In this post I walk you through all the steps and packets involved in two hosts communicating over a L2 VNI in a VXLAN/EVPN network. The topology below is the one we will be using:
The lab has the following characteristics:
- OSPF in the underlay.
- Ingress replication for BUM traffic through the use of EVPN.
- ARP suppression is enabled.
- ARP cache is cleared on Server-1 and Server-4 before initating the packet capture.
- Server-1 is the host sourcing traffic by pinging Server-4.
Server-1 clears the ARP entry for Server-4 and initiates the ping:
sudo ip neighbor del 198.51.100.44 dev ens160 ping 198.51.100.44 PING 198.51.100.44 (198.51.100.44) 56(84) bytes of data. 64 bytes from 198.51.100.44: icmp_seq=1 ttl=64 time=6.38 ms 64 bytes from 198.51.100.44: icmp_seq=2 ttl=64 time=4.56 ms 64 bytes from 198.51.100.44: icmp_seq=3 ttl=64 time=4.60 ms
Below is packet capture showing the ARP request from Server-1:
Frame 7854: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface ens257, id 4
Ethernet II, Src: 00:50:56:ad:85:06, Dst: ff:ff:ff:ff:ff:ff
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: 00:50:56:ad:85:06
Sender IP address: 198.51.100.11
Target MAC address: 00:00:00:00:00:00
Target IP address: 198.51.100.44
This is a broadcast as expected. This frame goes to Leaf-1 which checks the ARP suppression cache:
Leaf1# show ip arp suppression-cache detail
Flags: + - Adjacencies synced via CFSoE
L - Local Adjacency
R - Remote Adjacency
L2 - Learnt over L2 interface
PS - Added via L2RIB, Peer Sync
RO - Dervied from L2RIB Peer Sync Entry
Ip Address Age Mac Address Vlan Physical-ifindex Flags Remote Vtep Addrs
198.51.100.11 00:02:25 0050.56ad.8506 10 Ethernet1/3 L
198.51.100.44 4w5d 0050.56ad.7d68 10 (null) R 203.0.113.4
There is an entry for 198.51.100.44 (Server-4) so Leaf-1 responds on behalf of Server-4 (this frame is never flooded using ingress replication):
Frame 7855: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface ens257, id 4
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: 00:50:56:ad:85:06
Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: 00:50:56:ad:7d:68
Sender IP address: 198.51.100.44
Target MAC address: 00:50:56:ad:85:06
Target IP address: 198.51.100.11
This is shown visually below:
Note that Leaf-1 generates a frame with Source MAC of Server-4.
Server-1 then generates the ICMP Echo request:
Frame 7856: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface ens257, id 4
Ethernet II, Src: 00:50:56:ad:85:06, Dst: 00:50:56:ad:7d:68
Internet Protocol Version 4, Src: 198.51.100.11, Dst: 198.51.100.44
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xeabc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Response frame: 7857]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.001908472 seconds]
Data (40 bytes)
Leaf-1 checks the MAC address table for 00:50:56:ad:7d:68 which is reachable via 203.0.113.4:
Leaf1# show mac address-table vlan 10 address 0050.56ad.7d68
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
C 10 0050.56ad.7d68 dynamic NA F F nve1(203.0.113.4)
This packet needs to be VXLAN encapsulated and it needs to be routed towards a Spine. There are two available routes:
Leaf1# show ip route 203.0.113.4
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
203.0.113.4/32, ubest/mbest: 2/0
*via 192.0.2.1, Eth1/1, [110/81], 6w5d, ospf-UNDERLAY, intra
*via 192.0.2.2, Eth1/2, [110/81], 6w5d, ospf-UNDERLAY, intra
Leaf-1 forwards it towards Spine-1:
Frame 7848: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface ens192, id 1
Ethernet II, Src: 00:ad:e6:88:1b:08, Dst: 00:ad:b3:fd:1b:08
Internet Protocol Version 4, Src: 203.0.113.1, Dst: 203.0.113.4
User Datagram Protocol, Src Port: 62492, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10000
Reserved: 0
Ethernet II, Src: 00:50:56:ad:85:06, Dst: 00:50:56:ad:7d:68
Internet Protocol Version 4, Src: 198.51.100.11, Dst: 198.51.100.44
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xeabc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Response frame: 7849]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.002592388 seconds]
Data (40 bytes)
Spine-1 then forwards it towards Leaf-4:
Frame 7838: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface ens161, id 0
Ethernet II, Src: 00:ad:b3:fd:1b:08, Dst: 00:ad:70:83:1b:08
Internet Protocol Version 4, Src: 203.0.113.1, Dst: 203.0.113.4
User Datagram Protocol, Src Port: 62492, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10000
Reserved: 0
Ethernet II, Src: 00:50:56:ad:85:06, Dst: 00:50:56:ad:7d:68
Internet Protocol Version 4, Src: 198.51.100.11, Dst: 198.51.100.44
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xeabc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Response frame: 7839]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.003668982 seconds]
Data (40 bytes)
Leaf-4 forwards it towards Server-4:
Frame 7858: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface ens194, id 8
Ethernet II, Src: 00:50:56:ad:85:06, Dst: 00:50:56:ad:7d:68
Internet Protocol Version 4, Src: 198.51.100.11, Dst: 198.51.100.44
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xeabc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Response frame: 7861]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.003917144 seconds]
Data (40 bytes)
This is shown visually below:
The ICMP Echo request has reached Server-4. It does not have an ARP entry for Server-1 so it sends an ARP Request:
