L3VPN Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Releases

PDF

VXLAN static route services

Want to summarize with AI?

Log in

Introduces VXLAN static route services, covering overlay networks, benefits of VXLAN and VXLAN static routing, static routing paths, restrictions, topology operations, and integration using Service Layer API to deliver comprehensive understanding of VXLAN static routing solutions.


A VXLAN static route service is a VXLAN routing method that

  • defines the path from a source Virtual Tunnel Endpoint (VTEP) to a destination VTEP

  • uses static routes in the Layer 3 underlay to direct VXLAN traffic, and

  • can use the UDP header in VXLAN packets to support network load balancing.

Feature history

The feature history table lists release support for this feature.

Table 1. Feature History Table

Feature Name

Release Information

Feature Description

VXLAN Static Routing

Release 25.4.1

Introduced in this release on: Fixed Systems (8010 [ASIC: A100], 8700 [ASIC: K100])(select variants only*)

*This feature is supported on:

  • 8711-48Z-M

  • 8011-32Y8L2H2FH

  • 8011-12G12X4Y-A/D

VXLAN Static Routing

Release 25.1.1

Introduced in this release on: Fixed Systems (8010 [ASIC: A100])(select variants only*)

*This feature is supported on Cisco 8011-4G24Y4H-I routers.

VXLAN Static Routing

Release 24.4.1

Introduced in this release on: Fixed Systems (8200 [ASIC: P100], 8700 [ASIC: P100, K100])(select variants only*); Modular Systems (8800 [LC ASIC: Q100, P100])(select variants only*)

The VXLAN Static Routing functionality is now extended to:

  • 8712-MOD-M

  • 8212-48FH-M

  • 8711-32FH-M

  • 88-LC1-52Y8H-EM

  • 88-LC1-12TH24FH-E

  • 88-LC1-36EH

VXLAN Static Routing

Release 24.2.11

You can now configure the source and destination virtual tunnel endpoints (VTEPs) for a particular traffic flow, which is particularly useful for scenarios where your data center is connected to an enterprise network, so multiple servers in the data center provide cloud services to your customers and the enterprise edge router. These endpoints help provide rapid convergence in case of failure. Plus, using the UDP header in the VXLAN packet, the VXLAN static routing (also called unicast VXLAN) facilitates network balancing by preventing the transmission of replicated packets.

Alternatively, you can use Service Layer API for faster provisioning of VXLAN static routing.

This feature is supported only on the following PIDs:

  • 8202-32FH-M

  • 8101-32H

  • 8201-32FH

This feature introduces these changes:


VXLAN overlay networks

A VXLAN overlay network is a Layer 2 tunneling network that

  • stretches Layer 2 segments over an underlying Layer 3 IP network

  • uses VTEPs to encapsulate and de-encapsulate Ethernet frames, and

  • uses a 24-bit VNI to identify Layer 2 segments.

VXLAN behavior

Traditionally, Virtual Local Area Networks (VLANs) are used to partition a single physical network into multiple logical networks. With VLANs, every VLAN has a VLAN ID, which is added to a frame to keep traffic unique. The VLAN ID is 12-bits long, allowing around 4000 unique VLANs.

However, in current networks—such as data centers with extensive virtualization—there may be a need to isolate numerous virtual machines (VMs) from others, resulting in potential exhaustion of VLAN IDs. This drives the need for robust tunneling mechanisms to isolate and load-balance traffic inside the provider's network.

Virtual Extensible LAN (VXLAN) addresses several limitations of traditional VLANs, especially in large-scale and cloud-based environments. VXLAN is widely used in data center environments that require virtualized networks for cloud computing and virtualization technologies. It is also used in service provider networks to offer virtualized network services to customers.

VXLAN is a tunneling protocol that stretches Layer 2 networks over an underlying Layer 3 IP network. The VXLAN tunnel endpoint (VTEP) encapsulates and de-encapsulates Layer 2 traffic. The VTEP encapsulates Layer 2 Ethernet frames within Layer 4 User Datagram Protocol (UDP) and transports these encapsulated frames over a Layer 3 network.

VXLAN introduces an 8-byte VXLAN header, which includes a 24-bit VXLAN network identifier (VNI) and the original Ethernet frame in the UDP payload. The 24-bit VNI is used to identify Layer 2 segments and maintain Layer 2 isolation between segments. With all 24 bits, VXLAN can support up to 16 million LAN segments. The VNI designates individual VXLAN overlay networks, so virtual machines (VMs) in different VXLAN overlays cannot communicate with each other.

VXLAN connects multiple servers in a data center—including those providing cloud services to customers and the enterprise edge router. It automatically configures underlay tunnels between the router and servers, and overlay routing within those tunnels. VXLAN creates virtual networks on top of a physical (underlay) IP network, which can use either IPv4 or IPv6. Underlay and overlay networks are independent; changes in the underlay do not affect the overlay, meaning routers can be added or removed in the underlay without impacting the overlay.

VXLAN allows tunneling of Ethernet frames over IP transport using IP and UDP as the transport protocol. The tunnel extends a Layer 2 segment over a Layer 3 network using MAC-in-UDP encapsulation. A VXLAN header is added to the Layer 2 frame, and the entire packet is placed inside a UDP packet for delivery across the routed domain. The VXLAN tunnel endpoint (VTEP) is typically a router that handles the encapsulation and de-encapsulation of Layer 2 traffic.

