VXLAN: Exploring Symmetric and Asymmetric IRB

Virtual Extensible LAN (VXLAN) is a key technology that has transformed the landscape of data center networking, addressing the scalability and flexibility challenges associated with traditional VLANs (Virtual Local Area Networks). VXLAN is an encapsulation protocol designed to extend Layer 2 networks over Layer 3 infrastructure, making it an integral part of modern data center architectures.

Key Components of VXLAN:

1. Encapsulation:VXLAN encapsulates Layer 2 Ethernet frames within UDP (User Datagram Protocol) packets, allowing them to traverse Layer 3 networks.
2. Segmentation:VXLAN provides a vast address space, enabling the creation of up to 16 million unique VXLAN segments. This scalability addresses the limitations of traditional VLANs and facilitates the deployment of large-scale, multi-tenant environments.
3. VTEPs (VXLAN Tunnel Endpoints):VTEPs play a crucial role in VXLAN by encapsulating and decapsulating traffic. These endpoints are responsible for establishing communication between VXLAN segments.
4. Underlay and Overlay Networks:The underlay network represents the existing Layer 3 infrastructure that facilitates communication between VTEPs. The overlay network, on the other hand, is the virtualized Layer 2 network created by VXLAN, enabling the extension of Layer 2 segments over the Layer 3 infrastructure.

VXLAN provides the capability to extend our Layer 2 network across a Layer 3 infrastructure. However, we need to establish traffic routing between VNIs (VXLAN Segments) in a manner similar to our approach to Inter-VLAN routing.

VXLAN Routing:

Routing in VXLAN can be performed with one of two architectures:

1. Centralized Routing
2. Distributed Routing

Employing a Distributed Routing architecture, the IETF outlines two models within EVPN to achieve inter-subnet routing:

• Asymmetric IRB
• Symmetric IRB

First, let's have a brief definition of IRB:

Integrated Routing and Bridging (IRB) is a networking technology that plays a critical role in connecting and facilitating communication between different network segments within a single device, typically a router or a layer 3 switch. IRB seamlessly integrates both routing and bridging functionalities, providing a versatile solution for managing traffic between VLANs (Virtual Local Area Networks) and improving the overall efficiency of network communications.

The primary distinction between the Asymmetric IRB model and the Symmetric IRB model lies in the method and location of routing lookups.

Asymmetric IRB:

In the asymmetric model, routing and bridging occur at the VXLAN tunnel ingress, while only bridging takes place at the egress. This leads to bidirectional VXLAN traffic traversing different VNIs in each direction, always following the destination VNI, within the routed infrastructure.

Considering the above figure Host A wants to communicate with Host B:

1. Since Host B is on a different subnet, Host A sends the frame in VLAN 10 to its default gateway which is VTEP 1.
2. VTEP 1 recognizes the destination address is on another subnet (VLAN 20). It Looks up the routing table and routes it to the Orange VNI (VLAN 20).
3. VTEP 1 tunnels the traffic in the Orange VNI (VNI 100020) to VTEP 2.
4. VTEP 2 removes the VXLAN header from the frame looks up the MAC table and bridges the frame to Host B.
5. Host B wants to reply to Host A. While they are in different subnets, Host B sends the frame in VLAN 20 to its default gateway which is VTEP 2.
6. VTEP 2 looks up the routing table and routes the traffic to the Green VNI (VLAN 10).
7. VTEP 2 tunnels the traffic in the Green VNI (VNI 100010) to VTEP 1.
8. VTEP 1 removes the VXLAN header from the frame, looks up the MAC table, and bridges the traffic to Host A.

Pros:

The implementation is easy and there is no need for extra VNIs.

Cons:

All the VLANs and VNIs must be configured on all VTEPs even if the VTEPs do not have clients on all VLANs. This will increase the ARP cache, and CAM table size which will result in the control plane scaling issue.

Symmetric IRB:

The symmetric model involves routing and bridging on both the ingress and egress leaves. This allows bidirectional traffic to traverse on the same VNI in both directions.

In this approach, all routed VXLAN traffic is directed through a dedicated transit VNI known as the L3VNI. The L3VNI serves as the conduit for routing traffic, where it is tunneled across the Layer 3 infrastructure, routed off the L3VNI to the designated VLAN, and finally, bridged to reach its destination.

Considering the above figure Host A wants to communicate with Host B:

1. Because the destination is in a different subnet from Host A, Host A sends the frame to its default gateway, VTEP 1 in VLAN 10.
2. VTEP 1 looks up the routing table and routes the traffic to the L3VNI and destination VTEP 2.
3. VTEP 1 encapsulates traffic with the VXLAN header using the L3VNI 90001 and VTEP 2's IP and MAC address.
4. VTEP 2 decapsulates the traffic and routes traffic to the destination VLAN.
5. VTEP 2 bridges traffic towards Host B.
6. The return traffic is routed similarly using the same L3VNI.

Pros:

This method is scalable because each VTEP hosts the needed VLANs and VNIs in which it has connected devices.

Cons:

The configuration is more complex as an extra VXLAN tunnel and VLAN in your network are required. The data plane traffic is also more complex as an extra routing hop occurs and could cause extra latency.