VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
Webinar topic: VLAN vs VXLAN
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing VLAN vs VXLAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/HDo7XVLRd9E
BGP Multihoming Techniques, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Multihoming Techniques (Part 1 and 2) sessions on 24 February 2016.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
Webinar topic: VLAN vs VXLAN
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing VLAN vs VXLAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/HDo7XVLRd9E
BGP Multihoming Techniques, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Multihoming Techniques (Part 1 and 2) sessions on 24 February 2016.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebula Project
In this 90-minute hands-on workshop, some of the key contributors to OpenNebula will walk attendees through the configuration and integration aspects of the networking subsystem in OpenNebula. The session will also include lightning talks by community members describing aspects related to Networking, NFVs and SDNs with OpenNebula:
- Deployment scenarios
- Integration
- Tuning & debugging
- Best practices
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Openstack Networking Internals - Advanced Part
The pictures of the VNI were taken with the "Show my network state" tool
https://sites.google.com/site/showmynetworkstate/
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
"Implementing an IPv6 Enabled Environment for a Public Cloud Tenant" case study I delivered in OpenStack Vancouver Summit (May, 2015) jointly with Anik and Sharmin from Cisco System.
This slide deck was presented on a Docker Meetup in Melbourne in March 2016. Linux namespaces and how they working together with Docker were covered in detail as an introduction to this presentation. In the main part was discussed solution that uses VXLAN networks together with EVPN BGP signalling to route traffic between Docker containers.
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
This presentation reminds Docker networking, exposes Software Defined Network basic paradigms, and then proposes a mixed-up implementation taking benefits of a coupled use of these two technologies. Implementation model proposed could be a good starting point to create multi-tenant PaaS platforms.
As a bonus, OpenStack Neutron internal design is presented.
You can also have a look on our previous presentation related to enterprise patterns for Docker:
http://fr.slideshare.net/ArnaudMAZIN/docker-meetup-paris-enterprise-docker
VXLAN is a point to point, UDP-based "tunneling" protocol, that enables L2 encapsulation over an L3 "undernet", while also allowing up to 16 million Virtual Networks. One challenge with deploying VXLAN is that by default VXLAN requires multicast support for Broadcast, Unknown and Multi-cast packets. Often this is not possible in customer networks. An alternative approach is to use the Service Node concept where dedicated node(s)/process(es) are responsible for flooding Broadcast, Unknown, and Multicast packets throughout a network.
This removes the need for multi-cast, and greatly simplifies network configuration. However, it does require a scalable, and highly available implementation.
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker, Inc.
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental VLAN network drivers introduced in 1.11.
Docker 1.11 Meetup: Networking ShowcaseDocker, Inc.
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
Similar to VyOS Users Meeting #2, VyOSのVXLANの話 (20)
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
1. VyOS VXLAN and Linux Device Driver
VyOSのVXLANとLinuxのデバドラの話
2014/11/2
VyOS users meeting #2
Ryo Nakamura
upa@haeena.net
2. Virtual eXtensible LAN
• An Ethernet over IP overlay. RFC7348.
– Ethernet frame is encapsulated in IP + UDP + VXLAN headers.
– VXLAN header contains 24bit Virtual Network Identifier (VNI) field. 2^24 L2
segments can be multiplexed in one VXLAN overlay network domain.
– Unicast traffic is encapsulated in IP Unicast.
– BUM traffic is encapsulated in IP Multicast.
• Multicast based VTEP learning is described in RFC, Sec 4.
– Many vendors propose and use their original control planes.
– Of course, I know that Multicast is difficult in actual environments, but they don’t
have INTEROPERBILITY :(
2
3. Multicast based VTEP learning
OuterIP Src A
OuterIP Dst M
SrcMAC : 1
DstMAC : FF
VTEP:A
VTEP:B
Node:1 VTEP:D
VTEP:C
Node:3
Node:4
Node:2
Node 1 send arp request Node 4
3
Node 1 is in
VTEP A !!
