Inter-Subnet Routing Traffic Flow
Inter-Subnet Routing Traffic Flow
For a BGP EVPN VXLAN network, symmetric Integrated Routing and Bridging (IRB) is used to forward data traffic. In a BGP EVPN VXLAN fabric, the same VRF-to-L3VNI mapping must be present on every edge device or VTEP where that VRF is configured. The procedure for forwarding routed traffic over VXLAN is very similar to routing operations in non-VXLAN environments.
Below topology is used to discuss the Routing traffic flow.
Four endpoints (Host A, Host B, Host C, Host D) residing in VRF A associated with L3VNI 50002 with further VNI 20001 is associated with IP subnet 192.168.1.0/24, on which endpoints Host A and Host C reside, and VNI 20002 is associated with IP subnet 192.168.2.0/24, on which endpoints Host B and Host D reside.
Before Routing happens, BGP control plane information must be populated and IP/MAC information about the endpoints is distributed using BGP route type 2 messages. Likewise, the subnet prefix information is distributed using BGP route type 5 messages.
To Verify from BGP CLI use the following command to verify the able table.
Once Control Plane is populated now it’s time for data traffic to flow. Now when host A wants to talk to Host B or Host D which is in different subnet, Host A will Send ARP request to get the Mac address of its gateway (MAC of VLAN 10).
Step1: ARP Request, from Host A to Distributed IP Anycast Gateway
Host A initiates an ARP request for the IP address of its default gateway. At VTEP V1, the ARP request is then evaluated through ARP snooping, and the retrieved source information is populated in the BGP EVPN control protocol. Host A’s MAC 0000.3100.1001 and IP 192.168.1.11 then becomes known as behind VTEP V1.
The ARP reply sent from the distributed IP anycast to endpoint Host A. Once this information is received, Host A updates its ARP cache with the AGM 3030.0000.00BB mapped to the default gateway IP entry 192.168.1.1. Now, endpoint Host A is ready to communicate with other endpoints in different subnets.
Case 1: When Source and Destination resides on Same Switch but are in different subnets.
In the local routing scenario Host A (192.168.1.111) communicates with Host B (192.168.2.11), where both hosts are attached to the same VTEP (V1). Host A generates data traffic with the SMAC address 0000.3100.1001 and source IP address 192.168.1.11 with DMAC is set to 3030.0000.00BB which is part of vrf VRF-A, and within VLAN 10. The destination information of endpoint Host B, with destination IP address 192.168.2.101 in the same VRF. Once the packet is received at VTEP V1, a destination lookup is performed for IP 192.168.2.11 in vrf VRF-A, which yields the next hop.
Now Vlan 10 will transport the packet to the next hop layer-3 interface which is (VLAN 20). The packet is transported to the respective egress VLAN at VTEP V1. Because Host B has already been learned at VTEP V1 based on the prior ARP processing, so the longest prefix match entry which we say as the host route 192.168.2.11/32 is hit. Subsequently, the appropriate MAC header rewrites are performed on the packet and the packet is delivered to Host B.
Below figure explains this concept:
Once packet is received to Host B, host B will replay to Host A in same manner as discussed above.
Case 2: When Source and Destination resides on Remote Switch but are in different subnets.
In this scenario, ARP resolution is done for Distributed Anycast gateway and which is same as described in local routing scenario in case 1.
Now here Host A want to communicate to Host D connected to VTEP V3 and they both are in different subnet.
Host A generates data traffic with the SMAC address 0000.3100.1001, the source IP address 192.168.1.11, the DMAC address 3030.0000.00BB, and the destination IP address 192.168.2.13. When the packet is received at VTEP V1, a destination lookup is performed for IP 192.168.2.102 in vrf VRF-A, which results in the next-hop destination VTEP and the VNI to be used for encapsulation. Because the remote host route 192.168.2.102/32 has been learned at VTEP V2, populated over BGP EVPN to VTEP V1, and installed in the hardware FIB tables, the lookup results in a hit. The lookup result yields VTEP V2, L3VNI=50002, corresponding to vrf VRF-A.
While Encapsulating the Traffic Source Inner MAC will be the MAC of VTEP 1 and Inner Destination Mac address will be Mac of VTEP v3. Source MAC: 2030.0000.001B, Dest MAC: 2030.0000.001C
The VXLAN-encapsulated packet is and reaches to the egress VTEP. Once the packet is received at the VTEP V3, the packet is decapsulated, because endpoint Host D is known at VTEP V2, the routing lookup results in a lookup hit for 192.168.2.13/32, and sent toward the Ethernet interface where Host D is connected. In this way, with symmetric IRB, a bridge–route–route–bridge sequence is performed. In this situation, the packet from Host A is first bridged toward VTEP V1 and then routed on VTEP V1 toward VTEP V2. At VTEP V2, the packet is routed again and subsequently bridged toward Host D.