How VXLAN works on Linux

Etsuji Nakai
Etsuji NakaiCloud Solutions Architect at Google
How VXLAN works on Linux Basic mechanism and Application to OpenStack and Docker ]中井悦司 / Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K v1.1 2015/07/09
2 How VXLAN works on Linux $ who am i  中井悦司 / Etsuji Nakai – Twitter @enakai00 – Senior Solution Architect and Cloud Evangelist at Red Hat. – The author of some OpenStack books.
3 How VXLAN works on Linux Contents  VXLAN basics  OpenStack Neutron OVS Plugin  VTEP implementation with Flannel  References
VXLAN basics
5 How VXLAN works on Linux The objective of VXLAN  Creating virtual L2 network over physical L3 network. VXLAN Switch VXLAN Switch VXLAN Switch Tokyo Osaka Fukuoka 10.1.0.0/16 10.1.1.0 10.1.2.0 10.1.3.0 Physical view Logical view from servers
6 How VXLAN works on Linux Packet encapsulation with VXLAN header  VXLAN encapsulates L2 packet inside L3 packet. VXLAN Switch VXLAN Switch Tokyo Osaka Dest Address yy.yy.yy.yy Original Packet Source Address xx.xx.xx.xx Original Packet VXLAN Header xx.xx.xx.xx yy.yy.yy.yy Original Packet
7 How VXLAN works on Linux
8 How VXLAN works on Linux The fundamental problem of L2 over L3  How to find the correct location of packet destination? How did you know that the destination is in Osaka!? VXLAN Switch VXLAN Switch Tokyo Osaka Dest Address yy.yy.yy.yy Original Packet Source Address xx.xx.xx.xx Original Packet VXLAN Header xx.xx.xx.xx yy.yy.yy.yy Original Packet
9 How VXLAN works on Linux ARP resolution on L2 layer  VXLAN switches need to emulate the ARP resolution mechanism. IP  10.1.2.0 MAC zz:zz:zz:zz:zz:zz ① ARP Request "What's the MAC for IP 10.1.2.0?" ② ARP Reply "zz:zz:zz:zz:zz:zz" Dest IP 10.1.2.0 Source IP 10.1.1.0 Payload Dest MAC zz:zz:zz:... Source MAC xx:xx:xx:... L3 headerL2 header IP  10.1.1.0 MAC xx:xx:xx:xx:xx:xx ④ Send L2 packet to "zz:zz:zz:zz:zz:zz" ③ Port <-> MAC association is recorded in MAC table
10 How VXLAN works on Linux Additional features for L2 over L3  Packet encapsulation is not enough for L2 over L3. VXLAN switches need to implement the following features. – ARP resolution: Need to reply to ARP request from local servers without broadcasting the ARP packet. – Destination search : Need to find the destination location corresponding to the destination MAC.  The VXLAN endpoint providing these features is referred as "VTEP". ARP Reply 「zz:zz:zz:zz:zz:zz」 Dest "zz:zz:zz:zz:zz:zz" is located in Osaka.VXLAN Switch Tokyo xx.xx.xx.xx ① ARP Request "What's the MAC for IP 10.1.2.0?" ④ Send L2 packet to "zz:zz:zz:zz:zz:zz"
11 How VXLAN works on Linux
12 How VXLAN works on Linux Variations of VTEP implementation  To implement VTEP features, there must be some mechanism to share the tuple (MAC, IP Address, Location) of all servers.  The followings are some variations of VTEP implementation. – Exchange MAC/IP information using L3 multicasting among switches. – Use SDN controller as a central MAC/IP database. – Use local agent and virtual VXLAN switch running on Linux servers.
OpenStack Neutron OVS Plugin
14 How VXLAN works on Linux ML2 l2population driver  In the case of OpenStack Neutron OVS plugin, VXLAN encapsulation is done on the local Open vSwitch on compute nodes. – MAC/IP information is sent by L2 agent and populated by l2population ML2 driver. – The l2population driver populates the following entries in OVS. • FDB (forwarding database): a lookup table to find a destination node corresponding to the dest MAC address. • Flowtable entries for replying to ARP requests from local VMs. VM OVS (br-int) VM l2population driver Messaging server (RabbitMQ) VM OVS (br-int) VM l2population driver L2 Agent L2 Agent ① Attaching new VM ② Send MAC/IP information ③ Populate flow table in OVS
15 How VXLAN works on Linux  Reference : ML2 – Address Population – http://assafmuller.com/2014/02/23/ml2-address-population/
VTEP implementation with Flannel
17 How VXLAN works on Linux Overlay network with Flannel  Flannel is a opensource tool to create overlay network for Docker containers. It's often used with Kubernetes. – It uses Linux kernel's native VXLAN devices for packet encapsulation. – Flannel daemon dynamically populates FDB and ARP table according to the kernel requests via the "L2/L3 MISS" notification mechanism. • The mechanism is originally named as "DOVE extensions" • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751 – The IP/MAC information is shared with the backend KVS (etcd). etcd Physical network 192.168.122.0/24 Minion flannel.1 Minion flannel.1 Internal network for container communication 10.1.0.0/16 Minion flannel.1 VXLAN device
18 How VXLAN works on Linux Kernel's DOVE extensions  You can use the native VXLAN device with the current Linux kernel. – You don't necessarily need OVS for using VXLAN. – It's just like using the traditional VLAN device with Linux :)  VTEP features are implemented with a userland agent via "L2/L3 MISS" notification mechanism. (The notification is sent via netlink.) – L3MISS • The kernel asks the agent to populate the local ARP table when necessary instead of broadcasting the ARP request packet. – L2MISS • The kernel asks the agent to populate FDB when necessary. # ip -d l show flannel.1 3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT link/ether 82:ce:d5:09:06:2c brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 1 local 192.168.122.101 dev eth0 srcport 0 0 dstport 8472 proxy l2miss ageing 300 # bridge fdb show dev flannel.1 56:e1:c1:d6:b7:51 dst 192.168.122.102 self # cat /proc/sys/net/ipv4/neigh/flannel.1/app_solicit 3
19 How VXLAN works on Linux  Reference: Kernel patch - add DOVE extensions for VXLAN – https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751
References
21 How VXLAN works on Linux References  ML2 – Address Population – http://assafmuller.com/2014/02/23/ml2-address-population/  Kernel patch: add DOVE extensions for VXLAN – https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751  FlannelのVXLANバックエンドの仕組み – http://enakai00.hatenablog.com/entry/2015/04/02/173739
EMPOWER PEOPLE, EMPOWER ENTERPRISE, OPEN INNOVATION.
1 of 22

How VXLAN works on Linux

Download to read offline
Technology
Etsuji Nakai
Etsuji NakaiCloud Solutions Architect at Google

Recommended

OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
4.3K views24 slides
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
67.6K views27 slides
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
2.8K views71 slides
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
13.2K views16 slides
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
63.9K views41 slides
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
19.4K views18 slides

More Related Content

What's hot

VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
1.4K views68 slides
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
3.6K views12 slides

What's hot(20)

VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
Faisal Reza1.4K views
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada12.4K views
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh3.6K views
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrail
buildacloud9.1K views
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu813 views
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury52.6K views
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group1.8K views
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin1.7K views
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group2.1K views
VPP事始めVPP事始め
VPP事始め
npsg11.1K views
Link Aggregation Control ProtocolLink Aggregation Control Protocol
Link Aggregation Control Protocol
Kashif Latif11.9K views
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
Wilfredzeng11.4K views
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
James Denton1.6K views
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
NFVアプリケーションをOpenStack上で動かす為に - OpenStack最新情報セミナー 2017年7月
VirtualTech Japan Inc.3.3K views
FD.io VPP事始めFD.io VPP事始め
FD.io VPP事始め
tetsusat2.3K views
VXLAN Practice GuideVXLAN Practice Guide
VXLAN Practice Guide
Prasenjit Sarkar16.1K views
Large scale overlay networks with ovn: problems and solutionsLarge scale overlay networks with ovn: problems and solutions
Large scale overlay networks with ovn: problems and solutions
Han Zhou2.2K views
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Thomas Morin1.2K views
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config Guide
Woo Hyung Choi4.8K views
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
Swapnil Kapate6.5K views

