Introduction


Virtual eXtensible Local Area Network (VXLAN) is a tunneling protocol designed to solve the problem of limited VLAN IDs (4096) in IEEE 802.1Q, and it is described by IETF RFC 7348. With VXLAN the size of the identifier is expanded to 24 bits (16777216). It creates a Layer 2 overlay scheme on a Layer 3 network and the protocol runs over UDP.

Only devices within the same VXLAN segment can communicate with each other.  Each VXLAN segment is identified through a 24-bit segment ID, termed the VXLAN Network Identifier (VNI). Unlike most tunnels, a VXLAN is a 1 to N network, not just point to point. A VXLAN device can learn the IP address of the other endpoint dynamically in a manner similar to a learning bridge. Multicast or unicast is used to flood broadcast, unknown unicast, and multicast traffic. VXLAN endpoints, which terminate VXLAN tunnels are known as VXLAN tunnel endpoints (VTEPs). 

Configuration options


This section describes the VXLAN interface and VTEP configuration options.

Sub-menu: /interface vxlan

Property

Description

arp (disabled | enabled | local-proxy-arp | proxy-arp | reply-only; Default: enabled)Address Resolution Protocol setting
  • disabled - the interface will not use ARP
  • enabled - the interface will use ARP
  • local-proxy-arp -  the router performs proxy ARP on the interface and sends replies to the same interface
  • proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
  • reply-only - the interface will only reply to requests originating from matching IP address/MAC address combinations which are entered as static entries in the IP/ARP table. No dynamic entries will be automatically stored in the IP/ARP table. Therefore for communications to be successful, a valid static entry must already exist.
arp-timeout (auto | integer; Default: auto)How long the ARP record is kept in the ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is the 30s.
comment (string; Default: )Short description of the interface.
disabled (yes | no; Default: no)Changes whether the interface is disabled.
group (IPv4; Default: )When specified, a multicast group address can be used to forward broadcast, unknown unicast, and multicast traffic between VTEPs. This property requires specifying the interface setting. The interface will use IGMP to join the specified multicast group, make sure to add the necessary PIM and IGMP configuration.
interface (name; Default: )Interface name used for multicast forwarding. This property requires specifying the group setting.
mac-address (read-only, Default: )

Automatically assigned interface MAC address. This setting cannot be changed.

mtu (integer; Default: 1500)

For the maximum transmission unit, the VXLAN interface will set MTU to 1500 by default. The l2mtu will be set automatically according to the associated interface (subtracting 50 bytes corresponding to the VXLAN header). If no interface is specified, the l2mtu value of 65535 is used. The l2mtu cannot be changed.

name (text; Default: vxlan1)Name of the interface.
port (integer: 1..65535; Default: 8472)

Used UDP port number.

vni (integer: 1..16777216; Default: )

VXLAN Network Identifier (VNI).


Sub-menu:

/interface vxlan


Property

Description

interface (name; Default: )Name of the VXLAN interface.
port (integer: 1..65535; Default: 8472)

Used UDP port number.

remote-ip (IPv4; Default: )

The IPv4 destination address of remote VTEP.

Configuration example


This configuration example creates a single VXLAN tunnel between two statically configured VTEP endpoints.

First, create VXLAN interfaces on both routers.

/interface vxlan
add name=vxlan1 port=8472 vni=10

Then configure VTEPs on both routers with respective IPv4 destination addresses. Both devices should have an active route toward the destination address.

# Router1
/interface vxlan vteps
add interface=vxlan1 remote-ip=192.168.10.10

# Router2
/interface vxlan vteps
add interface=vxlan1 remote-ip=192.168.20.20

Configuration is complete. It is possible to include the VXLAN interface into a bridge with other Ethernet interfaces.