foreign [Music] good morning last day of Cisco life already appreciate that you all come in at that early time after the party must have been good but you're really dedicated to technology to your job and maybe to me I don't know maybe not as attached but thanks for coming by um today we're going to go in a day in the life of a packet in a vxlan bgp evpn fabric so single fabric and then after that separate session we have the same kind of set kind of kind of topic uh day in the life of a packet for a multi-site setup with the X90 VPN I think it's an hour after um we are done here together and Max will present that piece um I feel the current session is at what we call a 2000 level an intermediate level it's classified I would believe it's more of a 3000 session Advanced session I have a lot of slides in there for your reference where you can go forth and back and look at this and with this I'm just jumping in there my name is Lucas cradiger and we will have a roller coaster ride this morning so uh let's have fun WebEx teams or WebEx app you have the option to subscribe there and ask questions I think yesterday I got a couple of you guys asking questions in a multi-site session we answered most of them the PDF I will put into that room as well I forgot this morning it was too early and also ask questions if needed we'll try to answer them during the session Max is sitting over there and typing or we will do it after the session not always abstract nothing else than a packet walk and it's not one packet walk it's actually going into multiple packet walks um but to give you again a little bit of an intro I have to cover how things are working in some kind of way and I'm going through that beginning um packet work will be routed bridged we will do bump broadcast down on unicast multicast and we will do silent host Discovery and all of this will be like 10 20 slides instead of one slide with a lot of automation so your PDF should actually give you every single step which I click through here exactly the same way um the week is going towards an end um you're here at the yellow spot at 8 A.M on a Thursday morning I always want to say Friday morning Thursday morning and then after that we go into the multi-side and then there's some streaming Telemetry and elastic Services redirection which will come up agenda and as said it's all about packet walks with a little bit of an introduction and what is vxlan you guys know what vxlan is right can we stop that here it's an encapsulation it's data plane what is evpn it's a control plane bgb paste routing and bridging as well as bomb handling is managed there so this so far to the intro and then the dating network you guys probably saw that twice or three times to this week it's all about the dating network where the control plane meets the data plane because we have a data plane that encapsulates and a control plane tells the data plane what to do if there's no control plane there is no nothing to do right we just taking a nap a couple of more seconds the other thing I was told earlier I'm not allowed to do stage diving so I will stay up here right up there I will not go there and I will not go into jump into the audience but with this network device up here Network device in a fabric has a host attached we have a network site the spine attached there in this case we have an Uplink we have a down link the downlink or a host side or the access side is the green part the right side the fabric side the core side or the Uplink the right part the blue part is purely routed the green part here would be a layer 2 attached like a trunk or an access port in the most likely scenarios now the network device has to become a little bit special so we give them a vtap and when it becomes a vtap a weak slant tunnel encapsulation or vehicle and tunnel endpoint it becomes a network virtualization Edge so it's at the edge like me over here tilting towards the hose doing one thing tilting towards the network doing another thing meaning originating the tunnel going into the network side but it is still a router it's still a switch or a router or a switch it is still a network device and or still an edge device in the general terminology there we have tables on these nvs Network virtualization Edge so vtaps or Leafs or Borders or whatever you want to call them there and generally there are three tables of relevance on a leaf or on a host facing vtap or NV you have a Mac table for learning Layer Two information you have an ARP table for binding Mac to IP could also be ND I just take the V4 part here as it gets a little bit simpler and then we have a rip and a FIP rip is the software part of the routing table and FIP is the hardware part of the routing table and if they're not consistent use then we have a problem okay so as I turned on to host I will learn automatically like every switch would the MAC address right traditional Mac learning local learning arp we will learn ARP when the host Arps so we'll learn the neighbor Discovery information when ipv6nd is enabled so that's where we get the binding between Mac and IP the VLAN The Verve participation only because we have an IP right and then subsequent there we will also install that host that hosts route information out of the mac and IP binding in the rip FIP as a host route as a slash 32 Market local and given that we have a worth Association of an svi which is an interface VLAN we will have a Mac IP binding the IP sits in the verf so we know of all of these different information um when we do this when we learn this we do send an advertisement we send a bgp advertisement because evpn is part of bgp or the bgp address family so we sent that to another Leaf directly or we send it to our route reflector and in my topologies here the route reflector sits on my spine and I don't know the other leaves specifically so I just send it to the route reflector and he will Stakes Care on the rest if it is uh if it is a subnet if there is an svi on a switch we'll always advertise first a route type 5 with the subnet with the interface VLAN where the host sits in and that happens actually before the host even is activated and you see here there is a type 5 and um oh sorry about that I'm completely messed that up actually this is a route which comes from external apologize I will come back to that route in a second give me a okay let me recap that when I get something from outside from somewhere else from another vtap I get a route advertisement from my right reflector and then respective I receive it on the NV in this case I say I want to learn or I learn a route type 5 which is an IP prefix route right five has always this subnet capability and it will then install this subnet somewhere into the table and given that's a type 5 we don't have mac addresses there right we don't have host eyepiece there we actually have a subnet Route 24 in this case and we will import that on that rip FIB part 1010 024 with the next top of one one two which came all from the control plane so remember what I said it's a dating network right as a learn control plane information I will be able to use this control plane information to make a decision on what to do like forwarding and this is basically how we construct out of a routes received in this case this case it's a route type 5 prefix route this is how the afterwards construct yeah I don't have a laser here the construct on how we built the route towards something in the 10 10 0 Subnet in that case 10 to 10.77. yeah I had that slide somewhere else before so uh it's never good to rearrange things um in the morning of a presentation this here is remote learning of a host so you saw before remote learning of a subnet somebody advertises this and this here is the remote learning of a host you see this is now a route type 2 EVP and Route type 2 is a Mac IP route so we always have a MAC address portion it's mandatory and you have an IP portion which is optional why because there could be a non-ip host in my network right in or a host that didn't ARP at that point so in this case here route type 2 we have a Mac we have an IP we have two labels label one is for Layer Two label two is for layer three meaning one is the part where we put the bridging information in and the other one is where we put the routing information in and the route Target one route Target one two is respectively related to label one label two so label one for bridging it's route Target one label two for routing it is Route Target Two next up is there and whenever I need to Route there is some router Mac story going on because vxlan is a layer 2 encapsulation so we always have an inner Mac header we need to fulfill the obligation to complete that inner Mac header so this is basically the destination Mac of my remotely tab of who has the next top IP address and um that's just simply that we don't have to go and ARP for these guys who wants to ARP for every router in a big Network give me the information in the control plane I program it I'm done so we reduce flooding in Van phase sorry flooding in core facing Networks now when I learned this I go and import that and you see here I import it in two places I imported as form one in the Mac table with route Target one with VLAN 10 which is in my case the 3001 label so we have up there the bridging information imported and I will take the routing portion of that so the IP portion of that host route Mac IP route type 2 and put it into the rip FIB right so no magic bridging goes in Mac routing goes in rip more or less now here bridging case if I want to talk to that remote host or to a remote host for any case I take again the information I learned for creating all the destination attributes like the dip the destination IP of my remote V tab there I have the destination Mac who I want to reach I have the destination IP of the of the host itself I'm on to reach and this is being constructed here in this respective case that was intro you guys know all of this right I think it presented this about two two times this week already and we can go through that again after the session if you guys are okay now I gave you that intro with one reason I will continue now in a similar fashion giving you packet walks it will look about the same and I will start with layer three and the reason why I start with layer 3 is we just looked at layer three so we do nothing else than a repetition so maybe we don't have to recap the whole intro part after the session but let's see how it goes I will always use this topology I have four leaves a border Leaf one spine and I have a whole bunch of hosts connected to I have the green hosts which are all in the same layer two segments and all the yellow hosts are in the same uh Layer Two segment and all of them are in the same vrf so we will not do leaking between vrfs we will focusing on same subnet for avoiding bridging or Mac based or IP based and we will look at different subnet forwarding which is basically what routing is for this first section we will go from external network to host b or host B to external network and I will guide you through step by step what is happening in each direction from a learning perspective and from a table perspective and then ultimately the packet construction for voting by the way this is external World communication I had a whole session on this earlier this week so if you want to go dive in in all of these scenarios how you attach that to the external World um it's a good point of looking at these slides and I think I have a reference here as we go through which session that was so here you see on the far end my external network it's 10 to then zero it has some IP Next Top outside so let's say there's a router some there and that IP next top of 192.168 what is it again I can't read it 0.2 30 is is my next top router IP and then I have the facing the Border IP which is the zero what is is it 0.1 30 that one is in vrfa that's our vrf which we are going to use we use a sub interface so we have an end cap sitting there and you see there I use the sum interface of 1 1.11 because the sub interface ID has nothing to do with the dot one queue and cap I'm using up there so as I have that relationship with that external router I need the vrf to be consistently configured with the same vni with the same route Target otherwise I will not learn that external route which will I get which I will get on Border one and then ultimately on leave too so I need to have them configured and as it's configured and as the external router sends me that prefix route of 1010 uh 10 10 10 0 24 that will result On the Border in a route type 5 advertisement why it's a route type 5 because the prefix route it's externally learned we sent that to the route reflector the route reflector reflects it to all the leaves which have that respective worth configured and it will hit ultimately in this case L2 which is leaf 2. in the route type 5 you see the prefix you see the label you see the route Target there's only one because we just do routing you see the next top and you see the router Mac address now as we learn this we can install this route if the verf is configured in our case it is we go and install that based on Route Target and that means that in my routing table in my rip and then ultimately in my FIP I have an entry which is 10 10 10 0 24 with the next top IP address of B1 which is my exit point from who I received it and I use the vni 50 000 because 50 000 was the vni which was given to me in the Verve configuration as well as in the route from an ebpn perspective so great external route learned now we have to learn about the host here otherwise we can just uh receive and we can only consent traffic but we cannot receive traffic right I mean external world doesn't know about host B yet so host B ethernet one one here connected to a trunk it's doing VLAN 10 trunk.1q encapsulated layer 2 port and we have to have a VLAN definition on this we need to learn that host right we need to learn the IP Mac binding of that host so I have a VLAN I have a vni map to that we land 10 3001 is the vni I have a route Target assigned to this the Gateway Mac address is the anycast Gateway Mac address so it's first top Gateway for the host and you see the SBI IP is 192.168.11 so this is basically what you configure to attach a host that you can ultimately do bridging and routing out of that Host this is the first stop Gateway the default gateway whatever you want to call it now when we do this and here I want to wrap up on that thing which I said before whenever we configure an svi it is a good practice to advertise a route type 5 with the subnet route of that svi why I tell you towards the end it's a good practice when you use our ndfc or DC and M we always do it one is silent host discovery which is later in the presentation the other piece is actually for subnet advertisement towards the external world maybe you don't want to advertise host IPS or host routes to the external World on only the Subnet in this case you get the subnet which is actually active on switches and you don't have to deal with a lot of this there anymore so you see here the routing table as we receive it on Border one next top is L2 because who that's the one who sent it and we then subsequently also send a route type 2 given the host was learned from a Mac layer perspective the host was learned from an art perspective and you see their 192.168 122 32 100b the MAC address of this host so in this case B1 will also have a host route entry next to the subnet entry why because we want to do efficient forwarding we want to forward it exactly where the host sits we don't want to do hair pinning we don't want to do tromboning so subnet route from all the leaves is not enough to reach the host you might go to the wrong Leaf at that point if there are multiples hosting that subnet anyway that is the learning part this will be the forwarding tables how it looks across across the network and as we progress from a encapsulation and routing perspective host B to external world this is how the packet is going to be encapsulated made ready based on the control plane information we had before you see source Mac destination Mac is the default gateway that means hey we need to route right if DMACC is D4 is Gateway Mac we do this we go into a routing process you see l2ip is the vtep ipfl2 the dip is for the one IP it's B1 and then you see the vni the layer 2 router Mac the portable router Mac which is the inner vxlan Mac header which we need to obligate and then Source IP destination IP all the way to the end there was a question yes the title also include a lot of men who is not also made in store yes yes okay so the question is where's the router Mac installed it's in the ARP table installed towards the remote vtap so we know which Next Top IP has bought Mac address so it's a low local adjacency table of the switch it's nothing you will actively see when you do a show ARP table or something like that it's it's it's related to the rip table every Next Top in a routing table has a MAC address so same thing happens here yeah this is the reverse One external word to host B same thing happens just in a different direction so you flip over the IP address Sip and dip respectively the outer Sip and tip when it comes from border to L2 and then finally as a normal ethernet frame or IP packet going from L2 to host B and this was what the reference is if you want to go into more detail on that piece that will