[systemd-devel] networkd Single VXLAN Device (SVD) supported?
Brad House
brad at brad-house.com
Wed Aug 13 13:23:47 UTC 2025
If I'm not mistaken, it looks like the yet-to-be-released v258 might
have the support I desire:
https://github.com/systemd/systemd/pull/36793
As far as I can tell, that allows toggling of `external` and `vnifilter`
on the vxlan0 interface I'd like to create (while not requiring a VNI to
be set).
https://github.com/systemd/systemd/pull/36832
Then this one allows me to set `vlan_tunnel on`.
That leaves needing to figure out how to do the equivalent of (per
vlan/vni):
bridge vlan add dev vxlan0 vid {VLAN} tunnel_info id {VNI}
Any insight would be appreciated, thanks!
-Brad
On 8/12/25 8:39 PM, Brad House wrote:
> I'm trying to configure SVD support using systemd-networkd on Ubuntu
> 24.04LTS, but I can't seem to find the right combination of files and
> settings to make it work. I have it working properly in a
> one-vxlan-per-bridge mode, but I'd like to have a single vlan-aware
> (vlan-filtering enabled) bridge.
>
> I can successfully configure SVD mode using these commands directly to
> map VXLAN VNI 100 to VLAN 100 on the bridge and break out a vlan
> interface for communication (yes, I've done multiple vlans this way on
> the same bridge, just reducing the command set for discussion purposes):
>
> ip link add dev br0 type bridge
> ip link set dev br0 type bridge vlan_filtering 1
> bridge vlan add vid 100 dev br0 self
> ip link add dev vxlan0 type vxlan external local 172.16.0.101 dstport
> 4789 nolearning
> ip link set dev vxlan0 master br0
> bridge link set dev vxlan0 vlan_tunnel on
> bridge vlan add dev vxlan0 vid 100
> bridge vlan add dev vxlan0 vid 100 tunnel_info id 100
> ip link add link br0 name vlan100 type vlan id 100 protocol 802.1q
> ip addr add 10.10.100.2/24 dev vlan100
>
> I'm using a couple of physical interfaces for BGP-unnumbered peering,
> and a dummy interface to house my VTEP endpoint. In all my testing
> these are set up the same as well as my FRR configuration. (I've
> pasted the non-SVD working full configuration at the end of this email).
>
> I've tried to emulate the above working SVD commands with these
> systemd configuration files. I couldn't figure out how to do the same
> vxlan0 concept, and not sure what may trigger "tunnel_on" and
> "tunnel_info id XXX" commands to be passed. At this point, my bridge
> is always showing down, and I'm not entirely sure why. I enabled
> debugging but it doesn't seem very helpful in what is going wrong but
> I'm pretty sure there's a lot wrong here.
>
> My current iteration of testing looks like the below, but I've tried a
> lot of combinations:
>
> ========= 20-vxlan100.netdev =========
>
> [NetDev]
> Name=vxlan100
> Kind=vxlan
>
> [VXLAN]
> VNI=100
> Local=172.16.0.101
> MacLearning=false
> DestinationPort=4789
> Independent=true
>
> ========= 30-bridge-br0.netdev =========
>
> [NetDev]
> Name=br0
> Kind=bridge
>
> [Bridge]
> VLANFiltering=yes
> DefaultPVID=none
>
> ========= 30-vlan100.netdev =========
>
> [NetDev]
> Name=hypervisor
> MTUBytes=9000
> Kind=vlan
>
> [VLAN]
> Id=100
>
> ========= 30-vlan100.network =========
>
> [Match]
> Name=hypervisor
> Type=vlan
>
> [Link]
> MTUBytes=9000
>
> [Network]
> KeepConfiguration=yes
> LinkLocalAddressing=ipv6
> IPv6AcceptRA=no
> DHCP=no
> Address=10.10.100.2/24
>
> ========= 30-vxlan100.network =========
>
> [Match]
> Name=vxlan100
>
> [Network]
> Bridge=br0
>
> [BridgeVLAN]
> VLAN=100
>
> ========= 40-bridge-br0.network =========
>
> [Match]
> Name=br0
>
> [Link]
> MTUBytes=9000
>
> [Network]
> VLAN=hypervisor
> VXLAN=vxlan100
>
> [BridgeVLAN]
> VLAN=100
>
>
> My working bridge-per-vxlan is also below here incase it provides any
> additional insights (and I've included my underlay and dummy vtep
> interfaces for good measure):
>
> ========= 10-eth-mgmt.link =========
>
> [Match]
> Type=ether
> OriginalName=*
> MACAddress=ac:1f:6b:2d:85:83
>
> [Link]
> Name=mgmt
> WakeOnLan=off
> MTUBytes=1500
> Duplex=full
> AutoNegotiation=yes
>
> ========= 10-eth-mgmt.network =========
