Solved: VXLAN: VNI to multicast group mapping

schwarzenbachcyb · ‎11-06-2017

I like to know, if I understood the VNI to multicast group mapping correct.

Let's take the following example:
I have a working VXLAN setup with 4 VTEPs (Layer 2 Gateways) with the following VNIs active:
VTEP 1: 5000
VTEP 2: -no active VNI-
VTEP 3: 5001
VTEP 4: 5000 and 5001

Example A:
N:1 mapping setup; I map all VNIs to the same multicast group.
member vni 5000-5001 mcast-group 239.1.1.1

If a host behind VTEP 1, in a VLAN mapped to VNI 5000, sends a unknown-unicast or broadcast frame, the frame will be forwarded to VTEP 3 and VTEP 4, because both are in the same multicast group. It is a waste of bandwidth that VTEP 3 receives this frame, because he will drop it. VTEP 2 will not receive the frame.

Example B:
1:1 mapping setup; I map any VNI to a own multicast group.
member vni 5000 mcast-group 239.1.1.1
member vni 5001 mcast-group 239.1.1.2

If a host behind VTEP 1, in a VLAN mapped to VNI 5000, sends a unknown-unicast or broadcast frame, the frame will be forwarded only to and VTEP 4, because this is the only VTEP who is a member (beside VTEP 1) of 239.1.1.1. VTEP 2 and 3 will not receive the frame.

Summary:
Example B is better then Example A, when we look at the wast of bandwidth.
Also B is better, if there is a broadcast storm in VNI 5000; With A it can impact VTEP 1,3,4 and with B it will only impact VTEP 1 and 4.

schwarzenbachcyb · ‎11-08-2017

Thank you for the link, there I found my answer:

...mapping multiple VXLAN segments to a single multicast group can help conserve multicast control plane resources on the core devices and achieve the desired VXLAN scalability. However, this mapping comes at the cost of suboptimal multicast forwarding. Packets forwarded to the multicast group for one tenant are now sent to the VTEPs of other tenants that are sharing the same multicast group...

View solution in original post

Rick1776 · ‎11-06-2017

That is the whole reason why VxLAN, so you can have disparate systems not on the same LEAF switches be able to look like they are in the same L2 broadcast domain. That is way VxLAN for most part exists among other reasons. Think of it from the standpoint of L2 connectivity between two DC's which up until now you needed OTV/LISP or some type of Global DNS to achieve the same thing.

If this is not your desired result, I would continue to do LAN switching the legacy way with L2 boundaries, STP, aggregation layer, and core layer.

Last thing, if you look at the configuration guide it states the following:

The VXLAN implementation on Cisco Nexus 9000 Series Switches uses multicast tunnels for broadcast, unknown unicast, and multicast traffic forwarding. Ideally, one VXLAN segment mapping to one IP multicast group is the way to provide the optimal multicast forwarding.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_chapter_010.html

Hope this helps. Have a great day.

schwarzenbachcyb · ‎11-08-2017

Thank you for the link, there I found my answer:

...mapping multiple VXLAN segments to a single multicast group can help conserve multicast control plane resources on the core devices and achieve the desired VXLAN scalability. However, this mapping comes at the cost of suboptimal multicast forwarding. Packets forwarded to the multicast group for one tenant are now sent to the VTEPs of other tenants that are sharing the same multicast group...

Rick1776 · ‎11-08-2017

Glad to help. Have a great day.