About VXLAN Tunnel Termination

Figure 1 illustrates the VXLAN tunnel termination on a GigaVUE device located in a site that is remote to the device from where the traffic was routed across the cloud.

Figure 177 VXLAN Tunnel Termination

In this diagram, traffic is tapped on a GigaVUE H Series device at a remote site, and then it is tunneled through VXLAN encapsulation across the network before it reaches the GigaVUE H Series device at the main office site, which is connected to the actual tools. The traffic from a GigaVUE V Series appliance running on an AWS platform is tunneled through VXLAN encapsulation across the cloud, and the VXLAN tunneled traffic hits the GigaVUE H Series device at the main office site. The tunnel termination is executed on an ingress circuit port (IP interface). After tunnel termination the packet is presented to the flow mapping module to filter based on map rule parameters.

VXLAN Tunnel Termination—Rules and Notes

Keep in mind the following rules and notes when working with VXLAN tunnel termination:

■   VXLAN tunnel termination is supported only on GigaVUE‑HC1, GigaVUE‑HC2 CCv2, GigaVUE‑HC3, GigaVUE-TA40, GigaVUE-TA100, GigaVUE-TA200 devices and GigaVUE‑TA25.
■   A maximum of 1500 VXLAN IDs are supported.
■   Flow mapping that is configured on the circuit port used for VXLAN decapsulation will filter only the inner packet attributes along with VXLAN-ID. Any other non-tunneled packets that ingress on this circuit port will not be filtered or redirected to tool ports, even if it matches the rules configured on the map.
■   IPv6 protocol is not supported with VXLAN tunnels.
■   VXLAN tunnel termination do not support reassembly of packets.
■   VXLAN tunnel termination is supported only on encapsulated packets that are not tagged.
■   Map-passall is not supported for the circuit port that decapsulates the VXLAN packet.
■   When a circuit port is configured for VXLAN tunnel termination, you cannot use the port in any other regular map in which a network port is configured as the source leader in a bidirectional clock relationship (formerly master) port.
■   Inner VLAN qualifier is not supported on the port in which the VXLAN tunnel termination is enabled.
■   VXLAN ID qualifier is available as part of existing static templates. Following table provides details about the platforms for which the static templates are available:

 

Template

Platform

GigaVUE‑HC2 (CCv2)/GigaVUE‑HC1/GigaVUE-TA40

GigaVUE‑HC3/GigaVUE-TA100

IPv4

No

Yes

IPv6

Yes

Yes

IPv4+UDA

No

Yes

IPv4+MAC

Yes

Yes

UDA

Yes

Yes