This knowledge base has moved to the documentation site. Please visit the knowledge base here for the most up to date content. This site is no longer maintained.

[RETIRED] Bridge Layer 2 Protocol Tunneling

Follow

Note: This article has been moved to the Cumulus Linux user guide.


A VXLAN connects layer 2 domains across a layer 3 fabric; however, layer 2 protocol packets, such as LLDP, LACP, STP, and CDP are normally terminated at the ingress VTEP. If you want the VXLAN to behave more like a wire or hub, where protocol packets are tunneled instead of being terminated locally, you can enable bridge layer 2 protocol tunneling.

{{table_of_contents}}

Environment

  • Cumulus Linux 3.5.0 and later

Configuration

To configure bridge layer 2 protocol tunneling for all protocols:

cumulus@switch:~$ net add int swp1 bridge l2protocol-tunnel all
cumulus@switch:~$ net add int vni13 bridge l2protocol-tunnel all cumulus@switch:~$ net pending cumulus@switch:~$ net commit

To configure bridge layer 2 protocol tunneling for a specific protocol, such as LACP:

cumulus@switch:~$ net add int swp1 bridge l2protocol-tunnel lacp
cumulus@switch:~$ net add int vni13 bridge l2protocol-tunnel lacp cumulus@switch:~$ net pending cumulus@switch:~$ net commit

Note: You must enable layer 2 protocol tunneling on the VXLAN link also so that the packets get bridged and correctly forwarded.

The above command creates the following configuration in the /etc/network/interfaces file:

auto swp1
iface swp1
    bridge-access 10
    bridge-l2protocol-tunnel lacp

auto swp2
iface swp2

auto swp3
iface swp3

auto swp4
iface swp4
...
interface vni13
bridge-access 13
bridge-l2protocol-tunnel all
bridge-learning off
mstpctl-bpduguard yes
mstpctl-portbpdufilter yes
vxlan-id 13
vxlan-local-tunnelip 10.0.0.4

LLDP Example

LLDP.png

LACP Example

LACP.png

Pseudo-Wire Example

pseudoWire.png

 Use caution when enabling bridge layer 2 protocol tunneling:

  • Layer 2 protocol tunneling is not a full-featured pseudo-wire solution; there is no end-to-end link status tracking or feedback.
  • Layer 2 protocols typically run on a link local scope. Running the protocols through a tunnel across a layer 3 fabric incurs significantly higher latency, which might require you to tune protocol timers.
  • The lack of end to end link/tunnel status feedback and the higher protocol timeout values make for a higher protocol convergence time in case of change.
  • If the remote endpoint is a Cisco endpoint using LACP, you must configure etherchannel misconfig guard on the Cisco device.

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk