Peering via Layer 2 Tunnel
Configure Layer 2 tunnel peering with AS203314 using GRETAP or VxLAN protocols.
Layer 2 tunnels encapsulate Ethernet frames, creating a virtual bridge between networks. Use this when you need to carry VLAN-tagged traffic or extend a broadcast domain.
Layer 2 Tunnel Overview
In all examples below, replace placeholder values with your actual configuration:
{name}— Tunnel interface name{yourside ip}— Your public IP address{ourside ip}— Our endpoint IP address{your tunnel ip cidr}— Your tunnel IP/subnet{vni}— VxLAN Network Identifier (24-bit value)
GRETAP
GRETAP (GRE Bridging) operates at Layer 2, encapsulating Ethernet frames inside GRE. Use this when you need a transparent L2 bridge over the tunnel.
ip link add {name} type gretap local {yourside ip} remote {ourside ip} ttl 255
ip addr add {your tunnel ip cidr} dev {name}
ip link set dev {name} up- Create a Netplan configuration file:
network:
version: 2
tunnels:
{ name }:
mode: gretap
local: { yourside ip }
remote: { ourside ip }
ttl: 255
addresses:
- { your tunnel ip cidr }- Apply the configuration:
netplan apply- Create the
.netdevfile:
[NetDev]
Name = {name}
Kind = gretap
[Tunnel]
Local = {yourside ip}
Remote = {ourside ip}
TTL = 255- Configure the tunnel IP address:
[Match]
Name = {name}
[Network]
Address = {your tunnel ip cidr}- Apply the configuration:
systemctl restart systemd-networkdVxLAN
VxLAN (Virtual Extensible LAN) is a Layer 2 overlay protocol that encapsulates Ethernet frames in UDP. It's designed for large-scale multi-tenant environments and software-defined networks.
The default VxLAN destination port is 4789 (IANA-assigned). The VNI is a 24-bit identifier (0-16777215).
ip link add {name} type vxlan local {yourside ip} remote {ourside ip} dstport 4789 id {vni} ttl 255
ip addr add {your tunnel ip cidr} dev {name}
ip link set dev {name} upNetplan's VxLAN support requires netplan ≥ 0.106 (Ubuntu 23.04+).
- Create a Netplan configuration file:
network:
version: 2
tunnels:
{ name }:
mode: vxlan
local: { yourside ip }
remote: { ourside ip }
port: 4789
id: { vni }
ttl: 255
addresses:
- { your tunnel ip cidr }- Apply the configuration:
netplan apply- Create the
.netdevfile:
[NetDev]
Name = {name}
Kind = vxlan
[VXLAN]
VNI = {vni}
Local = {yourside ip}
Remote = {ourside ip}
DestinationPort = 4789
TTL = 255- Configure the tunnel IP address:
[Match]
Name = {name}
[Network]
Address = {your tunnel ip cidr}- Apply the configuration:
systemctl restart systemd-networkdGRETAP vs VxLAN
| Feature | GRETAP | VxLAN |
|---|---|---|
| Protocol | IP Protocol 47 | UDP port 4789 |
| Encapsulation | GRE header | UDP + VxLAN header |
| MTU overhead | 38 bytes | 50 bytes |
| NAT traversal | Limited | Better (UDP-based) |
| Multi-cast support | Yes | Yes |
| Use case | Simple L2 bridge | Data center overlay |
Considerations
Important Notes for Layer 2 Tunneling
- MTU: Layer 2 tunnels add significant overhead. Reduce your MTU accordingly (typically 1450-1476 bytes).
- Broadcast domain: The tunnel extends your broadcast domain, which may cause issues with certain protocols.
- Spanning Tree: Be cautious with STP over tunnels—consider using RSTP or disabling STP on the tunnel interface.
- Performance: Layer 2 tunneling has more overhead than Layer 3. Use only when necessary.
Next Steps
Once you have configured the tunnel:
- Verify connectivity using
pingortraceroute - Configure your BGP daemon (BIRD, FRR, etc.) to use the tunnel interface
- Contact us to finalize the peering session
Prefer Layer 3? For most peering scenarios, Layer 3 tunnels (WireGuard, GRE) are recommended due to lower overhead and better performance.