REDES DE DATOS II

Data Centers Overlay

Networks - VXLAN

Alberto Arellano A. Ing. Msc.

[email protected]
CCNA – CCNP – CCSP – LPI - JNCIA
Spanning Tree Protocol - Limitations
• The path is the shortest only from the perspective of root
• Long convergence times (>> 50 seconds)
• Danger of flood storms
• Choice of the root is not safe
• STP deactivates ports to form a tree
Solution - Overlay Network
Overlay Network is a technology for encapsulating Ethernet frames
across a routed network. Its goal is to combine the best aspects of a
Layer 2 network with the best aspects of a Layer 3 network.

• VXLAN (Virtual Extensible LAN) – RFC 7348

• TRILL (Transparent Interconnection of Lots of Links) – IETF 6326
• SPB (Shortest Path Bridging) – IEEE 802.1aq
• NVGRE (Network Virtualization using GRE) – RFC 7637 Microsoft
• OTV (Overlay Transport Virtualization)
• FabricPath (TRILL - CISCO)
• GENEVE (Generic Network Virtualization Encapsulation)
• STT (Stateless Transport Tunneling)
Type Overlay Services
Layer 2 Overlays

• Emulate a LAN segment

• Transport Ethernet Frames (IP and non-IP)
• Single subnet mobility (L2 domain)
• Exposure to open L2 flooding
• Useful in emulating physical topologies

Layer 3 Overlays

• Abstract IP based connectivity

• Transport IP Packets
• Full mobility regardless of subnets
• Contain network related failures (floods)
• Useful in abstracting connectivity and policy
Hybrid L2/
VXLAN
Virtual eXtensible LAN (VXLAN) is a MAC-in-UDP
technology that provides Layer 2 (Ethernet) connectivity
between distant network sites across an IP network.
Virtual eXtensible LAN (VXLAN RFC 7348) – 08/2014
• IETF framework proposal, co-authored by Arista, Broadcom,
Cisco, Citrix, Red Hat, Intel, Cumulus & VMware
• Provides Layer 2 “Overlay Networks” on top of a Layer 3
network
• “MAC in IP” Encapsulation
• Layer 2 multi-point tunneling over IP UDP
• Tunnel End-Points (VTEPs)
• Perform encapsulation/decapsulation
• In Software e.g. Hypervisor vSwitch
• In Hardware e.g. Leaf Switches
• Enables Layer 2 interconnection across Layer 3 boundaries
• Transparent to the physical IP network
• Provides Layer 2 scale across the Layer 3 IP fabric
• Abstracts the Virtual connectivity from the physical IP
infrastructure.
VXLAN PLATFORM AND VENDOR SUPPORT
VXLAN ENCAPSULATION AND
TERMINOLOGY
 VXLAN ENCAPSULATION AND
TERMINOLOGY
VXLAN Tunnel End Point (VTEP)
• Performs for VXLAN encapsulation & decapsulation of
the native frame
• Adds the the appropriate VXLAN header.
• Can be implemented on software virtual switch or a
physical switch.
Virtual Tunnel Identifier (VTI)
• An IP interface used as the Source IP address for the
encapsulated VXLAN traffic
• The destination IP address for VXLAN encapsulated
traffic
Virtual Network Identifier (VNI)
• A 24-bit field added within the VXLAN header.
• Identifies the Layer 2 segment of the encapsulated
Ethernet Frame
Packet Format of VXLAN
VXLAN adds 50 bytes (54 bytes with options outer ethernet
header) on top of the original Ethernet frame (with a standard of
1,500 bytes) and encapsulates the source Ethernet frame in a
new UDP packet.
Switch based VXLAN Gateway
Architecture
Point & Multi-Point Tunnel Service
VXLAN Control Plane Options
The VXLAN control plane is used for MAC learning and packet
flooding.
• Mechanism to discover hosts residing behind remote VTEPs
• How to discover VTEPs and their VNI membership
• The mechanism used to forward Broadcast and multicast
traffic within the Layer 2 segment (VNI)
 Layer 2 MAC Address Learning and BUM
Packet Forwarding
Mac VNI Inbound Mac VNI Inbound
Address Interface Address Interface
MAC-1 10 Port1 MAC-1 10 1.1.1.1