hold session on that now given we did a layer 3 packet walk this is exactly the same now it's just host to host it's L1 to L4 we have again the learning part so we have a learning on The L4 for host f um there's an Ethernet interface we do ARP and all of that Japan so we learn the host locally similarly we advertise the type 5 for the subnet routes and then we learned that subnet route on Leaf one given we always want to have that you will see it in silent host Discovery and then the route type 2 with the host IP address learned out of ARP or ND and it will complete the table State the routing table State on L1 for verf and for Mac in that case similarly when we do host a we will learn a port we'll do the advertisement five first because it's a different subnet we learned that in the verf table 2 for the host itself and then we have the host as well as the subnet learned and this is how the tables look like at the point when the advertisement happened the learning happened the installing happened so these are the four voting tips you see here um verif a has a host route for 266 and 2-0 L4 has also a verfa for one zero and what is the other one 1 12 or 11 it's 11 I guess 11 and now given you have populated routing table you can do routing and you can do routing from the most accurate source to the most accurate destination because you have host routes behind the respective read tab so when you do this host a to host F you follow the host route information you got as part of evpn as part of the installing of the forwarding table and respectively in the order Direction you do the same question does this routing look very different than what we just did before with the external world not much right we're using a routing table information we're using IP information because all of this was routing there was a question yes yes okay question is if I have the subnet only on one leaf switch do I really need to advertise host routes no you don't because the next question is do I really need to extend layer 2 at that point and the answer is no so your VLAN has no V and I and respectively you will not advertise a route type 2 and respectively you will not have a host threat so absolutely you can do this not a problem at all so now we had routing right we were all talking about routing now we go in bridging and yes I know it's a roller coaster ride but come on you guys are the champions here I know I go fast but let's see if we can wrap that up actually with a little bit more time towards the silent host Discovery because that's when everything comes together which we talk in the first three packet walks topology still the same and we do a layer two packet walk so we do bridging now so my source Mac address of host C and my destination Mac address of host d e has to be fully transparent all the time right I don't want to change them I don't want to alter them they have to be there I want to have true bridging no change in in Source smack or or whatever else in my packets as I go forward with this so again we have a learning phase which is I have to learn the respective Mac address locally on a port here we have host e connected to L4 and to be very very specific if you just want to do Layer Two there's no need for an svi there's no need for an IP worth generally you do routing and bridging in these cases and that's why I always bringing you the work with always bring you the svi which I always bring you um the ipb and the macro in combination so you see here I learned the respective host there locally on that Port I have pre-configured the ipv the svis as well as the macworth the VLAN in that case for vni mapping and I learned that host as a route type 2 and complete the mac and IP information in there you can see on top the 100e which is host ease Mac address and you see 1.55 which is hosts ease IP address so it arped priorly with evidently in the ARP table so we will forward that route type 2 that Mac iprout complete for routing and bridging purposes as we receive this we populate the Mac table for VLAN 10. vni 3001 is mapped to VLAN 10 could be mapped to something else but I'll just use VLAN 10 in this case and we will have this Mac address with the next hope of an IP address which is quite unusual because most of the egress interface you will see in a Mac table are actually ethernet interfaces or Port channels or the like you normally don't see a Next Top IP in vxlan you will see a Next Top IP so here it goes we also installed the host IP of host e and then we do the same in Reverse we have a port active for that VLAN the host C is in that VLAN we advertise at type 2 with the mac and IP information we install these information in the Mac table and respectively in the vrf table and have now a converged forwarding table in L3 and a converged forwarding table in L4 so what are we doing now are we doing routing again no we don't so given that my source Mech is 100 C which is host C my destination Mac is not the Gateway Mac anymore it's 100d it's the remote which we learned from over there we will not talk to the router itself for the first top gate or the default gateway we'll talk directly to host e so we do bridging from that point on no iplookups happening in that case from uh hope from L3 perspective from from a forwarding perspective towards layer leaf for now here we have to do the encapsulation and the encapsulation we need actually that next top IP information of the Mac table which tells me who is that vtep I have to send it to right so we we add the Sip and the dip as well as the vni the front portion to this the source Mech and the destination Mac as well as the Sip and the dip The Source app in destination IP in the inner is not going to change you guys are good with this this classic Mac forewarning right or bridging in that case so so oversight p is layer