------- ----------- ------------ ---------- ---------- ------------- -------- ---
xmpl 0        203.0.110.2 203.0.110.25 ipv4-VRF:0 1          vxlan_tunnel0          10