Traffic forwarding

A VTEP uses the following processes to forward traffic at Layer 2:

When the VTEP forwards VXLAN traffic, it processes the 802.1Q tag in the inner Ethernet header depending on the VSI access mode (VLAN or Ethernet mode). In VLAN access mode, sites can use different VLANs to provide the same service. For more information, see "Access modes of VSIs."

Unicast

The following process (see Figure 4) applies to a known unicast frame between sites:

  1. The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.

    In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP address. The destination IP address is the VXLAN tunnel destination IP address.

  2. The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel interface found in the VSI's MAC address table.

  3. The intermediate transport devices (P devices) forward the frame to the destination VTEP by using the outer IP header.

  4. The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching outgoing interface.

Figure 4: Inter-site unicast

Flood

The VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface.

VXLAN supports the following modes for flood traffic:

Each destination VTEP floods the inner Ethernet frame to all the site-facing interfaces in the VXLAN. To avoid loops, the destination VTEPs do not flood the frame to VXLAN tunnels.

Figure 5: Unicast mode

Figure 6: Multicast mode

Figure 7: Flood proxy mode