SlideShare a Scribd company logo

VyOS Users Meeting #2, VyOSのVXLANの話

Download as PPTX, PDF
upaa
upaa

VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.

Software
1 of 24
VyOS VXLAN and Linux Device Driver VyOSのVXLANとLinuxのデバドラの話 2014/11/2 VyOS users meeting #2 Ryo Nakamura upa@haeena.net
Virtual eXtensible LAN • An Ethernet over IP overlay. RFC7348. – Ethernet frame is encapsulated in IP + UDP + VXLAN headers. – VXLAN header contains 24bit Virtual Network Identifier (VNI) field. 2^24 L2 segments can be multiplexed in one VXLAN overlay network domain. – Unicast traffic is encapsulated in IP Unicast. – BUM traffic is encapsulated in IP Multicast. • Multicast based VTEP learning is described in RFC, Sec 4. – Many vendors propose and use their original control planes. – Of course, I know that Multicast is difficult in actual environments, but they don’t have INTEROPERBILITY :( 2
Multicast based VTEP learning OuterIP Src A OuterIP Dst M SrcMAC : 1 DstMAC : FF VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:3 Node:4 Node:2 Node 1 send arp request Node 4 3 Node 1 is in VTEP A !!
Multicast based VTEP learning VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:4 Node:2 OuterIP Src D OuterIP Dst A SrcMAC : 4 DstMAC : 1 Node 4 send arp reply to Node 1 4 Node:3 Node 4 is in VTEP D !! Node 1 is in VTEP A !!
VyOS VXLAN support • 2014/9/20, merged. 5
Linux kernel version issue • Linux VXLAN Driver is appeared in kernel 3.7 – 2012/9/24, first patch was contributed to netdev. – I was really looking forward to Vyatta Core with kernel 3.7 and later. • Kernel version of VyOS Helium is 3.13.11 !! – HooooooooOOOO!!! WrrrrryyyyyyYYYYYYYYYY !!!!!!!! – Hydrogen is kernel 3.3 6
VyOS VXLAN CLI • Under the interfaces section – set interfaces vxlan vxlan0 – set interfaces vxlan vxlan0 group 239.0.0.1 – set interfaces vxlan vxlan0 vni 0 – and basic interface operations • IPv4/v6 routing • bridge-group • policy interfaces { vxlan vxlan0 { group 239.0.0.1 vni 0 } } 7
Operation example interfaces { vxlan vxlan0 { address 172.16.0.1/24 group 239.0.0.10 ip { ospf { cost 10 } } vni 0 } } protocols { ospf { area 0 { network 172.16.0.0/24 } } } 8
Operation example vyos@vyos:~$ show interfaces vxlan vxlan0 vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether b2:74:c9:fa:1d:fd brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global vxlan0 valid_lft forever preferred_lft forever inet6 fe80::b074:c9ff:fefa:1dfd/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collisions 2446 25 0 0 0 0 9
Operation example vyos@vyos:~$ show ip ospf interface vxlan0 vxlan0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST> Internet Address 172.16.0.1/24, Broadcast 172.16.0.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.10.20.189, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.10.20.189, Interface Address 172.16.0.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 7.900s Neighbor Count is 0, Adjacent neighbor count is 0 10
node.def • VXLAN interface name – Different number from VNI can be used to an interface name. But, I think it is really confusing :( val_help: <vxlanN>; VXLAN interface name syntax:expression: pattern $VAR(@) "vxlan[0-9]+$" 11
node.def (cont’d) • REQUIRED – A vxlan overlay network is identified by VNI. – Multicast Group Address is required to encapsulate BUM Traffic in IP Multicast. Group Address can be reused for other VNI. commit:expression: $VAR(./group/) != ""; "Must configure vxlan group for $VAR(@)" commit:expression: $VAR(./vni/) != ""; "Must configure vxlan vni for $VAR(@)“ 12
node.def (cont’d) • create interface VXLAN_VNI="id $VAR(./vni/@)" VXLAN_GROUP="group $VAR(./group/@)" VXLAN_TTL="ttl 16" if [ ! $VAR(./link/) == "" ]; then VXLAN_DEV="dev $VAR(./link/@)" fi ip link add name $VAR(@) type vxlan $VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV ip link set $VAR(@) up touch /tmp/vxlan-$VAR(@)-create skimped work... underlay device And, execute iproute2 13
