xref: /freebsd/share/man/man4/geneve.4 (revision adecd4c4cd05b404ff81dbfce88b772e2b754a7f) 
1.\"
2.\" Copyright (c) 2025-2026 Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org>
3.\"
4.\" SPDX-License-Identifier: BSD-2-Clause
5.\"
6.Dd March 31, 2026
7.Dt GENEVE 4
8.Os
9.Sh NAME
10.Nm geneve
11.Nd Generic Network Virtualization Encapsulation interface
12.Sh SYNOPSIS
13To compile this driver into the kernel,
14place the following line in your
15kernel configuration file:
16.Cd device geneve
17.Pp
18Alternatively, to load the driver as a
19module at boot time, place the following line in
20.Xr loader.conf 5 :
21.Cd if_geneve_load="YES"
22.Sh DESCRIPTION
23The
24.Nm
25driver creates a generic network virtualization tunnel interfaces
26for Tentant Systems over an L3 (IP/UDP) underlay network that provides
27a Layer 2 (ethernet) or Layer 3 service using
28.Nm
29protocol.
30.Pp
31This driver corresponds to RFC 8926 for format specification and by default
32uses the multicast-learning-based approach for its control plane.
33To provide control plane independence all of the driver-specific operations
34are implemented using
35.Xr rtnetlink 4
36and all the
37.Xr ioctl 2
38calls are implemented using the
39.Xr nv 9
40library.
41Each
42.Nm
43interface is created at runtime using interface cloning.
44This is most easily done with the
45.Xr ifconfig 8
46.Cm create
47command or using the
48.Va cloned_interfaces
49variable in
50.Xr rc.conf 5 .
51The interface may be removed with the
52.Xr ifconfig 8
53.Cm destroy
54command.
55.Pp
56The
57.Nm
58interface must be configured in either L2 or L3 mode.
59An L2
60.Nm
61tunnel could be used as a backplane between the virtual switches
62residing in hypervisors, switches, or other appliances.
63.Pp
64The L3
65.Nm
66tunnel provides virtualized IP forwarding service similar to IP/VRF.
67.Pp
68By default the
69.Nm
70driver creates an L2 interface that supports the usual network
71.Xr ioctl 2 Ns s
72and thus can be used with
73.Xr ifconfig 8
74like any other Ethernet interface.
75An L2
76.Nm
77interface encapsulates the Ethernet frame by prepending IP/UDP and
78.Nm
79headers.
80Thus, the encapsulated (inner) frame is able to be transmitted
81over a routed, Layer 3 network to the remote host.
82.Pp
83The
84.Nm
85interface may be configured in either unicast or multicast mode.
86When in unicast mode,
87the interface creates a tunnel to a single remote host,
88and all traffic is transmitted to that host.
89When in multicast mode,
90the interface joins an IP multicast group,
91and receives packets sent to the group address,
92and transmits packets to either the multicast group address,
93or directly to the remote host if there is an appropriate
94forwarding table entry.
95.Pp
96When the
97.Nm
98interface is brought up, a
99.Xr udp 4
100.Xr socket 9
101is created based on the configuration,
102such as the local address for unicast mode or
103the group address for multicast mode,
104and the listening (local) port number.
105Since multiple
106.Nm
107interfaces may be created that either
108use the same local address
109or join the same group address,
110and use the same port,
111the driver may share a socket among multiple interfaces.
112However, each interface within a socket must belong to
113a unique
114.Nm
115segment per
116.Xr vnet 9 .
117The analogous
118.Xr vlan 4
119configuration would be a physical interface configured as
120the parent device for multiple VLAN interfaces, each with
121a unique VLAN tag.
122Each
123.Nm
124segment is identified by a 24-bit value in the
125.Nm
126header called the
127.Dq Virtual Network Identifier ,
128or VNI.
129This value can be set with
130.Xr ifconfig 8
131.Cm geneveid
132parameter.
133.Pp
134When configured with the
135.Xr ifconfig 8
136.Cm genevelearn
137parameter, the interface dynamically creates forwarding table entries
138from received packets.
139An entry in the forwarding table maps the inner source MAC address
140to the outer remote IP address.
141During transmit, the interface attempts to lookup an entry for
142the encapsulated destination MAC address.
143If an entry is found, the IP address in the entry is used to directly
144transmit the encapsulated frame to the destination.
145Otherwise, when configured in multicast mode,
146the interface must flood the frame to all hosts in the group.
147The maximum number of entries in the table is configurable with the
148.Xr ifconfig 8
149.Cm genevemaxaddr
150command.
151Stale entries in the table are periodically pruned.
152The timeout is configurable with the
153.Xr ifconfig 8
154.Cm genevetimeout
155command.
156.Ss MTU
157Since the
158.Nm
159interface encapsulates the Ethernet frame with an IP, UDP, and
160.Nm
161header, the resulting frame may be larger than the MTU of the
162physical network.
163The
164.Nm
165specification recommends the physical network MTU be configured
166to use jumbo frames to accommodate the encapsulated frame size.
167.Pp
168By default, the
169.Nm
170driver sets its MTU to usual ethernet MTU of 1500 bytes, reduced by
171the size of geneve headers prepended which is depends on
172.Cm genevemode .
173.Pp
174Alternatively, the
175.Xr ifconfig 8
176.Cm mtu
177command may be used to set the fixed MTU size on the
178.Nm
179interface to allow the encapsulated frame to fit in the
180current MTU of the physical network.
181If the
182.Cm mtu
183command was used, system no longer adjust the
184.Nm
185interface MTU on routing or address changes.
186.Ss Hop Limit
187TTL value of
188.Nm
189interface can change by using the
190.Xr ifconfig 8
191.Cm genevettl
192command and it also can be inherited from carrying packet.
193You can set the
194.Cm genevettl
195to a number value or
196.Cm inherit
197option to be inherited at the encapsulation and decapsulation point.
198.Ss Traffic Class
199Just like the TTL value, ToS value can be inherited at the encapsulation point
200using
201.Xr ifconfig 8
202.Cm genevedscpinherit .
203As defined in RFC 8926, ECN value follows the RFC 6040 for both ingress and
204egress traffic.
205.Ss Don't Fragment
206To make sure fragmentation does not happing during transmission, you can
207set the
208.Xr ifconfig 8
209.Cm genevedf
210value to
211.Cm set
212value which sets the DF bit on IPv4 header and IP_DONTFRAG option on both IPv4
213and IPv6 sockets.
214Similar to other options, it can be set to
215.Cm inherit
216value.
217.Ss Multicast
218To create the
219.Nm
220interface with multicast underlay, one must use
221.Xr ifconfig 8
222.Cm genevegroup
223instead of
224.Cm geneveremote
225and set it to a multicast address (e.g. ff08::db8:0:1, 239.0.0.1).
226One can set the outbound multicast interface with
227.Xr ifconfig 8
228.Cm genevedev
229to bound its multicast group to specific interface.
230.Pp
231The
232.Cm ip_mroute
233kernel module for IPv4 underlay and
234.Cm ip6_mroute
235for IPv6 underlay must be loaded for
236.Xr multicast 4
237to function.
238.Sh HARDWARE
239The
240.Nm
241driver supports hardware checksum offload (receive and transmit) and TSO on the
242encapsulated traffic over physical interfaces that support these features.
243The
244.Nm
245interface examines the
246.Cm genevedev
247interface, if one is specified, or the interface hosting the
248.Cm genevelocal
249address, and configures its capabilities based on the hardware offload
250capabilities of that physical interface.
251If multiple physical interfaces will transmit or receive traffic for the
252.Nm
253then they all must have the same hardware capabilities.
254The transmit routine of a
255.Nm
256interface may fail with
257.Er ENXIO
258if an outbound physical interface does not support
259an offload that the
260.Nm
261interface is requesting.
262This can happen if there are multiple physical interfaces involved, with
263different hardware capabilities, or an interface capability was disabled after
264the
265.Nm
266interface had already started.
