Users Guide
Routing in and out of VXLAN tunnels
VXLAN provides a way to extend a VLAN over a Layer3 tunnel (VXLAN tunnel) across data centers.
This functionality can also be extended one step further by enabling routing from a VLAN on one data center to a different
VLAN on another data center. This scheme to route in and out of tunnels (RIOT) requires setting up of hardware VTEPs that
are capable of routing over a VXLAN tunnel using a physical loopback configuration.
Physical Loopback for VXLAN RIOT
The following topology shows how VXLAN RIOT can be achieved using physical loopbacks. Two port-channels, vxlan and non-
vxlan loopback port-channel, are created in the device. Interface connected at one end of the physical loopback cable is/are
added as member of the non-vxlan loopback port-channel (P2/P6) and other end interfaces as a member of vxlan loopback
port-channel (P3/P7).
In this RIOT scheme, whenever R1 tries to reach R2, the packet gets to P1 on VTEP 1 with VLAN 10 and gets routed out of P2
on VLAN 20. VTEP 1 sends an ARP request for R2 (10.1.2.1) through P2. This request gets VXLAN encapsulated at P3 and is
sent out of P4. Eventually, the native ARP request reaches R2.
R2 sends an ARP response that is VXLAN encapsulated at VTEP 2. This response reaches VTEP 1 on P4 with a VXLAN
encapsulation. At this point, the ARP response is de-capsulated at P4. The native ARP response egresses through P3 and re-
enters through P2. The ARP is then resolved pointing to P2.
After this ARP discovery is complete, the existing routing and VXLAN encapsulation mechanisms facilitate routing over VXLAN
tunnels between R1 and R2.
NOTE: VXLAN feature is not supported in a stacking environment
1036 Virtual Extensible LAN (VXLAN)