Configuring VxLAN Stripping
Configure this feature to strip all incoming IPv4/IPv6 VxLAN traffic.
This feature is supported only on NVIDIA spectrum-2/3 platforms
Restrictions
The source-IP in tunnel configuration & dest-IP in flow rule configuration should be the same for VxLAN stripping to work.
The dest-mac in the flow rule configuration should be the system-mac of the switch, this can be retrieved using the "show platform syseeprom" command.
The strip-vxlan interface in the tunnel configuration should be a configured as logical loopback.
A physical loopback is required between ingress-interface from the tunnel and the tool port of the swap flow.
Flow-based IP-Swap Configuration
Use the below command to configure the flow to swap the MAC & the IP address of incoming traffic:
Reference
Command | flow <name> network-ports <port> tool-ports <tunnel> rule <to wap IP & MAC> |
Description | Add flow |
Parameters | description Configure description for flow enable Enable the flow end Exit to Exec Prompt exit Exit from the Current Prompt network-ports Configure network or TAP ports no no form rule Configure rule tool-ports Configure network tool or analyzer ports |
Mode | FLOW |
Example
A Physical loop is required from the flow swap-tunnel port (Ethernet41/1) to tunnel1-ingress_interface (Ethernet42/1) for VxLAN Stripping to work.
Tunnel Configuration
Reference
Command | tunnel <tunnelname> no tunnel <tunnelname> |
Description | Create tunnel |
Parameters | Tunnelname |
Mode | CONFIG |
Example
Tunnel Attributes
Use the below command to configure the tunnel attributes:
Tunnel attributes cannot be modified directly. To make changes, delete the existing tunnel and configure a new one.
Reference
Command | [no] tunnel <tunnel-name> |
Description | Create tunnel |
Parameters | comment: Configure comment for tunnel decap-vxlan: Enable Tunnel to decap VXLAN packet destined to the device destination-ip: Destination IP address gateway: Gateway IPv4 Address ingress-interface: Configure tunnel port source-ip: Source IP address source-port: Tunnel Source Port strip-vxlan: Enable Tunnel to STRIP all the incoming VXLAN packet vlan-tagging: Tunnel VLAN Tagging vni: VXLAN network identifier |
Mode | TUNNEL |
Example
Flow-Based Egress Configuration
Use the below command to configure the flow to egress the stripped traffic
Reference
Command | flow <name> network-ports <port> tool-ports <port> rule 1 permit match all rule 2 permit match-all ipv6 |
Description | Add flow |
Parameters | description Configure description for flow enable Enable the flow end Exit to Exec Prompt exit Exit from the Current Prompt network-ports Configure network or TAP ports no no form rule Configure rule tool-ports Configure network tool or analyzer ports |
Mode | FLOW |
Example
Show VXLAN Tunnel Command
You can display the Vxlan tunnel configurations using this command.
Reference
Command | vxlan ("VxLAN Tunnel") tunnel ("Tunnel Information") (all ("Displays all VXLAN Tunnel configuration") | ("Displays specific VXLAN Tunnel configuration") <tunnelid:string length[10]> ("Tunnel Name")), |
Description | Displays VXLAN tunnel |
Example
Tunnel status will be DOWN when the tunnel is configured for VxLAN stripping.
Last updated
