Your SlideShare is downloading. ×

VXLAN Introduction 2

1,127
views

Published on

Published in: Technology

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,127
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
139
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • The key component a VXLAN implementation is called the VXLAN Tunnel End Point, or VTEP. The VTEP keeps track of what remote MAC addresses exist on which remote VTEPs within a given VXLAN. It performs encapsulation of local frames to send them to remote VTEPs and decapsulation of received VXLAN packets for delivery to local connected Ethernet End Systems.

    VTEPs don’t exist all by themselves, but are a component within a larger system. In this figure, the VTEP is embedded within an access switch. This could be a virtual switch on a hypervisor, or it could be a physical switch.

    Inside this access switch, is another component labeled “Bridge Domain Switch”, this is the heart of any layer 2 switch that performs MAC address learning and Ethernet frame forwarding. The term Bridge Domain is a generic term that covers both VLANs and VXLANs. Internally, the BD switch, switches frames based on an internal BD ID. When frames enter the switch on an interface, the frames are identified as belonging to a bridge domain based on both the interface it was received on and how the frame is tagged, whether that tag is a VLAN tag, or in the case of an internal VTEP, the VTEP maps the frames to the internal BD ID based on the VXLAN ID of the encapsulated packet.

    In the case of a VXLAN, any locally connected End Systems see no difference from being connected to a VLAN. Frames are switched between them locally by the BD switch and are not sent to the VTEP internal interface on the switch. If however, the destination MAC address is for a remote End System, then that ES appears to the BD switch to be connected to the VTEP internal interface.

    On the other side of the VTEP is an IP interface connected to the underlying IP transport network in the datacenter. Note that this interface need not (and usually is not) a physical interface, but instead is usually a virtual interface connected to a VLAN.



    So, that’s what a VTEP is. So if we now look at how the VTEPs communicate with each other over the IP transport network, when first they start out, they are completely unaware of any other VTEP.

    When a new VXLAN is configured on the VTEP, part of the configuration is an IP multicast group. Each VTEP uses IGMPv2 to perform an Any Source Multicast (aka star comma G) join to the multicast group. It needs to be any source because the VTEPs do not know what other VTEPs are currently participating in the VXLAN. This multicast group acts as a communication bus for VTEPs to communicate when sending unknown/broadcast/multicast frames.

    Once a frame is sent over this communication bus, each VTEP looks at the source IP address in the packet and learns which VTEPs have which remote MAC addresses behind them. Once that learning has happened, all unicast MAC addresses can be sent over point to point unicast tunnels to the correct VTEP directly.

  • - Clarify HW capabilities and SW support for VXLAN-to-VXLAN bridging
  • Transcript

