VXLAN tunnel between 2 linux hosts in <5minutes

2 minute read Published:

Ok we only have 5 minutes so:

  • Host A: 10.0.0.1/24
  • Host B: 10.0.1.1/24

Those hosts are behind multiple routers but the are reachable, and there is no firewall between them. We will create a VXLAN tunnel between those hosts to put them on the same network segment, like if we had a dedicated VLAN connecting the hosts.

host A:

ip link add vtep100 type vxlan id 100 dev br100 local 10.0.0.1 remote 10.0.1.1 nolearning
ip link set vtep100 up

host B:

ip link add vtep100 type vxlan id 100 dev br100 local 10.0.1.1 remote 10.0.0.1 nolearning
ip link set vtep100 up

we can check that the devices are now UP on both side.

# ip link show dev vtep100
6: vtep100: BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ether fe:3b:b5:49:9d:49 brd ff:ff:ff:ff:ff:ff

then we will assign IP addresses on the vtep100 interfaces on both hosts like if they were on the same segment:

host A:

ip -6 addr add 2ac0::1/64 dev vtep100

host B:

ip addr add 192.168.0.2/24 dev vtep100
ip -6 addr add 2ac0::2/64 dev vtep100

now from both machine we should be able to ping both IPv4 and IPv6 addresses of the remote machines:

ping6 2ac0:bac0::2
PING 2ac0:bac0::2(2ac0::2) 56 data bytes
64 bytes from 2ac0::2: icmp_seq=1 ttl=64 time=0.553 ms
64 bytes from 2ac0::2: icmp_seq=2 ttl=64 time=0.687 ms

ping 192.168.250.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.606 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.416 ms

having a look at the packet using tcpdump confirm that we’re encapsulating our layer2 frame into a layer3 packet:

ping6 2ac0:bac0::2
23:00:59.035734 IP 10.0.0.1.38268 > 10.0.1.1.8472: OTV, flags [I] (0x08), overlay 0, instance 100
IP6 2ac0::1 > 2ac0::2: ICMP6, echo request, seq 243, length 64