Commit | Line | Data |
---|---|---|
d2a85c18 MCC |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | ====================================================== | |
d342894c | 4 | Virtual eXtensible Local Area Networking documentation |
5 | ====================================================== | |
6 | ||
e8fed985 RJ |
7 | The VXLAN protocol is a tunnelling protocol designed to solve the |
8 | problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the | |
9 | size of the identifier is expanded to 24 bits (16777216). | |
10 | ||
11 | VXLAN is described by IETF RFC 7348, and has been implemented by a | |
12 | number of vendors. The protocol runs over UDP using a single | |
13 | destination port. This document describes the Linux kernel tunnel | |
14 | device, there is also a separate implementation of VXLAN for | |
15 | Openvswitch. | |
16 | ||
17 | Unlike most tunnels, a VXLAN is a 1 to N network, not just point to | |
18 | point. A VXLAN device can learn the IP address of the other endpoint | |
19 | either dynamically in a manner similar to a learning bridge, or make | |
20 | use of statically-configured forwarding entries. | |
21 | ||
22 | The management of vxlan is done in a manner similar to its two closest | |
23 | neighbors GRE and VLAN. Configuring VXLAN requires the version of | |
24 | iproute2 that matches the kernel release where VXLAN was first merged | |
25 | upstream. | |
d342894c | 26 | |
d2a85c18 MCC |
27 | 1. Create vxlan device:: |
28 | ||
29 | # ip link add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1 dstport 4789 | |
e8fed985 RJ |
30 | |
31 | This creates a new device named vxlan0. The device uses the multicast | |
32 | group 239.1.1.1 over eth1 to handle traffic for which there is no | |
33 | entry in the forwarding table. The destination port number is set to | |
34 | the IANA-assigned value of 4789. The Linux implementation of VXLAN | |
35 | pre-dates the IANA's selection of a standard destination port number | |
36 | and uses the Linux-selected value by default to maintain backwards | |
37 | compatibility. | |
d342894c | 38 | |
d2a85c18 MCC |
39 | 2. Delete vxlan device:: |
40 | ||
41 | # ip link delete vxlan0 | |
d342894c | 42 | |
d2a85c18 MCC |
43 | 3. Show vxlan info:: |
44 | ||
45 | # ip -d link show vxlan0 | |
d342894c | 46 | |
47 | It is possible to create, destroy and display the vxlan | |
48 | forwarding table using the new bridge command. | |
49 | ||
d2a85c18 MCC |
50 | 1. Create forwarding table entry:: |
51 | ||
52 | # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0 | |
53 | ||
54 | 2. Delete forwarding table entry:: | |
55 | ||
56 | # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0 | |
d342894c | 57 | |
d2a85c18 | 58 | 3. Show forwarding table:: |
d342894c | 59 | |
d2a85c18 | 60 | # bridge fdb show dev vxlan0 |
33a1aaf8 JK |
61 | |
62 | The following NIC features may indicate support for UDP tunnel-related | |
63 | offloads (most commonly VXLAN features, but support for a particular | |
64 | encapsulation protocol is NIC specific): | |
65 | ||
66 | - `tx-udp_tnl-segmentation` | |
67 | - `tx-udp_tnl-csum-segmentation` | |
68 | ability to perform TCP segmentation offload of UDP encapsulated frames | |
69 | ||
70 | - `rx-udp_tunnel-port-offload` | |
71 | receive side parsing of UDP encapsulated frames which allows NICs to | |
72 | perform protocol-aware offloads, like checksum validation offload of | |
73 | inner frames (only needed by NICs without protocol-agnostic offloads) | |
74 | ||
75 | For devices supporting `rx-udp_tunnel-port-offload` the list of currently | |
76 | offloaded ports can be interrogated with `ethtool`:: | |
77 | ||
78 | $ ethtool --show-tunnels eth0 | |
79 | Tunnel information for eth0: | |
80 | UDP port table 0: | |
81 | Size: 4 | |
82 | Types: vxlan | |
83 | No entries | |
84 | UDP port table 1: | |
85 | Size: 4 | |
86 | Types: geneve, vxlan-gpe | |
87 | Entries (1): | |
88 | port 1230, vxlan-gpe |