How to Configuration VXLAN in Ubuntu 16.04

How to Configuration VXLAN in Ubuntu 16.04

In this post, I will configure VXLAN example. I will also utilize the linux-bridge to define L2 domain. Test environment is looks like below. 

The concepts are difficult to understand. However, the steps are not difficult.

1. Install the Linux Bridge and configuration.

In this step, I will create Linux Bridge and Interface on each hosts. The IP address in the same broadcasting is set on each interface.

apt-get install bridge-utils

brctl addbr vbr0

# brctl addbr vbr0 # ip link show vbr0 5: vbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether ee:c0:cb:d2:4b:ca brd ff:ff:ff:ff:ff:ff

ip address add 192.168.0.1/24 dev vbr0

ifconfig vbr0 up

# ip address add 192.168.10.11/24 dev vbr0 # ifconfig vbr0 up # ip addr show vbr0 5: vbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000     link/ether ee:c0:cb:d2:4b:ca brd ff:ff:ff:ff:ff:ff     inet 192.168.10.11/24 scope global vbr0        valid_lft forever preferred_lft forever     inet6 fe80::ecc0:cbff:fed2:4bca/64 scope link        valid_lft forever preferred_lft forever

2. Configure VXLAN with Unicast

I will create VTEP interface with the command below. I can check the detail information with “-d” option.

# ip link add name vxlan42 type vxlan id 42 dev bond0 remote 147.75.73.195 local 147.75.75.185 dstport 4789 # ip -d link show vxlan42 6: vxlan42: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000     link/ether aa:6f:fc:d6:7a:96 brd ff:ff:ff:ff:ff:ff promiscuity 0     vxlan id 42 remote 147.75.73.195 local 147.75.75.185 dev bond0 srcport 0 0 dstport 4789 ageing 300 addrgenmode eui64

3. Add VXLAN interface on Linux Bridge

However, it is not enough to communicate over tunnel. In this case, the traffic of “192.168.10.0/24” can not pass over the Linux Bridge. Thus, It is necessary for VXLAN interface to attach on the Linux Bridge.

# brctl addif vbr0 vxlan42 # ifconfig vxlan42 up # brctl show bridge name     bridge id               STP enabled     interfaces vbr0            8000.aa6ffcd67a96       no              vxlan42

4. Testing and analysis

I will do ping with one of “192.168.10.0/24” IP address. 

# ping 192.168.10.21 PING 192.168.10.21 (192.168.10.21) 56(84) bytes of data. 64 bytes from 192.168.10.21: icmp_seq=1 ttl=64 time=0.291 ms 64 bytes from 192.168.10.21: icmp_seq=2 ttl=64 time=0.284 ms 64 bytes from 192.168.10.21: icmp_seq=3 ttl=64 time=0.314 ms 64 bytes from 192.168.10.21: icmp_seq=4 ttl=64 time=0.317 ms

And I will dump packet during sending the packets. From the result, I can confirm “ICMP packets are encapsulated over VXLAN”

# tcpdump -ni bond0 not port 22 and not port 23 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes 05:34:07.415035 IP 147.75.75.185.32933 > 147.75.73.195.4789: VXLAN, flags [I] (0x08), vni 42 IP 192.168.10.11 > 192.168.10.21: ICMP echo request, id 2832, seq 1, length 64 05:34:07.415264 IP 147.75.73.195.51434 > 147.75.75.185.4789: VXLAN, flags [I] (0x08), vni 42 IP 192.168.10.21 > 192.168.10.11: ICMP echo reply, id 2832, seq 1, length 64 05:34:08.414164 IP 147.75.75.185.32933 > 147.75.73.195.4789: VXLAN, flags [I] (0x08), vni 42 IP 192.168.10.11 > 192.168.10.21: ICMP echo request, id 2832, seq 2, length 64

Reference Links

[ 1 ] https://serverfault.com/questions/777179/configuring-vxlan-unicast-in-linux

[ 2 ] https://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/set-up-the-bridge.html

[ 3 ] https://www.kernel.org/doc/Documentation/networking/vxlan.txt

[ 4 ] https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/

[ 5 ] http://www.codeblogbt.com/archives/301596