Similar to How VXLAN works on Linux

rtnetlinkrtnetlink
rtnetlinkTaku Fukushima
2.9K views54 slides
Ovn vancouverOvn vancouver
Ovn vancouverMason Mei
520 views33 slides
NSX-MHNSX-MH
NSX-MHsethuraman ramanathan
783 views59 slides

Similar to How VXLAN works on Linux(20)

rtnetlinkrtnetlink
rtnetlink
Taku Fukushima2.9K views
Ovn vancouverOvn vancouver
Ovn vancouver
Mason Mei520 views
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron Insights
Atul Pandey289 views
NSX-MHNSX-MH
NSX-MH
sethuraman ramanathan783 views
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
Jim St. Leger3.8K views
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley2.3K views
Network stack personality in Android phone - netdev 2.2Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2
Hajime Tazaki1.1K views
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
Thomas Graf4.1K views
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
Michelle Holley1.7K views
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
Akihiro Motoki5.2K views
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
Mochamad Taufik Romdony59 views
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv825 views
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai15.6K views
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
inside-BigData.com1.6K views
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
PROIDEA243 views
Calico with open stackCalico with open stack
Calico with open stack
D.Rajesh Kumar281 views
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PROIDEA141 views
Sdn dell lab report v2Sdn dell lab report v2
Sdn dell lab report v2
Oded Rotter664 views
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
Cumulus Networks806 views
Quantum - Virtual networks for OpenstackQuantum - Virtual networks for Openstack
Quantum - Virtual networks for Openstack
salv_orlando6K views

More from Etsuji Nakai

PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3Etsuji Nakai
4K views3 slides

More from Etsuji Nakai(20)

PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
Etsuji Nakai4K views
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
Etsuji Nakai15.3K views
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Etsuji Nakai9.4K views
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
Etsuji Nakai4.2K views
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
Etsuji Nakai6.2K views
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
Etsuji Nakai9.3K views
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
Etsuji Nakai22.5K views
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
Etsuji Nakai2.8K views
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
Etsuji Nakai4.8K views
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
Etsuji Nakai19.2K views
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
Etsuji Nakai2.9K views
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
Etsuji Nakai1K views
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
Etsuji Nakai4K views
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
Etsuji Nakai2.6K views
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
Etsuji Nakai2.4K views
Life with jupyterLife with jupyter
Life with jupyter
Etsuji Nakai3.1K views
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
Etsuji Nakai10.1K views
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
Etsuji Nakai4.6K views
PRML7.2PRML7.2
PRML7.2
Etsuji Nakai965 views
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
Etsuji Nakai2.4K views

Recently uploaded

CXL at OCPCXL at OCP
CXL at OCPCXL Forum
203 views66 slides

Recently uploaded(20)

PyCon ID 2023 - Ridwan Fadjar Septian.pdfPyCon ID 2023 - Ridwan Fadjar Septian.pdf
PyCon ID 2023 - Ridwan Fadjar Septian.pdf
Ridwan Fadjar165 views
CXL at OCPCXL at OCP
CXL at OCP
CXL Forum203 views
MemVerge: Gismo (Global IO-free Shared Memory Objects)MemVerge: Gismo (Global IO-free Shared Memory Objects)
MemVerge: Gismo (Global IO-free Shared Memory Objects)
CXL Forum112 views
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
The Digital Insurer26 views
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳32 views
ChatGPT and AI for Web DevelopersChatGPT and AI for Web Developers
ChatGPT and AI for Web Developers
Maximiliano Firtman161 views
"Fast Start to Building on AWS", Igor Ivaniuk"Fast Start to Building on AWS", Igor Ivaniuk
"Fast Start to Building on AWS", Igor Ivaniuk
Fwdays34 views
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
Fwdays25 views
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk82 views
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
Vadym Kazulkin56 views
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada103 views
Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting177 views
MemVerge: Past Present and Future of CXLMemVerge: Past Present and Future of CXL
MemVerge: Past Present and Future of CXL
CXL Forum110 views
ThroughputThroughput
Throughput
Moisés Armani Ramírez31 views
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk85 views
Spesifikasi Lengkap ASUS Vivobook Go 14Spesifikasi Lengkap ASUS Vivobook Go 14
Spesifikasi Lengkap ASUS Vivobook Go 14
Dot Semarang34 views
"How we switched to Kanban and how it integrates with product planning", Vady..."How we switched to Kanban and how it integrates with product planning", Vady...
"How we switched to Kanban and how it integrates with product planning", Vady...
Fwdays60 views
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst422 views
"Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ..."Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ...
"Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ...
Fwdays32 views
MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum117 views

