Link Search Menu Expand Document

VXLAN Tab

Configuration > Networking > Routing > VXLAN

Use the VXLAN tab to specify Virtual Extensible Local Area Network (VXLAN) and Virtual Network Identifier (VNI) settings for routing segments already configured on HPE Aruba Networking CX switches or EdgeConnect appliances. VXLAN allows you to create multiple Layer 2 segments over a Layer 3 network. Each segment is identified by a 24-bit VNI that can support up to 16 million virtual networks.

VXLAN encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, enabling you to create virtualized Layer 2 subnets, or segments, that span physical Layer 3 networks. The entity that performs the encapsulation and decapsulation of packets is called a Virtual Tunnel Endpoint (VTEP). An EdgeConnect is a VTEP for WAN-to-LAN traffic. An HPE Aruba Networking CX switch is a VTEP for LAN-to-LAN traffic.

A VNI specifies a routing segment, a firewall zone, and a fallback role for a VXLAN instance. A VNI identifies different virtual networks in the data plane. A VNI is a 24-bit value in the VXLAN header and can support up to 16 million individual network segments. A VNI is like a VLAN ID but has a larger address space. A VNI maps the virtual network to a specific VXLAN segment. The VNI identifies the destination of the traffic in the VXLAN network. VNI is the basis for isolating different virtual networks from each other.

Once a VNI is configured for a segment or in a template, HPE Aruba Networking CX switches or EdgeConnect appliances automatically create a network virtual interface (NVE) as a VXLAN tunnel endpoint (VTEP). A VTEP encapsulates and decapsulates VXLAN packets. The only accepted peer is the NVE that is configured in BGP. Packets received with a VNI not mapped to a segment will be dropped.

EdgeConnect automatically binds the NVE to the VXLAN segment and specifies the source interface for the VXLAN tunnel - only loopback interfaces from the default segment are valid. If BGP EVPN Peer is enabled, the loopback interface you choose is automatically configured in the local interface field of the BGP EVPN Peer configuration. For more information on BGP EVPN Peer configuration, see the BGP tab.

The VXLAN packet tells BGP the target VTEP. BGP discovers the remote VXLAN tunnel endpoint address, advertises routes that are reachable over this tunnel as the forwarding next hop, and dynamically brings down this tunnel when reachability over the tunnel is no longer needed.

Prerequisites

Before you can assign a VNI to a VXLAN segment, you must configure the following settings:

  • Segmentation must be enabled to support VXLAN. See the Routing Segmentation (VRF) tab.

  • The IP routing on the BGP Layer 3 network that connects the EdgeConnect VTEPs must already be configured. This is necessary to enable VXLAN traffic to traverse the network. Therefore, only in-line router mode is supported.

  • Currently, the EdgeConnect EVPN address family is only supported for BGP EVPN peers in the Default segment (VRF ID = 0).

  • One or more loopback interfaces must already be available.

  • VXLAN is only supported on LAN interfaces. Route-Targets must be defined, and BGP enabled for all segments, even if no BGP peers are configured in non-default segments.

Common Settings for all VNIs

Use this section of the VXLAN Tab to configure these common settings for all VNIs:

  • Destination UDP Port: You can configure a custom destination UDP port for VXLAN. If not selected, the appliance uses the default port of 4789.

  • VTEP Source Interface: Select a loopback interface from the list.

    NOTE: Only loopback interfaces are valid. The loopback interface you choose will automatically be configured in the local interface field of the BGP Peer configuration if EVPN Peer is enabled.

VNI Mappings

For this dialog box, use the steps below to map a VNI to a routing segment, a firewall zone, and a fallback role.

NOTE: All configured VNIs configured on an EdgeConnect are communicated to a BGP peer in a single VXLAN tunnel. While the VXLAN tab lists each VNI separately, it only reports the status of that single VXLAN tunnel in the first VNI on the list. Conversely, the Routes tab displays the routes for each VNI segment that is being communicated in the VXLAN tunnel.

Add

  1. Click Add to create a new VNI for a segment.

  2. Enter a value for the VNI segment. Valid values are 1-16777215.

  3. Select the Segment, Firewall Zone, and Fallback Role (Don’t Apply, Guest IOT, Untrusted).

  4. Click OK.

Edit

  1. Select an existing VNI from the list.

  2. Click the Edit icon to modify an existing VNI.

    NOTE: In the Flows tab, enable the VNI Tx and VNI Rx columns to display the number of the VNI that received or sent the VXLAN traffic. Both values should match for every flow. If not, there might be a misconfiguration downstream from the EdgeConnect.

Role to GPID Mapping

Use the Roles dialog box to map a policy enforcement role to a VXLAN Group Policy Identifier (GPID). Mapping policy enforcement roles to a VXLAN GPID is optional. Policy enforcement role mapping to a GPID propagates globally across the SD-WAN Fabric. Enabling the identity-based policy enforcement capability of the HPE Aruba Networking SD-WAN solution in VXLAN segments provides a highly automated extensible way of enabling a zero-trust security architecture.

VXLAN Statistics Reporting

VXLAN statistics reporting provides real-time insights into the performance and health of VXLAN networks. The VXLAN tab Origin column shows whether the VXLAN tunnel was provisioned statically or dynamically. The Status column reports if the VXLAN tunnel us UP or DOWN.

NOTE: For the status of statically provisioned tunnels, view the VTEP Details dialog box by clicking the Details field of a tunnel. You can identify a tunnel in the VXLAN tab page list according to its UP or DOWN status.

VTEP Details

The VTEP Details dialog box provides the following real-time statistics:

  • VTEP Peer Details Transmit and receive packet counts, byte counts, and error counts

    • IP address
    • MAC address
    • Status (UP/DOWN)
    • Uptime
    • Origin (DYNAMIC/STATIS)
    • Associated routes (for all VNIs on the EdgeConnect)
    • RX packets
    • TX packets
    • RX bytes
    • TX Bytes
    • RX drops
    • TX drops
  • Local VTEP Details

    • VTEP source interface
    • VTEP source IP
    • VTEM source MAC address