Show Menu
Cheatography

Arista VXLAN Bridging Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Virtual eXtensible LAN

L2 ethernet frames tunneled across an L3 infras­tru­cture. Why? Extends L2 bounda­ries, supports multi-­pathing and load distri­bution, is an open standard, and is transp­arent to applic­ations.

Termin­ology

VTI
VXLAN Tunnel Interface - switchport linked to a UDP socket respon­sible for the encap/­decap of the VXLAN header; IP interface of the VTEP; VLAN to VNI mapping; VTEP flood list for BUM traffic.
VNI
VXLAN Network Identifier - 24-bit number mapped to a VLAN to identify a network segment in the tunnel.
VTEP
VXLAN Tunnel End Point - the entry/exit point for the VXLAN overlay network; can be physical or SW virtual switch.
VXLAN Bridging
End hosts are commun­icating within the same VLAN and no gateway is needed.
VXLAN Routing
End hosts are commun­icating between VLANs and a gateway is needed for routing.

Config­uration

SW-A (VTEP1)

Configure a loopback to serve as the L3 source interface of the VXLAN Tunnel Interface (VTI):

interface loopback 1 
  ip address 1.1.1.101/32

Create the VTI:

interface vxlan 1

Set the source interface to be the loopback just created:

  vxlan source-interface loopback1

Set the destination UDP port (can be any unused UDP port but needs to be consistent across all VTEPs:

  vxlan udp-port 4789

Configure the VLAN to VNI mappings for any VLANs that need to be extended:

  vxlan vlan 10 vni 10010

Configure the flood-set to include any VTEP IPs that need to receive BUM traffic: 

  vxlan flood vtep 1.1.1.102

Ensure routing is enabled for VXLAN to work:

ip routing


SW-B (VTEP2)
!
interface loopback 1
  ip address 1.1.1.102
!
interface vxlan 1
  vxlan source-interface loopback 1
  vxlan udp-port 4789
  vxlan vlan 10 vni 10010
  vxlan flood vtep 1.1.1.101
!
ip routing
!

Simple Topology and VXLAN Packet

Note the outer and inner header. There would be an ethernet outer header rewrite with every L3 hop in the L3 underlay. The outer IP header reflects the source and dest VTEP IPs. The inner header remains unchanged.

Packet Walk Through

The ingressing VTEP will map the VLAN to the VNI and encaps­ulate the packet with a VXLAN header with the VNI destined to the VTEP IP of the remote host found in "show vxlan addres­s-t­abl­e". Once the remote VTEP receives this packet, it decaps­ulates the packet and does the reverse VNI to VLAN mapping. The packet then switches per normal L2 (mac address table lookup).

MTU

vtep1#ping [VTEP IP] size 9214 df-bit

If using ECMP, 

vtep1#ping [Uplink IP] size 9214 df-bit
The VXLAN header adds 50 bytes (54 bytes if outer L2 header includes dot1q tag), and the Do Not Fragment (DF) bit is set on the VXLAN encaps­ulated packet so ensure MTU is set correctly in the L3 underlay.

VXLAN Control Plane Options - in brief

IP Multicast
HER with Static Flood-Set
CloudV­ision eXchange (CVX)
EVPN
VXLAN provides the data-plane transport for any extended VLAN traffic. For contro­l-plane traffic, there are several options based on scale, effici­encies, and other factors.

For BUM traffic, all of the above use HER, however the building of the flood lists, managing state, etc. will all be different depending on which option you choose.

See Arista VXLAN Control Plane Options for more details.

Troubl­esh­ooting

show interface vxlan 1
Should be "­up"; correctly reflect configured VLAN-t­o-VNI mappings; confirm control plane (multi­cast, HER, CVX, EVPN)
show vlan
Ensure extended VLANs show active on the "­Vx1­" interface
show mac addres­s-table
The L2 forwarding table should show that mac addresses are either learned locally or from across the VXLAN overlay - "­Vx1­"; if we are not learning MACs from another VTEP confirm flood list and L3 reacha­bility between VTEPs
show vxlan addres­s-table
Shows the VXLAN MAC info, including the Host MAC, remote VTEP IP, and MAC moves.
show vxlan vtep
Displays the remote VTEPs discovered by the local VTEP
show ip route
All VTEP IPs should have L3 reacha­bility (ping to confirm)
show vxlan counters software
See block for details
tcpdump
#bash tcpdump -nei <in­tf> port 4789
 

Optional Config­uration

When all VTEPs carry same VLANs:

interface vxlan 1
  vxlan flood vtep <remote-vtep-ip> <remote-vtep-ip>

When VTEPs carry a subset of VLANs:

interface vxlan1
  vxlan vlan <X> flood vtep <remote-vtep-ip> <remote-vtep-ip>
    vxlan vlan <Y> flood vtep <remote-vtep-ip> <remote-vtep-ip>

VNI can be displayed or entered as dotted notation:

interface vxlan1
vxlan vni notation dotted

Things to Note

*Every VTEP's VTI IP address (vxlan source­-in­terface loopback) needs to be reachable from every other VTEP. Advertise these in the underlay routing protocol and confirm pings sourced from this VTEP IP can reach all other VTEP IPs.
*The default UDP destin­ation port is 4789. If this is changed, make sure it is changed on all the VTEPs.
*When using static HER, make sure that the flood lists match on all VTEPs within a VXLAN domain.

VXLAN Bridging + MLAG

Easy! Just mirror all VXLAN config to both MLAG peers. This provides for seamless failover should something happen to a peer. As both peers are presenting as one logical VTEP, they will share the same Loopback 1 IP address as well as VTI config­ura­tion.

show vxlan counters software

If you are seeing issues and have further questions on these counters, please reach out to Arista TAC:
https:­//w­ww.a­ri­sta.co­m/e­n/s­upp­ort­/cu­sto­mer­-su­pport
Or search­/post questions on the public forum:
https:­//e­os.a­ri­sta.com/