Citrix ADC

Geneve tunnels

A Citrix ADC appliance supports the Generic Network Virtualization Encapsulation (Geneve) protocol as defined in RFC 8926. Server virtualization and cloud computing architecture have increased the demand for isolated Layer-2 networks in a data center.

The VLAN limit of 4094 has proven to be inadequate and encapsulation protocols like VXLAN and NVGRE were introduced to overcome this limitation. These protocols differ mainly in the control plane implementation. Geneve protocol does not define specifications for the control plane. The protocol leaves to the implementation to define the control plane specifications.

Geneve protocol is an encapsulation technology that aims to create Layer-2 overlay networks over Layer-3 infrastructure by encapsulating Layer-2 frames in UDP packets.

A unique 24-bit identifier called the VNID identifies each VLAN. Only within the same segment ID (VNID) can communicate with each other. A Citrix ADC appliance supports the Geneve encapsulation on UDP port 6081.

There are two types of Geneve tunnel that can be created:

  • Tunnels can extend an existing VLAN in L2 or L3 mode. In L2 mode, bridging happens between VLAN and tunnel and the entries are updated in the bridge table.

    In L3 mode, proxy ARP comes into effect to learn the MAC address and the tunnel information of the client/server address. The ARP table includes the corresponding MAC and tunnel information.

  • Geneve Tunnel can work with different VLANs in L3 mode by using policy-based routes (PBRs). When a packet must be sent to a host which is reachable on a Geneve Tunnel segment, the Citrix ADC appliance encapsulates the packet in a Geneve Tunnel header and sends it to the tunnel endpoint.

Citrix ADC can act as a tunnel endpoint as well. A tunnel endpoint originates and terminates Geneve tunnels. When Layer 2 mode is turned ON, the Citrix ADC appliance acts as a tunnel endpoint and bridges packets between VLANs and Geneve Tunnels. The Citrix ADC learns the VNID and tunnel endpoint on which a MAC address is reachable. Then it stores this information in the bridging table.

Geneve tunnel is supported in Citrix ADC admin partitions, Citrix ADC high availability setups, and Citrix ADC cluster setups.

In a high availability setup, a Geneve tunnel configuration is propagated or synchronized to the secondary node. In a cluster setup, the Geneve tunnel configuration (striped) is identical and present on all cluster nodes.

Configuring Geneve tunnels

Configuring a Geneve tunnel on a Citrix ADC appliance consists of the following tasks:

  • Add an IP tunnel with protocol
  • Add a net bridge
  • bind the geneve tunnel to the net bridge

To add an IP tunnel with Geneve protocol by using the CLI:

At the command prompt, type:

  • add iptunnel <name> <remote> <remoteSubnetMask> <local> -protocol <Geneve> -destPort <port> -tosInherit (ENABLED | DISABLED) -vlanTagging (ENABLED | DISABLED) -vnid
  • show iptunnel

To add a net bridge by using the CLI:

At the command prompt, type:

  • add netbridge <name>
  • show netbridge

To bind the geneve tunnel to the netbridge by using the CLI:

At the command prompt, type:

  • bind netbridge <name> -vlan <Vlan ID> -tunnel <tunnel name>
  • show netbridge
Geneve tunnels

In this article