How to create a VLAN between two Linux VMs using VxLAN Bridging - TekMonksGitHub/kloudust GitHub Wiki

This guide walks you through the manual commands and example usage for each step. This is useful for Virtual Networks for Tekmonks Kloudust cloud.

---

1️⃣ Gather Required Information

Before starting, collect the following details:

✅ VLAN Name – A name for your VxLAN (e.g., vxlan100)
✅ VLAN ID – A unique numeric identifier (e.g., 100)
✅ Peer Hosts – IP addresses of other hosts in the VLAN (e.g., 192.168.1.10 192.168.1.11)
✅ Default Ethernet Device – The interface that carries the VxLAN traffic (e.g., eth0)
✅ MTU – Maximum Transmission Unit, typically 1500
✅ Virtual Machine Name (optional) – If you want to attach the VLAN to a VM
✅ Optional Testing Ethernet Pair Name – For testing without a VM (e.g., veth0)

---

2️⃣ Determine the Default Ethernet Device

If you’re unsure of the default device:

ip route | grep default

Example output:

default via 192.168.1.1 dev eth0

Here, eth0 is the default device.

---

3️⃣ Set MTU on the Default Ethernet

Set MTU (default is 1500):

sudo ip link set mtu 1500 dev eth0

Example:

sudo ip link set mtu 1500 dev eth0

---

4️⃣ Create the VxLAN Interface

Create the VxLAN device with the chosen name and ID:

sudo ip link add vxlan100 type vxlan id 100 dev eth0 dstport 0

---

5️⃣ Add Peer Hosts to the VxLAN

For each peer host IP:

sudo bridge fdb append to 00:00:00:00:00:00 dst 192.168.1.10 dev vxlan100
sudo bridge fdb append to 00:00:00:00:00:00 dst 192.168.1.11 dev vxlan100

---

6️⃣ Create the Bridge Interface

Create a bridge and attach the VxLAN interface:

sudo ip link add vxlan100_br type bridge vlan_filtering 1
sudo ip link set vxlan100 master vxlan100_br

---

7️⃣ Bring Up the Interfaces

Bring up the VxLAN and bridge interfaces:

sudo ip link set up dev vxlan100
sudo ip link set up dev vxlan100_br

---

8️⃣ Configure Firewall to Allow VxLAN Traffic

Open UDP port 8472 (default VxLAN port):

sudo ufw allow proto udp from any to any port 8472
sudo ufw reload

---

9️⃣ Attach the VLAN to a Virtual Machine (Optional)

If you have a virtual machine named vm1 and want to attach the VLAN bridge to it:

sudo virsh attach-interface --domain vm1 --type bridge --source vxlan100_br --model virtio --config --live

Example:

sudo virsh attach-interface --domain myvm --type bridge --source vxlan100_br --model virtio --config --live

---

1️⃣0️⃣ Assign an IP to the VM Interface (Inside the VM)

Inside the VM, configure the new network interface (replace enp8s0 with the actual interface name):

sudo ip addr add 10.0.0.10/24 dev enp8s0
sudo ip link set enp8s0 mtu 1450
sudo ip link set up dev enp8s0

---

1️⃣1️⃣ Testing (Optional)

If you want to test without using a VM, create a virtual Ethernet pair:

sudo ip link add veth0a type veth peer name veth0b
sudo ip link set veth0b master vxlan100_br
sudo bridge vlan add dev veth0b vid 10
sudo ip link set veth0a up
sudo ip link set veth0b up
sudo ip addr add 192.168.10.10/24 dev veth0a

This creates a test environment to validate connectivity.

---

✅ Done!

You now have:

• A VLAN over VxLAN for your VMs
• Firewall open for traffic
• Optionally attached to VMs or tested with Ethernet pairs