    • 1. © 2014 VCE Company, LLC. All rights reserved. Shane Corban Nexus Marketing Manager VXLAN INTRODUCTION
    • 2. Problems being addressed:  VLAN scale – VXLAN extends the L2 segment ID field to 24-bits, potentially allowing for up to 16 million unique L2 segments over the same network  Layer 2 segment elasticity over Layer 3 boundary – VXLAN encapsulates L2 frame in IP-UDP header VXLAN perceived as “The Standard” way to create overlays Ecosystem of vendors: VMware, F5, Broadcom, Brocade, Arista, etc.
    • 3. TERMINOLOGY VTEP (VXLAN Tunnel End Point)  Performs VXLAN encap & decap  Usually located at the Aggregation Layer  Support for multiple VXLAN Edge Devices (multi-homing) in the same site VNI (Virtual Network Identifier)  Mapping of VLAN to VXLAN (i.e., VNI 5000 maps to VLAN 20)  Can have multiple VNIs mapped to the same VLAN VXLAN Devices 3 VTEP VTEPVTEP VTEP
    • 4. VXLAN MAC LEARNING Flood & Learn is used today  Control-Plane based in future Multicast is required  Unicast with head-end replication in the future PIM-SM or PIM-Bidir on Nexus 3100/7000 PIM-Bidir on Nexus 5600/N6K-X Building the MAC Tables 4
    • 5. VTEP DISCOVERY VTEPs join specified multicast group (*, G) PIM-SM or PIM-BiDir Can have one multicast group per VNI Can have multiple VNIs per multicast group Future support for an intelligent control plane for VTEP discovery How VTEPs find each other 5
    • 6. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential VXLAN PACKET STRUCTURE ORIGINAL L2 FRAME GIVEN A VXLAN HEADER WITH VNI Original L2 FrameVXLAN Header FCS Allows for 16M possible segmentsUDP 4789 Hash of the inner L2/L3/L4 headers of the original frame. Enables entropy for ECMP Load balancing in the Network. Src and Dst addresses of the VTEPs Src VTEP MAC Address Next-Hop MAC Address
    • 7. VXLAN MULTICAST MODE VTEP VTEP VTEP IGMP Report to Multicast Group 239.1.1.1 IGMP Report to Multicast Group 239.1.1.1 IGMP Report to Multicast Group 239.2.2.2 IGMP Report to Multicast Group 239.2.2.2 Web VM Web VM DB VM DB VM Multicast-enabled Transport PIM not IGMP
    • 8. ARP REQUEST VM 1 VM 3VM 2 VTEP 1 1.1.1.1 VTEP 3 3.3.3.3 VTEP 2 2.2.2.2 IP A  GARP Req MAC IP Addr VM 1 VTEP 1 MAC IP Addr VM 1 VTEP 1 ARP Req IP A  GARP Req ARP Req ARP Req Multicast-enabled Transport
    • 9. ARP RESPONSE VM 1 VM 3VM 2 VTEP 1 1.1.1.1 VTEP 3 3.3.3.3 VTEP 2 2.2.2.2 ARP Resp MAC IP Addr VM 2 VTEP 2 Multicast-enabled Transport VTEP 2  VTEP 1ARP Resp ARP Resp MAC IP Addr VM 1 VTEP 1
    • 10. BLUE & PURPLE VNI SHARING OF MULTICAST GROUPS Web VM Web VM DB VM DB VM VTEP 1 1.1.1.1 VTEP 3 3.3.3.3 VTEP 2 2.2.2.2 Blue VNI on Group G Purple VNI on Group G IP A  GOrg Frame IP A  GOrg Frame
    • 11. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential • Multicast may not be enabled in the infrastructure • Multicast scaling Multicast Dependency • Flooding required to handle BUM (Broadcast/Unknown Unicast/Multicast) traffic • Unknown floods can cause network meltdowns Flood and Learn based Learning • Need the ability to connect to external nodes External Connectivity
    • 12. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential • Head-end replication to allow unicast-mode only operation • Introduce a control plane to allow for dynamic VTEP discovery Multicast Dependency • Workload MAC addresses are known once they are connected to the VXLAN capable devices • Leverage the control plane also to exchange L2/L3 address-to-VTEP association information Flood and Learn based Learning • Introduce VXLAN GatewaysExternal Connectivity
    • 13. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential Unicast-Only Transport East South VTEP VXLAN UNICAST MODE HEAD-END REPLICATION West VXLAN Encap4 3 VTEP performs Head- End Replication **Information statically configured or dynamically retrieved via control plane (VTEP discovery) VTEP VTEP Overlay Neighbors South , IP C East , IP B 2 VTEP retrieves the list of Overlay Neighbors** BUM Frame 1 A workload sends a L2 BUM* frame IP A  IP BBUM Frame IP A IP B IP C IP A  IP CBUM Frame *Broadcast, Unknown Unicast or Multicast 5 Frames are unicasted to the neighbors
    • 14. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential Destination is in another segment. Packet is routed to the new segment VXLANORANGE VXLANBLUE Ingress VXLAN packet on Orange segment VXLAN Router  V(X)LAN-to-V(X)LAN Routing (L3 Gateway)  N5600, N6K-X, N7K (F3), N9K VXLAN ON HW PLATFORMS SUPPORTED FUNCTIONALITIES  VXLAN to VLAN Bridging (L2 Gateway)  N5600, N6K-X, N7K (F3), N9K, N31XX VXLANORANGE Ingress VXLAN packet on Orange segment Egress interface chosen (bridge may .1Q tag the packet) VXLAN L2 Gateway SVI Egress interface chosen (bridge may .1Q tag the packet)
    • 15. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential “SOFTWARE” VXLAN LAYER-2 GATEWAY PURELY AN HOST OVERLAY SOLUTION VxLAN untagged Hypervisor Virtual Machines Virtual to Virtual VNI 5000 VNI 5000VXLAN supported on Nexus1000v & Hypervisor Switches L3 Fabric WAN/Core
    • 16. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential INTER-VXLAN ROUTING USING SW L3 GATEWAY PURELY AN HOST OVERLAY SOLUTION SW Gwy VXLAN Routing VNI 5000 <-> VNI 6000 Virtual to Virtual VNI 5000 VNI 6000 VXLAN routing functions supported on Cisco ASA1000v and CSR1000v L3 Fabric WAN/Core VxLAN untagged
    • 17. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential SW L3 GATEWAY COMMUNICATING WITH THE EXTERNAL L3 DOMAIN SW Gwy VXLAN to VLAN Bridging VNI 5000 <-> V:LAN 100 Virtual to Physical VNI 6000 VXLAN routing functions also supported on Cisco ASA1000v and CSR1000v VLAN L3 Fabric WAN/Core SVI 100 VxLAN untagged
    • 18. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential VNI 6000 VXLAN-to-VLAN Bridging Virtual to Physical VxLAN VLAN untagged VXLAN L2 Gateway VXLAN L2 Gateway VNI 5000 VLAN 10 VLAN 20 VXLAN VTEP HW VXLAN L2 GATEWAY INTRA-SUBNET COMMUNICATION L3 Fabric
    • 19. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential L3 Cloud VXLAN L3 Gateway VXLAN L3 Gateway HW VXLAN ROUTING INTER-SUBNETS COMMUNICATION VXLAN-to-VXLAN Routing VNI 5000 <-> VNI 7000 VXLAN L2 Gateway VXLAN L2 Gateway VxLAN VLAN untagged VLAN-to-VXLAN Routing VNI 6000 <-> L3_Ext_Intf VNI 5000 VLAN 20VLAN 30 VXLAN-to-VLAN Bridging VNI 7000 <-> VLAN 30 VXLAN-to-VLAN Bridging VLAN 20 <-> VNI 6000 L3 Fabric
    • 20. © 2014 VCE Company, LLC. All rights reserved. VCE Confidential VXLAN L3 Gateway VXLAN L3 Gateway HW VXLAN ROUTING NEXUS VTEP REDUNDANCY VXLAN L2 Gateway L3 Fabric VXLAN L2 Gateway L3 Gateway redundancy based on vPC and HSRP (2 nodes) L2 Gateway redundancy based on vPC (anycast VTEP address) vMAC  Emulated VTEP