How VXLAN works on Linux

  • 1. How VXLAN works on Linux Basic mechanism and Application to OpenStack and Docker ]中井悦司 / Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K v1.1 2015/07/09
  • 2. 2 How VXLAN works on Linux $ who am i  中井悦司 / Etsuji Nakai – Twitter @enakai00 – Senior Solution Architect and Cloud Evangelist at Red Hat. – The author of some OpenStack books.
  • 3. 3 How VXLAN works on Linux Contents  VXLAN basics  OpenStack Neutron OVS Plugin  VTEP implementation with Flannel  References
  • 5. 5 How VXLAN works on Linux The objective of VXLAN  Creating virtual L2 network over physical L3 network. VXLAN Switch VXLAN Switch VXLAN Switch Tokyo Osaka Fukuoka 10.1.0.0/16 10.1.1.0 10.1.2.0 10.1.3.0 Physical view Logical view from servers
  • 6. 6 How VXLAN works on Linux Packet encapsulation with VXLAN header  VXLAN encapsulates L2 packet inside L3 packet. VXLAN Switch VXLAN Switch Tokyo Osaka Dest Address yy.yy.yy.yy Original Packet Source Address xx.xx.xx.xx Original Packet VXLAN Header xx.xx.xx.xx yy.yy.yy.yy Original Packet
  • 7. 7 How VXLAN works on Linux
  • 8. 8 How VXLAN works on Linux The fundamental problem of L2 over L3  How to find the correct location of packet destination? How did you know that the destination is in Osaka!? VXLAN Switch VXLAN Switch Tokyo Osaka Dest Address yy.yy.yy.yy Original Packet Source Address xx.xx.xx.xx Original Packet VXLAN Header xx.xx.xx.xx yy.yy.yy.yy Original Packet
  • 9. 9 How VXLAN works on Linux ARP resolution on L2 layer  VXLAN switches need to emulate the ARP resolution mechanism. IP  10.1.2.0 MAC zz:zz:zz:zz:zz:zz ① ARP Request "What's the MAC for IP 10.1.2.0?" ② ARP Reply "zz:zz:zz:zz:zz:zz" Dest IP 10.1.2.0 Source IP 10.1.1.0 Payload Dest MAC zz:zz:zz:... Source MAC xx:xx:xx:... L3 headerL2 header IP  10.1.1.0 MAC xx:xx:xx:xx:xx:xx ④ Send L2 packet to "zz:zz:zz:zz:zz:zz" ③ Port <-> MAC association is recorded in MAC table
  • 10. 10 How VXLAN works on Linux Additional features for L2 over L3  Packet encapsulation is not enough for L2 over L3. VXLAN switches need to implement the following features. – ARP resolution: Need to reply to ARP request from local servers without broadcasting the ARP packet. – Destination search : Need to find the destination location corresponding to the destination MAC.  The VXLAN endpoint providing these features is referred as "VTEP". ARP Reply 「zz:zz:zz:zz:zz:zz」 Dest "zz:zz:zz:zz:zz:zz" is located in Osaka.VXLAN Switch Tokyo xx.xx.xx.xx ① ARP Request "What's the MAC for IP 10.1.2.0?" ④ Send L2 packet to "zz:zz:zz:zz:zz:zz"
  • 11. 11 How VXLAN works on Linux
  • 12. 12 How VXLAN works on Linux Variations of VTEP implementation  To implement VTEP features, there must be some mechanism to share the tuple (MAC, IP Address, Location) of all servers.  The followings are some variations of VTEP implementation. – Exchange MAC/IP information using L3 multicasting among switches. – Use SDN controller as a central MAC/IP database. – Use local agent and virtual VXLAN switch running on Linux servers.
  • 14. 14 How VXLAN works on Linux ML2 l2population driver  In the case of OpenStack Neutron OVS plugin, VXLAN encapsulation is done on the local Open vSwitch on compute nodes. – MAC/IP information is sent by L2 agent and populated by l2population ML2 driver. – The l2population driver populates the following entries in OVS. • FDB (forwarding database): a lookup table to find a destination node corresponding to the dest MAC address. • Flowtable entries for replying to ARP requests from local VMs. VM OVS (br-int) VM l2population driver Messaging server (RabbitMQ) VM OVS (br-int) VM l2population driver L2 Agent L2 Agent ① Attaching new VM ② Send MAC/IP information ③ Populate flow table in OVS
  • 15. 15 How VXLAN works on Linux  Reference : ML2 – Address Population – http://assafmuller.com/2014/02/23/ml2-address-population/
  • 17. 17 How VXLAN works on Linux Overlay network with Flannel  Flannel is a opensource tool to create overlay network for Docker containers. It's often used with Kubernetes. – It uses Linux kernel's native VXLAN devices for packet encapsulation. – Flannel daemon dynamically populates FDB and ARP table according to the kernel requests via the "L2/L3 MISS" notification mechanism. • The mechanism is originally named as "DOVE extensions" • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751 – The IP/MAC information is shared with the backend KVS (etcd). etcd Physical network 192.168.122.0/24 Minion flannel.1 Minion flannel.1 Internal network for container communication 10.1.0.0/16 Minion flannel.1 VXLAN device
  • 18. 18 How VXLAN works on Linux Kernel's DOVE extensions  You can use the native VXLAN device with the current Linux kernel. – You don't necessarily need OVS for using VXLAN. – It's just like using the traditional VLAN device with Linux :)  VTEP features are implemented with a userland agent via "L2/L3 MISS" notification mechanism. (The notification is sent via netlink.) – L3MISS • The kernel asks the agent to populate the local ARP table when necessary instead of broadcasting the ARP request packet. – L2MISS • The kernel asks the agent to populate FDB when necessary. # ip -d l show flannel.1 3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT link/ether 82:ce:d5:09:06:2c brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 1 local 192.168.122.101 dev eth0 srcport 0 0 dstport 8472 proxy l2miss ageing 300 # bridge fdb show dev flannel.1 56:e1:c1:d6:b7:51 dst 192.168.122.102 self # cat /proc/sys/net/ipv4/neigh/flannel.1/app_solicit 3
  • 19. 19 How VXLAN works on Linux  Reference: Kernel patch - add DOVE extensions for VXLAN – https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751
  • 21. 21 How VXLAN works on Linux References  ML2 – Address Population – http://assafmuller.com/2014/02/23/ml2-address-population/  Kernel patch: add DOVE extensions for VXLAN – https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=e4f67addf158f98f8197e08974966b18480dc751  FlannelのVXLANバックエンドの仕組み – http://enakai00.hatenablog.com/entry/2015/04/02/173739