Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Traffic Forwarding Model Design
Traffic on the VXLAN network is classified into the following types:
- North-south traffic: access traffic between servers on the VXLAN network and external network
- East-west traffic: access traffic between servers on the VXLAN network
Traffic Forwarding Model of Hardware Centralized VXLAN Using the Spine/Leaf Two-Layer Architecture
Figure 1 shows forwarding of some traffic in hardware centralized VXLAN using the spine/leaf two-layer architecture.
Figure 2-11 Forwarding of some traffic in hardware centralized VXLAN using the spine/leaf two-layer architecture
![]()
North-south traffic is classified into the following types based on the service model:
- Traffic passes through a firewall and an LB, and is forwarded to a router through a gateway.
- Traffic is directly transmitted to the external network without passing a firewall and an LB.
- Traffic passes through a firewall but not an LB, and is forwarded to a router through a gateway.
East-west traffic is classified into the following types based on the service model:
- Traffic in the same subnet and VRF: Traffic is directly forwarded on the leaf node, or is encapsulated on the leaf node and decapsulated on the other leaf node after traversing the spine node.
- Traffic across subnets and in the same VRF: After traffic is encapsulated with the VXLAN header on the leaf node, traffic is decapsulated on the spine node and forwarded at Layer 3 based on routes.
- Traffic across subnets and in different VRFs: After traffic is encapsulated with the VXLAN header on the leaf node, traffic is decapsulated on the spine node and forwarded to a firewall based on found static routes. Then the firewall uniformly controls inter-VRF traffic. The spine node can also use static routes or import RTs to forward traffic.
Traffic Forwarding Model of Hardware Centralized VXLAN Using the Gateway/Spine/Leaf Three-Layer Architecture
Figure 2 shows forwarding of some traffic in hardware centralized VXLAN using the gateway/spine/leaf three-layer architecture.
Figure 2-12 Forwarding of some traffic in hardware centralized VXLAN using the gateway/spine/leaf three-layer architecture
![]()
North-south traffic is classified into the following types based on the service model:
- Traffic passes through a firewall and an LB, and is forwarded to a router through a gateway.
- Traffic is directly transmitted to the external network without passing a firewall and an LB.
- Traffic passes through a firewall but not an LB, and is forwarded to a router through a gateway.
East-west traffic is classified into the following types based on the service model:
- Traffic in the same subnet and VRF: Traffic is directly forwarded on the leaf node, or is encapsulated on the leaf node and decapsulated on the other leaf node after traversing the spine node.
- Traffic across subnets and in the same VRF: After traffic is encapsulated with the VXLAN header on the leaf node, traffic passes through the spine node, is decapsulated on the border leaf node, and is forwarded at Layer 3 based on routes.
- Traffic across subnets and in different VRFs: After traffic is encapsulated with the VXLAN header on the leaf node, traffic passes through the spine node, is decapsulated on the border leaf node, and is forwarded to a firewall based on found static routes. Then the firewall uniformly controls inter-VRF traffic. The border leaf node can also use static routes or import RTs to forward traffic.