The key component a VXLAN implementation is called the VXLAN Tunnel End Point, or VTEP. The VTEP keeps track of what remote MAC addresses exist on which remote VTEPs within a given VXLAN. It performs encapsulation of local frames to send them to remote VTEPs and decapsulation of received VXLAN packets for delivery to local connected Ethernet End Systems.
VTEPs don’t exist all by themselves, but are a component within a larger system. In this figure, the VTEP is embedded within an access switch. This could be a virtual switch on a hypervisor, or it could be a physical switch.
Inside this access switch, is another component labeled “Bridge Domain Switch”, this is the heart of any layer 2 switch that performs MAC address learning and Ethernet frame forwarding. The term Bridge Domain is a generic term that covers both VLANs and VXLANs. Internally, the BD switch, switches frames based on an internal BD ID. When frames enter the switch on an interface, the frames are identified as belonging to a bridge domain based on both the interface it was received on and how the frame is tagged, whether that tag is a VLAN tag, or in the case of an internal VTEP, the VTEP maps the frames to the internal BD ID based on the VXLAN ID of the encapsulated packet.
In the case of a VXLAN, any locally connected End Systems see no difference from being connected to a VLAN. Frames are switched between them locally by the BD switch and are not sent to the VTEP internal interface on the switch. If however, the destination MAC address is for a remote End System, then that ES appears to the BD switch to be connected to the VTEP internal interface.
On the other side of the VTEP is an IP interface connected to the underlying IP transport network in the datacenter. Note that this interface need not (and usually is not) a physical interface, but instead is usually a virtual interface connected to a VLAN.
So, that’s what a VTEP is. So if we now look at how the VTEPs communicate with each other over the IP transport network, when first they start out, they are completely unaware of any other VTEP.
When a new VXLAN is configured on the VTEP, part of the configuration is an IP multicast group. Each VTEP uses IGMPv2 to perform an Any Source Multicast (aka star comma G) join to the multicast group. It needs to be any source because the VTEPs do not know what other VTEPs are currently participating in the VXLAN. This multicast group acts as a communication bus for VTEPs to communicate when sending unknown/broadcast/multicast frames.
Once a frame is sent over this communication bus, each VTEP looks at the source IP address in the packet and learns which VTEPs have which remote MAC addresses behind them. Once that learning has happened, all unicast MAC addresses can be sent over point to point unicast tunnels to the correct VTEP directly.
- Clarify HW capabilities and SW support for VXLAN-to-VXLAN bridging