Setup vxlan Network with L2 Connectivity between VMs

This tutorial show you how to create vxlan Network with L2 Connectivity between VMs (Compute Engine) in google cloud

1. Create VPC Network named vxlan-network with custom mode

   bash

   
   gcloud compute networks create vxlan-network \
   	--project=trial-project-andania \
   	--subnet-mode=custom
   

2. Create Subnet on vxlan-network VPC Network

   bash

   
   gcloud compute networks subnets create us-central1-subnet \
   	--project=trial-project-andania \
   	--range=10.40.0.0/20 \
   	--network=vxlan-network \
   	--region=us-central1
   

3. Create firewall rules to allow SSH and icmp for the VMs

   bash

   
   gcloud compute firewall-rules create vxlan-network-allow-ssh-icmp \
   	--project=trial-project-andania \
   	--network vxlan-network \
   	--allow tcp:22,icmp
   

4. Create two VM instances named vm-a and vm-b. (I use spot vm for this example to reduce the cost)

   bash

   
   gcloud compute instances create vm-a \
   	--project=trial-project-andania \
   	--image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud \
   	--zone=us-central1-a \
   	--boot-disk-size 10G \
   	--machine-type=e2-medium \
   	--can-ip-forward \
   	--network=vxlan-network \
   	--subnet=us-central1-subnet \
   	--scopes cloud-platform \
   	--provisioning-model=SPOT
   
   gcloud compute instances create vm-b \
   	--project=trial-project-andania \
   	--image-family=ubuntu-2004-lts --image-project=ubuntu-os-cloud \
   	--zone=us-central1-a \
   	--boot-disk-size 10G \
   	--machine-type=e2-medium \
   	--can-ip-forward \
   	--network=vxlan-network \
   	--subnet=us-central1-subnet \
   	--scopes cloud-platform \
   	--provisioning-model=SPOT
   

5. Setup vxlan on both VMs

   • SSH to vm-a as root user and setup vxlan

     bash

     
     	gcloud compute ssh root@vm-a --zone us-central1-a
     	ip link add vxlan0 type vxlan id 42 dev ens4 dstport 0
     	bridge fdb append to 00:00:00:00:00:00 dst $VM_B_IP dev vxlan0
     	ip addr add 10.200.0.2/24 dev vxlan0
     	ip link set up dev vxlan0
     	

   • SSH to vm-b as root user and setup vxlan

     bash

     
     	ip link add vxlan0 type vxlan id 42 dev ens4 dstport 0
     	bridge fdb append to 00:00:00:00:00:00 dst 10.40.0.2 dev vxlan0
     	ip addr add 10.200.0.3/24 dev vxlan0
     	ip link set up dev vxlan0
     	

   Test ping from vm-a to vm-b and vice versa. You will get an error Destination Host Unreachable. This is because we still not open port to allow connectivity on vxlan.

6. Add firewall rules to open Overlay Transport Virtualization (OTV) and Virtual eXtensible Local Area Network (VXLAN) UDP ports

   bash

   
   gcloud compute firewall-rules create vxlan-network-allow-vxlan-udp \
   	--project=trial-project-andania \
   	--network=vxlan-network \
   	--allow udp:4789,udp:8472
   

Now test ping again from vm-a to vm-b and vice versa. The ping will now success.