Forum Discussion
Nimbostratusvxlan tunnel to BigIP in aws
We are trying to setup a vxlan tunnel to BIGIP in aws from our ec2 instance(both bigIP and our ec2 instance are in the same VPC). When we ping F5 over vxlan tunnels, TCPDUMP shows icmp unreachable errors: udp port 4789 unreachable, length 142. All self-IPs have port-lockdown set to allow-all. We have changed sys db as well like so : sys db iptunnel.vxlan.udpport {
value "4789"
}
Can someone pl advise on what else may be missing ?
Greetings!
Are you certain that the self-IPs you have created are associated with the correct VLAN? That is my best guess from the problem description. This documentation is a good start for troubleshooting ideas. ( https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-tmos-tunnels-ipsec-13-1-0/2.html )
Basically:
- check that VLANs exist / are sane
- verify self-IPs are mapped to the intended VLANs
- verify the tunnel exists
- consider using route domains (these tags only exist within BIG-IP, so there's no harm; performance is the same)
- verify routing within BIG-IP
- verify forwarding looks correct
BigIPUserThanks Robby for your reply. This issue turned out to be a config issue at our end. I have another question, this time related to VXLAN-GPE. The documentation link that u provide says :
You can configure a VXLAN Generic Protocol Extension (GPE) tunnel when you want to add fields to the VXLAN header. One of these fields is Next Protocol, with values for Ethernet, IPv4, IPv6, and Network Service Header (NSH).
I want to specify Next Protocol as IPv4, but I couldnt find a knob to change the default Next Protocol, which seems to be L2. Any ideas on how to do this ?
- LiefZimmerman
Admin
can you elaborate on what the config issue was? That way the question can be (tagged as) properly answered for others encountering the same.
Also - open question - does your follow-on question deserve it's own thread?
If so...It'll be hard(er) to answer/discover in the comments of the original issue.
