Hello I have been testing vxlan on vyos 1.2.6 epa 1 for our virtual ixp. We are facing an issue. With vxlan tunnels on Debian 10 systems they simply cannot get the tunnel working. It worked flawlessly on 1.2.5 and 1.3 latest where we needed to manually set the interface up state.
Commands:
set interfaces vxlan vxlan22 vni 22
set interfaces vxlan vxlan22 remote xx.xx.xxx.xxx
set interfaces vxlan vxlan22 remote-port 4789
set interfaces vxlan vxlan22 link eth0
set interfaces vxlan vxlan22 bridgegroup bridge br1
All vxlan interfaces are added to this bridge so that they can communicate among themselves. However, Ubuntu systems work fine but not debian 10 systems.
Can you share configuration commands from each side?
my side are mentioned above.
Other end:
ip link add OSIXP_VxLAN type vxlan id 22 local 193.70.124.225 remote 115.187.33.173 dstport 4789 dev ens192
ip link set OSIXP_VxLAN up
ip -6 a a 2602:feda:afe::22/48 dev OSIXP_VxLAN
115.187.33.173 is snatted to 192.168.168.250
another peer reported problem
his config on debian:
#!/bin/sh
ip link add peer-kalpak type vxlan id 17 remote 115.187.33.173 local 91.134.140.163 dstport 4789
#ouvrir firewall UDP 4789
ip link set peer-kalpak up
ip -6 addr add 2602:feda:afe::17/48 dev peer-kalpak
ip link set mtu 1450 dev peer-kalpak
my full config:
set interfaces bridge br1 address ‘2602:feda:afe::3/48’
set interfaces bridge br1 aging ‘300’
set interfaces bridge br1 hello-time ‘2’
set interfaces bridge br1 max-age ‘20’
set interfaces bridge br1 priority ‘32768’
set interfaces bridge br1 stp ‘false’
set interfaces ethernet eth0 address ‘192.168.168.250/30’
set interfaces ethernet eth0 duplex ‘auto’
set interfaces ethernet eth0 smp-affinity ‘auto’
set interfaces ethernet eth0 speed ‘auto’
set interfaces ethernet eth1 address ‘192.168.168.1/30’
set interfaces ethernet eth1 address ‘2a0f:9400:8017:32::1/64’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 smp-affinity ‘auto’
set interfaces ethernet eth1 speed ‘auto’
set interfaces ethernet eth2 address ‘192.168.72.1/24’
set interfaces ethernet eth2 duplex ‘auto’
set interfaces ethernet eth2 smp-affinity ‘auto’
set interfaces ethernet eth2 speed ‘auto’
set interfaces ethernet eth3 bridge-group bridge ‘br1’
set interfaces ethernet eth3 description ‘v-switchCCU’
set interfaces ethernet eth3 duplex ‘auto’
set interfaces ethernet eth3 smp-affinity ‘auto’
set interfaces ethernet eth3 speed ‘auto’
set interfaces loopback lo address ‘192.168.254.1/32’
set interfaces tunnel tun0 address ‘192.168.168.21/30’
set interfaces tunnel tun0 address ‘2a0f:9400:8017:20::1/64’
set interfaces tunnel tun0 encapsulation ‘gre’
set interfaces tunnel tun0 local-ip ‘192.168.168.250’
set interfaces tunnel tun0 multicast ‘disable’
set interfaces tunnel tun0 remote-ip ‘10.14.94.232’
set interfaces tunnel tun1 address ‘192.168.168.5/30’
set interfaces tunnel tun1 address ‘2a0f:9400:8017:69::1/64’
set interfaces tunnel tun1 encapsulation ‘gre’
set interfaces tunnel tun1 local-ip ‘192.168.168.250’
