networking protocol_error ai_generated partial

VXLAN: VNI mismatch on tunnel vxlan0, expected 100, received 200 from 10.0.0.2

ID: networking/vxlan-vni-mismatch

Also available as: JSON · Markdown · 中文
85%Fix Rate
85%Confidence
1Evidence
2024-01-25First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Linux kernel 5.10+ active
Open vSwitch 2.17+ active
Cisco IOS XE 17.3+ active

Root Cause

VXLAN VNI mismatch occurs when two endpoints of a VXLAN tunnel are configured with different Virtual Network Identifiers, causing packets to be dropped or misrouted.

generic

中文

VXLAN VNI 不匹配发生在 VXLAN 隧道的两个端点配置了不同的虚拟网络标识符时,导致数据包被丢弃或错误路由。

Official Documentation

https://datatracker.ietf.org/doc/html/rfc7348

Workarounds

  1. 90% success Check the VXLAN configuration on both endpoints using 'ip -d link show vxlan0' and update the VNI: ip link set vxlan0 type vxlan id 100 
    Check the VXLAN configuration on both endpoints using 'ip -d link show vxlan0' and update the VNI: ip link set vxlan0 type vxlan id 100
  2. 85% success If using Open vSwitch, verify the VNI in the bridge configuration: ovs-vsctl list interface vxlan0 | grep vni, then set the correct value: ovs-vsctl set interface vxlan0 options:vni=100 
    If using Open vSwitch, verify the VNI in the bridge configuration: ovs-vsctl list interface vxlan0 | grep vni, then set the correct value: ovs-vsctl set interface vxlan0 options:vni=100
  3. 70% success Temporarily set the VXLAN interface to learning mode to diagnose the mismatch: ip link set vxlan0 type vxlan learning 
    Temporarily set the VXLAN interface to learning mode to diagnose the mismatch: ip link set vxlan0 type vxlan learning

中文步骤

  1. Check the VXLAN configuration on both endpoints using 'ip -d link show vxlan0' and update the VNI: ip link set vxlan0 type vxlan id 100
  2. If using Open vSwitch, verify the VNI in the bridge configuration: ovs-vsctl list interface vxlan0 | grep vni, then set the correct value: ovs-vsctl set interface vxlan0 options:vni=100
  3. Temporarily set the VXLAN interface to learning mode to diagnose the mismatch: ip link set vxlan0 type vxlan learning

Dead Ends

Common approaches that don't work:

  1. 95% fail

    重启 VXLAN 接口或整个主机无法修复配置不匹配;两端的 VNI 值必须对齐。

  2. 90% fail

    增加 VXLAN 接口的 MTU 可能有助于分片,但无法解决 VNI 不匹配问题,这是一个逻辑标识符问题。

  3. 85% fail

    禁用底层网络上的防火墙规则可能允许 VXLAN 数据包通过,但 VNI 不匹配仍会导致隧道端点丢弃数据包。