VXLAN¶

Virtual eXtensible Local Area Networks (VXLAN) is used to address the need for overlay networks within virtualized data centers accommodating multiple tenants.

To configure VXLAN, enter the context interface type vxlan from the VRF in which you plan to define VXLAN logical interface. The VXLAN configuration is valid as soon as the VXLAN ID is set.

Here is an example of VXLAN named vxlan100 in VRF main, with a tag identifier 100 and linked to underlying interface named eth0 using the multicast group ‘239.0.0.8’:

vsr running vrf main# interface vxlan vxlan100
vsr running vxlan vxlan100#! vni 100
vsr running vxlan vxlan100# link-interface eth0
vsr running vxlan vxlan100# group 239.0.0.8
vsr running vxlan vxlan100# commit

The VXLAN interface is configured provided eth0 is configured in VRF main.

Let’s fetch the state after committing this configuration:

vsr running vrf main# interface vxlan vxlan100
vsr running vxlan vxlan100# show state
vxlan vxlan100
    mtu 1450
    enabled true
    ethernet
        mac-address 36:22:c6:04:24:49
        ..
    ipv6
        address fe80::3422:c6ff:fe04:2449/64
        ..
    vni 100
    group 239.0.0.8
    link-interface eth0
    learning true
    gbp false
    dst 4789
    src-range
        49152
        65535
        ..
    oper-status UP
    counters
        in-octets 0
        in-unicast-pkts 0
        in-discards 0
        in-errors 0
        out-octets 0
        out-unicast-pkts 8
        out-discards 0
        out-errors 0
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vsr> show config xml absolute vrf main interface vxlan vxlan100
<config xmlns="urn:6wind:vrouter">
  <ha xmlns="urn:6wind:vrouter/ha"/>
  <vrf>
    <name>main</name>
    <interface xmlns="urn:6wind:vrouter/interface">
      <vxlan xmlns="urn:6wind:vrouter/vxlan">
        <name>vxlan100</name>
        <enabled>true</enabled>
        <ethernet>
          <auto-negotiate>true</auto-negotiate>
          <enable-flow-control>false</enable-flow-control>
        </ethernet>
        <ipv4>
          <enabled>true</enabled>
        </ipv4>
        <ipv6>
          <enabled>true</enabled>
        </ipv6>
        <learning>true</learning>
        <gbp>false</gbp>
        <dst>4789</dst>
        <src-range>
          <min>49152</min>
          <max>65535</max>
        </src-range>
        <vni>100</vni>
        <link-interface>eth0</link-interface>
        <group>239.0.0.8</group>
      </vxlan>
    </interface>
  </vrf>
</config>

It’s also possible to directly set the remote VTEP address in the VXLAN configuration. This can be done with the remote option that takes a unicast address (unlike group that takes a multicast address):

vsr running vxlan vxlan100# del group 239.0.0.8
vsr running vxlan vxlan100# remote 10.125.0.2

Note

remote and group options are exclusive.
If a VXLAN has a link-interface in the default L3VRF, it is forbidden to create another VXLAN with the same dst and with a link-interface created in another L3VRF.

Forwarding Database¶

To configure the VXLAN FDB, enter the ipv4 or ipv6 sub-context then use the fdb command.

If the remote VTEP link layer address is unknown it’s possible to set it to 00:00:00:00:00:00. The VXLAN will automatically learn the VTEP address. In this case, the learning option must be set to true:

vxlan vxlan100
    enabled true
    ipv4
        enabled true
        address 192.168.0.1/24
        fdb link-layer-address 00:00:00:00:00:00 ip 10.125.0.2
        ..
    vni 100
    local 10.125.0.1
    link-interface eth0
    learning true

Note

The FDB entries IP version must match the local address version. If the local option is not set, the IPv4 must be used.

The VXLAN FDB can be observed with the show vxlan fdb command.

vsr> show vxlan fdb name vxlan1
neighbor   interface link-layer-address link-interface port vni state
========   ========= ================== ============== ==== === =====
10.125.0.2 vxlan1    00:00:00:00:00:00                          permanent
10.125.0.2 vxlan1    de:ad:de:9e:f5:5e                          reachable