>
> [Match]
> Name=mgmt
>
> [Link]
> MTUBytes=1500
>
> [Network]
> KeepConfiguration=yes
> LinkLocalAddressing=ipv6
> IPv6AcceptRA=no
> DHCP=no
> Address=192.168.1.81/24
> DNS=8.8.8.8
> DNS=2001:4860:4860::8888
>
> [Route]
> Destination=0.0.0.0/0
> Gateway=192.168.1.1
>
> ========= 10-underlay-iface0.link =========
>
> [Match]
> Type=ether
> OriginalName=*
> Driver=mlx5_core
>
> [Link]
> WakeOnLan=off
> MTUBytes=9100
> BitsPerSecond=25000
> Duplex=full
> AutoNegotiation=no
>
> ========= 10-underlay-iface0.network =========
>
> [Match]
> Type=ether
> Name=*
> Driver=mlx5_core
>
> [Link]
> MTUBytes=9100
>
> [Network]
> KeepConfiguration=yes
> LinkLocalAddressing=ipv6
> IPv6AcceptRA=no
> DHCP=no
>
> ========= 10-vtep.netdev =========
>
> [NetDev]
> Name=vtep
> Kind=dummy
>
> ========= 10-vtep.network =========
>
> [Match]
> Name=vtep
>
> [Network]
> Address=172.16.0.101/32
>
> ========= 30-bridge-ceph.netdev =========
>
> [NetDev]
> Name=ceph
> Kind=bridge
>
> [Bridge]
> VLANFiltering=no
> STP=no
>
> ========= 30-bridge-hypervisor.netdev =========
>
> [NetDev]
> Name=hypervisor
> Kind=bridge
>
> [Bridge]
> VLANFiltering=no
> STP=no
>
> ========= 40-vxlan100.netdev =========
>
> [NetDev]
> Name=vxlan100
> MTUBytes=9000
> Kind=vxlan
>
> [VXLAN]
> VNI=100
> Local=172.16.0.101
> MacLearning=false
> DestinationPort=4789
> Independent=true
>
> ========= 40-vxlan200.netdev =========
>
> [NetDev]
> Name=vxlan200
> MTUBytes=9000
> Kind=vxlan
>
> [VXLAN]
> VNI=200
> Local=172.16.0.101
> MacLearning=false
> DestinationPort=4789
> Independent=true
>
> ========= 50-bridge-ceph-vxlan200.network =========
>
> [Match]
> Name=vxlan200
>
> [Network]
> Bridge=ceph
>
> ========= 50-bridge-hypervisor-vxlan100.network =========
>
> [Match]
> Name=vxlan100
>
> [Network]
> Bridge=hypervisor
>
> ========= 60-bridge-ceph.network =========
>
> [Match]
> Name=ceph
>
> [Link]
> MTUBytes=9000
>
> [Network]
> KeepConfiguration=yes
> LinkLocalAddressing=ipv6
> IPv6AcceptRA=no
> DHCP=no
> Address=10.10.200.2/24
>
> ========= 60-bridge-hypervisor.network =========
>
> [Match]
> Name=hypervisor
>
> [Link]
> MTUBytes=9000
>
> [Network]
> KeepConfiguration=yes
> LinkLocalAddressing=ipv6
> IPv6AcceptRA=no
> DHCP=no
> Address=10.10.100.2/24
>
>
> And again for completeness, my frr config:
>
> service integrated-vtysh-config
> hostname node1.testenv.bradhouse.dev
> !
> log syslog informational
> !
> !
> !
> ip nht resolve-via-default
> !
> ipv6 nht resolve-via-default
> !
> ip prefix-list VTEP seq 1 permit 172.16.0.101/24 ge 32
> !
> route-map ALLOW_ALL permit 1
> !
> route-map ALLOW_VTEP_AND_BGP permit 1
> match ip address prefix-list VTEP
> !
> route-map ALLOW_VTEP_AND_BGP permit 2
> match source-protocol bgp
> !
> route-map ALLOW_VTEP_AND_BGP deny 100
> !
> router bgp 4220000001
> bgp router-id 172.16.0.101
> bgp ebgp-requires-policy
> bgp log-neighbor-changes
> !
> ! Enable ECMP on multiple eBGP paths
> bgp bestpath as-path multipath-relax
> ! Don't install more than 2 paths for ECMP
> maximum-paths 2
> !
> neighbor PEERS peer-group
> neighbor PEERS remote-as external
> neighbor PEERS timers 3 9
> neighbor PEERS advertisement-interval 5
> neighbor PEERS bfd
> neighbor PEERS capability extended-nexthop
> !
> address-family ipv4 unicast
> neighbor PEERS activate
> neighbor PEERS route-map ALLOW_ALL in
> neighbor PEERS route-map ALLOW_VTEP_AND_BGP out
> redistribute connected
> !
> address-family ipv6 unicast
> neighbor PEERS activate
> neighbor PEERS route-map ALLOW_ALL in
> neighbor PEERS route-map ALLOW_VTEP_AND_BGP out
> redistribute connected
> !
> address-family l2vpn evpn
> neighbor PEERS activate
> neighbor PEERS route-map ALLOW_ALL in
> neighbor PEERS route-map ALLOW_ALL out
> neighbor PEERS attribute-unchanged next-hop
> autort rfc8365-compatible
> advertise-all-vni
> advertise-svi-ip
> !
> neighbor enp7s0f0np0 interface peer-group PEERS
> neighbor enp7s0f1np1 interface peer-group PEERS
> !
>
>
> Any help that can be provided would be greatly appreciated!
>
> Thanks!
>
> -Brad
>
>
>
More information about the systemd-devel
mailing list