I have several Linux hosts that are connected using vxlan. Let's call them Host A, Host B, and Host C. The config on each host is similar to this:
# Define a bridge:
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-cloudbr0
DEVICE=cloudbr0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPV6INIT=no
IPV6_AUTOCONF=no
DELAY=5
STP=no
USERCTL=no
NM_CONTROLLED=no
IPADDR=192.168.200.1
NETMASK=255.255.255.0
DNS1=10.10.0.2
EOF
# Read the above config file and create the bridge
systemctl restart network
# VXLAN
ip link add vxlan100 type vxlan id 100 dstport 4789 local 10.10.128.84 group 224.10.0.1 dev eth0 ttl 5
brctl addif cloudbr0 vxlan100
ip link set up dev vxlan100
The result is that hosts A, B, and C each have two IP addresses, a public one (on the 10.10.0.0/16 subnet) and a private one (on the 192.168.200.0/24 subnet). The private address is only visible to the other hosts configured with vxlan. Hosts A, B, and C can all ping each other's public and private addresses.
Next I need to give some additional hosts (Hosts D, E, and F) access to the vxlan subnet without actually joining them to the subnet. So, I'm looking for some sort of layer 3 routing solution.
I enabled IP forwarding on Host A, then updated the appropriate routing tables to give Hosts D, E, and F routes to 192.168.200.0/24 via Host A. That allowed hosts D, E, and F to ping Host A using either it's public or private addresses, but they can't reach any of the other vxlan addresses. For some reason, Host A isn't forwarding the traffic into the vxlan subnet (or else the responses aren't getting back out).
What's the best way to set up layer 3 routing in/out of the vxlan subnet?
