Community discussions

MikroTik App
 
Guscht
Member Candidate
Member Candidate
Topic Author
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

VXLAN / MT-Help wrong...

Sat Jan 01, 2022 7:02 pm

Hi,

according to:
https://help.mikrotik.com/docs/display/ROS/VXLAN

The commands for a simple VXLAN-setup are:
/interface vxlan
add name=vxlan1 port=8472 vni=10

# Router1
/interface vxlan vteps
add interface=vxlan1 remote-ip=192.168.10.10
 
# Router2
/interface vxlan vteps
add interface=vxlan1 remote-ip=192.168.20.20

Lets do this in Winbox, default-settings, VNI set to "10" as in accordance to the manual:
Screenshot 2022-01-01 175025.jpg

This comes out:
Screenshot 2022-01-01 175040.jpg

OK, BOTH Interface and Group must be specified... This is not what the Manual says:

group (IPv4; Default: ) When specified, a multicast group address can be used to forward...
A "when" and "can" is not a mandatory must...

interface (name; Default: ) Interface name used for multicast forwarding.
Who said I want that never-really-working-multicast-crap?!

MT says:
Multicast or unicast is used [...]
I want Unicast, where do I specify Unicast or Multicast?




OK, the Winbox-way doesnt work :/ lets try the CLI (as stated in the manual):

Seems to work:
Screenshot 2022-01-01 175514.jpg

or...
Screenshot 2022-01-01 175540.jpg

Lets open the VXLAN-Interface:
Screenshot 2022-01-01 175610.jpg

Now, the same happens...

Who is wrong, I, the Manual, ROS? No one, all?



Sidenote to MT: Are you serious? After (felt) 1000 years of developing V7 you come up with this...
This is nothing more than a public BETA. After trying this VXLAN-setup, I assume no one ever has tried the setps you write in your own manual.
You do not have the required permissions to view the files attached to this post.
 
aglabs
newbie
Posts: 39
Joined: Mon Dec 28, 2020 1:05 am

Re: VXLAN / MT-Help wrong...

Sun Jan 02, 2022 4:57 am

as you mentioned its not possible to configure unicast in winbox, there is no specific option to define multicast vs unicast, the help does create a unicast session. When you define a vtep w/o defining a multicast group its the same as unicast.

For reference rfc7348 defines vtep as:
VXLAN Tunnel End Point. An entity that originates and/or terminates VXLAN tunnels

Using the example from help I have vxlan working unicast over a wireguard tunnel.
/interface vxlan
add name=vxlan1 port=8472 vni=10
/interface vxlan vteps
add interface=vxlan1 remote-ip=172.16.96.46
add interface=vxlan1 remote-ip=172.16.96.47
172.16.96.46 and .47 are remote mikrotik 5009's connected back to this site via wireguard.

You cannot edit the vxlan interface from winbox after defining in CLI (seems like there is room for improvement there).

Once the vxlan interface is defined you can then add it to a bridge and tag/untag vlans on it:
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
add name=loopback1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether4 pvid=98
add bridge=bridge1 interface=ether5 pvid=3
add bridge=bridge1 interface=vxlan1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,ether4,bridge1,vxlan1 vlan-ids=201

I really hope they improve winbox in the future surrounding vxlan configuration, not being able to manage VTEP config or make changes to a vxlan interface is a bummer.
 
duquesnoyinfo
just joined
Posts: 1
Joined: Thu Nov 16, 2023 2:50 pm

Re: VXLAN / MT-Help wrong...

Thu Jan 25, 2024 11:19 pm

Hi,

i solve my problem by adding a rule in the firewall of both routers for vxlan

add action=accept chain=input comment=Vxlan dst-port=8472 protocol=udp

Who is online

Users browsing this forum: Fogga and 10 guests