Configuring VXLAN packet check
The device can check the UDP checksum and 802.1Q VLAN tags of each received VXLAN packet.
UDP checksum check—The device always sets the UDP checksum of VXLAN packets to zero. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is zero or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.
VLAN tag check—The device checks the inner Ethernet header of each VXLAN packet for 802.1Q VLAN tags. If the header contains 802.1Q VLAN tags, the device drops the packet.
If a remote VTEP uses the Ethernet access mode, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.
The access mode is configurable by using the xconnect vsi command.
To configure VXLAN packet check:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the VTEP to drop VXLAN packets that fail UDP checksum check. | vxlan invalid-udp-checksum discard | By default, the VTEP does not check the UDP checksum of VXLAN packets. |
3. Enable the VTEP to drop VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header. | vxlan invalid-vlan-tag discard | By default, the VTEP does not check the inner Ethernet header for 802.1Q VLAN tags. |