Professional Documents
Culture Documents
Ali Delgado
Chapter 15 IP Services
STATIC NAT -
POOLED NAT -
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
15.1 Network Time Protocol
(NTP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
NTP
Time and Calendar Services
• The software clock on a router or switch starts when the system boots. It is the
primary source of time for the system. It is important to synchronize the time across all
devices on the network. When the time is not synchronized between devices is
difficult:
• Managing passwords that change at specific time intervals
• Encryption key exchanges
• Checking validity of certificates based on expiration date and time
• Correlation of security-based events across multiple devices (routers,
switches, firewalls, network access control systems, and so on)
• Troubleshooting network devices and correlating events to identify the root
cause of an event
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
NTP
Time and Calendar Services (Cont.)
A solution is to configure the NTP on the network. This protocol allows routers on the
network to synchronize their time settings with an NTP server, which provides more
consistent time settings. NTP can be set up to synchronize to a private master clock, or it
can synchronize to a publicly available NTP server on the internet. NTP uses UDP port
123 and is documented in RFC 1305.
• Obsoletes RFC-1119, RFC-1059, RFC-958
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
NTP
NTP Operation
NTP networks use a hierarchical
system of time sources. Each level
in this hierarchical system is called a
stratum. The stratum level is defined
as the number of hop counts from
the authoritative source. The
synchronized time is distributed
across the network by using NTP.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
NTP
NTP Operation (Cont.)
• Stratum 0: These authoritative time sources are high-precision timekeeping devices
assumed to be accurate and with little or no delay associated with them.
• Stratum 1: Devices that are directly connected to the authoritative time sources. They
act as the primary network time standard.
• Stratum 2 and Lower: Stratum 2 servers are connected to stratum 1 devices through
network connections. Stratum 2 devices, such as NTP clients, synchronize their time
by using the NTP packets from stratum 1 servers. They could also act as servers for
stratum 3 devices.
Time servers on the same stratum level can be configured to act as a peer with other time
servers on the same stratum level for backup or verification of time.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
NTP
Configure and Verify NTP
• Before NTP is configured on the network, the show clock command displays the
current time on the software clock. With the detail option, notice that the time source
is user configuration.
• The ntp server ip-address command is issued in global configuration mode to
configure 209.165.200.225 as the NTP server for R1. To verify the time source is set
to NTP, use the show clock detail command. Notice that now the time source is NTP.
R1# show clock detail
20:55:10.207 UTC Fri Nov 15 2019
Time source is user configuration
R1# config t
R1(config)# ntp server 209.165.200.225
R1(config)# end
R1# show clock detail
21:01:34.563 UTC Fri Nov 15 2019
Time source is NTP
you should know that you can use the command ntp master stratum-number to statically set the stratum for a
device when it acts as an NTP server © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
NTP
Configure and Verify NTP (Cont.)
The show ntp associations and show ntp status commands are used to verify that R1 is
synchronized with the NTP server at 209.165.200.225. Notice that R1 is synchronized with a
stratum 1 NTP server at 209.165.200.225, which is synchronized with a GPS clock. The show
ntp status command displays that R1 is now a stratum 2 device that is synchronized with the
NTP server at 209.165.220.225.
R1# show ntp associations
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
NTP
Configure and Verify NTP (Cont.)
• The clock on S1 is configured to synchronize to R1 with the ntp server command and
the configuration is verified with the show ntp associations command.
• Output from the show ntp associations command verifies that the clock on S1 is
now synchronized with R1 at 192.168.1.1 via NTP. R1 is a stratum 2 device, making
S1 is a stratum 3 device that can provide NTP service to other devices in the network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Concept of First Hop Redundancy Protocols
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Concept of First Hop Redundancy Protocols
First Hop Redundancy Protocols
Hot Standby Router Protocol (HSRP) - A Cisco-
proprietary FHRP designed to allow for transparent
failover of a first-hop IPv4 device.
• Active device is the device that is used for routing
packets.
• Standby device is the device that takes over when
the active device fails.
