Lowering the MTU of the VXLAN/internal interface might be a good idea.Add both the local network, and VXLAN-VPN interface to this switch.remote-gw is the peer address of the other side.encap-remote-gw4 is the peer address of the other side.Local encap-local-gw4 is the public address on the local FW.Here is a check lists of things that are needed: Encapsulation only happens at Fortigate firewalls. The red line indicates the VXLAN encapsulation path. Fortinet has some great documentation as well on this feature (Links below).īelow shows our simple layout. Below is the scenario and config of the Fortigates as well as show ARP/MAC from the Cisco switch. in the last case it was to two different data centers. Both were situations where we had to have layer 2 stretched for a certain purpose. So far I have set this up for two different clients. For example, vlan trunking works well now. Something to take note of – as of FortiOS 5.6.2 – lots of improvements and enhancements to VXLAN encapsulation have been made. This is a great technology that can help connect to sites at layer2 over layer3. In later FortiOS 5.4 firmwares VXLAN (Virtual Extensible LAN) encapsulation was added. This basically means the layer2 packet gets a VXLAN header applied, then that frame gets encapsulated into a UDP IP packet and sent over to the layer3 network. VXLAN uses MAC Address-in-User Datagram Protocol (MAC-in-UDP) encapsulation to provide a means to extend Layer 2 segments across a layer3 segment. VXLAN is a Layer2 overlay scheme over a Layer 3 network.
0 kommentar(er)
