SD Access - Is there an L2 VNI in SD Access VxLAN?

muthumohan · ‎03-26-2022

The ENCOR training guide says, " The VXLAN VNID is used to provide both Layer 2 (Layer 2 VNID) and Layer 3 (Layer 3 VNID) segmentation"

In SD Access, we are mapping VNs to VNIs. (We are not mapping VLANs to VNIs)

So, in SDA, where is this Layer 2 VNI coming from? My understanding is, there is no Layer 2 VNID in SDA.

Also, if the traffic is routed from one subnet 10.1.1.0/24 to another subnet 10.2.2.0/24 (within the same VN), the VXLAN encapsulation would be IP-in-IP, right?
If traffic is switched within the same subnet 10.3.3.0/24, but across two switches, the VXLAN encapsulation would be MAC-in-IP, right?

Would appreciate any clarity on this.

Thanks!!!

Flavio Miranda · ‎03-26-2022

What makes it complicate is that in Software Defined network like SDA, they took the current network and call it underlay and then, using software, they build a upper layer they call Overlay. At the end, this is all the old and good TCP/IP over Ethernet but this overlay layer makes it confusing.

"So, in SDA, where is this Layer 2 VNI coming from? My understanding is, there is no Layer 2 VNID in SDA."

Yes, in fact there is, althouth is not mandatory. Take a look on the picture I attached. It show perfectly well how this is done.

"Also, if the traffic is routed from one subnet 10.1.1.0/24 to another subnet 10.2.2.0/24 (within the same VN), the VXLAN encapsulation would be IP-in-IP, right?
If traffic is switched within the same subnet 10.3.3.0/24, but across two switches, the VXLAN encapsulation would be MAC-in-IP, right?"

Keep in mind that inside the fabric is like we have only on switch and the encapsulation is always over IP. Take a look on the picture attached again.