Simple VXLAN lab on Workstation viewing traffic with Wireshark Part - 2

Now that we have captured an ARP request that has been encapsulated in multicast by VXLAN we will now use the same option in Wireshark to decode the VXLAN packet. This shows the same VXLAN header and the encapsulated ARP request. The host that received this encapsulated ARP request would add the MAC address of the requesting VM in this case VM01 to its VXLAN mapping.

If we re-run the constant ping from VM01 to VM02 we can log into each ESXi host and view its VXLAN mapping of VM MAC addresses. In this case we enable SSH on each host, log into the host and run the command:

esxcli network vswitch dvs vmware vxlan network mapping list --vds-name=dvSwitch --vxlan-id=5000

Where dvSwitch is our vNetwork Distributed switch name and 5000 is the VNI of our VXLAN. This will then show the mappings for our two VM's VM01 and VM02. The inner MAC is the MAC address of the VM and both the outer MAC and outer IP are that of the recipient ESXi hosts vmk1 VMKernel interface. If we were doing VXLAN over a routed network the out IP would still be that of the recipient ESXi host but the outer MAC would be that of the next hop PIM router. I will cover this in a later blog post on VXLAN over a pure layer 3 network using PIM Sparse Mode.

VXLAN mappings for VNI 5000

As you can see the destination for VM01 on host ESXi1 matches the MAC and IP address of that hosts VMKernel interface vmk1.

Another thing you can do is to view from the ESXi cli the VNI to multicast group mapping using the command:

esxcli network vswitch dvs vmware vxlan network list --vds-name=dvSwitch --vxlan-id=5000

There are more combinations of "esxcli network vswitch dvs vmware vxlan" command than Ive played with or could cover in this blog post.

Thats the end of this blog post, as this is my 1st lab blog post I really appreciate any constructive feedback as I hope to add more blogs posts as I lab things up at home depending on free home time

VXLAN Lab setup as per Figure 1.0 below:

Computer with 16GB RAM, quad core i5 CPU and Solid state disk.

VMware Workstation verson 8

One VM for vCenter, one VM for shared storage and two ESXi VMs with virtualised VT-x enabled. vShield Manager as a VM on the virtual ESXi hosts.

Figure1.0

I hope to create a blog post for each of the below in the coming months:

          VXLAN over Layer 3 using PIM-SM

          vCNS Edge SSL VPN.

          vCNS Edge firewall and CLI/debugging

          and hopefully more.....

Thanks for reading.

Kevin Barrass