Community discussions

MikroTik App
 
User avatar
StubArea51
Trainer
Trainer
Topic Author
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

VxLAN example configuration

Sat Feb 15, 2020 11:20 pm

Here is a blog post I did with a VxLAN lab in EVE-NG between 3 routers and 3 linux servers:

The blog and configurations are available here:
https://stubarea51.net/2020/02/15/mikro ... ook-vxlan/

Image
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: VxLAN example configuration

Sun Feb 16, 2020 12:41 am

Very Well Done and great example .... Thank You!
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: VxLAN example configuration

Sun Feb 16, 2020 12:43 am

Thanks Kevin, I replicate it now !
 
excession
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Mon May 11, 2015 8:16 pm

Re: VxLAN example configuration

Sun Feb 16, 2020 11:19 am

Thanks for sharing.
 
User avatar
StubArea51
Trainer
Trainer
Topic Author
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: VxLAN example configuration

Sun Feb 16, 2020 5:55 pm

You're welcome! I'm not sure if an IPv6 underlay is supported, but I may try that later today :D

EDIT: Looks like the VTEPs and VxLAN interface group multicast address are IPv4 only for now.
 
mbrante
just joined
Posts: 1
Joined: Thu Jun 07, 2018 8:56 pm

Re: VxLAN example configuration

Sun Apr 05, 2020 4:36 pm

Hello, thanks for sharing!

Would you give me your opinion about this please?

I 've made a small version of this, but without OSPF, an only two VTEP's:
vxlan_lab.png

This is my config:


#***VTEP-01***
# apr/05/2020 13:18:18 by RouterOS 7.0beta5
# software id = 
#
/interface bridge
add mtu=9000 name=BRIDGE-VXLAN
/interface ethernet
set [ find default-name=ether1 ] mtu=9000
set [ find default-name=ether2 ] mtu=9000
set [ find default-name=ether3 ] mtu=9000
/interface vxlan
add group=239.0.0.1 interface=ether2 name=vxlan-vni-100 port=8472 vni=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=BRIDGE-VXLAN interface=vxlan-vni-100
add bridge=BRIDGE-VXLAN interface=ether3
/interface vxlan vteps
add interface=vxlan-vni-100 remote-ip=10.10.10.2
/ip address
add address=10.10.10.1/30 interface=ether2 network=10.10.10.0
add address=10.100.100.100/24 interface=BRIDGE-VXLAN network=10.100.100.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether1
#error exporting /ipv6/route/rule
#error exporting /routing/policy/selection
/system identity
set name=VTEP-01
/tool sniffer
set filter-interface=ether3
#
#
#***VTEP-02***
# apr/05/2020 13:20:48 by RouterOS 7.0beta5
# software id = 
#
/interface bridge
add mtu=9000 name=BRIDGE-VXLAN
/interface ethernet
set [ find default-name=ether2 ] mtu=9000
set [ find default-name=ether3 ] mtu=9000
/interface vxlan
add group=239.0.0.1 interface=ether2 name=vxlan-vni-100 port=8472 vni=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=BRIDGE-VXLAN interface=ether3
add bridge=BRIDGE-VXLAN interface=vxlan-vni-100
/interface vxlan vteps
add interface=vxlan-vni-100 remote-ip=10.10.10.1
/ip address
add address=10.10.10.2/30 interface=ether2 network=10.10.10.0
add address=10.100.100.200/24 interface=BRIDGE-VXLAN network=10.100.100.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether1
#error exporting /ipv6/route/rule
#error exporting /routing/policy/selection
/system identity
set name=VTEP-02
/tool sniffer
set filter-interface=ether3
Results:

PC-A can ONLY ping to: 10.100.100.100 (VTEP-01 bridge IP address)
PC-B can ONLY ping to: 10.100.100.200 (VTEP-02 bridge IP address)

VTEP-01 can ping to: PC-A and 10.100.100.200 (VTEP-02 bridge IP address)
VTEP-02 can ping to: PC-B and 10.100.100.100 (VTEP-01 bridge IP address)

End-to-end communication fails :(

What am I doing wrong?

Thanks in advance!
You do not have the required permissions to view the files attached to this post.
Last edited by mbrante on Sun Apr 05, 2020 4:37 pm, edited 1 time in total.
 
mafiosa
Member Candidate
Member Candidate
Posts: 266
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: VxLAN example configuration

Sat May 02, 2020 3:58 pm

can I use ipv6 over ipv4? that is vtep will be ipv4 but servers will communicate on ipv6.
 
User avatar
colinardo
just joined
Posts: 18
Joined: Sun Jan 08, 2017 9:02 pm

Re: VxLAN example configuration

Mon Jun 15, 2020 5:27 pm

can I use ipv6 over ipv4? that is vtep will be ipv4 but servers will communicate on ipv6.
Yes you can. VXLAN-Interface forms a transparent L2 tunnel, so you can use IPv6 inside it.