Frame 7859: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface ens194, id 8
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: ff:ff:ff:ff:ff:ff
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: 00:50:56:ad:7d:68
Sender IP address: 198.51.100.44
Target MAC address: 00:00:00:00:00:00
Target IP address: 198.51.100.11
Leaf-4 checks its ARP suppression cache:
Leaf4# show ip arp suppression-cache detail
Flags: + - Adjacencies synced via CFSoE
L - Local Adjacency
R - Remote Adjacency
L2 - Learnt over L2 interface
PS - Added via L2RIB, Peer Sync
RO - Dervied from L2RIB Peer Sync Entry
Ip Address Age Mac Address Vlan Physical-ifindex Flags Remote Vtep Addrs
198.51.100.44 0.816039 0050.56ad.7d68 10 Ethernet1/3 L
198.51.100.11 6w3d 0050.56ad.8506 10 (null) R 203.0.113.1
As it has an entry for 198.51.100.11 (Server-1), it responds on behalf of it:
Frame 7860: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface ens194, id 8
Ethernet II, Src: 00:50:56:ad:85:06, Dst: 00:50:56:ad:7d:68
Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: 00:50:56:ad:85:06
Sender IP address: 198.51.100.11
Target MAC address: 00:50:56:ad:7d:68
Target IP address: 198.51.100.44
This is shown visually below:
Server-4 can now generate the ICMP Echo reply and send it towards Leaf-4:
Frame 7861: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface ens194, id 8
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: 00:50:56:ad:85:06
Internet Protocol Version 4, Src: 198.51.100.44, Dst: 198.51.100.11
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xf2bc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Request frame: 7858]
[Response time: 1,184 ms]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.005100694 seconds]
Data (40 bytes)
Leaf-4 checks the MAC address table for 00:50:56:ad:85:06 and finds it reachable via 203.0.113.1:
Leaf4# show mac address-table vlan 10 address 0050.56ad.8506
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
C 10 0050.56ad.8506 dynamic NA F F nve1(203.0.113.1)
This packet needs to be VXLAN encapsulated and it needs to be routed towards a Spine. There are two available routes:
Leaf4# show ip route 203.0.113.1
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
203.0.113.1/32, ubest/mbest: 2/0
*via 192.0.2.1, Eth1/1, [110/81], 6w5d, ospf-UNDERLAY, intra
*via 192.0.2.2, Eth1/2, [110/81], 6w5d, ospf-UNDERLAY, intra
Leaf-4 forwards it towards Spine-1:
Frame 7839: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface ens161, id 0
Ethernet II, Src: 00:ad:70:83:1b:08, Dst: 00:ad:b3:fd:1b:08
Internet Protocol Version 4, Src: 203.0.113.4, Dst: 203.0.113.1
User Datagram Protocol, Src Port: 64411, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10000
Reserved: 0
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: 00:50:56:ad:85:06
Internet Protocol Version 4, Src: 198.51.100.44, Dst: 198.51.100.11
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xf2bc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Request frame: 7838]
[Response time: 2,376 ms]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.006045303 seconds]
Data (40 bytes)
Spine-1 then forwards it towards Leaf-1:
Frame 7849: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface ens192, id 1
Ethernet II, Src: 00:ad:b3:fd:1b:08, Dst: 00:ad:e6:88:1b:08
Internet Protocol Version 4, Src: 203.0.113.4, Dst: 203.0.113.1
User Datagram Protocol, Src Port: 64411, Dst Port: 4789
Virtual eXtensible Local Area Network
Flags: 0x0800, VXLAN Network ID (VNI)
Group Policy ID: 0
VXLAN Network Identifier (VNI): 10000
Reserved: 0
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: 00:50:56:ad:85:06
Internet Protocol Version 4, Src: 198.51.100.44, Dst: 198.51.100.11
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xf2bc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Request frame: 7848]
[Response time: 3,931 ms]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.006523313 seconds]
Data (40 bytes)
Leaf-1 forwards it towards Server-1:
Frame 7857: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface ens257, id 4
Ethernet II, Src: 00:50:56:ad:7d:68, Dst: 00:50:56:ad:85:06
Internet Protocol Version 4, Src: 198.51.100.44, Dst: 198.51.100.11
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0xf2bc [correct]
[Checksum Status: Good]
Identifier (BE): 60 (0x003c)
Identifier (LE): 15360 (0x3c00)
Sequence Number (BE): 1 (0x0001)
Sequence Number (LE): 256 (0x0100)
[Request frame: 7856]
[Response time: 4,724 ms]
Timestamp from icmp data: Feb 24, 2024 08:12:54.931440000 Romance Standard Time
[Timestamp from icmp data (relative): 0.006632873 seconds]
Data (40 bytes)
This is shown visually below:
In this post we did a packet walk when forwarding packets over a L2 VNI in VXLAN/EVPN network. We learned the following:
- How ARP suppression is used to respond to ARP Request on behalf of another host.
- How the Leaf does a lookup in the MAC address table to find where to forward the frame to.
- How the packets get encapsulated with additional headers like VXLAN.
- That underlay is using ECMP to forward packets towards spine.
I hope this has been informative! In the next post we’ll do a packet walk where forwarding between two different networks through the use of L3 VNI.
Bridging Packet Walk In VXLAN/EVPN Network
Hi Daniel,
Very nice explanation, thanks for your post. I am looking forward to reading the next one related to the L3 VNI forwarding.
Thanks,
Lucian
Thanks, Lucian!
Thanks Daniel, Very nicely explained with each field at every hop.
Thanks!