Wds vs gre vs vxlan for multipoint trunk over wifi links

Just some observations and thoughts re trunking over wifi.
My use case:

Master AP (archer c7v5, snapshot) -> secondary AP (wr842v1, 20.02.0)
wifi to ethernet (wr703n, 19.07.8)
All firmware custom built using imagebuilder.

Bit of an mixed bag of devices but they still work.

Originally I had this setup using WDS as the backbone and bridged to 2.4g user network.

Unfortunately WDS broke and prompted me to look at options (for entertainment and education mainly).
My next setup was to drop the WDS link and use a plain AP-STA link with a gre tunnel. Configured this ok and managed to configure two tunnels to a single endpoint on the master AP using a separate key for each gre tunnel. This works ok but any addon requires setting up a unique tunnel on the master for each trunk link.
I found mention of vxlan as an alternative and thought I'd give it a go. Looking further I found mention of point to multipoint for vxlan using a multipoint peer address.
So I set up a test network using three wr703n devices with a cut down image removing everything not needed (ipv6, ppp, firewall etc) for an internal network device.
I found by using the multipoint peer address I could easily configure a point to multipoint vxlan network and add to it without needing any changes on the master AP.

part of /etc/config/network

config interface 'lan'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ipv6 '0'
	option delegate '0'
	option ifname '@vxlan0 eth0'
	option type 'bridge'
	option stp '1'

config interface 'link'
	option proto 'static'
	option delegate '0'
	option ipv6 '0'
	option netmask ''
	option ipaddr ''
	option mtu '2048'

config interface 'vxlan0'
        option proto 'vxlan'
        option peeraddr ''
        option vid '1'
        option delegate '0'
        option ipv6 '0'
        option tunlink 'link'

The network config only varies on each device to have a unique lan and link address. The vxlan peeraddr ( is the same on each device.
I'll play further with this and start running vlans across it and report back if I have any issues.
The gre libraries and modules are ~30k installed and the vxlan modues are about 45k installed. So a fairly small difference. I haven't done any testing regarding cpu load or throughput testing.


  • my use case is an internal work, I'm not trying to use this over the internet or a wide area. ymmv
  • I run a LUCI (cut down on the wr703n) on all of these devices but there is no luci-proto-vxlan available on 19.07.8, you must use uci to configure it.

ref: https://www.kernel.org/doc/Documentation/networking/vxlan.txt

GRE on Linux supports multipoint which allows you to use one gre tunnel. It's accomplished by configuring a gre tunnel without remote IP address. Configure an IP subnet on the tunnel. Then you add an ARP entry for each device you want to reach via the tunnel. The lladdr you use is the peer's IP address outside the tunnel. With ip command you can write it in the usual dotted quad format but openwrt requires you to convert it to the hex format used with mac adresses with two additional zero bytes to get 6 bytes.

1 Like

Thanks for that. From what you say there is still a unique config required (ARP) for each tunnel though. Is that required on each device or just on the 'master'?
The openwrt documentation https://openwrt.org/docs/guide-user/network/tunneling_interface_protocols?s[]=gre implies that the end point (remote) address is required. This seems to be a discrepancy between what I think you are saying and the openwrt documentation.

The spokes don't need multipoint gre tunnels to the master in that case. But then you'll get halved bandwidth unless you can assign one radio for each spoke on the master.

It seems correct. I noticed I had configured as remote endpoint which is the any address and is equivalent to configuring no remote address.