level Leaf 3 IP which is its vtep IP address L Leaf 4 IP is the leaves 4V type IP address so between the two we will do encapsulation as we hit leave four we remove the vxlan headers and just make it a normal ethernet frame so these are the classic end cap d-cap process as you would do on an Ingress and on an egress btap in the case of bridging so no changes to Mac at all there's a question over there area right up separation doesn't work right that's a scenario where ARB suppression doesn't work um well yes because there is no ARP in that case from a switch perspective right we would not know that there is anyone need to learn art we're just doing Layer Two R put B there as soon as we have mac IP right as soon as we need to learn an ARP entry of the host at that point we would have ARP suppression there because we need to proxy these infos and learn them first before just going on a wild goose chase and start proxy in a layer 2 Network which can be very difficult at that point right not only between each other if ARP suppression is enabled on a layer 2 segment only that would be generally an unsupported case you would need an svi in the case that's when ARP suppression can come in and help you so in the case we go reverse host C sorry host e to host C so again bridging case let's say that's the return traffic from host C to host e now e answers to this Mac addresses stay the same all the way through the path and you see the Sip address is the leaf 4 vtep IP address and the dip address is the leave 3 IP address the vni is 3001 source Mac and testament Nation Mac and IP is unchanged in this case was that more difficult than the routing one you guys are good you guys are tired I am I am so next part is bum and in bomb there is not really much to say I mean bomb broadcast on on unicast multicast we go with the same topology but now we have two different ways on how to do bump and if if bum is not good enough broadcast on your unicast multicaster just re-emphasize it we have bum with Ingress replication it's one way of doing it Ingress replication or a head-end replication is the same same terminology or same same thing and it means that whoever hosts let me try to say it better the host sends a broadcast to its first hop switch to your sleeve where it's connected to that leaf is what we call the Ingress vtep that leaf is responsible to replicate so however many v-taps you have in the network which participates in that same VLAN slash vni poor Leaf one has to do all the work to send that broadcast on an unicast or multicast packet to leave to leave three leave four and whatever how many you have so here's the poor guy who needs to replicate what does it mean it's a multiplication of packets so you link between Leaf one and spine has not just the packet one sense meaning the broadcast in that case it has a three time sense in this kind of scenario how are we doing this um we have a we have a learning method there we have the vlans configured on all of them we have the vnized configured we have a Mac vrf configured that gives us a route Target and now we know that leaf one leaf two Leaf 3 and leave four participate in the same layer 2 segment if this is configured with Ingress replication or IR we will advertise what is called a route type 3 which advertises its capability of sending or receiving bump traffic in in a in a unicast tunnel and you see these here they basically tell you it's per V and I so the label is there you have the route Target to say in which Mac work needs to be installed and you see the next tops and this is how we build a flood list right this is the information to build the flood list this is control plane this evpn will not replicate anything this is just control plane to tell who participates in that flood list and then respectively we build a flood list on Leaf one and saying L2 L3 L4 we need to floods to vni 3001 whenever there's a broadcast on unicast multicast coming in and respectively given all of the other three leaves also participate in that same VLAN they also built a flood list and now you can see where the Ingress replication is coming from wherever a packet goes Ingress to L1 or Ingress to L2 L3 L4 from a bump perspective we need to replicate it to all of my other members in the flood list if you don't do that [Applause] ethernet will be impaired because evpn vxlan so layer 2 encapsulation it follows the ethernet flood and learn semantics from sorry flood semantics from a broadcast onion unicast multicast perspective so this is how we built these overlay tunnels in that case to emphasize my point host a sense a bump whatever it is could be ARP doesn't need to be L1 has the flood list and will replicate to leave two Leaf three leave four so it will send three times the same bump packet in that case encapsulated in vxlan you see here I don't know if this is a layer 2 broadcast or a layer 3 broadcast um I just took all F's and all 255s in there could be either or as we do full support of Mac only as well as Mac IP in this cases now as all the Leafs receive it they will decapsulate it we will remove the outer headers the vxlan part of it and then we will just perform nothing different than either a Mac broadcast or an IP broadcast in the local VLAN segment where we decided to replicate to yes find the common reality vector okay how does the vtaps find a common route reflector it's by configuration router bgp neighbor IP address of the route reflector you point there on the route reflector it's neighbor IP address and then you say route reflector client is that given node so traditional bgp in that case static configuration we have some some knobs in order to simplify things like prefix routing as a prefix neighborhood or or unnumbered peering but uh probably have to discuss that a little bit offline on that point but yes we do have