Hi guys,
Been testing VXLAN over WireGuard between two remote sites through a WG hub router and found some really interesting behavior.
What works:
-
VXLAN tunnel comes up
-
VLAN tags pass correctly
-
broadcasts/ARP pass
-
DHCP Discover packets visible remotely
-
MACs appear in VXLAN FDB
What does NOT work:
-
DHCP replies never return
-
static IP clients cannot ping remote gateway
-
unicast forwarding seems broken
The strange part is both routers dynamically learn MACs against the WG hub IP instead of the actual remote VTEP IP.
So now I’m wondering if this is:
-
a flood-and-learn VXLAN limitation
-
MikroTik VXLAN behavior
-
routed overlay issue
-
or lack of EVPN/static FDB logic
Funny thing is EoIP over the exact same topology works perfectly.
Curious if anyone else has tested VXLAN over routed WireGuard hub/spoke designs and seen similar behavior.
Thanks:)