Asymmetric IRB

Asymmetric IRB uses different VNIs for bi-directional traffic between 2 hosts on different Layer-2 VNIs. For example:

Figure 1  Asymmetric IRB Topology


  1. Host1 in VLAN 10/VNI 10 connected to VTEP1 sends traffic to Host2 in VLAN 20/VNI 20 connected to VTEP2.
    1. Traffic from Host1 is sent to VTEP1 VLAN 10/ VNI 10 gateway MAC.
  2. VTEP1 routes traffic to VNI 20, encapsulates frame with VXLAN, adds outer Source/Destination IP, VNI info and sends traffic to VTEP2.
    1. VTEP1 should already have a MAC/ARP entry for Host2.
    2. The inner Source MAC is changed to VTEP1 VLAN 20 gateway MAC and inner Destination MAC is changed to MAC2 which belongs to Host2.
  3. VTEP2 decapsulates outer VXLAN, bridges and sends the traffic to Host2 on VLAN 20/VNI 20.
    1. Host2 will see source MAC as VTEP1.

Return traffic from Host2 to Host1 is similar. Traffic from Host2 is sent to VTEP2 VLAN20/VNI 20 gateway MAC. VTEP2 routes traffic to VNI 10, encapsulates and sends the traffic to VTEP1. VTEP1 will decapsulate, bridge and send the traffic to Host1 on VLAN 10/VNI 10.

As seen from the traffic flow:

  • Asymmetric IRB needs both source and destination Layer-2 VNIs to be configured on the ingress VTEP.
  • Routing and bridging is used on the ingress VTEP.
  • Bridging is used on the egress VTEP.
  • Bi-directional traffic uses asymmetric paths:
    • Host1 to Host2 uses VNI 10 -> VNI 20.
    • Host2 to Host1 uses VNI 20 -> VNI 10.
  • Asymmetric IRB will lead to increased ARP/MAC scale on VTEPs as they need to contain MAC/ARP of both source/destination hosts.
  • If Asymmetric IRB is used, all subnets/VNIs have to be configured on all VTEPs. As previously shown, it is not mandatory for a subnet to span across all VTEPs in both Data Center and Campus networks, e.g. 10.10.220.0/24 only exists on Leaf1A/1B, Leaf2A/2B in Figure 2, 10.10.220.0/24 only exists in Building#1.