**The vxlan interface is missing after reboot.**
Running configuration works, but after rebooting the device, vxlan config is missing.
We're using unicast vxlan.
Vxlan peering over ipsec tunnel.
vlan 4, 60 -> trunk -> VyOS eth1 -> bridge -> vxlan -> vti -> ipsec -> VyOS eth0 -> Internet
Purpose:
Proppagate vlan 4 & 60 between 2 different datacenters over vxlan + ipsec tunnel ( vti ).
xavicespedes@vyos-410-1# run show version
No hypervisor detected
Version: VyOS 999.lithium.06080013
Description: 999.lithium.06080013
Copyright: 2016 VyOS maintainers and contributors
Built by:
[email protected]
Built on: Wed Jun 8 00:13:41 UTC 2016
Build ID: 1606080013-2c03c9d
System type: x86 64-bit
Boot via: image
HW model: PowerEdge R410
HW S/N: XXX
HW UUID: 44454C4C-4D00-1054-804B-B7C04F32354A
Uptime: 14:36:57 up 1 day, 22:39, 2 users, load average: 0.15, 0.10, 0.07
**Configuration:**
xavicespedes@vyos-410-1# show | commands
set interfaces bridge br4 aging '300'
set interfaces bridge br4 description 'VLAN4'
set interfaces bridge br4 hello-time '2'
set interfaces bridge br4 max-age '20'
set interfaces bridge br4 priority '32768'
set interfaces bridge br4 stp 'false'
set interfaces bridge br60 aging '300'
set interfaces bridge br60 description 'VLAN60'
set interfaces bridge br60 hello-time '2'
set interfaces bridge br60 max-age '20'
set interfaces bridge br60 priority '32768'
set interfaces bridge br60 stp 'false'
set interfaces ethernet eth0 description 'PUBLIC-IP'
set interfaces ethernet eth0 address 'X.X.X.X/25'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 description 'LAN_SIDE-TRUNK-VLANS-4-60'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 4 bridge-group bridge 'br4'
set interfaces ethernet eth1 vif 60 bridge-group bridge 'br60'
set interfaces vti vti0 address '2.2.2.1/30'
set interfaces vti vti0 mtu '1400'
set interfaces vxlan vxlan4 bridge-group bridge 'br4'
set interfaces vxlan vxlan4 link 'vti0'
set interfaces vxlan vxlan4 remote '2.2.2.2'
set interfaces vxlan vxlan4 vni '4'
set interfaces vxlan vxlan60 bridge-group bridge 'br60'
set interfaces vxlan vxlan60 link 'vti0'
set interfaces vxlan vxlan60 remote '2.2.2.2'
set interfaces vxlan vxlan60 vni '60'
set vpn ipsec esp-group ESP-TEST compression 'disable'
set vpn ipsec esp-group ESP-TEST lifetime '1800'
set vpn ipsec esp-group ESP-TEST mode 'tunnel'
set vpn ipsec esp-group ESP-TEST pfs 'enable'
set vpn ipsec esp-group ESP-TEST proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-TEST proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-TESTING ikev2-reauth 'no'
set vpn ipsec ike-group IKE-TESTING key-exchange 'ikev1'
set vpn ipsec ike-group IKE-TESTING lifetime '3600'
set vpn ipsec ike-group IKE-TESTING proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-TESTING proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-TESTING proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE-TESTING proposal 2 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-traversal 'enable'
set vpn ipsec site-to-site peer Y.Y.Y.Y authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer Y.Y.Y.Y authentication pre-shared-secret 'not-relevant-here'
set vpn ipsec site-to-site peer Y.Y.Y.Y connection-type 'initiate'
set vpn ipsec site-to-site peer Y.Y.Y.Y default-esp-group 'ESP-TEST'
set vpn ipsec site-to-site peer Y.Y.Y.Y ike-group 'IKE-TESTING'
set vpn ipsec site-to-site peer Y.Y.Y.Y ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer Y.Y.Y.Y local-address 'X.X.X.X'
set vpn ipsec site-to-site peer Y.Y.Y.Y vti bind 'vti0'
set vpn ipsec site-to-site peer Y.Y.Y.Y vti esp-group 'ESP-TEST'
**WORKAROUND - manual after reboot**
vyos@vyos-410-1# sudo bash
root@vyos-410-1:/home/vyos# cd /tmp/
root@vyos-410-1:/tmp# ls -al
total 4
drwxrwxrwt 2 root root 80 Aug 24 14:40 .
drwxr-xr-x 1 root root 4096 Aug 24 14:36 ..
-rw-rw-r-- 1 root vyattacfg 0 Aug 24 14:36 vxlan-vxlan4-create
-rw-rw-r-- 1 root vyattacfg 0 Aug 24 14:36 vxlan-vxlan60-create
root@vyos-410-1:/tmp#
root@vyos-410-1:/tmp#
root@vyos-410-1:/tmp# rm -f /tmp/vxlan-vxlan*
root@vyos-410-1:/tmp# exit
*
*show bridge - No vxlan interface attached*
*
vyos@vyos-410-1# run show bridge
bridge name bridge id STP enabled interfaces
br4 8000.0024e863f3a4 no eth1.4
br60 8000.0024e863f3a4 no eth1.60
vyos@vyos-410-1# set interfaces vxlan vxlan4 bridge-group bridge 'br4'
set interfaces vxlan vxlan4 link 'vti0'
set interfaces vxlan vxlan4 remote '2.2.2.1'
set interfaces vxlan vxlan4 vni '4'
set interfaces vxlan vxlan60 bridge-group bridge 'br60'
set interfaces vxlan vxlan60 link 'vti0'
set interfaces vxlan vxlan60 remote '2.2.2.1'
vyos@vyos-410-2# commit
[ interfaces vxlan vxlan4 bridge-group ]
Adding interface vxlan4 to bridge br4
[ interfaces vxlan vxlan60 bridge-group ]
Adding interface vxlan60 to bridge br60
[edit]
vyos@vyos-410-1# run restart vpn
Thank you!