VXLAN Interfaces¶
Virtual Extensible LAN, or VXLAN, interfaces can be used to encapsulate Layer 2 frames inside UDP, carrying traffic for multiple L2 networks across Layer 3 connections such as between routed areas of a datacenter, leased lines, or VPNs.
VXLAN tunnels are commonly used to bypass limitations of traditional VLANs on multi-tenant networks and other areas that require large scale L2 connectivity without direct connections.
There are two main components to a VXLAN tunnel: The VXLAN tunnel itself, and the bridge domain used to terminate the tunneled traffic to another local interface.
VXLAN Configuration¶
A new VXLAN tunnel is created with the vxlan <if-id>
command in config
mode, which then enters config-vxlan
mode.
Note
An <if-id>
is a string which starts with a letter (a-z
or A-Z
) or underscore followed by letters, digits (0-9
), or any of the following allowed characters: _
, /
, .
, and -
. For VXLAN interfaces, the string may be at most 63 characters
long.
In config-vxlan
mode, the following commands are available:
- instance <id>:
Required
instance
identifier configured on the VXLAN tunnel. Based on this, a new interface will be available in TNSR namedvxlan_tunnel<id>
. For example, withinstance 0
the interface is namedvxlan_tunnel0
.- vni <u24>:
Required VXLAN Network Identifier
- source <ip-addr>:
Required source IP address on TNSR used to send VXLAN tunnel traffic.
- destination <ip-addr>:
Required destination IP address for the far side of the tunnel. This can be a multicast address, but if it is, then the
multicast interface
must also be defined.- encapsulation route-table <rt-table-name>:
Routing table used for VXLAN encapsulation.
- multicast interface <if-name>:
Interface used for multicast. Required if the
destination
address is a multicast address. If defined, thedestination
address must be multicast.
Note
The source
IP address, destination
IP address and encapsulation
route table must all be of the same address family, either IPv4 or IPv6.
VXLAN Examples¶
The following examples demonstrate common ways that VXLAN interfaces can be used on TNSR.
VXLAN Bridging Example¶
VXLAN Bridge Configuration¶
First, create the bridge with the desired set of options:
tnsr(config)# interface bridge domain 10
tnsr(config-bridge)# arp term
tnsr(config-bridge)# flood
tnsr(config-bridge)# uu-flood
tnsr(config-bridge)# forward
tnsr(config-bridge)# learn
tnsr(config-bridge)# exit
Add host interface to bridge domain:
tnsr(config)# int GigabitEthernet3/0/0
tnsr(config-interface)# bridge domain 10 shg 0
tnsr(config-interface)# exit
Create the VXLAN tunnel:
tnsr(config)# vxlan xmpl
tnsr(config-vxlan)# instance 0
tnsr(config-vxlan)# vni 10
tnsr(config-vxlan)# source 203.0.110.2
tnsr(config-vxlan)# destination 203.0.110.25
tnsr(config-vxlan)# exit
Add the VXLAN tunnel to bridge domain:
tnsr(config)# int vxlan_tunnel0
tnsr(config-interface)# bridge domain 10 shg 0
tnsr(config-interface)# exit
VXLAN SPAN Example¶
VXLAN can be used to transport traffic in a manner similar to GRE, which can be useful in environments incompatible with GRE. For example, this type of setup can be used in place of the ERSPAN/GRE recipe example for use on Azure which does not allow GRE.
On TNSR, setup a VXLAN tunnel to the remote peer
tnsr(config)# vxlan vxlan1
tnsr(config-vxlan)# instance 1
tnsr(config-vxlan)# vni 13
tnsr(config-vxlan)# source 203.0.110.2
tnsr(config-vxlan)# destination 203.0.110.27
tnsr(config-vxlan)# exit
Now setup a SPAN on TNSR between a local interface and the newly created VXLAN
tnsr(config)# span GigabitEthernet3/0/0
tnsr(config-span)# onto vxlan_tunnel1 hw both
tnsr(config-span)# exit
On the remote peer, which in this example is a Linux host acting as a VXLAN tunnel endpoint, configure a matching VXLAN interface:
$ sudo ip link add vxlan1 type vxlan id 13 dev ens192 remote 203.0.110.2 dstport 4789
$ sudo ip link set dev vxlan1 up
VXLAN Status¶
To view the status of VXLAN tunnels, use the show vxlan
command:
tnsr# show vxlan
Name Instance Source IP Dest IP Encap Rt Decap Node IF Name Mcast IF VNI
---- -------- ----------- ------------ ---------- ---------- ------------- -------- ---
xmpl 0 203.0.110.2 203.0.110.25 default 1 vxlan_tunnel0 10