4. Multicast based VTEP learning
VTEP:A
VTEP:B
Node:1 VTEP:D
VTEP:C
Node:4
Node:2
OuterIP Src D
OuterIP Dst A
SrcMAC : 4
DstMAC : 1
Node 4 send arp reply to Node 1
4 Node:3
Node 4 is in
VTEP D !!
Node 1 is in
VTEP A !!
6. Linux kernel version issue
• Linux VXLAN Driver is appeared in kernel 3.7
– 2012/9/24, first patch was contributed to netdev.
– I was really looking forward to Vyatta Core with
kernel 3.7 and later.
• Kernel version of VyOS Helium is 3.13.11 !!
– HooooooooOOOO!!! WrrrrryyyyyyYYYYYYYYYY !!!!!!!!
– Hydrogen is kernel 3.3
6
7. VyOS VXLAN CLI
• Under the interfaces section
– set interfaces vxlan vxlan0
– set interfaces vxlan vxlan0 group 239.0.0.1
– set interfaces vxlan vxlan0 vni 0
– and basic interface operations
• IPv4/v6 routing
• bridge-group
• policy
interfaces {
vxlan vxlan0 {
group 239.0.0.1
vni 0
}
} 7
8. Operation example
interfaces {
vxlan vxlan0 {
address 172.16.0.1/24
group 239.0.0.10
ip {
ospf {
cost 10
}
}
vni 0
}
}
protocols {
ospf {
area 0 {
network 172.16.0.0/24
}
}
}
8
9. Operation example
vyos@vyos:~$ show interfaces vxlan vxlan0
vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN group default
link/ether b2:74:c9:fa:1d:fd brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/24 brd 172.16.0.255 scope global vxlan0
valid_lft forever preferred_lft forever
inet6 fe80::b074:c9ff:fefa:1dfd/64 scope link
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collisions
2446 25 0 0 0 0
9
10. Operation example
vyos@vyos:~$ show ip ospf interface vxlan0
vxlan0 is up
ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST>
Internet Address 172.16.0.1/24, Broadcast 172.16.0.255, Area 0.0.0.0
MTU mismatch detection:enabled
Router ID 10.10.20.189, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.10.20.189, Interface Address 172.16.0.1
No backup designated router on this network
Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in 7.900s
Neighbor Count is 0, Adjacent neighbor count is 0
10
11. node.def
• VXLAN interface name
– Different number from VNI can be used to an interface
name. But, I think it is really confusing :(
val_help: <vxlanN>; VXLAN interface name
syntax:expression: pattern $VAR(@) "vxlan[0-9]+$"
11
12. node.def (cont’d)
• REQUIRED
– A vxlan overlay network is identified by VNI.
– Multicast Group Address is required to encapsulate BUM Traffic
in IP Multicast.
Group Address can be reused for other VNI.
commit:expression: $VAR(./group/) != "";
"Must configure vxlan group for $VAR(@)"
commit:expression: $VAR(./vni/) != "";
"Must configure vxlan vni for $VAR(@)“
12
13. node.def (cont’d)
• create interface
VXLAN_VNI="id $VAR(./vni/@)"
VXLAN_GROUP="group $VAR(./group/@)"
VXLAN_TTL="ttl 16"
if [ ! $VAR(./link/) == "" ]; then
VXLAN_DEV="dev $VAR(./link/@)"
fi
ip link add name $VAR(@) type vxlan
$VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV
ip link set $VAR(@) up
touch /tmp/vxlan-$VAR(@)-create
skimped
work...
underlay
device
And,
execute
iproute2
13
14. Change vni or group of existing
vxlan interfaces
• Sorry, it is not supported.
• Changing group or vni requires delete and
re-create the vxlan interface.