ways of doing this now given we have two modes I want to also give you the topology overview and again the bumper could work with multicast again remember evpn doesn't replicate evpn is the control plane protocol which tells you about something if you don't need to know about something because on somebody else takes care then somebody else takes care in this case and multicast Pim takes care of some of these pieces we're talking here underlay pimp and not overlay pin right so we have again this topology and when we do a bum replication with multicast L1 is relaxed because he just has to say send it to some Group address go away and then the next top router in the topology will say okay I'm part of multicast I will replicate it on all of my interfaces wherever possible receiver in that tree right or part of that tree so in this case it's my spine so when we say leave spine Leaf one goes to spine one packet spine replicates it and sends one packet at a time down to Leaf two Leaf three leaf four so when you see this here no multiplication of packets it's your choice what do you use we have Ingress replication we have multicast it's literally your choice what you feel more comfortable to do but I need to tell you that there are two ways and what is the difference of it so in this case here we again have vni 3001 participation of all these four vtaps and we now do a configuration on all of these switches and all of these v-tips which says vni 3001 participated multicast group 239-111 and as you can see the configuration is symmetric on all of them so again this is a configuration you do before you say I want to use Ingress replication protocol bgp which enables evpn to distribute the route type route type threes here evpn doesn't ask to do anything because we do pin joins at that point in the underlay so we create another flood list but the flood list now just says replicate it to 239111 let multicast deal with this strange bump packet I don't want to care about it as my leave one so when we do this in a very simplified way Leaf one is the source of a tree leaf two is a source of a tree leave three is a source of a tree leaf four is a source of a tree because all of them could send a bump packet right so in fact it's not one tree it's actually Four trees you're having here in this case and they are built with different sources at that point so here we have again either a layer two or a layer three broadcast packet we send it to layer frame or packet we send it to Leaf one leaf one knows me and I third three V and I thirty thousand and one multicast group two three nine one one one so when we build that encapsulation and we built that packet Source IP is l1ip destination IP is multicast group what happens as a result of that we send it to the spine the spine sees oh it's multicast follow the tree send it to leave to leave 3 leave 4 or maybe there's another topology which is extended and you have another single hop and then mold the fan out further out the important is as it hits the leaf as we do the decapsulation we remove the outer head we remove the multicast related and VX lens related pieces and make it again a traditional ethernet frame sending it out on the VLAN segment where we were intend to based on the vni to VLAN mapping yes sir um what kind what type of job EVP and what type of Route is this there is no route in ebpn this is pimp underlay multicast there is no evpn involved here the only thing what you have is you tell my vni is associated to a multicast group so my flat list is a multicast group Ingress replication has a route type 3. I could go in a little bit more details that there is a route type 3 which could signal multicast groups I don't want to go there because the use case is not exactly this here but for a fact this is no evpn route here when we do the multicast piece for underlay broadcast it could be a route type 3 but you don't need to use it as per the RFC definition it's optional to do now we did layer three right we did Layer Two we did bum this here puts all of it together so I will go a little bit slower a little bit I know I'm I speak fast but it will go a little bit slower on this one here as when you understand this here you understand all of the rest so it's a repetition piece we're doing here I'm trying to build on top of these previous ones and even as you might have a gap in one of the previous ones because I was speaking too fast you will see it here again coming in we have all these hosts same topology so when you go through the slide it's always the same topology I'm just choosing to use different sources and destinations and when you look at the Mac addresses you will always see the host notation is actually the MAC address coming up there so ABCD Etc as as well as the IP addresses are just counted through like 22 33 44 Etc so now we have a host in that Network which is silent what is a silent host maybe it's a host who never arped or it's a host where we have for whatever reason ARP expired maybe it went to a Dorman State didn't refresh himself so we never heard of that from an IP layered perspective now when there's a silent host from an IP layer perspective can we route towards that host we actually can't right so when we look here at host a in one subnet wants to talk to host d we don't know where host D is what are we going to do we need to do some flooding right so bear with me so we have hosty what we know of hosty is it's somewhere connected we don't even know if it's connected to L3 to be very honest right because it's dormant so the best thing we have as a navigation point of where host D could be is it could be in a layer 2 segment yellow it could be in the ipv RF it could we don't know it's dormant right silent but what we know is the segment yellow VLAN based or layer 2 based as well as layer 3 based is