VXLAN

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Our VXLAN (Virtual Extensible LAN) implementation transparently uses OpenBSD's vxlan(4) tunnel interface, and is configured in a fashion similar to EtherIP (with bridges). It's a network virtualization technology that attempts to ameliorate the scalability problems associated with large cloud computing deployments, which uses a VLAN-like encapsulation technique to encapsulate MAC-based OSI layer 2 Ethernet frames within layer 3 UDP packets[1].

It's generally recommended to increase the MTU of the parent interface to at least 1600, to allow for full-sized (1500) VXLAN encapsulated packets.

interface vxlan0 {
	address 10.1.0.0/16
	tunnel 1.1.1.1 2.2.2.2
	vnet-id 9
	tunnel-ttl 3
}
interface bridge0 {
	member vxlan0
	member vmx0
}
...