VXLAN Configuration Example

From Teltonika Networks Wiki

VXLAN support has been introduced starting with firmware version 00.07.09 and later. It is advised to update to the latest firmware available.

The information in this page is updated in accordance with 00.07.09.1 firmware version.

Introduction

VXLAN (Virtual Extensible LAN) encapsulates Layer 2 Ethernet frames within Layer 3 packets, creating a Layer 2 network over a Layer 3 infrastructure. It acts as a virtual switch, interconnecting routers and all devices connected to them into an extended Layer 2 network, enhancing scalability and flexibility. In this article several methods to configure a VXLAN tunnel between two Teltonika devices will be demonstrated.

Prerequisites

  • Two routers with installed VXLAN packages, will refer to these as RUT1 and RUT2
  • End device like Laptop or Mobile Phone
  • Two Public IP addresses for configuring VXLAN over the Mobile network
  • One Public IP address for configuring VXLAN over the VPN tunnel


VXLAN package Installation

First, install the VXLAN package on both RUT1 and RUT2 devices. This package is available on firmware version 07.09 and later, therefore, updating the router's firmware is a mandatory step if it is outdated. After the update, the package can be found in the Package Manager in the WebUI.

Navigate to System > Package Manager

  1. In the search bar look for vxlan packet
  2. Click Install

VXLAN over Wired WAN

In this section, the setup of VXLAN over Wired WAN using RUT1 and RUT2 devices will be described. The process will show how to create a VXLAN tunnel to connect the devices and allow them to communicate over the wired network.

Configuration on RUT1 device


Navigate to the Network > WAN section in the WebUI, then click the Edit button for the wired WAN interface.

Configuration window will open. Adjust following:
  1. Ensure interface is Enabled
  2. Change Protocol to Static
  3. Enter Ipv4 address for communication in this Wired WAN network
  4. Select your preferable IPv4 netmask
  5. Click twice

Navigate to the Network > Devices

  1. In Add new device section select Type VXLAN
  2. Press

  1. Enter name of the new VXLAN interface
  2. Enter the Remote address corresponding to RUT2 wired WAN interface IP address
  3. Click twice

Navigate to Network > LAN and click Edit to modify existing LAN interface

  1. Asure that Bridge interfaces option is enabled
  2. Click on the droplist and add vxlan1 interface
  3. Click twice

Configuration on RUT2 device


The configuration steps for RUT2 are similar to those performed on RUT1, with some additional adjustments. Navigate to the Network > WAN section in the WebUI, then click the Edit button for the wired WAN interface.

Configuration window will open. Adjust following:

  1. Ensure interface is Enabled
  2. Change Protocol to Static
  3. Enter Ipv4 address for communication in this Wired WAN network
  4. Select your preferable IPv4 netmask
  5. Click twice

Navigate to the Network > Devices

  1. In Add new device section select Type VXLAN
  2. Press

  1. Enter name of the new VXLAN interface
  2. Enter the Remote address corresponding to RUT1 wired WAN interface IP address
  3. Click twice

Navigate to Network > LAN and click Edit to modify existing LAN interface.

  1. For testing purposes, both routers should be part of the same LAN segment, so assign unique IP addresses to prevent conflicts.
  2. Additionally, only one DHCP server, so disable DHCP on RUT2.

  1. Asure that Bridge interfaces option is enabled
  2. Click on the droplist and add vxlan1 interface
  3. Click twice

VXLAN over Mobile network

In this section, VXLAN will be set up between two Teltonika devices using Mobile WAN, requiring two public IPs—one for each RUT device. The configuration steps will be similar to those described in the VXLAN over Wired WAN section of this page, except for the APN settings and the Network > Devices section settings, where the remote address of the created VXLAN interface will be updated to reflect the other router's public IP.

Configuration on RUT1 device


Navigate to the Network > WAN section in the WebUI, then click the Edit button for the mobile WAN interface.

Configuration window will open. Adjust following:
  1. Disable Auto APN
  2. Select an APN that will provide your router with a public IP
  3. Click twice

Navigate to the Network > Devices

  1. In Remote address section, instead of wired WAN IP, RUT2 Public IP address will be used
  2. Click twice

Configuration on RUT2 device


Navigate to the Network > WAN section in the WebUI, then click the Edit button for the mobile WAN interface.

Configuration window will open. Adjust following:
  1. Disable Auto APN
  2. Select an APN that will provide your router with a public IP
  3. Click twice

Navigate to the Network > Devices

  1. In Remote address section, instead of wired WAN IP, RUT1 Public IP address will be used
  2. Click twice

VXLAN over VPN tunnel

If only one public IP address is available, VXLAN can be configured through a VPN tunnel. In this case, an IPSec VPN will be used, where one router acts as the VPN server and the other as the client. The VPN creates remote tunnel endpoints, which can then be integrated into the VXLAN configuration to enable Layer 2 communication between the routers.

Configuration on RUT1 device

Configuration on RUT2 device

Configuration testing

The best way to test the configuration after setting up VXLAN between the routers is to ping between devices on either side of the routers using their LAN IPs and check the ARP tables. This ensures that devices on the same LAN segment can communicate over the Layer 2 (L2) network through the routers.

Configuration testing from RUT1 side:

If the MAC address for the specified IP address in the ARP table matches the RUT2's MAC address, it confirms that the configuration is functioning correctly.


Configuration testing from RUT2 side: