i want set a vpn vxlan carry ethernet packet with vlan tags, the vxlan peer to peer running correct, can carry ethernet packets without vlan tags。but how to set tunnel carry vlan packet,calls "vlan inside vxlan"。 the hardware switch support untag,tags, vxlan mode,how to do with openwrt?
First of all, you have to create a link between two nodes using a 'vxlan' proto. If you can ping the other end then you can carry on for the rest of the setup. Here is my 22.03.3 setup and it does exactly what you want.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd60:d888:48eb::/48'
config device
option type '8021q'
option ifname 'eth0'
option name 'eth0.10'
option vid '10'
config device
option type 'veth'
option name 'veth'
option mtu '2048'
option ipv6 '0'
option macaddr '68:FF:7B:00:FD:FF'
config device
option type 'bridge'
option name 'br-lan'
option stp '1'
option igmp_snooping '1'
option promisc '1'
option bridge_empty '1'
list ports 'eth0'
list ports 'vxlan100'
config device
option type 'bridge'
option name 'br-lan10'
option stp '1'
option igmp_snooping '1'
option promisc '1'
option bridge_empty '1'
list ports 'eth0.10'
list ports 'vxlan100.10'
config device
option type 'bridge'
option name 'br-vxlan'
option bridge_empty '1'
list ports 'veth'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.3'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config interface 'lan10'
option device 'br-lan10'
option proto 'static'
option ipaddr '192.168.10.3'
option netmask '255.255.255.0'
option gateway '192.168.10.1'
list dns '192.168.10.1'
config interface 'vxlan'
option device 'br-vxlan'
option proto 'static'
option ipaddr '192.168.100.3'
option netmask '255.255.255.248'
option gateway '192.168.1.1'
option mtu '2048'
config interface 'vxlan100'
option proto 'vxlan'
option vid '100'
option tunlink 'vxlan'
option peeraddr '192.168.100.4'
option ipaddr '192.168.100.3'
option peerdns '0'
option delegate '0'
config device
option type '8021q'
option ifname 'vxlan100'
option vid '10'
option name 'vxlan100.10'
thank you very much,in fact ,it runs on 22.03.3 very well 。the older version has some problem.....
Hello @faruktezcan ,
Thank you for your example! Based on this, I was able to finally bridge muliple tagged VLAN networks on top of a VXLAN connection (which also piggy-backs on a p2p mesh (802.11s) link between two APs).
Not sure if you still use this setup, but I noticed that sometimes the VXLAN link "gets tired" and for example DHCP or SLAAC does not work any more on any (or all) of the VLAN subnets (at the "receving end" AP). Did you noticed something like this, or maybe tweaked the settings for the interface a bit? (multicast is enabled on all of the bridges)
The only difference between the config, is that I have the same multicast (239.1.1.1) peeraddress for both vxlan proto interfaces and the "carrier" LAN interface bound to them (instead of defining the local "trunk" IP of the LAN interface).
my connection is very stable. I haven't had any problem and am still using this config actively.
As I don't use multicast peeraddress, my guess is that your problems could be related to that part.
That was appently it, thank you! Looks like the tunnel is stable now. The reasoning behind the multicast IP was to add a future third AP with a vxlan interface (same tag and nework). Or would I rather do a new pair of vxlan interfaces with a different vxnet, in a hub-spoke manner (instead if mesh)? that would cause a headache with all the separate bridges and tagged vlan interfaces.
Also another question, how did you calcuate the mtu values? I added 2048 to the main (br) which has the untagged interfaces, but looks like I still got the dreaded ping is ok, but 'no services due to fragmentation' issue. the vx interface itself shows an mtu of 1998 on one AP, less on the other.
Vxlan adds 50 bytes of overhead. Looks like 2048 MTU is not sufficient in your case. Try to increase it slowly and check if the defragmentation still occurs or not, until you find the sweet spot.
You should increase the MTU on your trunk interface.
Yes sir, I did, and not it seems to be all good! I have forced set MTU 2048 on all of the bridge, non-tagged interfaces, including the vxlan and the carrier mesh0 interface, on both devices. Now it's proper. Thank you for your help and tips!