VXLAN

VXLAN

[info]

[-- Attachment #1: Type: text/plain, Size: 869 bytes --]

Hello,
I would love to use VXLANs for my network to separate stuff, although I'm a bit struggling. My topology looks like this:
VM A --> AMSTERDAM -> FRANKFURT -> VIENNA --> VM B
'->' indicates a Wireguard tunnel'-->' is a physical link
Actually I'm configuring a VXLAN Interface in AMSTERDAM and VIENNA, with the tunnel IPs as remote/local.
Anyway, somehow I'm facing a strange issue here. VM A and VM B can ping each other already, although nothing else works. I cannot do curl/wget between the VMs nor iperf, etc.
Do you know if my topology above should work? VM A can reach VM B without VXLAN just fine over the other hops, as well AMSTERDAM and VIENNA can reach each other fully.
No firewall enabled nor anything else. Allowed-IPs is 0.0.0.0/0,::/0 on all tunnels.
My guess was that this is somewhat MTU related, tried 1200 on the VXLAN interfaces - no difference.

[-- Attachment #2: Type: text/html, Size: 1851 bytes --]

Re: VXLAN

[Jason A. Donenfeld]

Hey Florian,

Indeed that's strange, and MTU would be my first guess too, though
fragmentation should be working anyway so perhaps it's not that. You
can try this out by using the -s param to ping to test out the maximum
packet size.

If I understand correctly, you're putting VXLAN _on top of_ WireGuard?

Can you send tcpdump pcaps?

Jason

Re: VXLAN

[jens]

[-- Attachment #1: Type: text/plain, Size: 1875 bytes --]

i also understand it like you want to use vxlan0 to connect each other,
surprisingly we are playing with this actually also - but run in
difficulties with v6 and vxlan

doing somethings like on each endpoint (both have wg0 , and this is
working fine with v6 wg internal adresses)

|ip link add vxlan0 type vxlan id 42 local <local_wg_v6>dstport 4789
nolearning bridge fdb add to <remote_mac>dst <remote_wg_v6> dev vxlan0
so fyi: (german only)
https://forum.freifunk.net/t/wireguard-0-0-20161230-linuxkernel-3-18-gluon-v2016-2-2/14122/16
|

you may consider gretap tunnel - which already is working,
but i am also interested in workling vxlan setups


On 12.02.2017 22:07, info wrote:
> Hello,
>
> I would love to use VXLANs for my network to separate stuff, although
> I'm a bit struggling. My topology looks like this:
>
> VM A --> AMSTERDAM -> FRANKFURT -> VIENNA --> VM B
>
> '->' indicates a Wireguard tunnel
> '-->' is a physical link
>
> Actually I'm configuring a VXLAN Interface in AMSTERDAM and VIENNA,
> with the tunnel IPs as remote/local.
>
> Anyway, somehow I'm facing a strange issue here. VM A and VM B can
> ping each other already, although nothing else works. I cannot do
> curl/wget between the VMs nor iperf, etc.
>
> Do you know if my topology above should work? VM A can reach VM B
> without VXLAN just fine over the other hops, as well AMSTERDAM and
> VIENNA can reach each other fully.
>
> No firewall enabled nor anything else. Allowed-IPs is 0.0.0.0/0,::/0
> on all tunnels.
>
> My guess was that this is somewhat MTU related, tried 1200 on the
> VXLAN interfaces - no difference.
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

-- 
make the world nicer, please use PGP encryption


[-- Attachment #2: Type: text/html, Size: 4762 bytes --]