^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) Virtual eXtensible Local Area Networking documentation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) The VXLAN protocol is a tunnelling protocol designed to solve the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) size of the identifier is expanded to 24 bits (16777216).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) VXLAN is described by IETF RFC 7348, and has been implemented by a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) number of vendors. The protocol runs over UDP using a single
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) destination port. This document describes the Linux kernel tunnel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) device, there is also a separate implementation of VXLAN for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) Openvswitch.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) Unlike most tunnels, a VXLAN is a 1 to N network, not just point to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) point. A VXLAN device can learn the IP address of the other endpoint
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) either dynamically in a manner similar to a learning bridge, or make
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) use of statically-configured forwarding entries.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) The management of vxlan is done in a manner similar to its two closest
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) neighbors GRE and VLAN. Configuring VXLAN requires the version of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) iproute2 that matches the kernel release where VXLAN was first merged
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) upstream.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 1. Create vxlan device::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) # ip link add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1 dstport 4789
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) This creates a new device named vxlan0. The device uses the multicast
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) group 239.1.1.1 over eth1 to handle traffic for which there is no
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) entry in the forwarding table. The destination port number is set to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) the IANA-assigned value of 4789. The Linux implementation of VXLAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) pre-dates the IANA's selection of a standard destination port number
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) and uses the Linux-selected value by default to maintain backwards
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) compatibility.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 2. Delete vxlan device::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) # ip link delete vxlan0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 3. Show vxlan info::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) # ip -d link show vxlan0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) It is possible to create, destroy and display the vxlan
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) forwarding table using the new bridge command.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 1. Create forwarding table entry::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) 2. Delete forwarding table entry::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 3. Show forwarding table::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) # bridge fdb show dev vxlan0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) The following NIC features may indicate support for UDP tunnel-related
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) offloads (most commonly VXLAN features, but support for a particular
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) encapsulation protocol is NIC specific):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) - `tx-udp_tnl-segmentation`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) - `tx-udp_tnl-csum-segmentation`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) ability to perform TCP segmentation offload of UDP encapsulated frames
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) - `rx-udp_tunnel-port-offload`
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) receive side parsing of UDP encapsulated frames which allows NICs to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) perform protocol-aware offloads, like checksum validation offload of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) inner frames (only needed by NICs without protocol-agnostic offloads)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) For devices supporting `rx-udp_tunnel-port-offload` the list of currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) offloaded ports can be interrogated with `ethtool`::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) $ ethtool --show-tunnels eth0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) Tunnel information for eth0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) UDP port table 0:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) Size: 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) Types: vxlan
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) No entries
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) UDP port table 1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) Size: 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) Types: geneve, vxlan-gpe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) Entries (1):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) port 1230, vxlan-gpe
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags