A VXLAN connects layer 2 domains across a layer 3 fabric; however, layer 2 protocol packets, such as LLDP, LACP, STP, and CDP are normally terminated at the ingres VTEP. If you want the VXLAN to behave more like a wire or hub, where protocol packets are tunneled instead of being terminated locally, you can enable bridge layer 2 protocol tunneling.
- Cumulus Linux 3.5.0 and later
To configure bridge layer 2 protocol tunneling for all protocols:
cumulus@switch:~$ net add int swp1 bridge l2protocol-tunnel all cumulus@switch:~$ net pending cumulus@switch:~$ net commit
To configure bridge layer 2 protocol tunneling for a specific protocol, such as LACP:
cumulus@switch:~$ net add int swp1 bridge l2protocol-tunnel lacp cumulus@switch:~$ net pending cumulus@switch:~$ net commit
The above command creates the following configuration in the
auto swp1 iface swp1 bridge-access 10 bridge-l2protocol-tunnel lacp auto swp2 iface swp2 auto swp3 iface swp3 auto swp4 iface swp4
Use caution when enabling bridge layer 2 protocol tunneling:
- Layer 2 protocol tunneling is not a full-featured pseudo-wire solution; there is no end-to-end link status tracking or feedback.
- Layer 2 protocols typically run on a link local scope. Running the protocols through a tunnel across a layer 3 fabric incurs significantly higher latency, which might require you to tune protocol timers.
- The lack of end to end link/tunnel status feedback and the higher protocol timeout values make for a higher protocol convergence time in case of change.