VXLAN TUNNEL

1. VM1 sends a packet destined for VM2.

2. VTEP1 encapsulates the received packet and forwards it to VTEP2. Meanwhile,
VTEP1 learns the MAC address, VNI, and inbound interface of VM1.
3. VTEP2 decapsulates the received packet and learns the MAC address, VNI, and
inbound interface (VTEP1) of VM1.
VXLAN Bridging
 VXLAN bridging is the function provided by VTEP
devices to extend a VLAN or VXLAN VNI over the
Layer 3 infrastructure

VTEP VTEP

HOST HOST
IP Network
VXLAN
VLAN 100
VXLAN
Bridging VLAN 100
VXLAN
50000 50000
Configuring VXLAN Bridging

N9K-Leaf-1# show vxlan

Vlan VN-Segment
==== ==========
100 50000
101 50001

vlan 100
vn-segment 50000
vlan 101
vn-segment 50001

interface nve0
source-interface loopback0
overlay encapsulation vxlan
member vni 50000 mcast-group 239.1.1.1
member vni 50001 mcast-group 239.1.1.2
Multiple L2 domains with
interface Ethernet1/1
description connected to Host-1
multicast can be enabled under
switchport single nve interface
switchport mode trunk
 VXLAN Bridging – Learning and
Forwarding
SMAC: MAC_V1
DMAC: hop-by-hop

Underlay
SIP: VTEP-IP-1
DIP: VTEP-IP-2
UDP
---- N-Way ----
VXLAN VNID: 50000
SMAC: MAC1

Overlay
DMAC: MAC2
SIP: IP_1
DIP: IP_2
MAC Table on VTEP1
MAC VXLAN Remote 2
Address ID VTEP
MAC2 50000 VTEP-2 (IP)
VTEP-1 VTEP-2 VTEP-3 VTEP-n
S-MAC: MAC1
D-MAC: MAC2
S-MAC: MAC1
S-IP: IP1 D-MAC: MAC2
D-IP: IP2 1 3
S-IP: IP1
D-IP: IP2

Host 1 Host 11 Host 2 Host 3

MAC1, IP 1 MAC11, IP 11 MAC2, IP 2 MAC3, IP 3
VLAN 100 VLAN 101 VLAN 100 VLAN 101

VXLAN VNID 100

 VXLAN Bridging- Forwarding
A VTEP uses the following processes to forward traffic at Layer 2:

• Unicast process—Applies to destination-known unicast traffic.

• Flood process—Applies to multicast, broadcast, and unknown
unicast traffic.
 VXLAN L2 Gateway
• VXLAN gateway connects VXLAN and traditional VLAN
environments
• A physical VTEP device can provide a hardware-based VXLAN
gateway function
 VXLAN Gateway Types
• VXLAN to VLAN
Bridging (Layer-2
Gateway)

• VXLAN-to-VXLAN
Routing (Layer-3
Gateway)

• VXLAN-to-VLAN
Routing (Layer-3
Gateway)
 VXLAN Routing
• VXLAN routing is also referred to as inter-VXLAN
routing.

• It provides IP routing service between two VXLAN VNIs

in the overlay network in a way similar to inter-VLAN
routing.

HOST HOST
IP Network
VXLAN
VXLAN VXLAN
VNI 40000 Routing VNI 45000
 VXLAN – Inter VLAN Routing with
Routing Block
The routing block in the recommended design for VXLAN routing
consists of a physical VTEP that converts VXLAN VNIs back to VLANs,
and a router or a pair of routers that functions as the IP gateway for the
VLAN IP subnets and routes between VLAN IP subnets.
VXLAN – Inter VLAN Routing with
On-stick-VTEP
VXLAN Bridging – LAB
Configure – Arista-1
Configure – Arista-2
Configure – Arista-3
Create Loopback 1 Interface on
Arista
Create Static Route to Loopback
Interface
Check connectivity
Create VLAN 10 & Configure
Interface eth2
Create VXLAN Interface & Configure
VXLAN
Check connectivity PCs
Wireshark
Check VXLAN VTEPs & Address
Table
VXLAN Multicast Data Plane
VXLAN – R2
VXLAN – R2
VXLAN – R3
VXLAN – CSR1
VXLAN – CSR2
VXLAN – CSR1
VXLAN – CSR2
Check Connectivity
Check Connectivity