cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

vxlan.rst (3096B)

      1.. SPDX-License-Identifier: GPL-2.0
      2
      3======================================================
      4Virtual eXtensible Local Area Networking documentation
      5======================================================
      6
      7The VXLAN protocol is a tunnelling protocol designed to solve the
      8problem of limited VLAN IDs (4096) in IEEE 802.1q.  With VXLAN the
      9size of the identifier is expanded to 24 bits (16777216).
     10
     11VXLAN is described by IETF RFC 7348, and has been implemented by a
     12number of vendors.  The protocol runs over UDP using a single
     13destination port.  This document describes the Linux kernel tunnel
     14device, there is also a separate implementation of VXLAN for
     15Openvswitch.
     16
     17Unlike most tunnels, a VXLAN is a 1 to N network, not just point to
     18point. A VXLAN device can learn the IP address of the other endpoint
     19either dynamically in a manner similar to a learning bridge, or make
     20use of statically-configured forwarding entries.
     21
     22The management of vxlan is done in a manner similar to its two closest
     23neighbors GRE and VLAN. Configuring VXLAN requires the version of
     24iproute2 that matches the kernel release where VXLAN was first merged
     25upstream.
     26
     271. Create vxlan device::
     28
     29    # ip link add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1 dstport 4789
     30
     31This creates a new device named vxlan0.  The device uses the multicast
     32group 239.1.1.1 over eth1 to handle traffic for which there is no
     33entry in the forwarding table.  The destination port number is set to
     34the IANA-assigned value of 4789.  The Linux implementation of VXLAN
     35pre-dates the IANA's selection of a standard destination port number
     36and uses the Linux-selected value by default to maintain backwards
     37compatibility.
     38
     392. Delete vxlan device::
     40
     41    # ip link delete vxlan0
     42
     433. Show vxlan info::
     44
     45    # ip -d link show vxlan0
     46
     47It is possible to create, destroy and display the vxlan
     48forwarding table using the new bridge command.
     49
     501. Create forwarding table entry::
     51
     52    # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0
     53
     542. Delete forwarding table entry::
     55
     56    # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0
     57
     583. Show forwarding table::
     59
     60    # bridge fdb show dev vxlan0
     61
     62The following NIC features may indicate support for UDP tunnel-related
     63offloads (most commonly VXLAN features, but support for a particular
     64encapsulation protocol is NIC specific):
     65
     66 - `tx-udp_tnl-segmentation`
     67 - `tx-udp_tnl-csum-segmentation`
     68    ability to perform TCP segmentation offload of UDP encapsulated frames
     69
     70 - `rx-udp_tunnel-port-offload`
     71    receive side parsing of UDP encapsulated frames which allows NICs to
     72    perform protocol-aware offloads, like checksum validation offload of
     73    inner frames (only needed by NICs without protocol-agnostic offloads)
     74
     75For devices supporting `rx-udp_tunnel-port-offload` the list of currently
     76offloaded ports can be interrogated with `ethtool`::
     77
     78  $ ethtool --show-tunnels eth0
     79  Tunnel information for eth0:
     80    UDP port table 0:
     81      Size: 4
     82      Types: vxlan
     83      No entries
     84    UDP port table 1:
     85      Size: 4
     86      Types: geneve, vxlan-gpe
     87      Entries (1):
     88          port 1230, vxlan-gpe