Good Evening!
I’ve been running an underlay network on hardware that can pass 2000+ mtu packets all day. I setup some Mikrotik hex boxes around and am running ospf between everything. I added the tiks as endpoints to terminate a vxlan and I wanted the vyos machine to be the head end. I can ping from any tik to the vyos at 2000 mtu sized packets no problem. Vxlan on everything is set to 1500 byte. I got the vxlan live, I can get a dhcp address out Of the tik’s, and I can ping the vyos machine vxlan interface all day, but absolutely cannot ping out into the world or get internet. No firewall rules whatsoever.
I then removed all dhcp config, bridged the vxlan to a vlan interface, and handed off the lan config to another router (on bare metal). The tik and endpoint devices can get the new dhcp address, can ping the bare metal, and ping the vyos vxlan interface. Still no internet. I KNOW the bare metal router (a Ubiquiti edgerouter was used as well as another tik) are not the issue- any packet, any size, that has to go through the vyos AND is going out of the vxlan’s subnet doesn’t work.
What funky commands does a vyos router need or have with vxlan’s?
Vni set.
Source interface set
Remote set.
No firewall rule on proxmox for vyos interface.
Hi!
Could you paste your configs?
certainly!
This is a “dumbed down” new config that I threw together trying to force this to work…
Once I took LAN management (DHCP, NAT, etc) off the vyos machine trying to get it work, I put it on eth0.6 (as you can see). I get an address, the Tiks get addresses across the vxlan, but nothing gets internet. Local devices to the 0.6 router get internet, no problem.
vyos@vyos:~$ show configuration commands
set interfaces bridge br100 address 'dhcp'
set interfaces bridge br100 member interface eth0.6
set interfaces bridge br100 member interface vxlan100
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 mtu '9000'
set interfaces ethernet eth0 vif 6
set interfaces ethernet eth0 vif 160 address '10.11.160.2/30'
set interfaces ethernet eth0 vif 160 ip ospf authentication md5 key-id 1 md5-key '1234567890'
set interfaces ethernet eth0 vif 160 ip ospf network 'point-to-point'
set interfaces ethernet eth0 vif 160 mtu '9000'
set interfaces loopback lo
set interfaces vxlan vxlan100 remote '10.10.102.100'
set interfaces vxlan vxlan100 remote '10.10.103.100'
set interfaces vxlan vxlan100 remote '10.10.101.100'
set interfaces vxlan vxlan100 remote '10.10.104.100'
set interfaces vxlan vxlan100 remote '10.10.105.100'
set interfaces vxlan vxlan100 remote '10.10.106.100'
set interfaces vxlan vxlan100 remote '10.10.107.100'
set interfaces vxlan vxlan100 remote '10.10.108.100'
set interfaces vxlan vxlan100 remote '10.10.109.100'
set interfaces vxlan vxlan100 source-interface 'eth0.160'
set interfaces vxlan vxlan100 vni '100'
set protocols ospf area 0.0.0.0 network '10.11.160.0/30'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'eth0.160'
set service ssh access-control allow
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$hHW2RCP6m/1ktfL$93OH/n89.OAcXcKxCenlnd6uWtvOLg9j9isnnaBeK5YzoIfDr8yII1dZe5gKjoDrlMtWGJg1eF9ZcyGr0ojSG/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
Which interface is correct eth0.6 or eth0.160?
And from which host are you pinging?
0.6 is going to my edgerouter (LAN) and 0.160 is ospf to the network.
Just to chime in late… Same problem, and I found it was the MTU on the client computer… need to set it to the MTU used in the vxlan tunnel…