Link Search Menu Expand Document

VXLAN Template

Use the VXLAN template to to efficiently deploy Virtual Network Identifier (VNI) instances for Virtual Extensible Local Area Network (VXLAN) segments. A VNI maps a routing segment to a firewall zone and a fallback role. Each segment is identified by a 24-bit VNI that can be configured for up to 16 million virtual networks. For additional information, see the VXLAN tab

Prerequisites

Before you can assign a VNI to a VXLAN segment, you must configure the following settings:

  • Segmentation must be enabled to support VXLAN. See the Routing Segmentation (VRF) tab

  • The IP routing on the BGP Layer 3 network that connects the EdgeConnect appliance VTEPs must already be configured. This is necessary to enable VXLAN traffic to traverse the network. Therefore, only in-line router mode is supported.

  • Currently, the EdgeConnect EVPN address family is only supported for BGP EVPN peers in the Default segment (VRF ID = 0).

  • One or more loopback interfaces must already be available.

  • VXLAN is only supported on LAN interfaces. Route-Targets must be defined, and BGP enabled for all segments, even if no BGP peers are configured in non-default segments.

Common Settings for all VNIs

Use this section of the VXLAN Tab to configure these common settings for all VNIs:

  • Destination UDP Port: You can configure a custom destination UDP port for VXLAN. If not selected, the appliance uses the default port of 4789.

  • VTEP Source Interface: Select a loopback interface from the list.
    NOTE: Only loopback interfaces are valid. The loopback interface you choose will automatically be configured in the local interface field of the BGP Peer configuration if EVPN Peer is enabled.

VNI Mappings

For this dialog box, use the steps belwo to map a VNI to a routing segment, a firewall zone, and a fallback role.

Add

  1. Click Add to create a new VNI for a segment.

  2. Enter a value for the VNI segment. Valid values are 1-16777215.

  3. Select the Segment, Firewall Zone, and Fallback Role (Don’t Apply, Guest IOT, Untrusted).

  4. Click OK.

Edit

  1. Select an existing VNI from the list.

  2. Click the Edit icon to modify an existing VNI.

Note: In the Flows tab, enable the VNI Tx and VNI Rx columns to display the number of the VNI that received or sent the VXLAN traffic. Both values should match for every flow. If not, there might be a misconfiguration downstream from the EdgeConnect.

Role to GPID Mapping

Use the Roles dialog box to map a policy enforcement role to a VXLAN Group Policy Identifier (GPID). Mapping policy enforcement roles to a VXLAN GPID is optional. Policy enforcement role mapping to a GPID propagates globally across the SD-WAN Fabric. Enabling the identity-based policy enforcement capability of the HPE Aruba Networking SD-WAN solution in VXLAN segments provides a highly automated extensible way of enabling a zero-trust security architecture.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America