EVPN+VXLAN

EVPN+VXLAN EVPN+VXLAN
IRB-GW-IP = 1.0.0.1/30
IRB-GW-IP = 2.0.0.1/30
VXLAN VNI 100 VXLAN VNI 200
VTEP-1 L2 EVI1 L2 EVI2 VTEP-2
IP
TOR IRB SPINE-1 SPINE-2 IRB VXLAN L2 Domain
VXLAN L2 Domain Fabric TOR
L3 VRF1 L3 VRF2 VM-IP= 2.0.0.2/30
VM-IP= 1.0.0.2/30
VM-MAC=00:01 VM-MAC= 00:02

1- SPINE-1 and SPINE-2 have each other GW IP address advertised as part of the Type2 (MAC-IP) routes, That route will be land on the EVI1/EVI2 tables
2- VM-1 in VTEP-1 want to communicate with a VM-2 in VTEP-2 both VM are in different subnets 1.0.0.0/30 and 2.0.0.0/30 respectively .
3- VM-1 build its ARP table with its IP GW mac address (The communication with a VM-2 will be send to GW irb.100 as its to different subnet)
4-The GW IP of VM-1 is configured on irb.100 as L3 interfaces in EVI-1 (L2 VRF)
5- That irb.100 is actually part of L3 VPN (its linking both VRF and EVI ) the L3 VRF called VRF-1 So the lookup L3 for the destination 2.0.0.2/30 will be done there .
6- Since this VRF-1 know that the MAC address of VM-2 is 00:02 and its located on EVI2-SPINE-2 the traffic will be send direct to EVI-2
7- EVI-2 do just one lookup to send the traffic to VM-2 through its VXLAN tunnel to VTEP-2 ( L2 lookup )

NOTE: 2 lookup is done on ingress side and one lookup only is done on egress side (Asymmetric name come from the number of route lookup 2x ingress vs 1x egress)

Asymmetric mode
 EVPN+VXLAN
EVPN+VXLAN EVPN+VXLAN
IRB-GW-IP = 1.0.0.1/30
IRB-GW-IP = 2.0.0.1/30

VTEP-1 VXLAN VNI 200

VXLAN VNI 100 L2 EVI1 L2 EVI2 VTEP-2
IP
TOR IRB SPINE-1 SPINE-2 IRB VXLAN L2 Domain
VXLAN L2 Domain Fabric TOR
L3 VRF1 L3 VRF2
VM-IP= 1.0.0.2/30 VM-IP= 2.0.0.1/30
VM-MAC=00:01 VM-MAC=00:02

1- SPINE-1 and SPINE-2 have each other GW IP address advertised as part of the Type5/Type2 IP prefix routes in VRF-To-VFR fashion , That route will be part of the VRF-1/VRF-2
2- VM-1 in VTEP-1 want to communicate with a VM-2 in VTEP-2 , both VMs are in different subnets
3- VM-1 build its ARP table to its GW as its trying to communicate with a VM not part of the same subnet .
4-The IP GW of VM-1 which is irb.100 is configured as L3 GW interfaces in EVI-1
5- That irb.100 is actually part of L3 VPN (its linking both VRF and EVI ) the L3 VRF called VRF-1 So the lookup for the destination 2.0.0.2/30 will be done there
6- Since the route is advertised from another L3 VRF VRF-2 so the traffic will be to that SPINE-2 VRF-2
7- The another L2 lookup is done on the EVI before the traffic to L2

NOTE: 2 lookup is done on ingress side and 2 lookup is done on egress side as well (Symmetric name come from the number of route lookup 2x ingress vs 2x egress)

Symmetric mode