• Function of the HSRP standby router is to monitor
the operational status of the HSRP group and to
quickly assume packet-forwarding responsibility if
the active router fails.
HSRP for IPv6 - Cisco-proprietary FHRP providing
the same functionality of HSRP, but in an IPv6
environment.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Concept of First Hop Redundancy Protocols
First Hop Redundancy Protocols (Cont.)
Virtual Router Redundancy Protocol version 2 -
A nonproprietary protocol that dynamically assigns
responsibility for one or more virtual routers to the
VRRP routers on an IPv4 LAN.
• One router is elected as the virtual router master,
with the other routers acting as backups, in case the
virtual router master fails.
VRRPv3 - Capability to support IPv4 and IPv6.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
HSRP Operations
Version HSRP V1 HSRP V2
HSRP Versions (Default)
Group numbers 0 to 255 0 to 4095
Multicast address 224.0.0.2 224.0.0.102 or
FF02::66
Virtual MAC 0000.0C07.AC00 - IPv4
address 0000.0C07.ACFF 0000.0C9F.F000
(last two digits to
group number) 0000.0C9F.FFFF
IPv6
0005.73A0.0000-
0005.73A0.0FFF
(last three digits
group number)
Support for MD5 No Yes
authentication
Step 3. Configure the priority for the desired active router to be greater than 100.
Step 4. Configure the active router to preempt the standby router in cases where the active router comes
online after the standby router.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
HSRP Configuration
HSRP Verification
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
HSRP Configuration
HSRP Verification (Cont.)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
VRRP Operations
VRRP Overview Virtual Router Redundancy Protocol (VRRP)
is an industry standard and operates
similarly to HSRP. The behavior of VRRP is
so close to that of HSRP that the following
differences should be noted:
The preferred active router controlling the
VIP gateway is called the master router. All
other VRRP routers are known as backup
routers.
VRRP enables preemption by default.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Configuration on R1 (master)
R1(config)#interface f0/0
R1(config-if)#ip address 10.1.1.1 255.255.255.0
fhrp version vrrp v3
R1(config-if)#no shutdown inteface
R1(config-if)#vrrp 123 ip 10.1.1.100 vrrp 22 address-family ipv4
|||||||||||||||||||||||||||||||||||||||||| SW2(config-if-vrrp)# address 172.16.22.1
SW2(config-if-vrrp)# track 1 decrement 20
SW2(config-if-vrrp)# priority 110
Configuration on R2 (backup)
R2(config)#interface f0/0
R2(config-if)#ip address 10.1.1.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#vrrp 123 ip 10.1.1.100
R2(config-if)#vrpp 123 priority 90
R2(config-if)#no vrrp 123 preempt © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
VRRP Configuration
VRRP Verification
VRRP status on R1
R1#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 123 100 3609 Y Master 10.1.1.1 10.1.1.100
||||||||||||||||||||||||||||||||||||||||||||||||||
VRRP status on R2
R2#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 123 90 3648 Y Backup 10.1.1.1 10.1.1.100
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
GLBP Operations
GLBP Overview
Provides gateway redundancy and load-
balancing capability to a network segment. It
provides redundancy with an active/standby
gateway, and it provides load-balancing
capability by ensuring that each member of
the GLBP group takes care of forwarding
the traffic to the appropriate gateway:
The GLBP contains two roles:
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
GLBP Configuration
GLBP Configuration Commands
Para asignar la prioridad a un router en un grupo GLBP
Switch(config-if)# glbp group priority level
Switch(config-if)# glbp group preempt [delay minimum seconds]
Switch(config-if)# glbp group timers [msec] hellotime [msec] holdtime
Activando GLBP
Switch(config-if)# glbp group ip [ip-address]
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
GLBP Configuration
GLBP Verification
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
NAT Characteristics
IPv4 Address Space
• Networks are commonly implemented
using private IPv4 addresses, as defined Activity
Class Activity Type
in RFC 1918. Name
• Private IPv4 addresses cannot be routed A 10.0.0.0 – 10.255.255.255 10.0.0.0/8
over the internet and are used within an B 172.16.0.0 – 172.31.255.255 172.16.0.0/12
organization or site to allow devices to
192.168.0.0/1
communicate locally. C 192.168.0.0 – 192.168.255.255
6
• To allow a device with a private IPv4
address to access devices and
resources outside of the local network,
the private address must first be
translated to a public address.
