Great lesson @ReneMolenaar.
Given that VXLAN is riding on IP, are there any potential loops or storms within the bridge domain?
Hello Ahmed
Great question! Since VXLAN encapsulates Layer 2 frames into UDP datagrams, it effectively turns Layer 2 domains into Layer 3 traffic. This essentially means that the underlying physical network only sees IP traffic and is not aware of the MAC addresses from the VXLAN.
As a result, the more traditional Layer 2 issues like loops or broadcast storms are not a concern within the VXLAN fabric itself. This is because the underlay network is not aware of the Layer 2 topology and VXLAN does not use STP for loop prevention. Indeed, the underlay network uses layer 3 routing instead of layer 2 (i.e. STP).
However, there are other potential sources of loops or storms that are specific to VXLAN. For example, Broadcast Unknown unicast, and Multicast (BUM) traffic is flooded across the VXLAN fabric to all VTEPs participating in the same VXLAN segment (VNIs). If the VXLAN fabric is not deployed correctly, this traffic may cause problems. Split horizon filtering and Designated Forwarder (DFs) are used to help prevent some of these issues.
Similarly, other VXLAN control plane issues as well as multicast issues in the underlay, and the underlay routing itself can all be sources of potential loops. However, these are not due to Layer 2 issues, but they are inherent to VXLAN and the mechanisms that make it work.
Strictly speaking, the traditional potential problems with loops and broadcast storms you see in Layer 2 are not a concern on the VXLAN fabric due to the encapsulation of the Layer 2 frames within a Layer 3 underlay.
I hope this has been helpful!
Laz