Hi guys,
I follow the guide from the document to create 2 vxlan and 2 vrf for them as well.
The target I want to achieve is leaking traffic between 2 vrf to make the traffic can go through from 1 vxlan to another vxlan.
But i still could not achieve it.
Very appreciate it if you have any idea about this.
I’m using VyOS 1.4 and ubuntu 20.04 as VMs.
Below is my configuration:
VyOS
(vxlan241) (Vxlan242)
/ \
vm1 vm2
[VyOS]
vyos@VyOS1# show i
ethernet eth0 {
address 192.168.56.101/24
hw-id 08:00:27:76:10:b8
vrf mgmt
}
ethernet eth1 {
address 10.0.1.2/24
hw-id 08:00:27:1e:8a:6c
}
ethernet eth2 {
address 10.0.2.2/24
hw-id 08:00:27:89:55:85
}
ethernet eth3 {
address 10.0.3.2/24
hw-id 08:00:27:08:3d:39
}
loopback lo {
}
vxlan vxlan241 {
address 172.16.241.1/24
remote 10.0.2.10
source-interface eth2
vni 241
vrf vrf241
}
vxlan vxlan242 {
address 172.16.242.1/24
remote 10.0.3.20
source-interface eth3
vni 242
vrf vrf242
}
vyos@VyOS1# show vrf
name mgmt {
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.56.1 {
}
}
}
}
table 1000
}
name vrf241 {
protocols {
static {
route 172.16.242.0/24 {
interface vxlan242 {
vrf vrf242
}
}
}
}
table 2000
}
name vrf242 {
protocols {
static {
route 172.16.241.0/24 {
interface vxlan241 {
vrf vrf241
}
}
}
}
table 3000
}
vyos@VyOS1# show protocols
ospf {
area 0 {
network 10.0.1.0/24
}
}
static {
route 172.16.241.0/24 {
interface vxlan241 {
vrf vrf241
}
}
route 172.16.242.0/24 {
interface vxlan242 {
vrf vrf242
}
}
}
vyos@VyOS1# run show ip route vrf all
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF default:
O 10.0.1.0/24 [110/1] is directly connected, eth1, weight 1, 2d05h26m
C>* 10.0.1.0/24 is directly connected, eth1, 2d05h26m
C>* 10.0.2.0/24 is directly connected, eth2, 2d05h26m
C>* 10.0.3.0/24 is directly connected, eth3, 2d05h26m
S>* 172.16.241.0/24 [1/0] is directly connected, vxlan241 (vrf vrf241), weight 1, 2d04h15m
S>* 172.16.242.0/24 [1/0] is directly connected, vxlan242 (vrf vrf242), weight 1, 2d04h33m
VRF mgmt:
S>* 0.0.0.0/0 [1/0] via 192.168.56.1, eth0, weight 1, 2d05h00m
K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 2d05h26m
C>* 192.168.56.0/24 is directly connected, eth0, 2d05h26m
VRF vrf241:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 2d05h26m
C>* 172.16.241.0/24 is directly connected, vxlan241, 2d05h20m
S>* 172.16.242.0/24 [1/0] is directly connected, vxlan242 (vrf vrf242), weight 1, 2d04h33m
VRF vrf242:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 2d05h19m
S>* 172.16.241.0/24 [1/0] is directly connected, vxlan241 (vrf vrf241), weight 1, 2d04h15m
C>* 172.16.242.0/24 is directly connected, vxlan242, 2d05h19m
[VMs]
root@vm1:~# ip a show dev vxl241 │root@vm2:~# ip a show dev vxl242
22: vxl241: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 │16: vxl242: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 1a:81:6f:2e:89:a7 brd ff:ff:ff:ff:ff:ff │ link/ether ca:e6:32:1a:43:fc brd ff:ff:ff:ff:ff:ff
inet 172.16.241.10/24 scope global vxl241 │ inet 172.16.242.20/24 scope global vxl242
valid_lft forever preferred_lft forever │ valid_lft forever preferred_lft forever
inet6 fe80::1881:6fff:fe2e:89a7/64 scope link │ inet6 fe80::c8e6:32ff:fe1a:43fc/64 scope link
valid_lft forever preferred_lft forever │ valid_lft forever preferred_lft forever
root@vm1:~# ping 172.16.241.1 │root@vm2:~# ping 172.16.242.1
PING 172.16.241.1 (172.16.241.1) 56(84) bytes of data. │PING 172.16.242.1 (172.16.242.1) 56(84) bytes of data.
64 bytes from 172.16.241.1: icmp_seq=7 ttl=64 time=1.42 ms │64 bytes from 172.16.242.1: icmp_seq=1 ttl=64 time=0.913 ms
64 bytes from 172.16.241.1: icmp_seq=8 ttl=64 time=1.25 ms │64 bytes from 172.16.242.1: icmp_seq=2 ttl=64 time=1.32 ms
64 bytes from 172.16.241.1: icmp_seq=9 ttl=64 time=1.21 ms │64 bytes from 172.16.242.1: icmp_seq=3 ttl=64 time=1.24 ms
^C │^C
--- 172.16.241.1 ping statistics --- │--- 172.16.242.1 ping statistics ---
9 packets transmitted, 3 received, 66.6667% packet loss, time 8205ms │3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 1.207/1.291/1.417/0.090 ms │rtt min/avg/max/mdev = 0.913/1.156/1.322/0.175 ms
[Ping from VM1 to VM2 - Can see the traffic on vxlan241 but not on vxl242]
root@vm1:~# ping 172.16.242.20 -I vxl241
PING 172.16.242.20 (172.16.242.20) from 172.16.241.10 vxl241: 56(84) bytes of data.
[Monitor traffic on VyOS]
vyos@VyOS1# run monitor traffic interface vxlan241
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vxlan241, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:38:56.272413 ARP, Request who-has 172.16.242.20 tell 172.16.241.10, length 28
11:38:57.330231 ARP, Request who-has 172.16.242.20 tell 172.16.241.10, length 28
11:38:58.360180 ARP, Request who-has 172.16.242.20 tell 172.16.241.10, length 28
11:38:59.391045 ARP, Request who-has 172.16.242.20 tell 172.16.241.10, length 28
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
[edit]
vyos@VyOS1# run monitor traffic interface vxlan242
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vxlan242, link-type EN10MB (Ethernet), snapshot length 262144 bytes