set interfaces tunnel tun1 multicast ‘disable’
set interfaces tunnel tun1 remote-ip ‘10.14.96.109’
set interfaces vxlan vxlan1 bridge-group bridge ‘br1’
set interfaces vxlan vxlan1 link ‘eth0’
set interfaces vxlan vxlan1 remote ‘115.187.62.14’
set interfaces vxlan vxlan1 remote-port ‘4789’
set interfaces vxlan vxlan1 vni ‘1’
set interfaces vxlan vxlan4 bridge-group bridge ‘br1’
set interfaces vxlan vxlan4 link ‘eth0’
set interfaces vxlan vxlan4 remote ‘45.120.139.17’
set interfaces vxlan vxlan4 remote-port ‘4789’
set interfaces vxlan vxlan4 vni ‘4’
set interfaces vxlan vxlan6 bridge-group bridge ‘br1’
set interfaces vxlan vxlan6 link ‘eth0’
set interfaces vxlan vxlan6 remote ‘136.243.0.23’
set interfaces vxlan vxlan6 remote-port ‘4789’
set interfaces vxlan vxlan6 vni ‘6’
set interfaces vxlan vxlan11 address ‘2a0e:b107:b7b::11/64’
set interfaces vxlan vxlan11 link ‘eth0’
set interfaces vxlan vxlan11 remote ‘45.32.108.210’
set interfaces vxlan vxlan11 remote-port ‘4789’
set interfaces vxlan vxlan11 vni ‘11’
set interfaces vxlan vxlan16 bridge-group bridge ‘br1’
set interfaces vxlan vxlan16 link ‘eth0’
set interfaces vxlan vxlan16 remote ‘45.77.32.141’
set interfaces vxlan vxlan16 remote-port ‘4789’
set interfaces vxlan vxlan16 vni ‘16’
set interfaces vxlan vxlan17 bridge-group bridge ‘br1’
set interfaces vxlan vxlan17 link ‘eth0’
set interfaces vxlan vxlan17 remote ‘91.134.140.163’
set interfaces vxlan vxlan17 remote-port ‘4789’
set interfaces vxlan vxlan17 vni ‘17’
set interfaces vxlan vxlan18 bridge-group bridge ‘br1’
set interfaces vxlan vxlan18 link ‘eth0’
set interfaces vxlan vxlan18 remote ‘13.232.139.152’
set interfaces vxlan vxlan18 remote-port ‘4789’
set interfaces vxlan vxlan18 vni ‘18’
set interfaces vxlan vxlan21 bridge-group bridge ‘br1’
set interfaces vxlan vxlan21 link ‘eth0’
set interfaces vxlan vxlan21 remote ‘77.83.243.7’
set interfaces vxlan vxlan21 remote-port ‘4789’
set interfaces vxlan vxlan21 vni ‘21’
set interfaces vxlan vxlan24 bridge-group bridge ‘br1’
set interfaces vxlan vxlan24 link ‘eth0’
set interfaces vxlan vxlan24 remote ‘78.141.208.154’
set interfaces vxlan vxlan24 remote-port ‘4789’
set interfaces vxlan vxlan24 vni ‘24’
set interfaces vxlan vxlan25 bridge-group bridge ‘br1’
set interfaces vxlan vxlan25 link ‘eth0’
set interfaces vxlan vxlan25 remote ‘149.28.146.32’
set interfaces vxlan vxlan25 remote-port ‘4789’
set interfaces vxlan vxlan25 vni ‘25’
set interfaces vxlan vxlan30 bridge-group bridge ‘br1’
set interfaces vxlan vxlan30 link ‘eth0’
set interfaces vxlan vxlan30 remote ‘193.70.124.225’
set interfaces vxlan vxlan30 remote-port ‘4789’
set interfaces vxlan vxlan30 vni ‘30’
set interfaces vxlan vxlan1000 address ‘2a0f:9400:8017:77::2/64’
set interfaces vxlan vxlan1000 link ‘eth0’
set interfaces vxlan vxlan1000 remote ‘77.83.243.233’
set interfaces vxlan vxlan1000 remote-port ‘4789’
set interfaces vxlan vxlan1000 vni ‘1000’
set nat source
set policy prefix-list6 PNI-out rule 10 action ‘permit’
set policy prefix-list6 PNI-out rule 10 prefix ‘2a0f:9400:8017::/48’
