Fortinet black logo

Handbook

Home FortiADC 7.4.3 Handbook
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Configuring virtual overlay networks

Configuring virtual overlay networks

A virtual overlay network uses tunneling protocols to extend isolated network segments between servers for multi-tenant data center networks. Overlay networking can be implemented using various networking protocols and standards. FortiADC supports the Virtual Extensive LAN (VXLAN) and Network Virtualization using Generic Routing Encapsulation (NVGRE) protocols.

VXLAN and NVGRE are officially documented in RFC 7348 and RFC 7637, respectively.

To configure a virtual overlay network:
  1. From a virtual domain, go to Network > Interface.
  2. Click the Overlay Tunnel tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following Overlay Tunnel settings:
    SettingGuideline
    Name

    Specify a unique name for the overlay tunnel.

    Specify a unique name for the overlay tunnel. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Mode

    Select a virtual overlay networking protocol:

    • VXLAN
    • NVGRE

    VXLAN is the default option.

    VXLAN Type

    The VXLAN Type option is available if the Mode is VXLAN.

    Select the VXLAN gateway type:

    • Linux VXLAN
    • Flannel VXLAN

    Linux VXLAN is the default option.

    Interface

    Specify the outing interface for VXLAN encapsulated traffic.

    IP Version

    Select an IPv4 address type:

    • IPv4 Unicast
    • IPv4 Multicast
    Multicast TTL

    The Multicast TTL option is available if the IP Version is IPv4 Multicast.

    Specify the multicast TTL. Valid values are from 0 (default) to 255, minimum value is 1.

    Destination IP

    Specify the destination IP address.

    Note: For IPv4 unicast, you specify multiple IP addresses; for IPv4 multicast, specify one IP address only.

    Port

    The Port option is available if the Mode is VXLAN.

    Specify the VXLAN destination port (number). The default is 4789. The valid range is 1–6553.

    VNI

    The VNI option is available if the Mode is VXLAN.

    Specify the VXLAN network ID. The valid range is 1–16777215.

    VSID

    The VSID option is available if the Mode is NVGRE.

    Specify the Virtual Subnet Identifier (VSID) for NVGRE.

  5. Click Save.
    Once the Overlay Tunnel settings are saved, the Remote Host MAC Mapping will be available to configure.
  6. In the Remote Host MAC Mapping section, click Create New to display the configuration editor.
  7. Configure the following Remote Host MAC Mapping settings:
    SettingGuideline
    Host MACSpecify the MAC address of the remote host.
    VTEPSpecify the IPv4 address of the virtual tunnel endpoint.
  8. Click Save.
    The dialog closes once the Remote Host MAC Mapping configuration is saved.
  9. Click Save to update the Overlay Tunnel configuration.
  • Virtual overlay networking is supported on all FortiADC hardware platforms.
  • For both VXLAN and NVGRE, the mapping can be configured either manually or dynamically (the system learns from the remote VTEP).
  • For VXLAN, IPv4 multicast and IPv4 unicast IP addresses can be used as the destination IP of the VTEP.
  • For NVGRE, only IPv4 unicast IP addresses can be used as the destination IP of the VTEP.
  • Once an overlay tunnel is created, an interface with the same name as the tunnel name will be created automatically. It can be used to encapsulate or decapsulate VXLAN or NVGRE packets.
Previous
Next

Configuring virtual overlay networks

A virtual overlay network uses tunneling protocols to extend isolated network segments between servers for multi-tenant data center networks. Overlay networking can be implemented using various networking protocols and standards. FortiADC supports the Virtual Extensive LAN (VXLAN) and Network Virtualization using Generic Routing Encapsulation (NVGRE) protocols.

VXLAN and NVGRE are officially documented in RFC 7348 and RFC 7637, respectively.

To configure a virtual overlay network:
  1. From a virtual domain, go to Network > Interface.
  2. Click the Overlay Tunnel tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following Overlay Tunnel settings:
    SettingGuideline
    Name

    Specify a unique name for the overlay tunnel.

    Specify a unique name for the overlay tunnel. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Mode

    Select a virtual overlay networking protocol:

    • VXLAN
    • NVGRE

    VXLAN is the default option.

    VXLAN Type

    The VXLAN Type option is available if the Mode is VXLAN.

    Select the VXLAN gateway type:

    • Linux VXLAN
    • Flannel VXLAN

    Linux VXLAN is the default option.

    Interface

    Specify the outing interface for VXLAN encapsulated traffic.

    IP Version

    Select an IPv4 address type:

    • IPv4 Unicast
    • IPv4 Multicast
    Multicast TTL

    The Multicast TTL option is available if the IP Version is IPv4 Multicast.

    Specify the multicast TTL. Valid values are from 0 (default) to 255, minimum value is 1.

    Destination IP

    Specify the destination IP address.

    Note: For IPv4 unicast, you specify multiple IP addresses; for IPv4 multicast, specify one IP address only.

    Port

    The Port option is available if the Mode is VXLAN.

    Specify the VXLAN destination port (number). The default is 4789. The valid range is 1–6553.

    VNI

    The VNI option is available if the Mode is VXLAN.

    Specify the VXLAN network ID. The valid range is 1–16777215.

    VSID

    The VSID option is available if the Mode is NVGRE.

    Specify the Virtual Subnet Identifier (VSID) for NVGRE.

  5. Click Save.
    Once the Overlay Tunnel settings are saved, the Remote Host MAC Mapping will be available to configure.
  6. In the Remote Host MAC Mapping section, click Create New to display the configuration editor.
  7. Configure the following Remote Host MAC Mapping settings:
    SettingGuideline
    Host MACSpecify the MAC address of the remote host.
    VTEPSpecify the IPv4 address of the virtual tunnel endpoint.
  8. Click Save.
    The dialog closes once the Remote Host MAC Mapping configuration is saved.
  9. Click Save to update the Overlay Tunnel configuration.
  • Virtual overlay networking is supported on all FortiADC hardware platforms.
  • For both VXLAN and NVGRE, the mapping can be configured either manually or dynamically (the system learns from the remote VTEP).
  • For VXLAN, IPv4 multicast and IPv4 unicast IP addresses can be used as the destination IP of the VTEP.
  • For NVGRE, only IPv4 unicast IP addresses can be used as the destination IP of the VTEP.
  • Once an overlay tunnel is created, an interface with the same name as the tunnel name will be created automatically. It can be used to encapsulate or decapsulate VXLAN or NVGRE packets.
Previous
Next