Configuring VXLAN Stripping
Configure this feature to strip all incoming IPv4/IPv6 VxLAN traffic.
This feature is supported only on NVIDIA spectrum-2/3 platforms
Restrictions
The source-IP in tunnel configuration & dest-IP in flow rule configuration should be the same for VxLAN stripping to work.
The dest-mac in the flow rule configuration should be the system-mac of the switch, this can be retrieved using the "show platform syseeprom" command.
The strip-vxlan interface in the tunnel configuration should be a configured as logical loopback.
A physical loopback is required between egress-interface from the tunnel and the tool port as Egress interface for Inner Tagged Vlan.
Flow-based IP-Swap Configuration
Use the below command to configure the flow to swap the MAC & the IP address of incoming traffic:
Reference
Command
flow <name>
network-ports <port>
tool-ports <tunnel>
rule <to wap IP & MAC>
Description
Add flow
Parameters
description Configure description for flow enable Enable the flow
end Exit to Exec Prompt
exit Exit from the Current Prompt network-ports Configure network or TAP ports
no no form
rule Configure rule
tool-ports Configure network tool or analyzer ports
Mode
FLOW
Example
A Physical loop is required from the tunnel1-egress_interface (Ethernet41/1) to Tool port to (Ethernet42/1) egress interface for Tagged inner Vlan .
Tunnel Configuration
Reference
Command
tunnel <tunnelname> no tunnel <tunnelname>
Description
Create tunnel
Parameters
Tunnelname
Mode
CONFIG
Example
Tunnel Attributes
Use the below command to configure the tunnel attributes:
Tunnel attributes cannot be modified directly. To make changes, delete the existing tunnel and configure a new one.
Reference
Command
[no] tunnel <tunnel-name>
Description
Create tunnel
Parameters
comment: Configure comment for tunnel
decap-vxlan: Enable Tunnel to decap VXLAN packet destined to the device
destination-ip: Destination IP address
gateway: Gateway IPv4 Address
ingress-interface: Configure tunnel port
source-ip: Source IP address
source-port: Tunnel Source Port
strip-vxlan: Enable Tunnel to STRIP all the incoming VXLAN packet
vlan-tagging: Tunnel VLAN Tagging
vni: VXLAN network identifier
Mode
TUNNEL
Example
Tunnel with multiple ingress-interface ports and multiple strip-vxlan egress-interface ports and/or port-channels:
Flow-Based Egress Configuration
Use the below command to configure the flow to egress the stripped traffic
Reference
Command
flow <name>
network-ports <port>
tool-ports <port>
rule 1 permit match all
rule 2 permit match-all ipv6
Description
Add flow
Parameters
description Configure description for flow enable Enable the flow
end Exit to Exec Prompt
exit Exit from the Current Prompt network-ports Configure network or TAP ports
no no form
rule Configure rule
tool-ports Configure network tool or analyzer ports
Mode
FLOW
Example
Show VXLAN Tunnel Command
You can display the Vxlan tunnel configurations using this command.
Reference
Command
vxlan ("VxLAN Tunnel") tunnel ("Tunnel Information") (all ("Displays all VXLAN Tunnel configuration") | ("Displays specific VXLAN Tunnel configuration") <tunnelid:string length[10]> ("Tunnel Name")),
Description
Displays VXLAN tunnel