I'm not sure about this, but I think that public cloud datacenters filter out (or do something with) udp traffic to standard udp vxlan port.
Maybe it's because they have their vlanx infrastructure running on the standard port, don't know. I see no traffic coming from a VPS that tries to send to the standard vxlan port, even if tcpdump of the VPS says that packets are sent. Il giorno mer 15 nov 2023 alle ore 13:59 Theo de Raadt <dera...@openbsd.org> ha scritto: > Otto Moerbeek <o...@drijf.net> wrote: > > > On Wed, Nov 15, 2023 at 12:42:46PM +0100, Luca Di Gregorio wrote: > > > > > # uname -a > > > OpenBSD XXXXX.my.domain 7.4 GENERIC#0 amd64 > > > > > > # ifconfig vxlan0 tunnel SOURCE_IP DEST_IP:8472 vnetid 5 > > > # ifconfig vxlan0 inet 192.168.5.1/30 > > > # ifconfig vxlan0 up > > > > > > # ifconfig vxlan0: I can't see the dest UDP port 8472 anywhere > > > vxlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > > > lladdr fe:e1:ba:d9:e4:0b > > > index 18 llprio 3 > > > encap: vnetid 5 parent none txprio 0 rxprio outer > > > groups: vxlan > > > tunnel: inet SOURCE_IP --> DEST_IP ttl 1 nodf > > > Addresses (max cache: 100, timeout: 240): > > > inet 192.168.5.1 netmask 0xfffffffc broadcast 192.168.5.3 > > > > > > # ping 192.168.5.2 > > > > > > In tcpdump, I see that arp packets are sent to UDP port 4789, not 8472: > > > SOURCE_IP.4789 > DEST_IP.4789: VXLAN vni 5: arp who-has 192.168.5.2 > tell > > > 192.168.5.1 [ttl 1] > > > > > > Is this a bug? > > > > It helps to read the vxlan(4) manpage, specifcially the paragraph abouts > ports. > > Is there any reason to allow people to use non-standard ports? Equipment > that > does this is rare. >
