Virtual eXtensible Local Area Networking documentation

The VXLAN protocol is a tunnelling protocol designed to solve theproblem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN thesize of the identifier is expanded to 24 bits (16777216).

VXLAN is described by IETF RFC 7348, and has been implemented by anumber of vendors. The protocol runs over UDP using a singledestination port. This document describes the Linux kernel tunneldevice, there is also a separate implementation of VXLAN forOpenvswitch.

Unlike most tunnels, a VXLAN is a 1 to N network, not just point topoint. A VXLAN device can learn the IP address of the other endpointeither dynamically in a manner similar to a learning bridge, or makeuse of statically-configured forwarding entries.

The management of vxlan is done in a manner similar to its two closestneighbors GRE and VLAN. Configuring VXLAN requires the version ofiproute2 that matches the kernel release where VXLAN was first mergedupstream.

  1. Create vxlan device:

    # ip link add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1 dstport 4789

This creates a new device named vxlan0. The device uses the multicastgroup 239.1.1.1 over eth1 to handle traffic for which there is noentry in the forwarding table. The destination port number is set tothe IANA-assigned value of 4789. The Linux implementation of VXLANpre-dates the IANA’s selection of a standard destination port numberand uses the Linux-selected value by default to maintain backwardscompatibility.

  1. Delete vxlan device:

    # ip link delete vxlan0

  2. Show vxlan info:

    # ip -d link show vxlan0

It is possible to create, destroy and display the vxlanforwarding table using the new bridge command.

  1. Create forwarding table entry:

    # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0

  2. Delete forwarding table entry:

    # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0

  3. Show forwarding table:

    # bridge fdb show dev vxlan0

The following NIC features may indicate support for UDP tunnel-relatedoffloads (most commonly VXLAN features, but support for a particularencapsulation protocol is NIC specific):

  • tx-udp_tnl-segmentation

  • tx-udp_tnl-csum-segmentation

    ability to perform TCP segmentation offload of UDP encapsulated frames

  • rx-udp_tunnel-port-offload

    receive side parsing of UDP encapsulated frames which allows NICs toperform protocol-aware offloads, like checksum validation offload ofinner frames (only needed by NICs without protocol-agnostic offloads)

For devices supportingrx-udp_tunnel-port-offload the list of currentlyoffloaded ports can be interrogated withethtool:

$ ethtool --show-tunnels eth0Tunnel information for eth0:  UDP port table 0:    Size: 4    Types: vxlan    No entries  UDP port table 1:    Size: 4    Types: geneve, vxlan-gpe    Entries (1):        port 1230, vxlan-gpe