Change vni or group of existing vxlan interfaces • Sorry, it is not supported. • Changing group or vni requires delete and re-create the vxlan interface. 14
VXLAN in Linux • ip link add type vxlan – Pseudo ethernet interface : vxlanX – Interfaces are connected to each vxlan overlay network corresponding to a VNI (vxlan_dev and FDB / VNI) – Namespace is supported struct net_device Linux Kernel netif_rx(skb) vxlan1 FDB vxlan0 FDB kernel udp socket udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv iptunnel_xmit() 15
How to specify attributes • ip link add type vxlan id 0 group X – Netlink API : An API to communicate to Kernel – NETLINK_ROUTE, NETLINK_NETFILTER and more Linux Kernel Userland Application Netlink Socket socket(AF_NETLINK, SOCK_RAW, netlink_family) Inter face routing table Netfilter struct nlmsghdr and rtattr etc 16
How to specify attributes (cont’d) • ip link add type vxlan id 0 group X – RTNETLINK : routing socket • RTM_NEWLINK message is sent with attributes related to VXLAN (see man ip-link) int do_iplink(int argc, char **argv) { if (argc > 0) { if (iplink_have_newlink()) { if (matches(*argv, "add") == 0) return iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_EXCL, argc-1, argv+1); iproute2 package is a good text book of Netlink !! 17
Attributes of vlxan interface • id : Virtual Network Identifier • dev : Uunderlay device (in VyOS, link) • group : Multicast group address • remote : An unicast IP address of VTEP for BUM traffic • local : Source IP address of encapsulated packet • ttl : TTL of encapsulated packet • port : Source port range of encapsulated packet But, these attributes can be only specified when a pseudo interface is created !! 18
How to specify attributes (cont’d) • VXLAN driver kernel-source/drivers/net/vxlan.c – RTM messages are processed by rtnl_link_ops static struct rtnl_link_ops vxlan_link_ops __read_mostly = { .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, .priv_size = sizeof(struct vxlan_dev), .setup = vxlan_setup, .validate = vxlan_validate, .newlink = vxlan_newlink, .dellink = vxlan_dellink, .get_size = vxlan_get_size, .fill_info = vxlan_fill_info, }; vxlan_newlink () is called when RTM_NEWLINK is received 19
vxlan_newlink () • Codes can not be pasted... too long... 1. Parse attributes 2. Set up parsed parameters to vxlan_dev 3. register_netdeivce 20
And, you can see vxlan0 asano2:/home/upa % ifconfig vxlan0 vxlan0 Link encap:Ethernet HWaddr 02:0a:1e:ad:7f:31 inet6 addr: fe80::a:1eff:fead:7f31/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:690 (690.0 B) asano2:/home/upa % ip -d link show dev vxlan0 9: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 02:0a:1e:ad:7f:31 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 0 group 239.0.0.1 srcport 32768 61000 dstport 8472 ageing 300 asano2:/home/upa % bridge fdb show dev vxlan0 00:00:00:00:00:00 dst 239.0.0.1 self permanent 21
As a result • vxlan parameters can not be changed after pseudo interface is created. • Do you have good ideas ? – I have just only one idea. • Use Generic Netlink like l2tp driver • Generic Netlink is a mechanism to add user defined netlink family dynamically. • It requires patches to vxlan driver and iproute2... 22
Future work ? • Change destination port ? – Default is 8472 (OTV). 4789 is assigned for VXLAN by IANA – It can be changed through module_param. But it requires rmmod/insmod when port is changed. Of course, all pseudo interfaces are removed... • Support “remote” attribute – Easy. Is it needed for the community ? 23
Overlay is the Only Way!! Thanks! upa@haeena.net 24

