Traffic forwarding
A VTEP uses the following processes to forward traffic at Layer 2:
Unicast process—Applies to destination-known unicast traffic.
Flood process—Applies to multicast, broadcast, and unknown unicast traffic.
When the VTEP forwards VXLAN traffic, it processes the 802.1Q tag in the inner Ethernet header depending on the VSI access mode (VLAN or Ethernet mode). In VLAN access mode, sites can use different VLANs to provide the same service. For more information, see "Access modes of VSIs."
Unicast
The following process (see Figure 4) applies to a known unicast frame between sites:
The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.
In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP address. The destination IP address is the VXLAN tunnel destination IP address.
The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel interface found in the VSI's MAC address table.
The intermediate transport devices (P devices) forward the frame to the destination VTEP by using the outer IP header.
The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching outgoing interface.
Figure 4: Inter-site unicast
Flood
The VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface.
VXLAN supports the following modes for flood traffic:
Unicast mode—Also called head-end replication. The source VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN. See Figure 5.
Multicast mode—Also called tandem replication. The source VTEP sends the flood frame in a multicast VXLAN packet destined for a multicast group address. Transport network devices replicate and forward the packet to remote VTEPs based on their multicast forwarding entries. See Figure 6.
Flood proxy mode—The source VTEP sends the flood frame in a VXLAN packet over a VXLAN tunnel to a flood proxy server. The flood proxy server replicates and forwards the packet to each remote VTEP through its VXLAN tunnels. See Figure 7.
The flood proxy mode applies to VXLANs that have many sites. This mode reduces flood traffic in the transport network without using a multicast protocol. To use a flood proxy server, you must set up a VXLAN tunnel to the server on each VTEP.
NOTE:
The flood proxy mode is typically used in SDN transport networks that have a flood proxy server. For VTEPs to forward packets based on the MAC address table issued by an SDN controller, you must perform the following tasks on the VTEPs:
Disable remote-MAC address learning by using the vxlan tunnel mac-learning disable command.
Disable source MAC check on all transport-facing interfaces by using the undo mac-address static source-check enable command. If the VTEP is an IRF fabric, you must also disable the feature on all IRF ports.
Each destination VTEP floods the inner Ethernet frame to all the site-facing interfaces in the VXLAN. To avoid loops, the destination VTEPs do not flood the frame to VXLAN tunnels.
Figure 5: Unicast mode
Figure 6: Multicast mode
Figure 7: Flood proxy mode