• NAT provides the translation of private
addresses to public addresses.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
NAT Characteristics
What is NAT
• The primary use of NAT is to conserve
public IPv4 addresses.
• NAT allows networks to use private IPv4
addresses internally and translates them
to a public address when needed.
• A NAT router typically operates at the
border of a stub network.
• When a device inside the stub network
wants to communicate with a device
outside of its network, the packet is
forwarded to the border router which
performs the NAT process, translating
the internal private address of the device
to a public, outside, routable address.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
NAT Characteristics
NAT Terminology
NAT includes four types of addresses:
• Inside local: The actual private IP address assigned to a device on the inside
network(s).
• Inside global: The public IP address that represents one or more inside local IP
addresses to the outside.
• Outside local: The IP address of an outside host as it appears to the inside
network. The IP address does not have to be reachable by the outside but is
considered private and must be reachable by the inside network.
• Outside global: The public IP address assigned to a host on the outside network.
This IP address must be reachable by the outside network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Static NAT
Static NAT
• Static NAT is a one-to-one mapping
between an ip address to other ip
address.
• Inside static NAT
• Outside static NAT
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Static NAT
Configure Static NAT
There are two basic tasks when configuring static NAT translations:
• Step 1 - Create a mapping between the inside local address and the inside global
addresses using the ip nat inside source static command.
• Step 2 - The interfaces participating in the translation are configured as inside or
outside relative to NAT with the ip nat inside and ip nat outside commands.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Static NAT
Verify Static NAT
To verify NAT operation, issue the show ip nat translations command.
• This command shows active NAT translations.
• Because the example is a static NAT configuration, the translation is always present in
the NAT table regardless of any active communications.
• If the command is issued during an active session, the output also indicates the
address of the outside device.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Static NAT
Pooled NAT
• Provides a dynamic one-to-one
mapping of a local IP address to a
global IP address. The global IP
address is temporarily assigned to a
local IP address. After a certain
amount of idle NAT time, the global
IP address is returned to the pool.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Static NAT
Configure Pooled NAT
There are five tasks when configuring pooled NAT translations:
• Step 1 - Define the pool of addresses that will be used for translation using the ip
nat pool command.
• Step 2 - Configure a standard ACL to identify (permit) only those addresses that
are to be translated.
• Step 3 - Bind the ACL to the pool, using the ip nat inside source list command.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Static NAT
Configure Pooled NAT (Cont.)
There are five tasks when configuring dynamic NAT translations:
• Step 4 - Identify which interfaces are inside.
• Step 5 - Identify which interfaces are outside.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Static NAT
Verify Pooled NAT
The output of the show ip nat translations command displays all static
translations that have been configured and any dynamic translations that
have been created by traffic.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Static NAT
Verify Pooled NAT (Cont.)
By default, translation entries time out after 24 hours, unless the timers have been
reconfigured with the ip nat translation timeout timeout-seconds command in global
configuration mode. To clear dynamic entries before the timeout has expired, use the
clear ip nat translation privileged EXEC mode command.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Static NAT
PAT
• Provides a dynamic many-to-one
mapping of many local IP
addresses to one global IP address.
The NAT device translates the
private IP address and port to a
different global IP address and port.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
PAT
Configure PAT
To configure PAT to use a single IPv4 address, add the keyword overload to the ip nat
inside source command.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
PAT
Verify PAT
The same commands used to verify static and pooled NAT are used to verify PAT. The
show ip nat translations command displays the translations from two different hosts
to different web servers.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Chapter 16: Overlay Tunnels
An overlay network is a logical or virtual network built over a physical transport network referred
to as an underlay network. Overlay networks are used to overcome shortcomings of
traditional networks by enabling network virtualization, segmentation, and security to make
traditional networks more manageable, flexible, secure (by means of encryption), and
scalable.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
16.1 Generic Routing
Encapsulation (GRE)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
GRE Overview
GRE Introduction
Generic Routing Encapsulation (GRE) is a
non-secure, site-to-site VPN tunneling
protocol.
