Re: ACI VXLAN source port - especially via IPN

Johannes Luther · ‎08-18-2021

Hi ACI professionals,

Just one quick question: Do you know any ACI documentation, which explains the VXLAN outer source UDP port. From my point of view it must be ensured, that the traffic flow in one direction always uses the same links (over the IPN) to avoid packet reordering (which will cause a TCP session to slow down). Typically an IPN like a Cat9k uses ECMP with Layer3/4 universal hashing. This means, that one flow always uses the same link.

What I saw in a capture is, that ACI obviously uses dynamic UDP source ports for one encapsulated flow (which is good). Is there any documentation / explaination how this source port is calculated?

RedNectar · ‎08-18-2021

Hi @Johannes Luther ,

UDP source ports for VXLAN encapsulation are normally calculated by a 5-tuple hash of:

The source IP address
The destination IP address
The protocol (TCP/UDP)
The source (TCP/UDP) port [Which is what your question is about]
The destination (TCP/UDP) port

Now, your question relates to the dynamic nature of the source (TCP/UDP) port

And (again typically) this source UDP port is calculated on a hash which is slightly different depending on the paylaod

For layer 2 payload, the hash is on the source and destination MAC addresses.
For a lay 3 payload the hash is on the same 5 tuple hash as described above, but for the INNER IP packet.

This ensures (as you have observed) that the source UDP port is consistent for a given flow.

[Disclaimer: This is how I believe it works, I have not captured/verified the above. If anyone can find a definitive reference, then your answer will carry more weight than mine]

I hope this helps.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.