About Port Hairpinning 


Port hairpinning allows Layer 2 bridged traffic to exit out of the same switch-port that it arrived on. This is useful because it supports hosting containers with Single Root I/O Virtualization (SR-IOV) network interfaces and classifies traffic going towards the applications.

This feature also allows the first-hop switch to enforce policies and security rules in hardware, through vflows, and may be used where a Netvisor One-enabled switch is used to micro-segment traffic, such as whitelists.


You can use this feature when modifying a port configuration and when creating or modifying a trunk configuration with link aggregation.


Note: If you configure this feature on a port that is not connected to a server, it may cause network issues.



The following types of traffic to bridge back:


  • Layer 2 Unicast traffic
  • Layer 2 Broadcast, Unknown Unicast, Multicast (BUM) traffic
  • CPU originated packets


To enable this feature, use the following command:


CLI (network-admin@Leaf1) > port-config-modify port port-list reflect


To disable this feature:


CLI (network-admin@Leaf1) > port-config-modify port port-list no-reflect


Command Options


The following options for the port-config-modify command are:


CLI (network-admin@Leaf1) > port-config-modify


port-config-modify

modifies a port configuration

reflect|noreflect

enables or disables physical port reflection


CLI (network-admin@Leaf1) >port-config-show


port-config-show

displays information about port configurations

reflect|noreflect

indicates if physical port reflection is enabled or not


The following hairpinning options for the trunk-create, trunk-modify, and trunk-show commands are:


CLI (network-admin@Leaf1) > trunk-create


trunk-create

create a trunk configuration for link aggregation

reflect|noreflect

enables or disables physical port reflection


CLI (network-admin@Leaf1) > trunk-modify


trunk-modify

modify a trunk configuration for link aggregation

reflect|noreflect

indicates if physical port reflection is enabled or not


CLI (network-admin@Leaf1) > trunk-show


trunk-show

display trunk configuration

reflect|noreflect

indicates if physical port reflection is enabled or not