[aroulin]

Using vxlan you can also connect L3 networks, not just L2 networks. i.e., virtualize an L3 network

[jacob019]

Wireguard virtualizes L3 out of the box.

[aroulin]

With Wireguard being a point-to-point protocol (as I understand), it will be challenging to get good performance for L3VPN BUM traffic?

[tssva]

A Wireguard interface is point-to-multipoint non broadcast which if a single peer is configured on it can in general be treated as point-to-point.

[lillecarl]

You wanna do PIM? There's no BUM on a p2p link.

[aroulin]

Right, that's what I was trying to understand.

"wireshark can virtualize an L3 network out-of-the-box" How can this be true then?

[lillecarl]

Well an L3 network is routed, so you just have routes. 32 bit route for the "server", whatever mask to reach others through the "server". The server has 32 bit routes to each client, so it works.

This is essentially how you want to build your DC networks today too (why waste ips on netid and broadcast that you never use) (for public addresses).

But you stick BGP on there to exchange route information rather than static routing.

[aroulin]

Right. My thinking is that with VxLAN you can get each tenant in the datacenter to have its own L3 network, isolated from other tenants L3 network.

Each tenant can have multiple subnets; run BGP, etc. and the IP addresses can be re-used between different tenants.

It doesn't seem wireguard can do that with just p2p network. This was one argument I had for adding VXLAN encapsulation over IP for the above comment. You also get L2 connectivity if you want it.