In this post I will explain how NSX-T create and maintains various table which forms the building block of logical switching.  Basically I will discuss about formation of below tables:

• VTEP Table
• MAC Table
• ARP Table

These tables are continuously updated and modified as we provision new workloads and create new segments. 

VTEP Table

This table holds the VNI to TEP IP mapping. A couple of points before we start.

• Each segment has a unique identifier called VNI. 
• Each transport node in that TZ will have a TEP IP. 

Lets understand TEP table creation with the help of below diagram.

Step 1: As soon as a segment is created in a TZ, all transport node of that TZ updates its local TEP table and registers VNI of the created segment against its TEP IP. Each transport node then send this info to Local Control Plane (LCP).

Note: VTEP can be viewed by logging into ESXi host and running command: get logical-switch <ls-uuid> vtep-table

Step 2: Each transport nodes then send their VNI-TEP entry from its LCP to CCP (running on NSX-T Manager).

Step 3: CCP receives TEP report from all transport nodes and starts to build full TEP table corresponding to a given VNI.

Step 4: CCP periodically sends copy of the updated table to LCP of all transport nodes so that all nodes are aware of TEP IP-VNI association of rest of the nodes. 

At this point every transport node is aware of who all are participating in a given segment.

And that completes the process of TEP table creation.

MAC Table

This table holds entry of VM MAC to TEP-IP of transport node. Formation and updation of MAC table works pretty much same as TEP table.

Step 1: When a VM is powered-on a transport node (ESXi), its MAC address is learned and get registered in the MAC table of that node. Also TEP-IP of that transport node is stored there. 

If we login to any ESXi host and check the MAC Table corresponding to a given segment, we will get following info:

• Inner MAC: Actual Mac address of the VM connected to segment.
• Outer MAC: Mac address of the vmkernel portgroup corresponding to VTEP.
• Outer IP: IP address of the VTEP configured on that ESXi host.

Step 2: LCP of all transport node then sends its MAC-TEP association to CCP.

Step 3: CCP then curates the full table of VNI-MAC-TEP association.

At this moment CCP is aware that it has a segment with VNI 5000 and its servicing 3 MAC Addresses which are behind a specific TEP Address. So the CCP knows which MAC is associated with which TEP and this info is very helpful when forwarding layer-2 packets across tunnel.

Step 4: CCP then publishes this info to all the transport nodes.

And that completes the process of MAC table creation.

ARP Table

ARP table holds entry of VM MAC-IP Address. Transport node learns MAC-IP association by snooping ARP and DHCP traffic. NSX-T uses ARP table maintained at CCP level to control the ARP flooding. 

Since MAC-IP association is maintained at CCP level and updated periodically at LCP level, any ARP broadcast originating from VM is suppressed and result is returned to VM via unicast response. 

Process of ARP table is pretty much similar to TEP & MAC table formation, so I am not going to use any screenshots here to demonstrate the same.

And that’s it for this post.

I hope you enjoyed reading the post. Feel free to share this on social media if it is worth sharing 🙂