configured on L3 we know that you guys agree I have an svi I have a VLAN the svi there we said we want to advertise the subnet route so you at least know that that yellow segment L2 or L3 is present on my leaf 3. you guys agree everyone agrees yes but it's also on leave four do we now know where is hosti no it could be on L3 or L4 right again it's dormant we don't know we only know that the subnet Warehouse D would should reside in which we want to talk to sits in either of them so given that we create at least a routing entry of 192.16820-24 and L3 and L4 is our next top in that case so we would have equal cost multi-path at that point now if we do this and we send something so 111 to 244 because host a doesn't know that host D is dormant it's just a network who thinks it's dormant still it's destination IP uh it would know he wants to talk to him ping for example if you want so so he would hit Leaf one leaf one would say hey um I don't know 244 but I know 2.0 and if you want to go to 2.0 it could be L3 or L4 by the way I decide based on my hash I'll send you to L4 again remember host D is silent we don't know where he sits so we hit leave four is that a good thing we don't know the host is there right we literally don't know we just did a guess based on subnet routing type 5 routing so we decapsulate and what we get is a miss right we cannot deliver it there is no table entry for arp right and given that we want routing we need to have the Mac IP binding towards that local segment there so if there is a Miss we have a process actually it's not just a process it's actually exactly what it means it's glean go and clean there host D is go and wake him up anyone has a clue how we can wake up a host and force him to do arp it's not GARP darp you can just ignore if you want as a host but what you can't ignore is a unicast arp when I go specifically not a unicaster absolutely let me be very specific an ARP request to your IP address you have to always respond so what I do as part of this clean process I send out an ARP request I send out an ARP request in my bum tree could be Ingress replication by the way I just you choose to use multicast so I send it to the spine spine will multiply that packet to all the switches which are having yet the yellow segment present now this is Layer Two right this goes bump before we want to do route to host D now in order to find a mini 2 ARP and that is a broadcaster it becomes a layer two so it goes to spine spine sends it to L3 because L3 is part of that yellow segment of that VLAN I think it's 20. and it will send that ARP request as a broadcast out on the VLAN segment and host D will receive that ARP request he is forced to respond to that ARP request a host must request respond to an ARP request our response unicast let me show you one trick we do do you see the inner Source smack of our glean request 2020 000 AAA distributed IP anycast Gateway so the first top Gateway for Segment segment one has this Gateway Mac address so Leaf four and leaf 3 have not only the same IP address as a default gateway which would be um can't see it here no 2.1 it also has the same Mac address so request is being sent out response goes respectively because the source was the any Cascade limit to L3 why because the DMACC is the distributed anycast Gateway Mac hey you talked to the DMACC right our response what does happen now is you remember when I said we learned the host based on arp boom good morning host e you're there I can see you um I previously had my birth tables now I have actually much more information let me send you that route type 2 with my Mac IP information great right we woke them up and now subsequently I can populate that 244 is behind leaf three and every subsequent routing can happen based on now a most accurate host IP address with its destination so not any more blurry with L3 L4 I might go to the right or I might not I'm going to the right Leaf there hosty previously woken up by Me by an ARP request through that gleam process behind leaf three and from here on I encapsulate towards Leaf three as the Steep address and will be able to talk to host D now during the clean process you will have something which is called unknown unicast flooding for a very brief period of time till glean has been completed generally you will not see silent hosts in evpn if a host has been once learned we will refresh that host periodically before the ARP entry on the SBI expires and I will try and retry so if you might still be here you aren't once two hours ago I might just say hey are you still here unicast ARP tell me and I refresh and that's what we call an active Gateway or a distributed any Cascade and that's why it never or close to never has a nominal unicast event in vxlan evpn and when it exists for a very brief period of time I know it was a lot you have the slides you can go step by step through every piece of the diagrams I haven't seen a typo yet let me know if there is a typo I'm very receptive for feedback but conclusion is I gave you a whole bunch of a roller coaster rides do you guys have enough packet walks if not just make the little bit Max is ready for the multi-side one host to external host to host routed we did host to host same subnet Bridge we did bomb and we did silent host Discovery these are the most critical pocket walks you need to understand for operation of the excellent evpn Network with this be gentle to me it's the first time I do this well this session I know it's a lot of content session survey please if you guys can learn train certify I know the day is short have a coffee and relax and I see you somewhere else or maybe up here if you have some additional questions I will be here for a little bit and talk to you guys if it is thank you very much thanks for hanging in there for a couple of more minutes thanks