ROS 7.1.1
I have extra ports available on my CCR1036 that I use for a VxLAN tunnel back to my data rack. Documentation indicates VxLAN needs to be bridged with a physical interface but I am curious if there is a way to configure vlans on the same box that can run through the tunnel, so I can eliminate the small Mikrotik switch that currently is connected to the VxLAN bridged port of the CCR1036??
I’m not sure I understand your concern.
- you can make a VxLAN interface a member port of any bridge, and it doesn’t matter whether the other member ports of that bridge are physical Ethernet ports, virtual L2 ports (such as EoIP or other VxLAN), or no other ports at all for that matter. You can also attach some /interface vlan to that bridge to make those VLANs accessible for the IP stack of the CCR.
- if you don’t need to connect anything else but the CCR’s own IP stack to the VLANs brought via the VxLAN from the data rack, you can use the VxLAN interface directly as the carrier one for the /interface vlan.
In another words, you can treat the VxLAN interface the same way like an Ethernet one.
Does the above answer your question?
Clear as mud, huh.
This is what I have:
Mikrotik 750, port 1 connected to port 2 (bridged with vxlan interface) of CCR1036
I would like to eliminate the 750 and add the necessary vlans to the CCR1036 and tunnel them through the vxlan interface.
Here is what I have for configs:
# jan/18/1970 20:44:08 by RouterOS 6.49
# software id = 3PPZ-37YF
#
# model = 750
/interface bridge
add name=B703
add name=B704
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=ether1 name=vlan703 vlan-id=703
add interface=ether1 name=vlan704 vlan-id=704
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1 multicast-router=disabled
add bridge=B703 interface=ether2
add bridge=B703 interface=vlan703
add bridge=B704 interface=ether3
add bridge=B704 interface=vlan704
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=703
add bridge=bridge1 tagged=ether1 vlan-ids=704
/ip address
add address=10.7.4.2/24 interface=vlan704 network=10.7.4.0
add address=10.7.3.2/24 interface=vlan703 network=10.7.3.0
/ip dhcp-client
add disabled=no interface=ether5
/system clock
set time-zone-name=America/Chicago
/system identity
set name=BLH
# feb/15/2022 05:32:49 by RouterOS 7.1.1
# software id = MPIL-B0WN
#
# model = CCR1036-8G-2S+
/interface bridge
add name=BRIDGE-VXLAN-VNI-101
add name=loopback
/interface ethernet
set [ find default-name=ether1 ] l2mtu=8900
/interface vxlan
add group=239.0.0.1 interface=ether1 mtu=1400 name=vxlan101 port=8472 vni=101
/interface vlan
add interface=ether3 name=vlan703 use-service-tag=yes vlan-id=703
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/routing ospf instance
add name=Area0 router-id=192.168.99.4
/routing ospf area
add instance=Area0 name=Area0
/interface bridge port
add bridge=BRIDGE-VXLAN-VNI-101 interface=vxlan101
add bridge=BRIDGE-VXLAN-VNI-101 interface=ether2
/interface vxlan vteps
add interface=vxlan101 remote-ip=192.168.99.1
/ip address
add address=172.168.0.4/24 interface=ether1 network=172.168.0.0
add address=192.168.99.4 interface=loopback network=192.168.99.4
/ip dhcp-client
add interface=ether8
/routing ospf interface-template
add area=Area0 interfaces=loopback networks=192.168.99.4
add area=Area0 interfaces=ether1 networks=172.168.0.0/24
/system clock
set time-zone-name=America/Chicago
/system identity
set name=LCTN-Rm426
So you want to use some Ethernet ports on the CCR instead of ether2 and ether3 on the 750, each serving as an access port to one of the VLANs. The CCR itself doesn’t need to access the VLANs, i.e. you will only connect the external equipment that was connected to 750’s ether2 and ether3 to the newly assigned ports on the CCR?
That is correct
- assuming that ether4 and ether5 on the CCR are currently unused:
/interface bridge vlan
add bridge=BRIDGE-VXLAN-VNI-101 vlan-ids=703 tagged=vxlan101,ether2
add bridge=BRIDGE-VXLAN-VNI-101 vlan-ids=704 tagged=vxlan101,ether2
/interface bridge port
add bridge=BRIDGE-VXLAN-VNI-101 interface=ether4 pvid=703
add bridge=BRIDGE-VXLAN-VNI-101 interface=ether5 pvid=704
/interface bridge set BRIDGE-VXLAN-VNI-101 vlan-filtering=yes
Once you check that CCR.ether4 indeed functionally substitutes RB750.ether2 on the 750, and CCR.ether5 indeed substitutes RB750.ether3, you can disconnect the RB750 from the CCR, remove ether2 from the tagged list on both rows of /interface bridge vlan, remove the corresponding row of /interface bridge port, and eventually repurpose it. - what was the idea behind
/interface vlan
add interface=ether3 name=vlan703 use-service-tag=yes vlan-id=703
? - since you’ve configured vxlan101 as a point-to-multipoint one by setting the group and interface, I think you don’t need to specify the vteps for it manually (provided that the remote device is configured the same way).
.2 was me taking another stab at trying to get things to work the way I described.
.3 Thank you. Didn’t know I could do without the vtep
That worked!
Much appreciated!