VXLAN Routing In and Out of Tunnels
 
* 
Informational Note: 
The VXLAN tunnel loopback infrastructure, identified by the trunk object named "vxlan-loopback-trunk", used for bridging multicast or broadcast traffic in the extended VLAN and for routing traffic before VXLAN encapsulation or after VXLAN decapsulation. Non-routed unicast traffic bridges and encapsulated or decapsulated and bridged without using the VXLAN tunnel loopback
This feature provides support for centralized routing for VXLAN VLANs. For hosts on different VXLAN VLANs to communicate with each other, SVIs on VXLAN VLAN configured on one cluster pair in the fabric. Any VXLAN VLAN packets be routed between two hosts sent to a centralized overlay vrouter and then VXLAN encapsulated or decapsulated depending on source or destination host location.
Because the E68-M and E28Q cannot perform VXLAN routing in and out of tunnels in a single instance, loopback support exists. Netvisor ONE leverages vxlan-loopback-trunk to support recirculation of the packets. Be sure to add ports to vxlan-loopback-trunk so that VXLAN routing in and out of tunnels works correctly. After VXLAN decapsulation, if packets route, the inner DMAC uses either the vRouter MAC address or VRRP MAC address. The packet needs to recirculate after decapsulation as part of the routing operation. To accomplish this, Layer 2 entries for route RMAC address or VRRP MAC address on VXLAN VLAN program to point to vxlan-loopback-trunk ports in hardware. The show output for the command, l2-table-show, updates with a vxlan-loopback flag to indicate the hardware state.
CLI network-admin@switch > l2-table-show vlan 200
mac:                       00:0e:94:b9:ae:b0
vlan:                      200
vxlan                      10000
ip:                        2.2.2.2
ports:                     69
state:                     active,static,vxlan-loopback,router
hostname:                  Spine1
peer-intf:                 host-1
peer-state:                
peer-owner-state:          
status:                    
migrate:                   
mac:                       00:0e:94:b9:ae:b0
vlan:                      200
vxlan                      10000
ip:                        2.2.2.2
ports:                     69
state:                     active,static,vxlan-loopback,router
hostname:                  Spine1
peer-intf:                 host-1
peer-state:                active,vrrp,vxlan-loopback active,vrrp
peer-owner-state:          
status:                    
migrate:                   
CLI network-admin@switch > l2-table-show vlan 100
mac:                       00:0e:94:b9:ae:b0
vlan:                      100
vxlan                      20000
ip:                        1.1.1.1
ports:                     69
state:                     active,static,vxlan-loopback,router
hostname:                  Spine1
status:                    
migrate:                   
 
Also for Layer3 entries behind VXLAN tunnels, routing and encapsulation operations requires two passes . To obtain the Layer 3 entry, the hardware points to vxlan-loopback-trunk. The show output of the l3-table-show displays the hardware state with a vxlan-loopback flag.
CLI (network-admin@Spine1) > l3-table-show ip 2.2.2.3 format all
mac:                    00:12:c0:88:07:75
ip:                    2.2.2.3
vlan:                  200
public-vlan:          200
vxlan:                10000
rt-if:                eth5.200
state:                active,vxlan-loopback
egress-id:            100030
create-time:          16:46:20
last-seen:            17:25:09
hit:                  22
tunnel:               Spine1_Spine4