VXLAN Interfaces

Important - Scalable Platforms (ElasticXL, Maestro, and Chassis) do not support this feature (Known Limitation PMTR-60874).

This section shows you how to configure VXLAN interfaces in the Gaia Portal and Gaia Clish.

Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. VXLAN uses a VLAN-like encapsulation technique to encapsulate OSI Layer 2 Ethernet frames within Layer 4 UDP datagrams. See RFC 7348.

Notes:

  • The name of a VXLAN interface in Gaia OS is "vxlan<VNI>".

    For example, the name of a VXLAN interface with a VXLAN VNI of 5 is "vxlan5".

  • The VXLAN tunnel is not secure, because it is not encrypted.

For additional information, see sk170014.

Configuring VXLAN Interfaces in Gaia Portal

Step

Instructions

1

In the navigation tree, click Network Management > Network Interfaces.

2

Click Add > VXLAN.

3

In the Add VXLAN window, select the Enable option to set the VXLAN interface to UP.

4

On the IPv4 tab, enter the local IPv4 address and subnet mask for the VXLAN interface.

5

Optional: On the IPv6 tab, do one of these:

  • Select Obtain IPv6 address automatically via Autoconfig.

  • Select Obtain IPv6 address automatically via Normal DHCPv6.

  • Select Obtain IPv6 address automatically via Prefix Delegation.

  • Select Use the following IPv6 address.

Important:

  • First, you must enable the IPv6 Support and reboot (see System Configuration).

  • R82 does not support IPv6 Address on the Gaia Management Interface (Known Limitation PMTR-47313).

  • On a Multi-Domain Security Management Server, follow these instructions to configure an IPv6 address - Configuring an IPv6 Address on a Multi-Domain Server.

  • Scalable Platforms (ElasticXL, Maestro, and Chassis) do not support this feature (Known Limitation MBS-3246).

6

On the VXLAN Tunnel tab:

  1. In the VXLAN VNI field, enter or select the VXLAN Network Identifier (or VXLAN Segment ID) between 1 and 16,777,215.

    Important - This value must be the same on the VXLAN peers.

  2. In the Member Of field, select the physical interface related to this VXLAN.

  3. In the Remote Address field, enter the IPv4 address of the applicable physical interface on the remote VXLAN peer.

  4. In the DST Port field, enter or select the destination UDP port number between 1 and 65535 (default is 4789 - see IANA Service Name and Port Number Registry).

    Best Practice - Use the default UDP port 4789.

7

Click OK.

Security Gateway "GW1" and Security Gateway "GW2" create a VXLAN.

[GW1] (physical interface eth1) (VXLAN interface) <==>

<==> (Internet) <==>

<==> (VXLAN interface) (physical interface eth2 [GW2]

The VXLAN interface configuration on these VXLAN peers:

Setting

Security Gateway "GW1"

Security Gateway "GW2"

Local physical interface

eth1 with IPv4 10.10.10.11 / 24

eth2 with IPv4 172.30.40.22 / 24

(VXLAN) IPv4 Address

192.168.10.11 / 24

192.168.10.22 / 24

VXLAN VNI

33

33

Member Of

eth1

eth2

Remote Address

172.30.40.22

10.10.10.11

Important - It is not supported to edit the settings of an existing VxLAN interface.

You must delete the existing VxLAN interface and create a new VxLAN interface.

Step

Instructions

1

In the navigation tree, click Network Management > Network Interfaces.

2

Select a VXLAN interface and click Delete.

3

Click OK, when the confirmation message shows.

Configuring VXLAN Interfaces in Gaia Clish

Syntax

add vxlan id <VXLAN VNI> dev <Name of local physical interface> remote <IPv4 address of physical interface on remote peer> dstport <Destination UDP port>

show configuration vxlan

show vxlan id <VXLAN ID>

Important - It is not supported to edit the settings of an existing VxLAN interface.

You must delete the existing VxLAN interface and create a new VxLAN interface.

delete vxlan id <VXLAN VNI>

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently. Scalable Platforms save the changes automatically.

Parameter

Description

id <VXLAN VNI>

Configures the VXLAN Network Identifier (or VXLAN Segment ID) of the VXLAN interface (integer between 1 and 16,777,215).

Important - This value must be the same on the VXLAN peers.

comments "Text"

Defines the optional comment.

  • Write the text in double quotes.

  • Text must be up to 100 characters.

  • This comment appears in the Gaia Portal and in the output of the "show configuration" command.

dev <Name of local physical interface>

Specifies a local physical interface.

dstport <Destination UDP port>

Specifies the destination UDP port number between 1 and 65535 (default is 4789 - see IANA Service Name and Port Number Registry).

Important - This value must be the same on the VXLAN peers.

>

Best Practice - Use the default UDP port 4789.

remote <IPv4 address of physical interface on remote peer>

Specifies the IPv4 address of the applicable physical interface on the remote VXLAN peer.

Security Gateway "GW1" and Security Gateway "GW2" create a VXLAN.

[GW1] (physical interface eth1) (VXLAN interface) <==>

<==> (Internet) <==>

<==> (VXLAN interface) (physical interface eth2 [GW2]

The VXLAN interface configuration on these VXLAN peers:

Setting

Security Gateway "GW1"

Security Gateway "GW2"

Local physical interface

eth1 with IPv4 10.10.10.11 / 24

eth2 with IPv4 172.30.40.22 / 24

(VXLAN) IPv4 Address

192.168.10.11 / 24

192.168.10.22 / 24

VXLAN VNI

33

33

Member Of

eth1

eth2

Remote Address

172.30.40.22

10.10.10.11

The VXLAN interface configuration on the Security Gateway "GW1":

gaia1> add vxlan id 33 dev eth1 remote 172.30.40.22 dstport 4789

The VXLAN interface configuration on the Security Gateway "GW2":

gaia2> add vxlan id 33 dev eth2 remote 10.10.10.11 dstport 4789

Configuring VXLAN Interfaces on Cluster Members

For more information, see the R82 ClusterXL Administration Guide.

In Cluster, you have these options:

  1. Configure a VXLAN interface on all the Cluster Members.

    You must configure the same VXLAN VNI and Remote Address on each Cluster Member.

  2. Connect with SmartConsole to the Management Server.

  3. From the left navigation panel, click Gateways & Servers.

  4. Double-click the cluster object.

  5. From the left tree, click Network Management.

  6. From the toolbar, click Get Interfaces > Get Interfaces With Topology and confirm.

    Make sure you see the new VXLAN interface from each Cluster Member.

  7. Select the new VXLAN interface and click Edit.

  8. From the left tree, click the General page.

  9. In the General section, in the Network Type field, select Cluster.

  10. In the IPv4 field, configure the applicable cluster Virtual IP address.

  11. In the Member IPs section, make sure the IPv4 address and its Net Mask are correct on each Cluster Member.

  12. Click OK.

  13. Publish the SmartConsole session.

  14. Install the Access Control Policy on this cluster object.

  1. Configure a VXLAN interface on a specific Cluster Member.

  2. Connect with SmartConsole to the Management Server.

  3. From the left navigation panel, click Gateways & Servers.

  4. Double-click the cluster object.

  5. From the left tree, click Network Management.

  6. From the toolbar, click Get Interfaces > Get Interfaces With Topology and confirm.

    Make sure you see the new VXLAN interface from the specific Cluster Member, on which you configured it.

  7. Select the new VXLAN interface and click Edit.

  8. From the left tree, click the General page.

  9. In the General section, in the Network Type field, select Private.

  10. Click OK.

  11. Publish the SmartConsole session.

  12. Install the Access Control Policy on this cluster object.