set policy prefix-list6 PNI-out rule 11 action ‘permit’
set policy prefix-list6 PNI-out rule 11 prefix ‘2a0f:9400:801b::/48’
set policy prefix-list6 PNI-out rule 12 action ‘permit’
set policy prefix-list6 PNI-out rule 12 prefix ‘2a0e:b107:9e0::/46’
set policy prefix-list6 PNI-out rule 13 action ‘permit’
set policy prefix-list6 PNI-out rule 13 prefix ‘2a0e:b107:9e4::/46’
set policy prefix-list6 PNI-out rule 14 action ‘permit’
set policy prefix-list6 PNI-out rule 14 prefix ‘2a0e:b107:9e8::/46’
set policy prefix-list6 PNI-out rule 15 action ‘permit’
set policy prefix-list6 PNI-out rule 15 prefix ‘2a0e:b107:9ec::/46’
set policy prefix-list6 PNI-out rule 16 action ‘permit’
set policy prefix-list6 PNI-out rule 16 prefix ‘2a0e:b107:b00::/46’
set policy prefix-list6 PNI-out rule 17 action ‘permit’
set policy prefix-list6 PNI-out rule 17 prefix ‘2a0e:b107:b04::/46’
set policy prefix-list6 PNI-out rule 18 action ‘permit’
set policy prefix-list6 PNI-out rule 18 prefix ‘2a0e:b107:b08::/46’
set policy prefix-list6 PNI-out rule 19 action ‘permit’
set policy prefix-list6 PNI-out rule 19 prefix ‘2a0e:b107:b0c::/46’
set policy prefix-list6 PNI-out rule 20 action ‘permit’
set policy prefix-list6 PNI-out rule 20 prefix ‘2406:840:f330::/46’
set policy prefix-list6 PNI-out rule 21 action ‘permit’
set policy prefix-list6 PNI-out rule 21 prefix ‘2406:840:f334::/46’
set policy prefix-list6 PNI-out rule 22 action ‘permit’
set policy prefix-list6 PNI-out rule 22 prefix ‘2406:840:f338::/46’
set policy prefix-list6 PNI-out rule 23 action ‘permit’
set policy prefix-list6 PNI-out rule 23 prefix ‘2406:840:f33c::/46’
set policy prefix-list6 mumbai-out rule 10 action ‘permit’
set policy prefix-list6 mumbai-out rule 10 prefix ‘2a0f:9400:8017::/48’
set policy prefix-list6 mumbai-out rule 11 action ‘permit’
set policy prefix-list6 mumbai-out rule 11 prefix ‘2a0e:b104:9e0::/46’
set policy prefix-list6 mumbai-out rule 12 action ‘permit’
set policy prefix-list6 mumbai-out rule 12 prefix ‘2a0e:b104:9e4::/46’
set policy prefix-list6 mumbai-out rule 13 action ‘permit’
set policy prefix-list6 mumbai-out rule 13 prefix ‘2a0e:b104:9e8::/46’
set policy prefix-list6 mumbai-out rule 14 action ‘permit’
set policy prefix-list6 mumbai-out rule 14 prefix ‘2a0e:b104:9ec::/46’
set policy route-map PNI-out rule 10 action ‘permit’
set policy route-map PNI-out rule 10 match ipv6 address prefix-list ‘PNI-out’
set policy route-map PNI-out rule 20 action ‘deny’
set policy route-map mumbai-out rule 10 action ‘permit’
set policy route-map mumbai-out rule 10 match ipv6 address prefix-list ‘mumbai-o ut’
set policy route-map mumbai-out rule 20 action ‘deny’
set protocols bgp 213326 address-family ipv4-unicast network 192.168.72.0/24
set protocols bgp 213326 neighbor 192.168.168.249 address-family ipv4-unicast ro ute-reflector-client
set protocols bgp 213326 neighbor 192.168.168.249 remote-as ‘213326’
set protocols bgp 213326 neighbor 192.168.254.3 address-family ipv4-unicast rout e-reflector-client
