VxLAN Flashcards
VTI
VxLAN Tunnel Interface; responsible for encap/decap of VxLAN header; IP interface of the VTEP; VLAN to VNI mapping; VTEP flood list for BUM traffic.
Every VTEP’s VTI IP address (vxlan source-interface loopback) needs to be reachable from every other VTEP. Advertise these in the underlay routing protocol and confirm pings sourced from this VTEP IP can reach all other VTEP’s IPs.
VNI
VxLAN Network Indentifier. 24-bit number mapped to a VLAN to identifiy a network segment in the tunnel.
VTEP
VxLAN Tunnel Endpoint; entry/exit point for the VxLAN overlay network. Can be a physical of virtual switch.
VXLAN Bridging
End hosts are communicating within the same VLAN and no gateway is needed.
VXLAN Routing
End hosts are communicating between different VLANs and a gateway is needed for routing.
VXLAN MTU
The VXLAN header adds 50 bytes (54 bytes if outer L2 header includes dot1q tag), and the Do Not Fragment (DF) bit is set on the VXLAN.
vtep1#ping 2.2.2.2 size 9214 df-bit
MLAG configuration (when using VXLAN)
Mirror all VXLAN config to both MLAG peers. This provides for seamless failover should something happen to a peer. As both peers are presenting as one logical VTEP, they will share the same Loopback IP address as well VTI configuration.
VXLAN configuration
SW(config)#interface loopback 1
SW(config-if)#ip address 1.1.1.102
SW(config)#interface vxlan 1
SW(config-if)#vxlan source-interface loopback 1
SW(config-if)#vxlan udp-port 4789
SW(config-if)#vxlan vlan 10 vni 10010
SW(config-if)#vxlan flood vtep 1.1.1.101 (this is the IP address of another VTEP)
SW(config)#ip routing
STP BPDUs with VTEPs
We do not tunnel STP BPDUs across VTEPs. They will be generated and sent out all local ports only.
Head End Replication
(HER)
Each VTEP is manually configured with a flood-list of all other VTEPs in the network.
A flood-list can be global (all VNIs) or created on a per VNI basis.
Any received Broadcast, Unknown unicast and Multicast (BUM) traffic within a VNI is replicated and transmitted as unicast to each of the VTEPs within the flood-list for that VNI.
MAC address learning occurring via the standard flood and learn process.
There are two ways of implementing VXLAN (based on use case).
- Bridging
- Routing
Bridging - End hosts communicating are on the same subnet, no gateway required on the VTEP. Basic VXLAN enables stretching Layer 2 domains across an L3 cloud.
Routing - End hosts communicating are on different subnets and hence a gateway is required on the VTEP. VTEP needs capability to route between these Layer 2 domains.
show interface vxlan 1
(troubleshooting for VXLAN bridging)
should be “up”; correctly reflect configured VLAN-to-VNI mappings; confirm control plane (multicast, HER, CVX, EVPN).
show vlan
show ip interface brief
show vxlan address-table
(troubleshooting VXLAN bridging)
show vlan - ensure extended VLANs show active on the “Vx1” interface
show ip interface brief - just make sure no svi show up on these vlans
show vxlan address-table - show the VXLAN MAC of the remote VTEPs.
What is VXLAN
VXLAN is a “tunneling scheme to overlay layer 2 networks on top of layer 3 networks”.
VXLAN includes a 24 bit VXLAN identifier.
This allows for ~ 16 million logical networks.
VXLAN stands for Virtual eXtensible Local Area Network (VXLAN).
VXLAN uses udp port 4789 by default.
Independent STP domains across sites.