Configuring VXLAN Stripping

Configure this feature to strip all incoming IPv4/IPv6 VxLAN traffic.

This feature is supported only on NVIDIA spectrum-2/3 platforms

Restrictions

  • The source-IP in tunnel configuration & dest-IP in flow rule configuration should be the same for VxLAN stripping to work.

  • The dest-mac in the flow rule configuration should be the system-mac of the switch, this can be retrieved using the "show platform syseeprom" command.

  • The strip-vxlan interface in the tunnel configuration should be a configured as logical loopback.

  • A physical loopback is required between egress-interface from the tunnel and the tool port as Egress interface for Inner Tagged Vlan.

Flow-based IP-Swap Configuration

Use the below command to configure the flow to swap the MAC & the IP address of incoming traffic:

Reference

Command

flow <name>

network-ports <port>

tool-ports <tunnel>

rule <to wap IP & MAC>

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt network-ports Configure network or TAP ports

no no form

rule Configure rule

tool-ports Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow swap
pbnoscli(config-flow-swap)# network-ports Ethernet1/1
pbnoscli(config-flow-swap)# tool-ports Ethernet50/1
pbnoscli(config-flow-swap)# rule 5 permit protocol 58 counters enable
pbnoscli(config-flow-swap)# rule 5 action override-to cpu
pbnoscli(config-flow-swap)# rule 6 permit match-all counters enable
pbnoscli(config-flow-swap)# rule 6 action overwrite dest-ip 10.10.10.1 dest-mac 1c:34:da:23:77:00 dest-port 4789
pbnoscli(config-flow-swap)# rule 7 permit match-all ipv6 counters enable
pbnoscli(config-flow-swap)# rule 7 action overwrite dest-mac 1c:34:da:23:77:00 dest-port 4789
pbnoscli(config-flow-swap)# end
pbnoscli#

A Physical loop is required from the tunnel1-egress_interface (Ethernet41/1) to Tool port to (Ethernet42/1) egress interface for Tagged inner Vlan .

Tunnel Configuration

Reference

Command

tunnel <tunnelname> no tunnel <tunnelname>

Description

Create tunnel

Parameters

Tunnelname

Mode

CONFIG

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config)# no tunnel tunnel1

Tunnel Attributes

Use the below command to configure the tunnel attributes:

Tunnel attributes cannot be modified directly. To make changes, delete the existing tunnel and configure a new one.

Reference

Command

[no] tunnel <tunnel-name>

Description

Create tunnel

Parameters

comment: Configure comment for tunnel

decap-vxlan: Enable Tunnel to decap VXLAN packet destined to the device

destination-ip: Destination IP address

gateway: Gateway IPv4 Address

ingress-interface: Configure tunnel port

source-ip: Source IP address

source-port: Tunnel Source Port

strip-vxlan: Enable Tunnel to STRIP all the incoming VXLAN packet

vlan-tagging: Tunnel VLAN Tagging

vni: VXLAN network identifier

Mode

TUNNEL

Example

pbnoscli(config)# tunnel tunnel1
pbnoscli(config-tunnel-tunnel1)# ingress-interface Ethernet50/1
pbnoscli(config-tunnel-tunnel1)# strip-vxlan egress Ethernet41/1
pbnoscli(config-tunnel-tunnel1)# source-ip 10.10.10.1
pbnoscli(config-tunnel-tunnel1)# destination-ip 10.10.10.2
pbnoscli(config-tunnel-tunnel1)# vni 4098
pbnoscli(config-tunnel-tunnel1)# vlan-tagging disable
pbnoscli(config-tunnel-tunnel1)#

Flow-Based Egress Configuration

Use the below command to configure the flow to egress the stripped traffic

Reference

Command

flow <name>

network-ports <port>

tool-ports <port>

rule 1 permit match all

rule 2 permit match-all ipv6

Description

Add flow

Parameters

description Configure description for flow enable Enable the flow

end Exit to Exec Prompt

exit Exit from the Current Prompt network-ports Configure network or TAP ports

no no form

rule Configure rule

tool-ports Configure network tool or analyzer ports

Mode

FLOW

Example

pbnoscli(config)# flow egress
pbnoscli(config-flow-egress)# network-ports Ethernet42/1
pbnoscli(config-flow-egress)# tool-ports Ethernet64/1
pbnoscli(config-flow-egress)# rule 10 permit match-all counters enable
pbnoscli(config-flow-egress)# rule 20 permit match-all ipv6 counters enable
pbnoscli(config-flow-egress)# rule 20 action override-to Ethernet64/1
pbnoscli(config-flow-egress)# end
pbnoscli#

Show VXLAN Tunnel Command

You can display the Vxlan tunnel configurations using this command.

Reference

Command

vxlan ("VxLAN Tunnel") tunnel ("Tunnel Information") (all ("Displays all VXLAN Tunnel configuration") | ("Displays specific VXLAN Tunnel configuration") <tunnelid:string length[10]> ("Tunnel Name")),

Description

Displays VXLAN tunnel

Example

pbnoscli# show vxlan tunnel all

===============================================
VXLAN Tunnel - tunnel1
===============================================
Tunnel Port       : Ethernet50/1
Source IP         : 10.10.10.1
Destination IP    : 10.10.10.2
Source MAC        : 1c:34:da:23:77:00
VN-ID             : 4098
Vlan Tagging      : false
Tunnel Status     : UP
pbnoscli#

PreviousConfiguring VXLAN FlowNextConfiguring SNMP

Last updated

Was this helpful?