Skip to content

Instantly share code, notes, and snippets.

@noslin005

noslin005/vxlan-bridge-vlan-linux.md

Last active June 26, 2025 00:36
Show Gist options
  • Save noslin005/f2655838cbc8a61c68a01700cd2bc35b to your computer and use it in GitHub Desktop.
Save noslin005/f2655838cbc8a61c68a01700cd2bc35b to your computer and use it in GitHub Desktop.
Download ZIP
Encapsulate VLAN using VXLAN tunnels on Linux
Raw
vxlan-bridge-vlan-linux.md

VXLAN+VLAN+BRIDGE+LINUX

  • Both Host A and Host B are running Linux with identical VXLAN and VLAN aware bridge configurations.
  • They communicate through a VXLAN overlay (ID 100) carried over multicast (239.1.1.1) on UDP port 4789.
  • VLANs are extended across the VXLAN tunnel.
  • Subinterfaces br0.10 and br0.20 provide access to specific VLAN networks (10 and 20).
  • Devices on the same VLAN across hosts can directly communicate as if they are on the same Layer 2 segment.

Use iproute2 tools (testing)

ip link del br0

ip link add br0 type bridge vlan_filtering 1
ip link add vxlan0 type vxlan id 100 group 239.1.1.1 dstport 4789 dev eth0
ip link set vxlan0 master br0
ip link set br0 up
ip link set vxlan0 up

for i in {1..20}; do 
    bridge vlan add dev vxlan0 vid $i
    bridge vlan add dev br0 self vid $i
done

ip link add link br0 name br0.10 type vlan id 10
ip link add link br0 name br0.20 type vlan id 20
ip link set dev br0.10 up
ip link set dev br0.20 up

# Host A
ip addr add 172.16.10.1/24 dev br0.10
ip addr add 172.16.20.1/24 dev br0.20


# Host B
ip addr add 172.16.10.2/24 dev br0.10
ip addr add 172.16.20.2/24 dev br0.20

Using nmcli for persistnce accross reboot

# Bridge
nmcli con del br0
nmcli con add type bridge ifname br0 con-name br0 bridge.vlan-filtering yes bridge.stp no
nmcli con modify br0 ipv4.method disabled ipv6.method disabled bridge.vlans 10,20
nmcli con up br0

# VXLAN
nmcli con del vxlan0
nmcli con add type vxlan ifname vxlan0 con-name vxlan0 vxlan.parent eth0 vxlan.ttl 16 vxlan.remote 239.1.1.1 vxlan.id 100 vxlan.destination-port 4789
nmcli con modify vxlan0 master br0
nmcli con modify vxlan0 bridge.vlans 10,20
nmcli con up vxlan0

# VLAN 10 (Host A)
nmcli con del br0.10
nmcli con add type vlan con-name br0.10 dev br0 id 10 ifname br0.10
nmcli con modify br0.10 ipv4.addresses 172.16.10.1/24 ipv4.method manual ipv6.method disabled
nmcli con up br0.10

# VLAN 20 (Host A)
nmcli con del br0.20
nmcli con add type vlan con-name br0.20 dev br0 id 20 ifname br0.20
nmcli con modify br0.20 ipv4.addresses 172.16.20.1/24 ipv4.method manual ipv6.method disabled
nmcli con up br0.20

Testing

# L2 ping from host A to Hosts B
arping -I br0.10 172.16.10.2

Topology

                            VXLAN ID 100 (Multicast Group: 239.1.1.1)
                      ┌────────────────────────────────────────────────┐
                      │                                                │
        Host A        │                 Ethernet over VXLAN            │      Host B
     ┌──────────┐     │         (VXLAN encapsulation via eth0)         │    ┌─────────┐
     │ br0      │     │                                                │    │ br0     │
     │  │       │     │                                                │    │  │      │
     │  └────┐  │     │                                                │    │  └────┐ │
     │   vxlan0 │◄────┘                                                └────►vxlan0│  │
     └────┬─────┘                                                           └────┬────┘
          │                                                                      │
   ┌──────┴──────┐                                                         ┌─────┴───────┐
   │ VLAN Bridge │                                                         │ VLAN Bridge │
   │  VLAN IDs   │                                                         │  VLAN IDs   │
   │  1..20      │                                                         │  1..20      │
   └────┬────────┘                                                         └──────┬──────┘
        │                                                                         │
 ┌──────┴──────┐                                                           ┌──────┴──────┐
 │ Subinterface│                                                           │ Subinterface│
 │ br0.10      │ 172.16.10.1/24                                            │ br0.10      │ 172.16.10.2/24
 │ br0.20      │ 172.16.20.1/24                                            │ br0.20      │ 172.16.20.2/24
 └─────────────┘                                                           └─────────────┘
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment