Technical Tip: How to enable NP7 hardware offloading for VXLAN over EVPN Traffic

Description

This article describes a known issue where VXLAN over EVPN traffic is not being hardware-offloaded for NP7-based platforms, as well as the solution to the issue.

Scope

NP7 FortiGates, Hardware Acceleration/Offloading, VXLAN with EVPN.

Solution

As per the VXLAN with MP-BGP EVPN setup documentation, the learn-from-traffic option's primary function is to control the learning of remote VXLAN network identifier (VNIs) from VXLAN traffic. However, it also has a secondary function where it implicitly controls NP7 hardware acceleration for VXLAN traffic handling. Enabling this setting also enables NP7 hardware acceleration, and the option can be configured on a per-tunnel basis under config system vxlan:

config system vxlan     edit <vxlan-name>         set interface <interface-name>         set vni <vni-id>         set local-ip <local-ip>         set evpn-id <evpn-id>         set learn-from-traffic [ enable | disable ]     next end