VxLAN Layer 3 Gateway Overview

To support Layer 3 functionality, a virtual Ethernet (VE) interface must be configured over a VLAN or a bridge domain that contains VxLAN tunnel members and attachment circuit (AC) end-point members. Such a VE (also known as VE over VxLAN or VxLAN VE) can route and switch VxLAN traffic simultaneously.

With VxLAN Layer 3 gateways over VLANs or bridge domains (static and EVPN, and single and logical), the following options are supported:

Single VTEP, static VLAN
Single VTEP, static BD
Single VTEP, EVPN VLAN
Single VTEP, EVPN BD
Logical VTEP, EVPN VLAN
Logical VTEP, EVPN BD

The following table describes the support for a variety of functions available under VxLAN Layer 3 gateway.

Table 1. VxLAN Layer 3 gateway support
Functionality	Description	Comments
Routing protocols	Routing protocols cannot be enabled on a VE configured as a VxLAN Layer 3 gateway.	No routing protocols (such as OSPF or IS-IS) are supported on such a VE.
VRF: VRF-lite, Multi-VRF)	A VE over VxLAN can be part of a nondefault VRF.	L3VPN-VRF is not yet supported under Logical VTEP.
ECMP	Support for up to 64 ECMP paths for tunnel routing.
Statistics	Tunnel statistics are supported.	By default, statistics are enabled for both directions. If hardware resources are not available, then "N/A" is displayed.
BFD	BFD is not supported.	BFD is not supported for static tunnels.
VRRP	VRRPe source IP address, EVPN-MCT is not supported.	CLI configuration is not restricted.
MTU	MTU value is not configurable.	MTU is based on an IP interface MTU. If the packet is bigger than the IP interface MTU minus the VxLAN header, the packet is dropped.
TTL	TTL value is not configurable.	Default TTL value is 255.
DSCP	DSCP is not configurable.	Default DSCP value is 0.
QoS TTL mode	QoS TTL mode is not configurable	Default value for TTL is 255, which gets applied to outer header for VxLan encapsulated packet. TTL behavior follows as Pipe model both at Ingress and Egress VTEP.
QoS DSCP mode	QoS DSCP mode is configurable as Pipe/Uniform. Default mode is Pipe.	At Ingress VTEP, DSCP is derived from user packet and applied to outer header for VxLan encapsulated packet. At Egress VTEP, DSCP for decapsulated packet is taken from outer header DSCP or inner packet DSCP based on mode configured.
Exporting VE-over-VxLAN interface IP address using other protocols	Routing protocols running on other IP interfaces can export the VE-over-VxLAN IP address as connected routes.	A VE with VxLAN tunnels is treated as a directly connected subnet. This VE does not support protocols. However, as there is a connected subnet, reachability to this VE can be advertised through protocols such as OSPF, IS-IS, configured as part of other Layer 3 interface configurations.
Ping, Traceroute	Ping and Traceroute are supported.	Ping supports traffic from and to VxLAN tunnels.
ARP	Dynamic ARP learning is supported in the VxLAN VE.
Proxy ARP	Proxy ARP is not supported.	Proxy ARP configuration is not restricted, but the functionality is not supported.
Static ARP	Static ARP is supported.	Static ARP to an IP address reachable through a VxLAN tunnel is supported. The interface in the static ARP must be configured as the VE interface to which the host on the VxLAN tunnel is connected.
IPv6	IPv6 is supported.
Static routes	Static routes are supported.	A static route can be configured to an IP address that is reachable through a VxLAN tunnel.
RPF	Reverse path forwarding (RPF) is not supported in the VxLAN VE.	RPF configuration is not restricted, but RPF functionality is not supported.
Multicast	Layer 3 multicast is not supported.
PBR	Policy-based routing (PBR) is not supported.	ACL/PBR for native packets is not supported.
HA, ISSU	Hitless HA or ISSU is not supported.	Traffic hits are observed.
Inter-overlay routing	IP routing is allowed from VE over VxLAN to VLAN-VE and vice versa. IP routing is allowed from one VE-over-VxLAN tunnel to another. IP routing is allowed between any other tunnel type (such as GRE, IP tunnel, MPLS-based pseudowire tunnels) to a VE-over-VxLAN tunnel. Inter-VRF routing is not supported.
Interoperability	The Layer 3 gateway inter-operates with other SLX-OS platforms in extension mode.	Interoperability with other VxLAN-supporting devices or hypervisors is not restricted but is not supported.
CAM profile	VxLAN Layer 2 and Layer 3 gateway is supported only in the VxLANExtended TCAM profile	The configuration is not restricted in other profiles, but functionality is not supported.
Layer 2 gateway functionality	All the present Layer 2 gateway functions are supported on the Layer 3 gateway.	Only static VxLAN tunnels with regular VTEPs are supported. Logical VTEP tunnels are not supported.