Filter
Top Products
19-2
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide
OL-16506-15
Chapter 19 Cisco ASR 1000 VxLAN Support
Introduction
Introduction
This feature enables the Cisco ASR 1000 Series Routers to act as a Layer 2 VxLAN gateway to provide
support to bridge traffic across VxLAN segments in a hypervisor and on VLANs on physical servers.
The operation of a VxLAN Layer 2 gateway is based on the data plane MAC address learning and
flooding of multidestination traffic (such as unknown unicast, multicast, or broadcast frames) using IP
multicast.
Acting as a VxLAN Layer 2 gateway, the Cisco ASR 1000 Routers can send and receive packets on
multiple VxLAN networks, and provide connectivity between the hosts in a VLAN network and the
virtual machines operating on a VxLAN network.
A VXLAN supports different modes for flood traffic:
• Multicast Mode—A VXLAN uses an IP multicast network to send broadcast, multicast, and
unknown unicast flood frames. Each multicast mode VXLAN has an assigned multicast group IP
address. When a new VM joins a host in a multicast mode VXLAN, a Virtual Ethernet Module
(VEM) joins the assigned multicast group IP address by sending IGMP join messages. Flood traffic,
broadcast, multicast and unknown unicast from the VM is encapsulated and is sent using the
assigned multicast group IP address as the destination IP address. Packets sent to known unicast
MAC addresses are encapsulated and sent directly to the destination server Virtual Tunnel Endpoint
(VTEP) IP addresses.
• Unicast-Only Mode—A VXLAN uses each VEM's single unicast IP address as the destination IP
address to send broadcast, multicast, and unknown unicast flood frames of the designated VTEP on
each VEM that has at least one VM in the corresponding VXLAN. When a new VM joins the host
in a unicast-mode VXLAN, a designated VTEP is selected for receiving flood traffic on that host.
This designated VTEP is communicated to all other hosts through the Virtual Supervisor Module
(VSM). Flood traffic (broadcast, multicast, and unknown unicast) is replicated on each VEM's
designated VTEP in that VXLAN by encapsulating it with a VXLAN header. Packets are sent only
to VEMs with a VM in that VXLAN. Packets that have a unicast MAC address are encapsulated and
sent directly to the destination server's VTEP IP address.
• MAC Distribution Mode (supported only in unicast mode)—In this mode, unknown unicast flooding
in the network is eliminated. The VSM learns all the MAC addresses from the VEMs in all the
VXLANs and distributes those MAC addresses with VTEP IP mappings to other VEMs. Therefore,
no unknown unicast MAC address exists in the network when the VMs on the VEMs are
communicating and controlled by the same VSM.
The VxLAN Layer 2 gateway performs the following functions:
• Provides support to bridge traffic between a host in a VLAN domain and VMs behind a virtual
switch (vSwitch) in a VxLAN domain. The VLAN and the virtual network identifier (VNI) on the
VxLAN should be configured as member ports in the same bridge domain.
• Implements the Virtual Tunnel Endpoint (VTEP) function, which encapsulates the Layer 2 packet
on the IP/UDP tunnel with the VxLAN header (VNI) information before sending it to a multicast
group or particular virtual switch on the VxLAN domain.
• The VTEP function removes the VxLAN header, identifies the bridge domain under which the VNI
is configured and then bridges the inner L2 packet to the VLAN side. The bridge function also learns
the remote MAC address (the VM's MAC address behind the virtual switch).
• The Layer 2 gateway carries the inner payload of non-IP (Layer 2 traffic), IPv4, and IPv6 traffic over
the VxLAN VNI member.