Administrator Guide
VXLAN Header :
• VXLAN Flags : Reserved bits set to zero except bit 3, the first bit, which is set to 1 for a valid VNI
• VNI: The 24-bit field that is the VXLAN Network Identifier
• Reserved: A set of fields, 24 bits and 8 bits, that are reserved and set to zero .
Frame Check
Sequence (FCS):
Note that the original Ethernet frame's FCS is not included, but new FCS is generated on the outer Ethernet
frame.
Limitations on VXLAN
While configuring a VXLAN, the following conditions apply:
• Hybrid ports are not supported in VXLAN (hybrid port means an interface tagged to one VLAN and untagged to another VLAN).
• The show vxlan vxlan-instance statistics remote-vtep-ip and the show vxlan vxlan-instance
statistics instance commands are not supported in a NSX environment.
• VXLAN is not supported in a stacking setup.
• VXLAN with VRF configuration is not supported.
• Routing over VXLAN is not supported in a controller-based VXLAN setup.
• SNMP and REST API are not supported for VXLAN configurations.
• Multicast over VXLAN is not supported.
• In multicast and broadcast traffic, even though the remote VTEP is reachable through the ECMP path, load balancing is not
supported.
• Only one Remote VTEP can be reached through a single interface in a broadcast domain.
• Single VNI can be mapped to Single VLAN in both static and NSX controller-based VXLAN. Hence, only 4000 VNIs are supported
while configuring static VXLAN.
• You can map multiple VNIs with multiple VLANs in an NSX-based VXLAN.
• You can configure only one Nuage controller in a VXLAN setup. Nuage controller datapath-learning is not supported.
• In a Nuage controller-based VXLAN deployment, station moves of non-virtualized entities may not work as expected due to a possible
issue in the Nuage contoller.
NOTE:
When more than 15000 learned MAC addresses are synchronized from the Nuage controller to one of the VTEPs,
the SSL connection between the controller and the VTEP flaps continuously.
Configuring and Controlling VXLAN from the NSX
Controller GUI
You can configure and control VXLAN from the NSX controller GUI, by adding a hardware device to NSX and authenticating the device.
1. Generate a certificate in your system and add it to the NSX before adding a hardware device for authentication.
To generate a certificate, use the following command:
• crypto cert generate self-signed cert-file flash://vtep-cert.pem key-file flash://vtep-
privkey.pem
To view the certificate, use the following command:
• show file flash://vtep-cert.pem
The output appears similar to the following example:
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxFTATBgNVBAMMDHd3dy5kZWxsLmN
vbTENMAsGA1UECgwERGVsbDEYMBYGA1UECwwPRGVsbCBOZXR3b3JraW5nMREwDwYDVQQHDAhTQU4gSm9zZTETMBEGA1
UECAwKQ2FsaWZvcm5pYTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xNTExMjAwMzA0NTNaF
w0yNTExMTcwMzA0NTNaMIGZMQswCQYDVQQGEwJVUzEVMBMGA1UEAwwMd3d3LmRlbGwuY29tMQ0wCwYDVQQKDAREZWxs
MRgwFgYDVQQLDA9EZWxsIE5ldHdvcmtpbmcxETAPBgNVBAcMCFNBTiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMSI
wIAYJKoZIhvcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG
aGq3Cv4/RpuoiuePrnayORRhzEW/H2Ypv8OKEcew1gySmFz24LQttzSHo4AO
+qF3LkILvFW2RaHZ1mxbmm95d3PnZ8fXg2wgPz++T6coHGYH0o0+LkHVBb3IIXd/CSp
+TBRzAwWMPS7tnaRv1UqiJtm6/RjcJghbf6zcQWUcg2CTtKe5ej/
rS2tIU9EBGCzL3xs6DRB3lvScgmuckc5L18qWqNHRWMdKFgKwHKUOOvHakPFs9RNJNy5Sxwfe/kgkVmqA/
KWiRIecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLT
AMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E/
w3BLQrX3e3Jv3EUFftGV0NABXOQxb/ODH4doA/68nQcvW7GZgpwoxe77YQH+C/uBNFwSBFxsu9ZkXhKu2q8wrCd
1010
Virtual Extensible LAN (VXLAN)