Checking VXLAN Recirculation’s L2 and L3 Entries
As discussed earlier, when implementing RIOT at least a recirculation pass is used. That requires that Layer 2 and Layer 3 entries be programmed appropriately to point to the loopback trunk.
With the l2-table-show command it’s possible to verify that a specific VNI-mapped VLAN is configured to point to the VXLAN loopback trunk to forward and then encapsulate the upstream traffic at the ingress VTEP.
CLI (network-admin@switch) > l2-table-show vlan 200
When VTEP HA is implemented, the same command can be used to show that the VLAN is configured with VRRP and that it points to the VLAN loopback trunk. For example:
CLI (network-admin@Spine1) > l2-table-show vlan 200
Similarly, in order to decapsulate and router the VXLAN traffic originated from a source VTEP, at the destination VTEP at least two passes are required. Therefore, a Layer 3 entry is programmed to point to the vxlan-loopback-trunk.
The l3-table-show command can be used to verify that the hardware state is properly set with the vxlan-loopback flag:
CLI (network-admin@Spine4) > l3-table-show ip 126.96.36.199 format all