Best regards.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VxLAN example configuration

Fri Dec 18, 2020 12:35 pm

@IPANetEngineer

i was following your example and i wondering what exactly this does,because i'm able to ping remote site without adding this rules:

/interface vxlan vteps
add interface=VxLAN-VNI-100 remote-ip=100.127.1.2
add interface=VxLAN-VNI-100 remote-ip=100.127.1.3
 
User avatar
eset
Member Candidate
Member Candidate
Posts: 108
Joined: Tue Dec 15, 2015 5:15 pm
Contact:

Re: VxLAN example configuration

Fri Dec 31, 2021 3:24 am

Just a question.. this is VxLAN over 100.27 this is naked WAN ? Without any encryption ?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VxLAN example configuration

Fri Dec 31, 2021 4:51 am

yes. Without
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: VxLAN example configuration

Sun Apr 24, 2022 3:05 pm

What about VxLAN over IPsec?
i was wondering about that too. or via wireguard maybe
 
Babujnik
newbie
Posts: 32
Joined: Fri May 05, 2017 2:15 pm

Re: VxLAN example configuration

Wed Jul 06, 2022 1:31 pm

What about VxLAN over IPsec?
i was wondering about that too. or via wireguard maybe
vxlan via L2tp+ipsec

your remote IP's will be those from L2TP connection
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: VxLAN example configuration

Thu Jul 07, 2022 1:46 am



i was wondering about that too. or via wireguard maybe
vxlan via L2tp+ipsec

what is the point doing that?
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: VxLAN example configuration

Sat Aug 06, 2022 10:09 pm



vxlan via L2tp+ipsec

what is the point doing that?
a encrypted layer2 (as overlay of a layer3 net) link obviously

got it working last month with wireguard.
on 2 hEX S it pushes around 200mbit both directions (far from wire/line speed as one could see with MACsec but on a 100mbit interconnect it is enough)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VxLAN example configuration

Sun Mar 12, 2023 5:36 pm

Do you have a vxlan over wireguard example.
Im confused as to the local address I assumed these would be addresses anchored to a local wireguard address at each end
just not sure if the VTEP setting applies only to an external vxlan aware device and not used when the MT is the VXlan smart device?
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: VxLAN example configuration

Sun Mar 12, 2023 8:01 pm

Do you have a vxlan over wireguard example.
Im confused as to the local address I assumed these would be addresses anchored to a local wireguard address at each end
just not sure if the VTEP setting applies only to an external vxlan aware device and not used when the MT is the VXlan smart device?
you got EVE-NG? i'll export a basic setup
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VxLAN example configuration

Sun Mar 12, 2023 9:26 pm

No need, working on it, almost there.........
viewtopic.php?t=194310#p989515

That was effort #3 ( vxlan over wireguard )
effort #2 is through DHCP options
effort #1 is via WG and EOIP ( not yet done as have to deal with where internet comes from on spanned subnets)

All three were to see how one could connect a unifi controller on one router to two APs at another location. Exercise in possibilities and learning new things.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: VxLAN example configuration

Sun Mar 12, 2023 11:17 pm

No need, working on it, almost there.........
viewtopic.php?t=194310#p989515

That was effort #3 ( vxlan over wireguard )
effort #2 is through DHCP options
effort #1 is via WG and EOIP ( not yet done as have to deal with where internet comes from on spanned subnets)

All three were to see how one could connect a unifi controller on one router to two APs at another location. Exercise in possibilities and learning new things.
okay
if you need something, i got a lab where i need L2 encryption with least overhead through a provider backbone which is L2-transparent but the traffic needs to be encrypted
could export configurations if anyone needs them
2023-03-12 22_14_48-EVE_vxlan-via-VPLS_L2encryption.png
You do not have the required permissions to view the files attached to this post.
 
emunt6
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Feb 02, 2018 7:00 pm

Re: VxLAN example configuration

Sun Mar 19, 2023 7:33 pm

Here is a blog post I did with a VxLAN lab in EVE-NG between 3 routers and 3 linux servers:

The blog and configurations are available here:
https://stubarea51.net/2020/02/15/mikro ... ook-vxlan/

Image
The article forgot to mention some key points ( drawbacks to need to solve )
1., How does arp learning/resolving works under VXLAN endpoints?
There are two options to choose from:
> PIM-Multicast routing: 224.0.0.0/4
> MP-BGP EVPN

2., The VNI range (4096x4096 = 1... 16777215 ) in theory, but this is only between router-to-router, but on the switch endpoint you will be limited to the VNI -> VLAN mapping range ( 1..4094 ).

3., MTU problem ( MTU 2000 at least ).

Who is online

Users browsing this forum: No registered users and 22 guests