Configuring VXLANs

1. Configure underlay vRouter interfaces:

a. Add vRouter and add vRouter interfaces for each VTEP.

CLI network-admin@switch > vrouter-create name <vr-name> vnet <vnet-name> router-type hardware  hw-vrrp-id <id>

CLI network-admin@switch > vrouter-interface-add vrouter-name <vr-name> ip <network/netmask> vlan <y> if data mtu <mtu>

b. VIP configuration is needed for redundant VTEPs.

CLI network-admin@switch > vrouter-interface-add vrouter-name <vr-name> ip <network/netmask> vlan <y> if data vrrp-id <id> vrrp-primary <ethz.y> mtu <mtu>

2. Optionally, add ports to vxlan-loopback-trunk:

CLI network-admin@switch > trunk-modify name vxlan-loopback-trunk ports <list of ports>

3. Configure tunnels:

On non-redundant switches, the tunnel is created with scope local and on redundant switch, tunnel is created using scope cluster.

CLI network-admin@switch > tunnel-create name <tunnel-name> local-ip <ip1> remote-ip <ip2> scope local vrouter-name <vr-name>

CLI network-admin@switch > tunnel-create name <tunnel-name> local-ip <ip1> remote-ip <ip2> scope cluster vrouter-name <vr-name> peer-vrouter-name <peer-vr-name>

4. Configure overlay:

Create mapping between VXLAN VNID and VLANs on respective switches

CLI network-admin@switch > vlan-create id <vlan-id> scope <scope> vxlan <vnid>


5. Add VNIDs to tunnels:

This mapping allows configured VLAN VNIDs to be carried over VXLAN tunnel.

CLI network-admin@switch > tunnel-vxlan-add name <tunnel-name> vxlan <vnid>

In order to carry Layer 2 broadcast, unicast, and multicast (BUM) traffic over VXLAN tunnels on Netvisor OS switches, you must configure one physical port to recirculate the packet and do head-end replication. Based on the hardware architecture of the switch, it is likely to be a front panel port for this usage. Depending on the amount of BUM traffic, you can use either a 10G port or a 40G port.

For monitoring VXLAN specific states and statistics, use the following commands:

vlan-show — displays the VXLAN ID associated with the VLAN ID.

tunnel-show — displays the configured tunnel and the state

trunk-show — displays the port used for BUM traffic recirculation

ports-stats-show — displays statistics for each port

tunnel-stats-show — displays statistics for each tunnel

vxlan-stats-show — displays statistics for each VXLAN ID

Configuring VXLANs and Tunnels


Informational Note:  VXLAN encapsulated packets are recirculated in using hardware features and not software.

In today’s virtualized environments, there is increasing demand on MAC address tables of switches that connect to servers. Instead of learning one MAC address per server link, the switch now has to learn the MAC addresses of individual VMs, and if the MAC address table overflows, the switch may stop learning new MAC addresses until idle entries age out.

Virtual Extensible LAN (VXLAN) is essentially a Layer 2 overlay scheme over a Layer 3 network, and each overlay is called a VXLAN segment. Only VMs within the same VXLAN segment can communicate with each other. Each VXLAN segment is identified by a 24 bit segment ID called the VXLAN Network Identifier (VNI).

VXLANs increase the scalability of your network up to 16 million logical networks and is used to contain broadcast, multicast, and unknown unicast traffic.

Because of this encapsulation, VXLAN could also be called a tunneling scheme to overlay Layer 2 networks over top of Layer 3 networks. However, the tunnel does not terminate on the switch, and the switch sits in the middle of the tunnel and sees packets as L3 tunneled packets. These packets are then forwarded using L2 or L3 forwarding.

Pluribus Networks supports two scenarios for VXLAN:

1. The tunnel does not terminate on the switch and VTEP is not supported. Though the switch does not participate in the creation of a tunnel, Netvisor OS still performs the following tasks.

a. Analytics Collection — All TCP control packets are captured as well as ARP packets traversing the tunnel. These packets are used to build connection statistics and provide visibility as to which VXLAN nodes are on specific ports.

b. ARP Optimization — An ARP request is captured and if a Layer 2 entry exists in the switch Layer 2 table, Netvisor OS sends a response back to the sender of the ARP request over the tunnel. Otherwise, the ARP request is re-injected into the tunnel without any modification to continue crossing the tunnel.

2. The tunnels are terminated at a switch and the switch performs the role of a VTEP. In this scenario, the switch is responsible for encapsulating packets that arrive from non-VXLAN nodes on a Layer 2 network and transmitting them over the tunnel. Similarly, the packets arriving through the tunnel are decapsulated and the inner packet is forwarded over the L2 network. The switch also collects statistics and optimizes ARP requests as in the first sce­nario.


Informational Note:  There is a one to one mapping of VXLAN to VLAN. Multicast traffic is not supported. VXLAN has the scope local on all switches, and must be in the same subnet.