When a host sends traffic:

  • The VXLAN encapsulates the traffic in UDP and IP headers.

  • VXLAN encodes flow information in the UDP source port, enabling routers to perform flow-based load balancing. Flow-based load balancing identifies different flows based on key fields such as source and destination IP addresses.

  • VXLAN encapsulates these packets into the tunnel with an IPv4 or IPv6 outer header.

  • When the traffic reaches the destination router, it is decapsulated and delivered to the destination host.

  • VXLAN adds a custom source MAC address in the inner header, enabling internal devices to extract relevant information from the MAC address.

For more information on VXLAN, see Key Concepts.


Benefits of VXLAN

VXLAN provides these key benefits:

  • Enables high throughput through dedicated VPN connectivity between servers and enterprise edge routers.

  • Allows creation of overlay networks independent of the underlying physical network, offering greater design and deployment flexibility.

  • Provides flexible placement of multitenant segments with isolated virtual networks, improving security and separation for multiple tenants.

  • Extends Layer 2 segments across the shared infrastructure to manage tenant workloads throughout the data center.

  • Uses a 24-bit VXLAN Network Identifier (VNI), supporting up to 16 million unique virtual networks and greater scalability.

  • Facilitates network load balancing using the source UDP port within the VXLAN outer header.


VXLAN static routing paths

VXLAN static routing enables interconnection between non-VXLAN domains (such as MPLS) and VXLAN domains. It defines the path for VXLAN traffic from the source virtual tunnel endpoint (VTEP) to the destination VTEP by configuring static routes on the underlying Layer 3 network to direct traffic to the appropriate VTEPs.

Key facts about VXLAN static routing path behavior and scale:

  • VXLAN static routing is used to connect VXLAN and non-VXLAN environments by manually defining Layer 3 forwarding paths for VXLAN traffic.

  • Static routes are configured on the underlying network to control the flow of VXLAN traffic between VTEPs.

  • By default, up to 160,000 static routes are supported for VXLAN. The route scale can be increased up to 1 million VXLAN static routes for IPv6 tunnel remote next-hop using the hw-module profile cef vxlan ipv6-tnl-scale command.


Benefits of VXLAN static routing

The following are the primary advantages of manually configured static routes for VXLAN traffic:

  • You can use static routes in scenarios where consistent routing decisions are required, as static routes are manually configured and the routing behavior is predictable and stable.

  • You can specify the next hop for each destination using static routes, allowing for direct control over traffic.

  • Static routes are useful for specific traffic engineering or policy requirements.

  • You do not have to maintain dynamic routing tables for static routing, thereby reducing any overhead associated with routing protocols.


How VXLAN static routing works

VXLAN static routing is used to extend Layer 2 networks across IP infrastructure. In this topology, traffic from customer devices passes through provider network elements using encapsulation mechanisms that maintain network segmentation and forwarding.

Summary

The key components involved in the process are:

  • PE router: Receives customer traffic and encapsulates or decapsulates packets using VXLAN.

  • VXLAN tunnel: Connects the PE router to the transit router, carrying customer traffic with added headers.

  • Transit router: Terminates the VXLAN tunnel, decapsulates packets, and routes them to customer VMs.

In a VXLAN static routing topology, routers use encapsulation and decapsulation to enable traffic flow between customer edge devices and virtual machines across different domains.

Workflow

These stages describe how VXLAN static routing works:

  1. The PE router receives Layer 3 traffic at the VRF interface from the customer edge (CPE).
  2. The PE router encapsulates each customer packet with VXLAN headers and applies relevant VLAN tags, mapping VLANs to VRF and VXLAN network identifiers (VNIs).
  3. The VXLAN tunnel begins at the PE router and carries encapsulated packets over the network to the transit router or servers behind it.
  4. A BGP session is established between PE and transit routers over the VXLAN tunnel to exchange routing information.
  5. The PE router distributes VXLAN-encapsulated traffic using a UDP source port (value typically between 49152 and 65535).
  6. The transit router receives these packets, terminates (decapsulates) the VXLAN tunnel, and performs an IP lookup.
  7. The transit router forwards the traffic to the appropriate customer VM.
  8. For return traffic from the VM, the packet is similarly encapsulated as VXLAN with an additional Layer 2 header. Both the VXLAN and inner Layer 2 headers are terminated at the PE router.

Result

The PE and transit routers ensure reliable delivery of traffic between customer networks and virtual machines by encapsulating and decapsulating packets as needed within a VXLAN static routing topology.


VXLAN static routing using the Service Layer API

VXLAN static routing can be provisioned and managed using the Service Layer API, providing several key advantages:

  • Enables faster provisioning, easier scaling, and improved overall management of VXLAN networks.

  • Allows large cloud providers to dynamically provision tunneling mechanisms at scale to isolate end customer traffic.

  • Serves as an efficient alternative to traditional router configuration via CLI, offering granular control over network traffic on the forwarding plane.

  • Leverages Google's gRPC to generate client and server bindings so users can program the forwarding plane in a variety of programming languages.

For more information on the Service Layer API, see the Use Service Layer API to Bring your Controller on Cisco IOS XR Router chapter in the Programmability Configuration Guide for Cisco 8000 Series Routers.