267.Sh EXAMPLES
268.Bd -literal
269       Host A (198.51.100.10)
270       +--------------------+
271       | VNI 100 10.1.1.0/24|
272       | VNI 200 10.2.2.0/24|
273       +---------+----------+
274                 |
275         (198.51.100.0/24)
276                 |
277 +---------------v---------------+
278 | Host B (203.0.113.1)          |
279 |        +------+-------+       |
280 | geneve0|              |geneve1|
281 | +------v----+   +-----v-----+ |
282 | | bridge0   |   | bridge1   | |
283 | | (VNI 100) |   | (VNI 200) | |
284 | +------+----+   +----+------+ |
285 |        |             |        |
286 +--------v-------------v--------+
287   epair0b|             |epair1b
288   +------+----+   +----+------+
289   | Jail A    |   | Jail B    |
290   | (10.1.1.x)|   | (10.2.2.x)|
291   +-----------+   +-----------+
292.Ed
293Assume host A has the (external) IP address 198.51.100.10 and
294two internal addresses of 10.1.1.1/24 and 10.2.2.1/24, while
295host B has the external address of 203.0.113.10 and two jails
296with their own separate
297.Xr VNET 9 .
298the following commands will configure the tunnel:
299.Pp
300On host A, create a l2
301.Nm
302interface in unicast mode:
303.Bd -literal
304ifconfig geneve0 create geneveid 100 genevelocal 198.51.100.10 geneveremote 203.0.113.1
305ifconfig geneve1 create geneveid 200 genevelocal 198.51.100.10 geneveremote 203.0.113.1
306.Ed
307.Pp
308On host B:
309.Bd -literal
310ifconfig geneve0 create geneveid 100 genevelocal 203.0.113.1 geneveremote 198.51.100.10
311ifconfig geneve1 create geneveid 200 genevelocal 203.0.113.1 geneveremote 198.51.100.10
312ifconfig bridge0 addm geneve0 addm epair0a
313ifconfig bridge1 addm geneve1 addm epair1a
314.Ed
315.Pp
316The example below demonstrate multicast configuration with IPv6:
317.Bd -literal
318                      ----------- VNI 42 -----------
319                     /                              \\
3202001:db8::1/64 --- Host A ------ Multicast ------- Host B --- 2001:db8::2/64
321                  3fff::1 [em0] ff08::db8:1 [em0]  3fff::2
322.Ed
323.Pp
324Create a
325.Nm
326interface in multicast mode,
327with the
328.Cm genevelocal
329address of 3fff::1,
330and the
331.Cm genevegroup
332address of ff08::db8:0:1.
333The em0 interface will be used to transmit multicast packets.
334On host A:
335.Bd -literal
336ifconfig geneve0 create geneveid 42 genevelocal 3fff::1 genevegroup ff08::db8:1 genevedev em0
337.Ed
338.Pp
339On host B:
340.Bd -literal
341ifconfig geneve0 create geneveid 42 genevelocal 3fff::2 genevegroup ff08::db8:1 genevedev em0
342.Ed
343.Pp
344Once created, the
345.Nm
346interface can be configured with
347.Xr ifconfig 8 .
348.Pp
349The following when placed in the file
350.Pa /etc/rc.conf
351will cause a geneve interface called
352.Dq Li geneve0
353to be created, and will configure the interface in unicast mode.
354.Bd -literal
355cloned_interfaces="geneve0"
356create_args_geneve0="geneveid 108 genevelocal 192.168.100.1 geneveremote 192.168.100.2"
357.Ed
358.Sh SEE ALSO
359.Xr inet 4 ,
360.Xr inet6 4 ,
361.Xr multicast 4 ,
362.Xr rtnetlink 4 ,
363.Xr vlan 4 ,
364.Xr rc.conf 5 ,
365.Xr ifconfig 8 ,
366.Xr sysctl 8
367.Rs
368.%A "J. Gross, Ed."
369.%A "I. Gross, Ed."
370.%A "T. Sridhar, Ed."
371.%T "Geneve: Generic Network Virtualization Encapsulation"
372.%D November 2020
373.%O "RFC 8926"
374.Re
375.Sh AUTHORS
376.An -nosplit
377The
378.Nm
379driver was written by
380.An Seyed Pouria Mousavizadeh Tehrani Aq info@spmzt.net
381.Sh BUGS
382Current geneve implementation with netlink can't set geneve options
383other than genevemode during interface cloning in ifconfig without
384specifying the interface index.
385