Understanding Layer 3 Packet Walk in VXLAN EVPN

The Layer 3 packet walk refers to the process a packet undergoes as it traverses the network, from the source host to the destination host, in a VXLAN EVPN environment. This process is particularly important when dealing with inter-subnet or Layer 3 traffic, where routing and forwarding decisions are made based on the packet’s destination IP address.

Let's Start:

The Basics

1. Symmetric vs. Asymmetric IRB:

In VXLAN EVPN, there are two primary models for handling Layer 3 traffic: Symmetric and Asymmetric IRB (Integrated Routing and Bridging).

• Asymmetric IRB: In this model, routing is performed only at the ingress VTEP (VXLAN Tunnel Endpoint). The packet is routed to the destination subnet and then bridged within that subnet to reach the destination host. The return traffic follows a different path, often leading to asymmetric routing.
• Symmetric IRB: Symmetric IRB, on the other hand, performs routing at both the ingress and egress VTEPs. This ensures that both forward and return paths are symmetrical, providing consistent routing and simplifying traffic flows.

2. Layer 3 Packet Walk in Asymmetric IRB

• Step 1: The packet arrives at the ingress VTEP (VTEP-1), where it undergoes a routing decision based on the destination IP address. The VTEP forwards the packet to the appropriate VXLAN segment VNI-2 as displayed in the above topology,
• Step 2: The packet is encapsulated with the VXLAN header, including the VNI (VXLAN Network Identifier) corresponding to the destination subnet (VNI-2)
• Step 3: The packet is transmitted over the Layer 3 infrastructure to the egress VTEP between VTEP-2 to VTEP-4
• Step 4: Upon reaching the egress VTEP (VTEP-4), the VXLAN header is removed, and the packet is bridged within the destination subnet to the target host.

For return traffic, the packet follows a different path, undergoing a similar process at the reverse direction, leading to asymmetric routing.

3. Layer 3 Packet Walk in Symmetric IRB

• Step 1: Host A sends traffic towards Host B, which is in a different Layer 2 network, while the destination MAC address is the MAC of the distributed anycast gateway.
• Step 2: The ingress VTEP routes the packet to the Layer 3 VNI. It rewrites the inner destination MAC address to the egress VTEP’s router MAC address and encodes the Layer 3 VNI in the VXLAN header.
• Step 3: The packet travels between the ingress and egress VTEP forming the VXLAN tunnel, in the L3VNI.
• Step 4: The egress VTEP receives the encapsulated VXLAN packet. It first de-encapsulates the packet by removing the VXLAN header. Then it looks at the inner packet header. Because the destination MAC address in the inner packet header is its own MAC address, it performs a Layer 3 routing lookup. The Layer 3 VNI in the VXLAN header provides the VRF context in which this routing lookup is performed. Hence, it routes the packet in the destination VNI and VLAN.
• Step-5: The de-encapsulated packet is sent to Host B within the destination VNI and VLAN.

Why Symmetric IRB is Often Preferred

Symmetric IRB is typically favored in large-scale deployments due to its ability to provide consistent routing paths and simplify troubleshooting.

By ensuring that both forward and return traffic follow the same path, Symmetric IRB reduces the chances of issues such as routing loops or suboptimal routing, which can occur in asymmetric environments.

In Asymmetric IRB, each VTEP should have all the VNI configured in the fabric which might cause scalability problems as the number of VNIs increase. as shown below, each VTEP Leaf has all VNIs in the fabirc and ARP entries for all end-host as well.

But in Symmetric IRB, the ingress VTEP doesn't need to know the destination VNI for inter-VNI routing, So they don't have to learn the remote end host information attached to egress leaf.

This approach results in better utilization of the leafs resources and MAC addresses and ARP tables on a VTEP

Conclusion

Mastering the Layer 3 packet walk in VXLAN EVPN environments is crucial for ensuring efficient and reliable network performance. By understanding the differences between Symmetric and Asymmetric IRB models, network engineers can make informed decisions about their network design and configuration, optimizing their infrastructure for both performance and scalability.

As VXLAN EVPN continues to evolve, staying updated with these concepts will empower you to design and manage networks that meet the demands of modern data centers.

Feel free to connect with me if you have any questions or need further insights into VXLAN EVPN implementations!

#Networking #VXLAN #EVPN #NetworkEngineering #DataCenter #TechInsights #Layer3Routing #CiscoACI #TechLeadership #CCIEDC #ShehabWagdy