I'm trying to setup a bridge which connects local hosts to a remote machine through a VXLAN interface (vx0). The interface vx0 is added to a bridge (br-lan) in the lan zone of the OpenWrt switch.
config interface 'vx0'
option proto 'vxlan'
option vid '88'
option peeraddr 'X.Y.Z.Z'
option tunlink 'wan'
Unfortunately I cannot ping hosts from the remote machine and vice versa. With tcpdump I can see the arp requests and replies on the br-lan interface. However the replies are not forwarded to the vx0 interface (only the requests are visible there)
Pinging the remote and local hosts from the switch itself works in both directions. The arp tables and brctl showmacs br-lan the output of also look fine to me.
Is there some configuration option that I am missing? Would be really thankful for any pointers on how to troubleshoot this issue.
The wan firewall needs to have the vxlan UDP port (4789) open.
Note that vxlan has no provision for authentication or encryption, so it must only be used over fully secure trusted networks such as inside a data center.
Thanks mk24, I do have the firewall port open. The remote host and the switch seem to be communicating fine - but only as a point to point connection. What doesn't work is accessing the remote side from the other switch ports in the bridge. Do I need to fiddle with fbd entries, or should the bridging work out of the box?
(I am aware of the security implications - this still within a controlled environment)