VxLAN

Question 1

VTI

Answer 1

VxLAN Tunnel Interface; responsible for encap/decap of VxLAN header; IP interface of the VTEP; VLAN to VNI mapping; VTEP flood list for BUM traffic.

Every VTEP’s VTI IP address (vxlan source-interface loopback) needs to be reachable from every other VTEP. Advertise these in the underlay routing protocol and confirm pings sourced from this VTEP IP can reach all other VTEP’s IPs.

Question 2

VNI

Answer 2

VxLAN Network Indentifier. 24-bit number mapped to a VLAN to identifiy a network segment in the tunnel.

Question 3

VTEP

Answer 3

VxLAN Tunnel Endpoint; entry/exit point for the VxLAN overlay network. Can be a physical of virtual switch.

Question 4

VXLAN Bridging

Answer 4

End hosts are communicating within the same VLAN and no gateway is needed.

Question 5

VXLAN Routing

Answer 5

End hosts are communicating between different VLANs and a gateway is needed for routing.

Question 6

VXLAN MTU

Answer 6

The VXLAN header adds 50 bytes (54 bytes if outer L2 header includes dot1q tag), and the Do Not Fragment (DF) bit is set on the VXLAN.

vtep1#ping 2.2.2.2 size 9214 df-bit

Question 7

MLAG configuration (when using VXLAN)

Answer 7

Mirror all VXLAN config to both MLAG peers. This provides for seamless failover should something happen to a peer. As both peers are presenting as one logical VTEP, they will share the same Loopback IP address as well VTI configuration.

Question 8

VXLAN configuration

Answer 8

SW(config)#interface loopback 1
SW(config-if)#ip address 1.1.1.102

SW(config)#interface vxlan 1
SW(config-if)#vxlan source-interface loopback 1
SW(config-if)#vxlan udp-port 4789
SW(config-if)#vxlan vlan 10 vni 10010
SW(config-if)#vxlan flood vtep 1.1.1.101 (this is the IP address of another VTEP)

SW(config)#ip routing

Question 9

STP BPDUs with VTEPs

Answer 9

We do not tunnel STP BPDUs across VTEPs. They will be generated and sent out all local ports only.

Question 10

Head End Replication

(HER)

Answer 10

Each VTEP is manually configured with a flood-list of all other VTEPs in the network.
A flood-list can be global (all VNIs) or created on a per VNI basis.
Any received Broadcast, Unknown unicast and Multicast (BUM) traffic within a VNI is replicated and transmitted as unicast to each of the VTEPs within the flood-list for that VNI.
MAC address learning occurring via the standard flood and learn process.

Question 11

There are two ways of implementing VXLAN (based on use case).

• Bridging
• Routing

Answer 11

Bridging - End hosts communicating are on the same subnet, no gateway required on the VTEP. Basic VXLAN enables stretching Layer 2 domains across an L3 cloud.

Routing - End hosts communicating are on different subnets and hence a gateway is required on the VTEP. VTEP needs capability to route between these Layer 2 domains.

Question 12

show interface vxlan 1

(troubleshooting for VXLAN bridging)

Answer 12

should be “up”; correctly reflect configured VLAN-to-VNI mappings; confirm control plane (multicast, HER, CVX, EVPN).

Question 13

show vlan

show ip interface brief

show vxlan address-table

(troubleshooting VXLAN bridging)

Answer 13

show vlan - ensure extended VLANs show active on the “Vx1” interface

show ip interface brief - just make sure no svi show up on these vlans

show vxlan address-table - show the VXLAN MAC of the remote VTEPs.

Question 14

What is VXLAN

Answer 14

VXLAN is a “tunneling scheme to overlay layer 2 networks on top of layer 3 networks”.

VXLAN includes a 24 bit VXLAN identifier.

This allows for ~ 16 million logical networks.

VXLAN stands for Virtual eXtensible Local Area Network (VXLAN).

VXLAN uses udp port 4789 by default.

Independent STP domains across sites.