set protocols bgp 213326 neighbor 192.168.254.3 remote-as ‘213326’
set protocols bgp 213326 neighbor 192.168.254.3 update-source ‘192.168.254.1’
set protocols bgp 213326 neighbor 192.168.254.8 address-family ipv4-unicast rout e-reflector-client
set protocols bgp 213326 neighbor 192.168.254.8 remote-as ‘213326’
set protocols bgp 213326 neighbor 192.168.254.8 update-source ‘192.168.254.1’
set protocols bgp 213326 neighbor 192.168.254.10 address-family ipv4-unicast rou te-reflector-client
set protocols bgp 213326 neighbor 192.168.254.10 remote-as ‘213326’
set protocols bgp 213326 neighbor 192.168.254.10 update-source ‘192.168.254.1’
set protocols bgp 213326 neighbor 2a0e:b107:b7b::12 address-family ipv6-unicast route-map export ‘PNI-out’
set protocols bgp 213326 neighbor 2a0e:b107:b7b::12 password ‘Y5UWD845u6i7’
set protocols bgp 213326 neighbor 2a0e:b107:b7b::12 remote-as ‘112’
set protocols bgp 213326 neighbor 2a0f:9400:8017:32::2 address-family ipv6-unica st nexthop-self
set protocols bgp 213326 neighbor 2a0f:9400:8017:32::2 address-family ipv6-unica st route-reflector-client
set protocols bgp 213326 neighbor 2a0f:9400:8017:32::2 remote-as ‘213326’
set protocols bgp 213326 neighbor 2a0f:9400:8017:77::1 address-family ipv6-unica st route-map export ‘PNI-out’
set protocols bgp 213326 neighbor 2a0f:9400:8017:77::1 address-family ipv6-unica st route-reflector-client
set protocols bgp 213326 neighbor 2a0f:9400:8017:77::1 remote-as ‘213326’
set protocols bgp 213326 neighbor 2602:feda:afe::1 address-family ipv6-unicast r oute-map export ‘PNI-out’
set protocols bgp 213326 neighbor 2602:feda:afe::1 remote-as ‘65515’
set protocols bgp 213326 neighbor 2602:feda:afe::4 address-family ipv6-unicast r oute-map export ‘mumbai-out’
set protocols bgp 213326 neighbor 2602:feda:afe::4 remote-as ‘213042’
set protocols ospf area 0.0.0.0 network ‘192.168.168.0/30’
set protocols ospf area 0.0.0.0 network ‘192.168.168.248/30’
set protocols ospf area 0.0.0.0 network ‘192.168.168.4/30’
set protocols ospf area 0.0.0.0 network ‘192.168.168.20/30’
set protocols ospf area 0.0.0.0 network ‘192.168.168.252/30’
set protocols ospf area 0.0.0.0 network ‘192.168.254.1/32’
set protocols ospf parameters abr-type ‘cisco’
set protocols ospf parameters router-id ‘192.168.254.1’
set protocols ospfv3 area 0.0.0.0 interface ‘tun0’
set protocols ospfv3 area 0.0.0.0 interface ‘tun1’
set protocols ospfv3 area 0.0.0.0 interface ‘eth1’
set protocols ospfv3 parameters router-id ‘192.168.254.1’
set protocols static route 0.0.0.0/0 next-hop 192.168.168.249
set service dns
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘9600’
set system host-name ‘vyos’
set system login user vyos authentication encrypted-password ‘$6$RzagaxZDexRAb$5 eTnQhaooUdcQ5R336L4QN8GU3vxSt.W84N.nhgQx691tiqhUmNsdjVyGHREnCNV8VpTouRxWijczg1rI uLra0’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system name-server ‘192.168.72.72’
set system name-server ‘192.168.72.71’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘UTC’