VXLAN support (289354)
Virtual Extensible LAN (VXLAN) is a network virtualization technology used in large cloud computing deployments. It encapsulates OSI layer 2 Ethernet frames within layer 3 IP packets using standard destination port 4789. VXLAN endpoints that terminate VXLAN tunnels can be virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs). For more information about VXLAN, see RFC 7348.
VTEP (VXLAN Tunnel End Point) support (289354)
Native VXLAN is now supported by FortiOS. This feature is configurable from the CLI only:
Syntax
config system vxlan
edit <vxlan1> //VXLAN device name (Unique name in system.interface).
set interface //Local outgoing interface.
set vni //VXLAN network ID.
set ip-version //IP version to use for VXLAN device (4 or 6).
set dstport //VXLAN destination port, default is 4789.
set ttl //VXLAN TTL.
set remote-ip //Remote IP address of VXLAN.
next
end
This will create a VXLAN interface:
show system interface vxlan1
config system interface
edit "vxlan1"
set vdom "root"
set type vxlan
set snmp-index 36
set macaddr 8a:ee:1d:5d:ae:53
set interface "port9"
next
end
From the GUI, go to Network > Interfaces to verify the new VXLAN interface:
To diagnose your VXLAN configuration, from the CLI, use the following command:
diagnose sys vxlan fdb list vxlan1
This command provides information about the VXLAN forwarding data base (fdb) associated to the vxlan1 interface. Below is a sample output:
-----------mac=00:00:00:00:00:00 state=0x0082 flags=0x00-----------
-----------remote_ip=2.2.2.2 remote_port=4789-----------
-----------remote_vni=1 remote_ifindex=19-----------
total fdb num: 1
VXLAN support for multiple remote IPs (398959)
VXLAN is now supported for multiple remote IPs, these remote IPs can be IPv4 unicast, IPv6 unicast, IPv4 multicast, or IPv6 multicast. This is useful in datacenter scenarios where the FortiGate can be configured with multiple tunnels to computer nodes.
CLI changes
set ip-version option can be set to the following:
ipv4-unicast//Use IPv4 unicast addressing for VXLAN.
ipv6-unicast //Use IPv6 unicast addressing for VXLAN.
ipv4-multicast//Use IPv4 multicast addressing for VXLAN.
ipv6-multicast//Use IPv6 multicast addressing for VXLAN.
When ip-version is set to ipv4-multicast or ipv6-multicast, ttl option is replaced by multicast-ttl.
Copyright © 2021 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
