Checking VXLAN Recirculation’s L2 and L3 Entries



As discussed earlier, when implementing RIOT at least a recirculation pass is used. That requires that Layer 2 and Layer 3 entries be programmed appropriately to point to the loopback trunk.


With the l2-table-show command it’s possible to verify that a specific VNI-mapped VLAN is configured to point to the VXLAN loopback trunk to forward and then encapsulate the upstream traffic at the ingress VTEP.


CLI (network-admin@switch) > l2-table-show vlan 200


mac:                       00:00:5e:00:01:0a

vlan:                      200

vxlan                      10000

ip:                        2.2.2.2

ports:                     69

state:                     active,static,vxlan-loopback,router

hostname:                  Spine1

peer-intf:                 host-1

peer-state:                

peer-owner-state:          

status:                    

migrate:                   


When VTEP HA is implemented, the same command can be used to show that the VLAN is configured with VRRP and that it points to the VLAN loopback trunk. For example:


CLI (network-admin@Spine1) > l2-table-show vlan 200


mac:                       00:00:5e:b9:01:b0

vlan:                      200

vxlan                      10000

ip:                        2.2.2.2

ports:                     69

state:                     active,static,vxlan-loopback,router,vrrp

hostname:                  Spine1

peer-intf:                 host-1

peer-state:                active,vrrp,vxlan-loopback

peer-owner-state:          

status:                    

migrate:   


Similarly, in order to decapsulate and router the VXLAN traffic originated from a source VTEP, at the destination VTEP at least two passes are required. Therefore, a Layer 3 entry is programmed to point to the vxlan-loopback-trunk.


The l3-table-show command can be used to verify that the hardware state is properly set with the vxlan-loopback flag:


CLI (network-admin@Spine4) > l3-table-show ip 3.3.3.2 format all

 

mac:                  00:00:c0:00:07:75

ip:                   3.3.3.2

vlan:                 200

public-vlan:          200

vxlan:                10000

rt-if:                eth5.200

state:                active,vxlan-loopback

egress-id:            100030

create-time:          16:46:20

last-seen:            17:25:09

hit:                  22

tunnel:               Spine1_Spine4