Forum Discussion
NimbostratusVXLAN configuration between ESX and F5, how?
Hi all,
Now I have a ESX with ip address 10.0.0.203 and a F5 with vlan interface (ip: 10.20.0.1 ),which is configred a static route and thus it is reacheable by the ESX.
There is one vm under the ESX, with ip 10.30.0.222 with VXLAN VNI 5503.
Now, I would like to configure the f5 as the VXLAN endpoint/gateway and create a VXLAN tunnel to connect to the ESX (must be unicast in our case). Finally, I would like to know how to test if the tunnel is working or not.
The online offical documentation is not shown the co figuration step of it clearly.
Is FDB configuration mandatory? How to specify the vxlan gateway on ESX?
Thank you.
- Carl_Brothers
Employee
Is this on a system that has a license for SDN Services? This is included on the iseries platforms, v16 virtual editions, and systems running the better or best bundles(hardware and virtual). Any platform/license not included in the previous sentence will require the SDN Services license.
Below are a few links that should help get you started.
Hahaanom_359533Yes, the unit is in iseries. Regarding to the reference link provided, I don't quite understand what is those vlan (legacy5000) and ip (10.4.4.x /10.5.5.x) referring to.
And, I am not sure whether fdb is mandatory to be configured to associate mac address and ip of vxlan gateway.
Thank you!
- Hahaanom_359533
Anyone could help?
AceDawg1This should get you closer. There are a few prerequisites that you must confirm first.
- At least one of the interfaces on the F5 should be connected to the "leaf and spine" infrastructure the ESX servers reside on.
The document provided by Carl Brothers is a good starting point. I have modified the instructions to better suit your environment and to remove some extraneous configuration components that can make things confusing (e.g. VLAN definition).
To answer your questions:
- Yes the FDB database entries are mandatory. VxLAN VTEP (end points) must have a IP->MAC mapping of all the devices within the environment. This can be done dynamically using multicast or in your case, manually if using unicast.
- The ESX gateway should be the IP address of the ESX host
NOTE: I typically place each route domain in a separate partition. This is an optional step.
create net tunnels vxlan vxlan-static { flooding-type none } create net tunnels tunnel vxlan5000 { local-address 10.30.0.x Use an IP address that is in the same subnet as the ESX server remote-address any profile vxlan-static key 5503 } create net route-domain 5503 { Used 5503 but any value can be used id 5503 vlans add { vxlan5503 } } create net self 10.30.0.x%5503/24 { address 10.30.0.x%5503/24 Use an IP address in the same subnet as the ESX server vlan vxlan5503 } modify net fdb tunnel vxlan5503 { records add { 00:FF:0A:03:03:02 { endpoint 10.30.0.222 } MAC ADDR of ESX VM 00:FF:0A:03:03:03 { endpoint 10.30.0.222 } MAC ADDR of ESX VM } } create net arp 10.30.0.x%5503 { IP address of ESX VM mac-address 00:FF:0A:03:03:02 MAC ADDR of ESX VM } create net arp 10.30.0.x%5503 { IP address of ESX VM mac-address 00:FF:0A:03:03:03 MAC ADDR of ESX VM }To validate that the tunnel is up and running and to view statistics, run the following command:
tmsh show net tunnels tunnel
