Review the following considerations, limitations, and behavioral characteristics associated with VXLAN Gateway.
VXLAN Gateway does not support the following features:
IP Multicast over Layer 3 VSN Fabric Connect traffic cannot be carried over into a VXLAN domain through a VXLAN Gateway. Layer 3 VSN Fabric Connect requires MAC-in-MAC encapsulation over VXLAN encapsulation, and the VXLAN Gateway data plane does not support double-encapsulation. However, IP Multicast over IP Shortcuts Fabric Connect can be carried over into a VXLAN domain through a VXLAN Gateway.
SPB-PIM Gateway and VXLAN Gateway interoperability is not supported.
VXLAN Gateway does not support Simplified vIST in any mode.
If present in the packet, VXLAN Gateway honors user-configured ingress dot1p and DSCP mappings to derive the internal CoS.
Customer packets are not remarked.
Control packets are handled by high priority CoS queues.
DSCP bits in the outer IP header of VXLAN-encapsulated packets are always derived from the internal QoS, irrespective of the ingress port DiffServ configuration. Customer packet IP DSCP bits are not modified as part of VXLAN encapsulation. For more information about QoS, see Quality of Service.
DSCP bits in the inner IP header of VXLAN-encapsulated packets change when traffic comes in on a Layer 2 Trusted or a Layer 3 Untrusted port with DiffServ enabled.
VXLAN Gateway requires ECMP support to communicate with remote VTEPs. The software extended this ECMP support to Fabric Extend Layer 3 core tunnels. Therefore, if your switch supports VXLAN Gateway, it also supports ECMP for both VXLAN Gateway and Fabric Extend.
After associating a VNID with an I-SID (vnid <vnid value> i-sid <isid value>), you cannot create an I-SID with the same value as the <vnid value> and vice versa.
There is no support for SMLT, vIST, or Simplified vIST in Base Interworking Mode.
Neither Base Interworking Mode nor Full Interworking Mode support Fabric Attach endpoints.
Base Interworking Mode does not permit SMLT and vIST configurations. If you change from Full Interworking Mode to Base Interworking Mode, make sure there are none of these configurations.
In Base Interworking Mode, the untagged-traffic <port >< mlt> support is limited to untagged traffic forwarding only. No control packet forwarding is supported on this port or MLT.
LACP MLT is not supported as part of untagged-traffic <mlt>.
Whenever you change from Base Interworking Mode to Full Interworking Mode, you have to reboot the switch. The software automatically changes the configuration to be in line with Full Interworking Mode.
Full Interworking Mode does not have VXLAN endpoints. Configure ELAN endpoints under the ELAN I-SID only.
Neither Base Interworking Mode nor Full Interworking Mode support Fabric Attach endpoints.
In VXLAN environments that have an underlying IP network with SMLT deployment, you must enable RSMLT in the underlying network on vIST VTEP devices.
If you use more than one VXLAN Gateway node for the same I-SID, you must ensure that loops are prevented.
The VTEP remote destination IP table in the datapath hardware is shared with the Fabric Extend IP core remote tunnel destination IP table.
The maximum number of FE tunnel destination IP addresses is 256.
The maximum number of VTEP IP addresses is 500.
For every FE tunnel destination IP you configure, you must reduce the number of VTEP IPs by one. For example, if you configure the maximum number of FE tunnel destination IPs then the maximum of VTEP remote destination that you can configure is 500-256=244.
The total number of MACs that the VTEP learns in the switch is constant and includes the MACs learned on VNID, I-SID, and on VLANs (normal and CVLANs).
MAC addresses that the VTEP learns from the VNID table are also learned when an I-SID is associated with the VNID. Therefore, the maximum number of MAC addresses that the VTEP can support is reduced accordingly.
If a VLAN is associated with an I-SID, and that I-SID is associated with a VNID, then the VTEP learns each customer MAC address from three different tables (VLAN, I-SID, and VNID). This consumes three MAC entry records. In a vIST scenario where all I-SIDs have associated VNIDs, then the max number of CMACs that the VTEP learns is reduced by 224K divided by 3 = 74K MAC addresses.
If a Switched-UNI endpoint is associated with an I-SID, then the VTEP learns the CMAC only once in the I-SID table. If this I-SID is associated with a VNID, then the VTEP learns the CMAC twice: once in the I-SID table and once in the VXLAN VNID table.
IP filter rules that you create do not work for VXLAN tunnel terminated packets. This restriction also applies to the Fabric Extend Layer 3 core.
All ports in an MLT configured as a Switched-UNI endpoint or a VXLAN endpoint have the same properties as configured under the MLT interface.
A VXLAN tunnel VTEP source IP cannot be a broadcast or multicast IP address. Configure it as a loopback IP address and not a brouter IP address.
The VXLAN source address (vtep-source-ip) should be different from the SPBM IP Shortcut (ip-source-address) and Fabric Extend (ip-tunnel-source-address) source addresses.
If you configure the loopback IP address under a VRF, the vtep-source-ip address must be set up under the same VRF.
The remote VTEP IP address (vtep <id> ip <ip address>) cannot be local to the system.
You can configure a maximum of 500 remote VTEPs per VNID.
You can change the VTEP source IP and remote VTEP IP dynamically.
VTEPs have to be reachable for the tunnel to be up.
The tunnel ID for a VTEP has to be the same on both vIST peers.
If the VTEP source IP is configured under a VRF, then the VRF cannot have an I-SID associated with it or vice versa.
Two VNIDs cannot be mapped to the same I-SID.
An I-SID associated with a VNID cannot be a T-UNI or E-Tree I-SID.
To prevent routing loops, the platform VLANs used for VXLAN interworking should NOT be in the same VRF or GRT as the IP interfaces in the underlay network.
You cannot delete a VTEP source IP address (vtep-source-ip) when VTEPs are configured.
If an ELAN I-SID attached to a VNID has a platform VLAN associated with it, then you cannot delete the platform VLAN or change the I-SID associated with that VLAN.
You cannot delete the loopback IP associated with a VTEP source IP.
If the VTEP source IP is configured under a VRF, then you cannot delete the VRF.
You cannot delete or modify the VLAN with I-SID that is associated with a VNID.
If an ELAN I-SID attached to a VNID also has a platform VLAN associated with it, then you cannot delete the platform VLAN or change the I-SID associated with that VLAN.
VXLAN Gateway cannot coexist with virtual NNI links on boundary nodes. You cannot enable VXLAN Gateway on a loopback interface for a virtual NNI link and you cannot create a loopback interface for a virtual NNI link when VXLAN Gateway is enabled.