Extend VXLAN from OSPF to Static/Direct Connect Routed Network - L3 VXLAN Gateway needed?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)

We have a customer that would like to use VXLAN to extend some VLANs across their network.  They have a mix of XOS and EOS equipment, X670-G2s, S4, N3/N7, etc.

While working to configure VXLAN for their request, I realized that one VTEP will be in the Directly Connected Network portion (X670-G2 VTEP Directly Connected to an S4), and the other VTEP will be in the portion of the network that part of their OSPF ring (X670-G2 VTEP/OSPF router connected to N3 OSPF Router connected to N7 OSPF Router).  The VXLAN should traverse within the OSPF network without issue as opaque LSAs as I understand things, since the N series doesn't know what VXLAN is. 

In this scenario, the N7 is connected to the S4 and uses RIP with redistributed routes. 

Ultimately, do we need to get a L3 VXLAN Gateway to make this work?  I did have a thought of adding static routes into the S4 pointing to the Loopback/endpoint IPs but wasn't sure this would work.

Any help is appreciated.

Thanks,

Bill

Photo of Bill Handler

Bill Handler

  • 1,414 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,288 Points 5k badge 2x thumb
Hi Bill

Please refer to my previous post:
https://community.extremenetworks.com/extreme/topics/vxlan-lab-testing-on-summit-670-g2-switches

No VxLAN gateway is required, you can create and terminate the vxlan tunnel directly on the x670-g2's

Regards
Andre
Photo of Bill Handler

Bill Handler

  • 1,414 Points 1k badge 2x thumb

I'm basing some of my post on that Hub post...  What I'm worried about/questioning is traversing from the OSPF to the other L3 networks...

Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,772 Points 10k badge 2x thumb
Hi Bill,

a layer 3 VXLAN gateway is used to route from one VXLAN to another, just as an SVI is used to route from one VLAN to another. The S-Series can be used as layer 3 VXLAN gateway. See https://community.extremenetworks.com/extreme/topics/s-series-vxlan-lab-setup. It is independent of the underlay network if you need a layer 3 VXLAN gateway or not.

The VTEPs need to know each other for head-end replication of MAC address info. This can be achieved by manual configuration, or using the OSPF VXLAN extensions on Extreme switches.

The opaque LSAs used for Extreme's OSPF VXLAN extensions need to reach each switch with a VTEP. That should work by LSA flooding even for switches/routers that do not understand the contents of the opaque LSAs. If you need to add VTEPs on switches outside the OSPF domain, you need to use manual configuration for those.

VXLAN is a layer 2 tunneling mechanism (overlay) using a layer 3 interconnect (underlay). The layer 3 interconnect does not need to know anything about VXLAN in general.

You should consider using jumbo frames with adjusted IP MTU on the layer 3 interconnect to handle the VXLAN overhead.

HTH,
Erik
Photo of Bill Handler

Bill Handler

  • 1,414 Points 1k badge 2x thumb

Thanks Erik, I remember this from your posts in the other VXLAN hub article that Andre pointed to.

I had planned on using static endpoint mappings and not the ospf extension.

Ultimately, how will the endpoints find each other in my scenario if I do not have some sort of static route configured somewhere?

Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,772 Points 10k badge 2x thumb
Hi Bill,

you need a fully functioning underlay for VXLAN, that is IP connectivity between all VTEPs. It does not matter how to do this (static routing, OSPF, RIP, BGP, route distribution).

You configure the overlay after completing the underlay, and use IP addresses from the underlay for the VTEPs.

On this infrastructure you can build the VXLAN overlay.

Br,
Erik
Photo of Bill Handler

Bill Handler

  • 1,414 Points 1k badge 2x thumb
Okay thanks, that should answer my question!
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,608 Points 10k badge 2x thumb
As Erik said, vxlan traffic is encapsulated in IP, and that outer IP header contains the VTEP IP address. So any IP routing protocol will work to transport vxlan traffic from one VTEP to another. If you don't have ospf extensions, you will need to statically configure the remote VTEPs on every VTEP.