Scribd
Upload
24 views4 pages

PART-06 (VXLAN L3 Packet Forwading)

Uploaded by

RajeshKumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views4 pages

PART-06 (VXLAN L3 Packet Forwading)

Uploaded by

RajeshKumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

PART-06 (VXLAN L3 Packet Forwarding)

Layer 3 VXLAN traffic forwarding refers to the process of routing traffic between different VXLAN
segments or subnets within a VXLAN-enabled network. Since VXLAN is an overlay protocol designed to
extend Layer 2 segments over a Layer 3 network, Layer 3 VXLAN forwarding is essential when
communication needs to happen between devices in different VXLAN segments.

In a VXLAN environment, traffic forwarding within the same VXLAN segment (same VNI) is straightforward
and functions like traditional Layer 2 switching. However, when traffic needs to travel between different
VXLAN segments (different VNIs), Layer 3 VXLAN forwarding is required, and it involves routing functions.

Routing in VXLAN can be performed with one of two architectures:

• Distributed L3 Gateway: Each VTEP can handle routing locally, allowing devices in different
VNIs to communicate without going through a centralized router. This reduces latency and
improves scalability in large networks.

• Centralized L3 Gateway: A single device (or a small cluster of devices) performs all routing
between VNIs, creating a central point for Layer 3 VXLAN traffic. This method is simpler to
configure but may introduce bottlenecks in large deployments.
Distributed L3 Gateway has two deployment model:
• Asymmetric IRB: In this model, routing is performed only at the ingress VTEP (VXLAN Tunnel
Endpoint). The packet is routed to the destination subnet and then bridged within that
subnet to reach the destination host. The return traffic follows a different path, often
leading to asymmetric routing.
• Symmetric IRB: Symmetric IRB, on the other hand, performs routing at both the ingress and
egress VTEPs. This ensures that both forward and return paths are symmetrical, providing
consistent routing and simplifying traffic flows

VXLAN L3 traffic forwarding using Asymmetric IRB

Let consider Host A of one subnet want to communicate with the Host B of another subnet
where the L3 VXLAN performed based on the Asymmetric IRB.

Step-01: Ingress VTEP Routing:


• When traffic from a device in one subnet (VNI A) needs to communicate with a device in
a different subnet (VNI B), the ingress VTEP identifies that the destination IP address is
in another VXLAN segment.
• The ingress VTEP performs a routing lookup, determining the outgoing VNI for the
destination subnet (VNI B) and the next-hop IP.
• The ingress VTEP routes the packet from VNI A to VNI B by changing the source and
destination IP addresses at Layer 3 (routing operation) and encapsulates it with VXLAN
headers associated with the destination VNI.
Step-02: Encapsulation and Forwarding:
• After routing the packet to VNI B, the ingress VTEP encapsulates the packet in a VXLAN
header, setting the VNI of the destination subnet (VNI B).
• The packet is then sent across the Layer 3 network to the egress VTEP that manages VNI
B.
Step-03: Egress VTEP Forwarding:
• The egress VTEP receives the encapsulated VXLAN packet and decapsulates it, removing
the VXLAN header.
• Because routing was already performed by the ingress VTEP, the egress VTEP only needs
to forward the packet at Layer 2 within the destination VNI (VNI B).
• The packet is delivered to the destination device within VNI B without any additional
routing lookup by the egress VTEP.

Please note that the response of the Host B follows the same procedure and send the traffic using the
another path.
Note: Cisco device does not support Asymmetric IRB.

VXLAN L3 traffic forwarding using symmetric IRB

Let consider Host A of one subnet want to communicate with the Host B of another subnet where the L3
VXLAN performed based on the symmetric IRB.

Step-01: Ingress VTEP Routing:


• When a device in one subnet (VNI A) needs to communicate with a device in a different subnet
(VNI B), the ingress VTEP detects that the destination IP address belongs to another subnet (VNI
B).
• The ingress VTEP performs a Layer 3 routing lookup to determine the appropriate next hop and
determines that the packet needs to be routed from VNI A to VNI B.
• The packet is routed to a "transit VNI" (a VNI dedicated to carrying routed traffic between
subnets).
• The ingress VTEP then encapsulates the packet with VXLAN headers using the transit VNI and
sets the destination VTEP IP address as the target.
Step-02: Encapsulation and VXLAN Forwarding:
• The ingress VTEP encapsulates the packet with VXLAN headers, specifying the transit VNI.
• The encapsulated packet is then forwarded across the underlying Layer 3 network toward the
egress VTEP.
Step-03: Egress VTEP Routing:
• When the encapsulated packet arrives at the egress VTEP, it decapsulates the VXLAN headers to
access the original payload.
• The egress VTEP performs a Layer 3 routing lookup to determine the final destination within
VNI B.
• The packet is then re-encapsulated (if needed) with the destination VNI and is forwarded to the
destination device within the destination subnet.

Important Note:

In a centralized gateway setup, a single VTEP or a small cluster of VTEPs handles routing for all subnets.
This makes traffic flow paths easier to understand; however, it has disadvantages for scalability. All traffic
is routed centrally through the gateway, which increases traffic overhead on that particular VTEP and can
lead to higher latency. Additionally, if this central VTEP fails, the entire infrastructure is impacted until a
new VTEP is configured as the gateway.

On the other hand, with a distributed gateway setup, each VTEP performs its own routing, which reduces
processing overhead and latency while ensuring redundancy. Although the configuration is more complex,
distributed routing is better suited for scalable infrastructures. If any VTEP fails, only the connected hosts
are affected.

Therefore, we can say, for scalable, high-performance, and low-latency networks, distributed routing is
the preferred choice, especially in large data centers or cloud environments.

You might also like