14
15. VXLAN in Linux
• ip link add type vxlan
– Pseudo ethernet interface : vxlanX
– Interfaces are connected to each vxlan overlay network corresponding to a VNI
(vxlan_dev and FDB / VNI)
– Namespace is supported
struct net_device
Linux Kernel
netif_rx(skb)
vxlan1
FDB
vxlan0
FDB
kernel udp socket
udp_sk(sk)->encap_rcv =
vxlan_udp_encap_recv
iptunnel_xmit()
15
16. How to specify attributes
• ip link add type vxlan id 0 group X
– Netlink API : An API to communicate to Kernel
– NETLINK_ROUTE, NETLINK_NETFILTER and more
Linux Kernel
Userland Application
Netlink Socket
socket(AF_NETLINK, SOCK_RAW, netlink_family)
Inter
face
routing
table
Netfilter
struct nlmsghdr
and rtattr etc
16
17. How to specify attributes (cont’d)
• ip link add type vxlan id 0 group X
– RTNETLINK : routing socket
• RTM_NEWLINK message is sent with attributes related to
VXLAN (see man ip-link)
int do_iplink(int argc, char **argv)
{
if (argc > 0) { if (iplink_have_newlink()) {
if (matches(*argv, "add") == 0)
return iplink_modify(RTM_NEWLINK,
NLM_F_CREATE|NLM_F_EXCL,
argc-1, argv+1);
iproute2 package is a
good text book of
Netlink !!
17
18. Attributes of vlxan interface
• id : Virtual Network Identifier
• dev : Uunderlay device (in VyOS, link)
• group : Multicast group address
• remote : An unicast IP address of VTEP for BUM traffic
• local : Source IP address of encapsulated packet
• ttl : TTL of encapsulated packet
• port : Source port range of encapsulated packet
But, these attributes can be only specified
when a pseudo interface is created !!
18
19. How to specify attributes (cont’d)
• VXLAN driver kernel-source/drivers/net/vxlan.c
– RTM messages are processed by rtnl_link_ops
static struct rtnl_link_ops vxlan_link_ops __read_mostly = {
.kind = "vxlan",
.maxtype = IFLA_VXLAN_MAX,
.policy = vxlan_policy,
.priv_size = sizeof(struct vxlan_dev),
.setup = vxlan_setup,
.validate = vxlan_validate,
.newlink = vxlan_newlink,
.dellink = vxlan_dellink,
.get_size = vxlan_get_size,
.fill_info = vxlan_fill_info,
};
vxlan_newlink () is called
when RTM_NEWLINK
is received
19
20. vxlan_newlink ()
• Codes can not be pasted... too long...
1. Parse attributes
2. Set up parsed parameters to vxlan_dev
3. register_netdeivce
20
21. And, you can see vxlan0
asano2:/home/upa % ifconfig vxlan0
vxlan0 Link encap:Ethernet HWaddr 02:0a:1e:ad:7f:31
inet6 addr: fe80::a:1eff:fead:7f31/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:690 (690.0 B)
asano2:/home/upa % ip -d link show dev vxlan0
9: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN mode DEFAULT group default
link/ether 02:0a:1e:ad:7f:31 brd ff:ff:ff:ff:ff:ff promiscuity 0
vxlan id 0 group 239.0.0.1 srcport 32768 61000 dstport 8472 ageing 300
asano2:/home/upa % bridge fdb show dev vxlan0
00:00:00:00:00:00 dst 239.0.0.1 self permanent
21
22. As a result
• vxlan parameters can not be changed after
pseudo interface is created.
• Do you have good ideas ?
– I have just only one idea.
• Use Generic Netlink like l2tp driver
• Generic Netlink is a mechanism to add user defined
netlink family dynamically.
• It requires patches to vxlan driver and iproute2...
22
23. Future work ?
• Change destination port ?
– Default is 8472 (OTV). 4789 is assigned for VXLAN by IANA
– It can be changed through module_param.
But it requires rmmod/insmod when port is changed.
Of course, all pseudo interfaces are removed...
• Support “remote” attribute
– Easy. Is it needed for the community ?
23