Developed by Cisco.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
GRE Overview
GRE Characteristics
GRE is defined as an IETF standard (RFC
2784).
GRE encapsulation uses a protocol type
field in the GRE header to support the
encapsulation of any OSI Layer 3 protocol.
GRE does not include any strong security
mechanisms.
GRE header, together with the tunneling IP
header, creates at least 24 bytes of
additional overhead for tunneled packets.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Implement GRE
Configure GRE
Five steps to configuring a GRE tunnel:
• Step 1. Create a tunnel interface using the
interface tunnel number command.
• Step 2. Configure an IP address for the
tunnel interface. (Usually a private address)
• Step3. Specify the tunnel source IP address.
• Step 4. Specify the tunnel destination IP
address.
• Step 5. (Optional) Specify GRE tunnel mode
as the tunnel interface mode.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
16.2 IPsec
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
IPsec
IPsec overview
• IPsec is a framework of open standards for creating
highly secure virtual private networks (VPNs) using
various protocols and technologies for secure
communication across unsecure networks, such as the
Internet.
• IPsec uses two different packet headers to deliver the
security services:
1. Authentication header
2. Encapsulating Security Payload (ESP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
IPsec
IPsec overview
• Authentication Header: The authentication header ensures that the original data packet (before
encapsulation) has not been modified during transport on the public network. It creates a digital
signature similar to a checksum to ensure that the packet has not been modified, using protocol
number 51 located in the IP header.
• Encapsulating Security Payload: . ESP ensures that the original payload (before encapsulation)
maintains data confidentiality by encrypting the payload and adding a new set of headers during
transport across a public network. ESP uses the protocol number 50, located in the IP header.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
IPsec
Ipsec Overview
• Transform Sets: A transform set is a combination of security protocols and
algorithms. During the IPsec SA negotiation, the peers agree to use a particular
transform set for protecting a particular data flow. .
• Internet Key Exchange (IKE): is a protocol that performs authentication between
two endpoints to establish security associations (SAs), also known as IKE tunnels.
There are two versions of IKE: IKEv1 (specified in RFC 2409) and IKEv2 (specified
in RFC 7296).
• IKEv1: Internet Security Association Key Management Protocol (ISAKMP) is a
framework for authentication and key exchange between two peers to establish,
modify, and tear down SAs.
• IKEv2: is an evolution of IKEv1 that includes many changes and improvements
that simplify it and make it more efficient. One of the major changes has to do with
the way the SAs are established.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
IPsec
Ipsec Overview
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Types of VPNs
GRE over IPsec
For example, Branch and HQ need to exchange OSPF routing information over an
IPsec VPN. GRE over IPsec is used to support the routing protocol traffic over the
IPsec VPN. Specifically, the OSPF, EIGRP packets (i.e., passenger protocol) would
be encapsulated by GRE (i.e., carrier protocol) and subsequently encapsulated in an
IPsec VPN tunnel.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Types of VPNs
GRE over IPsec (Configuration Scenario)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Types of VPNs
GRE over IPsec (Configuration R1)
interface fasthethernet 0/0 10.1.102.2
ip address 10.1.101.1 255.255.255.0 crypto isakmp policy 10
! authentication pre-share
interface loopback 0 encryption des
ip address 1.1.1.1 255.255.255.255 hash sha
! group 1
interface tunnel12 !
ip address 192.168.12.1 255.255.255.0 crypto ipsec transform-set esp-3des esp-
tunnel source 10.1.101.1 3des esp-sha-hmac
tunnel destination 10.1.102.2 !