Recommended

How to add and delete ont on the olt device
How to add and delete ont on the olt deviceHow to add and delete ont on the olt device
How to add and delete ont on the olt device
Huanetwork
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
NetProtocol Xpert
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptables
Przemysław Piotrowski
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
CCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPCCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRP
Vuz Dở Hơi
 

Recommended

How to add and delete ont on the olt device
How to add and delete ont on the olt deviceHow to add and delete ont on the olt device
How to add and delete ont on the olt device
Huanetwork
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
NetProtocol Xpert
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptables
Przemysław Piotrowski
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
APNIC
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
CCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRPCCNAv5 - S3: Chapter 7 EIGRP
CCNAv5 - S3: Chapter 7 EIGRP
Vuz Dở Hơi
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
KwonSun Bae
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRP
Bob Melander
 
CCNP Route - OSPF
CCNP Route - OSPFCCNP Route - OSPF
CCNP Route - OSPF
mdyabi
 
RTSP Analysis Wireshark
RTSP Analysis WiresharkRTSP Analysis Wireshark
RTSP Analysis Wireshark
Yoss Cohen
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
GLC Networks
 
5gc call flow
5gc call flow5gc call flow
5gc call flow
Koorosh Hoveyda
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
Mohammed Umair
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
Gb over ip
Gb over ipGb over ip
Gb over ip
sriwijayamataram
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support
Hanoch Haim
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introduction
Vipin Gupta
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
Faisal Reza
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewall
Marian Marinov
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
ASHISH SEHGAL
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoS
Chris Changmo Yoo
 
2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎
SachieMiyazaki
 
DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴
Sugawara Genki
 

More Related Content

What's hot

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
KwonSun Bae
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRP
Bob Melander
 
CCNP Route - OSPF
CCNP Route - OSPFCCNP Route - OSPF
CCNP Route - OSPF
mdyabi
 
RTSP Analysis Wireshark
RTSP Analysis WiresharkRTSP Analysis Wireshark
RTSP Analysis Wireshark
Yoss Cohen
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
GLC Networks
 
5gc call flow
5gc call flow5gc call flow
5gc call flow
Koorosh Hoveyda
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
Mohammed Umair
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
APNIC
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support
Hanoch Haim
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introduction
Vipin Gupta
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
Faisal Reza
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewall
Marian Marinov
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
ASHISH SEHGAL
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoS
Chris Changmo Yoo
 

What's hot (20)

Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 
VXLAN
VXLANVXLAN
VXLAN
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRP
 
CCNP Route - OSPF
CCNP Route - OSPFCCNP Route - OSPF
CCNP Route - OSPF
 
RTSP Analysis Wireshark
RTSP Analysis WiresharkRTSP Analysis Wireshark
RTSP Analysis Wireshark
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
 
5gc call flow
5gc call flow5gc call flow
5gc call flow
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming Techniques
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
Gb over ip
Gb over ipGb over ip
Gb over ip
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introduction
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
nftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewallnftables - the evolution of Linux Firewall
nftables - the evolution of Linux Firewall
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
Netmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoSNetmanias L2,L3 Training (3) L2, L3 QoS
Netmanias L2,L3 Training (3) L2, L3 QoS
 

Viewers also liked

2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎
SachieMiyazaki
 
DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴
Sugawara Genki
 
What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014Emma Haruka Iwao
 
Measurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packetsMeasurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packets
@ otsuka752
 
VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御
真吾 吉田
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kazuhito Ohkawa
 

Viewers also liked (6)

2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎
 
DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴
 
What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014
 
Measurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packetsMeasurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packets
 
VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例
 

Similar to VyOS Users Meeting #2, VyOSのVXLANの話

OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebula Project
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
Laurent Bernaille
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
Etsuji Nakai
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
lilliput12
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Shixiong Shang
 
Designing scalable Docker networks
Designing scalable Docker networksDesigning scalable Docker networks
Designing scalable Docker networks
Murat Mukhtarov
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networksOCTO Technology
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
Indonesia Network Operators Group
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Docker, Inc.
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
Madhu Venugopal
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
Kernel TLV
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_dive
yfauser
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PROIDEA
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker, Inc.
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
Docker, Inc.
 

Similar to VyOS Users Meeting #2, VyOSのVXLANの話 (20)

NSX-MH
NSX-MHNSX-MH
NSX-MH
 
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Designing scalable Docker networks
Designing scalable Docker networksDesigning scalable Docker networks
Designing scalable Docker networks
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_dive
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
 

Recently uploaded

Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
Sharepoint Designs
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
Jelle | Nordend
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 

Recently uploaded (20)

Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024Explore Modern SharePoint Templates for 2024
Explore Modern SharePoint Templates for 2024
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 

VyOS Users Meeting #2, VyOSのVXLANの話

  • 1. VyOS VXLAN and Linux Device Driver VyOSのVXLANとLinuxのデバドラの話 2014/11/2 VyOS users meeting #2 Ryo Nakamura upa@haeena.net
  • 2. Virtual eXtensible LAN • An Ethernet over IP overlay. RFC7348. – Ethernet frame is encapsulated in IP + UDP + VXLAN headers. – VXLAN header contains 24bit Virtual Network Identifier (VNI) field. 2^24 L2 segments can be multiplexed in one VXLAN overlay network domain. – Unicast traffic is encapsulated in IP Unicast. – BUM traffic is encapsulated in IP Multicast. • Multicast based VTEP learning is described in RFC, Sec 4. – Many vendors propose and use their original control planes. – Of course, I know that Multicast is difficult in actual environments, but they don’t have INTEROPERBILITY :( 2
  • 3. Multicast based VTEP learning OuterIP Src A OuterIP Dst M SrcMAC : 1 DstMAC : FF VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:3 Node:4 Node:2 Node 1 send arp request Node 4 3 Node 1 is in VTEP A !!
  • 4. Multicast based VTEP learning VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:4 Node:2 OuterIP Src D OuterIP Dst A SrcMAC : 4 DstMAC : 1 Node 4 send arp reply to Node 1 4 Node:3 Node 4 is in VTEP D !! Node 1 is in VTEP A !!
  • 5. VyOS VXLAN support • 2014/9/20, merged. 5
  • 6. Linux kernel version issue • Linux VXLAN Driver is appeared in kernel 3.7 – 2012/9/24, first patch was contributed to netdev. – I was really looking forward to Vyatta Core with kernel 3.7 and later. • Kernel version of VyOS Helium is 3.13.11 !! – HooooooooOOOO!!! WrrrrryyyyyyYYYYYYYYYY !!!!!!!! – Hydrogen is kernel 3.3 6
  • 7. VyOS VXLAN CLI • Under the interfaces section – set interfaces vxlan vxlan0 – set interfaces vxlan vxlan0 group 239.0.0.1 – set interfaces vxlan vxlan0 vni 0 – and basic interface operations • IPv4/v6 routing • bridge-group • policy interfaces { vxlan vxlan0 { group 239.0.0.1 vni 0 } } 7
  • 8. Operation example interfaces { vxlan vxlan0 { address 172.16.0.1/24 group 239.0.0.10 ip { ospf { cost 10 } } vni 0 } } protocols { ospf { area 0 { network 172.16.0.0/24 } } } 8
  • 9. Operation example vyos@vyos:~$ show interfaces vxlan vxlan0 vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether b2:74:c9:fa:1d:fd brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global vxlan0 valid_lft forever preferred_lft forever inet6 fe80::b074:c9ff:fefa:1dfd/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collisions 2446 25 0 0 0 0 9
  • 10. Operation example vyos@vyos:~$ show ip ospf interface vxlan0 vxlan0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST> Internet Address 172.16.0.1/24, Broadcast 172.16.0.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.10.20.189, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.10.20.189, Interface Address 172.16.0.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 7.900s Neighbor Count is 0, Adjacent neighbor count is 0 10
  • 11. node.def • VXLAN interface name – Different number from VNI can be used to an interface name. But, I think it is really confusing :( val_help: <vxlanN>; VXLAN interface name syntax:expression: pattern $VAR(@) "vxlan[0-9]+$" 11
  • 12. node.def (cont’d) • REQUIRED – A vxlan overlay network is identified by VNI. – Multicast Group Address is required to encapsulate BUM Traffic in IP Multicast. Group Address can be reused for other VNI. commit:expression: $VAR(./group/) != ""; "Must configure vxlan group for $VAR(@)" commit:expression: $VAR(./vni/) != ""; "Must configure vxlan vni for $VAR(@)“ 12
