Checking VXLAN Recirculation’s L2 and L3 Entries
As discussed earlier, when implementing RIOT at least a recirculation pass is used. That requires that Layer 2 and Layer 3 entries be programmed appropriately to point to the loopback trunk.
With the l2-table-show command it’s possible to verify that a specific VNI-mapped VLAN is configured to point to the VXLAN loopback trunk to forward and then encapsulate the upstream traffic at the ingress VTEP.
CLI (network-admin@switch) > l2-table-show vlan 200
mac: 00:00:5e:00:01:0a
vlan: 200
vxlan 10000
ip: 2.2.2.2
ports: 69
state: active,static,vxlan-loopback,router
hostname: Spine1
peer-intf: host-1
peer-state:
peer-owner-state:
status:
migrate:
When VTEP HA is implemented, the same command can be used to show that the VLAN is configured with VRRP and that it points to the VLAN loopback trunk. For example:
CLI (network-admin@Spine1) > l2-table-show vlan 200
mac: 00:00:5e:b9:01:b0
vlan: 200
vxlan 10000
ip: 2.2.2.2
ports: 69
state: active,static,vxlan-loopback,router,vrrp
hostname: Spine1
peer-intf: host-1
peer-state: active,vrrp,vxlan-loopback
peer-owner-state:
status:
migrate:
Similarly, in order to decapsulate and router the VXLAN traffic originated from a source VTEP, at the destination VTEP at least two passes are required. Therefore, a Layer 3 entry is programmed to point to the vxlan-loopback-trunk.
The l3-table-show command can be used to verify that the hardware state is properly set with the vxlan-loopback flag:
CLI (network-admin@Spine4) > l3-table-show ip 3.3.3.2 format all
mac: 00:00:c0:00:07:75
ip: 3.3.3.2
vlan: 200
public-vlan: 200
vxlan: 10000
rt-if: eth5.200
state: active,vxlan-loopback
egress-id: 100030
create-time: 16:46:20
last-seen: 17:25:09
hit: 22
tunnel: Spine1_Spine4