Vxlan deep dive session rev0.5 final
Download as PPTX, PDF30 likes8,760 views
VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.
Ad
More Related Content
What's hot (20)
Similar to Vxlan deep dive session rev0.5 final (20)
Ad
Recently uploaded (19)
Ad
Vxlan deep dive session rev0.5 final
- 1. Virtual eXtensible Local Area Network (VXLAN) RFC 7348 - A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks CCIEx2 Security, Data Center 2014-10-25 KwonSun Bae.
- 2. Agenda • What is VXLAN? • Why use VXLAN? • Before the learn VXLAN. Acronyms and Definitions. • VXLAN Overview. VXLAN’s History. • VXLAN Deep Dive. VXLAN Packet Flow VTEP VXLAN Frame Format • VXLAN Demo Cisco VXLAN Configuration VXLAN on vEOS Packet Captures • VXLAN Overlay Comparisons (Options)
- 4. VXLAN is ... • VXLAN Virtual eXtensible Local Area Network • VXLAN’s goal is allowing dynamic large scale isolated virtual L2 networks to be created for virtualized and multi-tenant environments. • VXLAN is one protocol of Network overlay. • https://sites.google.com/site/amitsciscozone/home/data-center/vxlan
- 6. Why use VXLAN? • Traditionally, all data centers use VLANs to enforce Layer2 isolation. As data centers grow and needs arise for extending Layer2 networks across data center or may be beyond a data center, the shortcomings of VLANs are evident. These shortcomings are – In a data center, there are requirements of thousands of VLANs to partition traffic in a multi-tenant environment sharing the same L2/L3 infrastructure for a Cloud Service Provider. The current limit of 4096 VLANs (some are reserved) is not enough. Due to Server virtualization, each Virtual Machine (VM) requires a unique MAC address and an IP address. So, there are thousands of MAC table entries on upstream switches. This places much larger demand on table capacity of the switches. VLANs are too restrictive in terms of distance and deployment. VTP can be used to deploy VLANs across the L2 switches but most people prefer to disable VTP due to its destructive nature. Using STP to provide L2 loop free topology disables most redundant links. Hence, Equal- Cost Multi-Path (ECMP) is hard to achieve. However, ECMP is easy to achieve in IP network.
- 7. Why use VXLAN? • Data Center Grows (Server Side) https://www.arista.com/en/products/eos/cloud-scale-architecture/articletabs/0
- 8. Why use VXLAN? • Types of Overlay Edge Devices VXLAN – VTEP Deployment Designs * Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
- 9. Before the learn VXLAN. Acronyms and Definitions
- 10. Acronyms and Definitions • PIM Protocol Independent Multicast • SPB Shortest Path Bridging • STP Spanning Tree Protocol • ToR Top of Rack • TRILL Transparent Interconnection of Lots of Links • VLAN Virtual Local Area Network • VM Virtual Machine • VNI VXLAN Network Identifier (or VXLAN Segment ID) • VTEP VXLAN Tunnel End Point. An entity that originates and/or terminates VXLAN tunnels • VXLAN Virtual eXtensible Local Area Network • VXLAN Segment VXLAN Layer 2 overlay network over which VMs communicate • VXLAN Gateway an entity that forwards traffic between VXLANs
- 11. VXLAN Overview.
- 12. VXLAN Operation. • http://www.definethecloud.net/vxlan-deep-divepart-2/
- 13. VXLAN History • https://datatracker.ietf.org/doc/rfc7348/history/
- 14. Important Diff from Previous • http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan- 02&url2=draft-mahalingam-dutt-dcops-vxlan-03 UDP Protocol NO fixed to 17 for IPv4 VXLAN Frame Format with IPv6 Outer Header added. • http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan- 03&url2=draft-mahalingam-dutt-dcops-vxlan-04 A well-known UDP port (4789) has been assigned by IANA for VXLAN. • http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan- 07&url2=draft-mahalingam-dutt-dcops-vxlan-08 VTEPs MUST not fragment VXLAN packets.
- 15. VXLAN Deep Dive.
- 16. VXLAN BUM Traffic over Transport Multicast • VXLAN BUM (Broadcast, Unknown Unicast and Multicast) traffic is transported over the VXLAN segment control multicast group. * Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
- 17. VXLAN VTEP Peer Discovery & Address Learning * Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
- 18. VXLAN Packet Forwarding Flow * Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
- 19. VXLAN Interface (VTEP) *http://www.definethecloud.net/vxlan-deep- dive/
- 20. VXLAN Frame Format * BRKDCT-2404 - VXLAN Deployment Models
- 21. VXLAN Demo.
- 22. Cisco VTEP Configuration Cisco NX-OS N9K Cisco NX-OS N1Kv + So Many Manual Tasks!! http://www.cisco.com/c/en/us/products/collateral/switch es/nexus-7000-series-switches/guide_c07-728863.html
- 23. External Network Layer 3 Network VXLAN on vEOS 10.183.100.1/24 VLAN 100 VXLAN VNI 20100 VTEP VTEP VTEP VLAN 101 VLAN 100 10.183.100.130 10.183.100.131 10.183.100.132 vEOS-C# ----------------------------------- vlan 100 interface Ethernet1 mtu 9000 no switchport ip address 1.1.12.2/24 ip pim sparse-mode interface Ethernet2 mtu 9000 no switchport ip address 1.1.13.2/24 ip pim sparse-mode interface Ethernet3 mtu 9000 switchport access vlan 100 interface Loopback0 ip address 1.1.1.3/32 interface Vxlan1 vxlan multicast-group 239.1.1.1 vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vlan 101 vni 100 All Devices for multicast ----------------------------------- ip pim rp-address 1.1.1.3 ip multicast-routing router ospf 1 router-id 1.1.1.x passive-interface default no passive-interface EthernetX network 0.0.0.0/0 area 0.0.0.0
- 24. External Network Layer 3 Network VXLAN on vEOS 10.183.100.1/24 VLAN 100 VXLAN VNI 20100 VTEP VTEP VTEP VLAN 101 VLAN 100 10.183.100.130 10.183.100.131 10.183.100.132 vEOS-A# ----------------------------------- vlan 101 interface Ethernet1 mtu 9000 no switchport ip address 1.1.12.2/24 ip pim sparse-mode interface Ethernet2 - 3 mtu 9000 switchport access vlan 101 interface Loopback0 ip address 1.1.1.1/32 interface Vxlan1 vxlan multicast-group 239.1.1.1 vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vlan 101 vni 100 vEOS-B# ----------------------------------- vlan 100 interface Ethernet1 mtu 9000 no switchport ip address 1.1.13.2/24 ip pim sparse-mode interface Ethernet2 mtu 9000 switchport access vlan 100 interface Loopback0 ip address 1.1.1.2/32 interface Vxlan1 vxlan multicast-group 239.1.1.1 vxlan source-interface Loopback0 vxlan udp-port 4789 vxlan vlan 100 vni 100
- 25. VXLAN on vEOS External Network Layer 3 Network 10.183.100.1/24 VLAN 100 VXLAN VNI 20100 VTEP VTEP VTEP VLAN 101 VLAN 100 10.183.100.130 10.183.100.131 10.183.100.132
- 26. Packet Capture - I
- 27. Packet Capture - II
- 28. Packet Capture - III
- 29. VXLAN Overlay Comparisons *Cisco Live 365 - BRKVIR-2014 - Architecting Scalable Clouds using VXLAN and N1kv
- 30. VXLAN / STT Stateless Transport Tunneling Protocol Similarities • IP Transport • IP Multicast For broadcast and multicast frames • Port Channel Load Distribution 5 Tuple Hashing (UDP vs TCP) Differences • IETF Draft Authors VXLAN: Cisco, VMware, Citrix, Red Hat, Broadcom, Arista STT: Nicira • Encapsulation VXLAN: UDP with 50 bytes STT: “TCP-like” with 72 to 54 bytes (not uniform) * • Segment ID Size VXLAN: 24 bit STT: 64 bit • Firewall ACL can act on VXLAN UDP port Firewalls will likely block STT since it has no TCP state machine handshake • Forwarding Logic VXLAN: Flooding/Learning STT: Not specified
- 31. VXLAN / NVGRE Network Virtualization using Generic Routing Encapsulation Similarities • IP Transport • IP Multicast For broadcast and multicast frames • 24 Bit Segment ID Differences • IETF Draft Authors VXLAN: Cisco, VMware, Citrix, Red Hat, Broadcom, Arista STT: Microsoft, Intel, Dell, HP, Broadcom, Emulex, Arista • Encapsulation VXLAN: UDP with 50 bytes NVGRE: GRE with 42 bytes • Port Channel Load Distribution VXLAN: UDP 5-tuple hashing Most (if not all) current switches do not hash on the GRE header • Firewall ACL can act on VXLAN UDP port Difficult for firewall to act on the GRE Protocol Type field • Forwarding Logic VXLAN: Flooding/Learning NVGRE: Not specified
- 32. VXLAN / OTV Overlay Transport Virtualization Similarities • Same UDP based encapsulation header VXLAN does not use the OTV Overlay ID field • IP Multicast For broadcast and multicast frames (optional for OTV) • 24 Bit Segment ID Differences • Forwarding Logic VXLAN: Flooding/Learning OTV: Uses the IS-IS protocol to advertise the MAC address to IP bindings • OTV can locally terminate ARP and doesn’t flood unknown MACs • OTV can use an adjacency server to eliminate the need for IP multicast • OTV is optimized for Data Center Interconnect to extend VLANs between or across data centers • VXLAN is optimized for intra-DC and multi-tenancy
- 33. VXLAN / LISP Locator / ID Separation Protocol Similarities • Same UDP based encapsulation header VXLAN does not control flag bits or Nonce/MapVersion field 24 Bit Segment ID Differences • LISP carries IP packets, while VXLAN carries Ethernet frames • Forwarding Logic VXLAN: Flooding/Learning LISP: Uses a mapping system to register/resolve inner IP to outer IP mappings • IP Multicast is only required to carry host IP multicast traffic • LISP is designed to give IP address (Identifier) mobility / multi-homing and IP core route scalability • LISP can provide optimal traffic routing when Identifier IP addresses move to a different location
- 34. QnA