! crypto map out_map 10 ipsec-isakmp
router eigrp 12 set peer 10.1.102.2
network 1.1.1.1 0.0.0.0 set transform-set esp-3des
network 192.168.12.0 match address 130
! !
access-list 130 permit gre host 10.1.101.1 interface fasthethernet0/0
host 10.1.102.2 crypto map out_map
!
crypto isakmp key cisco123 address
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Types of VPNs
GRE over IPsec (Configuration R2)
interface fasthethernet 0/0 crypto isakmp key cisco123 address
ip address 10.1.102.2 255.255.255.0 10.1.101.1
! crypto isakmp policy 10
interface loopback 0 authentication pre-share
ip address 2.2.2.2 255.255.255.255 encryption des
! hash sha
interface tunnel12 group 1
ip address 192.168.12.2 255.255.255.0 !
tunnel source 10.1.102.2 crypto ipsec transform-set esp-3des esp-
tunnel destination 10.1.101.1 3des esp-sha-hmac
! !
router eigrp 12 crypto map out_map 10 ipsec-isakmp
network 2.2.2.2 0.0.0.0 set peer 10.1.101.1
network 192.168.12.0 set transform-set esp-3des
! match address 130
access-list 130 permit gre host 10.1.102.2 !
host 10.1.101.1 interface fasthethernet0/0
! crypto map out_map
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Types of VPNs
GRE over IPsec (Verification)
R1#show crypto ipsec sa peer 10.1.102.2
interface: FastEthernet0/0
Crypto map tag: out_map, local addr 10.1.101.1
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Types of VPNs
GRE over IPsec (Verification)
interface: FastEthernet0/0
Crypto map tag: out_map, local addr 10.1.102.2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
1.3 Locator ID Separation
Protocol (LISP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
LISP
LIST Overview
• LISP (RFC6830) is a network architecture and protocol that implements the use of two
namespaces instead of a single IP address:
Splitting EID and RLOC functions yields several advantages including improved routing
system scalability, and improved multihoming efficiency and ingress traffic engineering.
LISP functionality requires LISP-specific configuration of one or more LISP-related
devices, such as the LISP egress tunnel router (ETR), ingress tunnel router (ITR), proxy
ETR (PETR), proxy ITR (PITR), map resolver (MR), map server (MS), and LISP
alternative logical topology (ALT) device .
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
LISP
LISP Overview
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
LISP
LISP ARCHITECTURE
• Architecture LISP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
LISP
LIST Overview
• LISP site: This is the name of a site where LISP routers and EIDs reside.
• Ingress tunnel router (ITR): are LISP routers that LISP-encapsulate IP packets coming from EIDs that are
destined outside the LISP site.
• Egress tunnel router (ETR): ETRs are LISP routers that deencapsulate LISP-encapsulated IP packets
coming from sites outside the LISP site and destined to EIDs within the LISP site.
• Tunnel router (xTR)
• Proxy ITR (PITR): PITRs are just like ITRs but for non-LISP sites that send traffic to EID destinations.
• Proxy ETR (PETR): PETRs act just like ETRs but for EIDs that send traffic to destinations at non-LISP
sites.
• Proxy xTR (PxTR)
• LISP router
• Map server (MS): This is a network device (typically a router) that learns EID-to-prefix mapping entries
from an ETR and stores them in a local EID-to-RLOC mapping database.
• Map resolver (MR): This is a network device (typically a router) that receives LISP-encapsulated map
requests from an ITR and finds the appropriate ETR to answer those requests by consulting the map
server.
• Map server/map resolver (MS/MR)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
Operation
LISP Operation
MR MS
ITR ETR
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
LISP
LISP Packet Format
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
1.4 Virtual Extensible Local
Area Network (VXLAN)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
VXLAN
VXLAN Overview
• VXLAN (RFC7348) is a network virtualization technology that attempts to address the
scalability problems associated with large cloud computing deployments. It uses a
VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within
layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP
port number.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
VXLAN
VXLAN Packet Format
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
VXLAN
VXLAN Operation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Source: