Great lesson @ReneMolenaar.
Given that VXLAN is riding on IP, are there any potential loops or storms within the bridge domain?
Hello Ahmed
Great question! Since VXLAN encapsulates Layer 2 frames into UDP datagrams, it effectively turns Layer 2 domains into Layer 3 traffic. This essentially means that the underlying physical network only sees IP traffic and is not aware of the MAC addresses from the VXLAN.
As a result, the more traditional Layer 2 issues like loops or broadcast storms are not a concern within the VXLAN fabric itself. This is because the underlay network is not aware of the Layer 2 topology and VXLAN does not use STP for loop prevention. Indeed, the underlay network uses layer 3 routing instead of layer 2 (i.e. STP).
However, there are other potential sources of loops or storms that are specific to VXLAN. For example, Broadcast Unknown unicast, and Multicast (BUM) traffic is flooded across the VXLAN fabric to all VTEPs participating in the same VXLAN segment (VNIs). If the VXLAN fabric is not deployed correctly, this traffic may cause problems. Split horizon filtering and Designated Forwarder (DFs) are used to help prevent some of these issues.
Similarly, other VXLAN control plane issues as well as multicast issues in the underlay, and the underlay routing itself can all be sources of potential loops. However, these are not due to Layer 2 issues, but they are inherent to VXLAN and the mechanisms that make it work.
Strictly speaking, the traditional potential problems with loops and broadcast storms you see in Layer 2 are not a concern on the VXLAN fabric due to the encapsulation of the Layer 2 frames within a Layer 3 underlay.
I hope this has been helpful!
Laz
Im no expert on VXLAN and am just starting to learn it, but there were a couple confusing points in Packet Walkthrough is Step 5:
-
The destination host (192.168.2.102) is presumably on the same subnet but the 3rd octet may confuse people to think its on a different subnet. I would include the subnet mask in the illustration or just change the 3rd octet on the destination host to be a “1”
-
The entire VXLAN Packet/Frame still has and outer Ethernet header so it can traverse the underlay correctly, I would also include that in the illustration.
Otherwise, great article, it was veru easy to read and understand.
Hello Chris
Thanks for this feedback. About number 1, Indeed, I think there is a typo in the diagram as well, since the SRC IP appears as 192.168.2.101 on the right side. For number 2, it is true that the VXLAN Packet/Frame has an outer Ethernet header too. I will let Rene know to take a look and consider making changes for clarification.
Thanks again for the feedback!
Laz