Concept Guide
Internal Loopback for VXLAN RIOT
The following topology shows how VXLAN RIOT can be achieved using an internal loopback port channel. Internal loopback port-channel is
formed by adding the free ports in the device as a member to the vxlan loopback port-channel. There is no need for non-vxlan loopback
port-channel in this scenario.
• When you ping for 10.1.2.1 (Vlan 20’s IP on R2) from R1, the packet would get to P1 on VTEP 1 with Vlan 10, and try to get routed out of
P2 on Vlan 20.
• VTEP 1 sends an ARP request for 10.1.2.1 out of P2. This gets VXLAN encapsulated at P2, and gets sent out of P3.
• VXLAN encapsulated ARP request lands on VTEP 2 which is decapsulated and sent out of P5 and P6.
• Packets looped back to P5 will not be forwarded again to either to P4 or P6 because of the added ACL rule 4.4.3.
• R2 sends an ARP response that gets VXLAN encapsulated at VTEP 2, and reaches VTEP 1 on P4 with a VXLAN encapsulation.
• At this point, we’d de-capsulate at P3, the native ARP response gets looped back via P2 , and the ARP gets resolved on P2.
• Once this is complete, the existing routing and VXLAN encapsulation mechanism facilitates routing over VXLAN tunnels between R1
and R2.
Restrictions
In case the topology has a spanning tree conguration, Please enable the no spanning-tree CLI in both, the vxlan and non vxlan
loopback port-channel.
The topology to achieve RIOT with a physical loopback is inherently susceptible to Layer 2 loops. To prevent these loops from disrupting the
network, the following egress masks need to be applied:
• Any frame ingressing on a VXLAN access port is not allowed to egress out of a VXLAN loopback port.
Virtual Extensible LAN (VXLAN)
1163