  • 13. node.def (cont’d) • create interface VXLAN_VNI="id $VAR(./vni/@)" VXLAN_GROUP="group $VAR(./group/@)" VXLAN_TTL="ttl 16" if [ ! $VAR(./link/) == "" ]; then VXLAN_DEV="dev $VAR(./link/@)" fi ip link add name $VAR(@) type vxlan $VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV ip link set $VAR(@) up touch /tmp/vxlan-$VAR(@)-create skimped work... underlay device And, execute iproute2 13
  • 14. Change vni or group of existing vxlan interfaces • Sorry, it is not supported. • Changing group or vni requires delete and re-create the vxlan interface. 14
  • 15. VXLAN in Linux • ip link add type vxlan – Pseudo ethernet interface : vxlanX – Interfaces are connected to each vxlan overlay network corresponding to a VNI (vxlan_dev and FDB / VNI) – Namespace is supported struct net_device Linux Kernel netif_rx(skb) vxlan1 FDB vxlan0 FDB kernel udp socket udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv iptunnel_xmit() 15
  • 16. How to specify attributes • ip link add type vxlan id 0 group X – Netlink API : An API to communicate to Kernel – NETLINK_ROUTE, NETLINK_NETFILTER and more Linux Kernel Userland Application Netlink Socket socket(AF_NETLINK, SOCK_RAW, netlink_family) Inter face routing table Netfilter struct nlmsghdr and rtattr etc 16
  • 17. How to specify attributes (cont’d) • ip link add type vxlan id 0 group X – RTNETLINK : routing socket • RTM_NEWLINK message is sent with attributes related to VXLAN (see man ip-link) int do_iplink(int argc, char **argv) { if (argc > 0) { if (iplink_have_newlink()) { if (matches(*argv, "add") == 0) return iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_EXCL, argc-1, argv+1); iproute2 package is a good text book of Netlink !! 17
  • 18. Attributes of vlxan interface • id : Virtual Network Identifier • dev : Uunderlay device (in VyOS, link) • group : Multicast group address • remote : An unicast IP address of VTEP for BUM traffic • local : Source IP address of encapsulated packet • ttl : TTL of encapsulated packet • port : Source port range of encapsulated packet But, these attributes can be only specified when a pseudo interface is created !! 18
  • 19. How to specify attributes (cont’d) • VXLAN driver kernel-source/drivers/net/vxlan.c – RTM messages are processed by rtnl_link_ops static struct rtnl_link_ops vxlan_link_ops __read_mostly = { .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, .priv_size = sizeof(struct vxlan_dev), .setup = vxlan_setup, .validate = vxlan_validate, .newlink = vxlan_newlink, .dellink = vxlan_dellink, .get_size = vxlan_get_size, .fill_info = vxlan_fill_info, }; vxlan_newlink () is called when RTM_NEWLINK is received 19
  • 20. vxlan_newlink () • Codes can not be pasted... too long... 1. Parse attributes 2. Set up parsed parameters to vxlan_dev 3. register_netdeivce 20
  • 21. And, you can see vxlan0 asano2:/home/upa % ifconfig vxlan0 vxlan0 Link encap:Ethernet HWaddr 02:0a:1e:ad:7f:31 inet6 addr: fe80::a:1eff:fead:7f31/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:690 (690.0 B) asano2:/home/upa % ip -d link show dev vxlan0 9: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 02:0a:1e:ad:7f:31 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 0 group 239.0.0.1 srcport 32768 61000 dstport 8472 ageing 300 asano2:/home/upa % bridge fdb show dev vxlan0 00:00:00:00:00:00 dst 239.0.0.1 self permanent 21
  • 22. As a result • vxlan parameters can not be changed after pseudo interface is created. • Do you have good ideas ? – I have just only one idea. • Use Generic Netlink like l2tp driver • Generic Netlink is a mechanism to add user defined netlink family dynamically. • It requires patches to vxlan driver and iproute2... 22
  • 23. Future work ? • Change destination port ? – Default is 8472 (OTV). 4789 is assigned for VXLAN by IANA – It can be changed through module_param. But it requires rmmod/insmod when port is changed. Of course, all pseudo interfaces are removed... • Support “remote” attribute – Easy. Is it needed for the community ? 23
  • 24. Overlay is the Only Way!! Thanks! upa@haeena.net 24