Scribd
Upload
108 views38 pages

VXLAN - Theory

Uploaded by

mahihasan190199
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
108 views38 pages

VXLAN - Theory

Uploaded by

mahihasan190199
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

VxLan

What is VxLan

- Virtual Extensible LAN (VXLAN)


- provides a way to extend Layer 2 networks across a Layer 3 infrastructure
- uses MAC-in-UDP encapsulation and tunneling.
Benefits of VxLan
- This feature enables virtualized and multitenant data center fabric designs over a shared common physical
infrastructure.

- Flexible placement of workloads across the data center fabric. It provides a way to extend Layer 2
segments over the underlying shared Layer 3 network infrastructure. workloads can be placed across physical
pods in a single data center or even across several geographically divers data centers.

- Higher scalability to allow more Layer 2 segments. VXLAN uses a 24-bit segment ID, the VXLAN
network identifier (VNID). This allows a maximum of 16 million VXLAN segments to coexist in the same
administrative domain. Traditional VLANs use a 12-bit segment ID that can support a maximum of 4096
VLANs.

- Optimized utilization of available network paths in the underlying infrastructure. VXLAN packets are
transferred through the underlying network based on their Layer 3 headers. They use ECMP routing and link
aggregation protocols to use all available paths. In contrast, a Layer 2 network might block valid forwarding
paths in order to avoid loops.
VxLan Header Format
VXLAN defines a MAC-in-UDP encapsulation scheme
Original Layer 2 frame has a VXLAN header added
Then placed in a UDP-IP packet.

VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN
header, together with the original Ethernet frame, go inside the UDP payload. The 24-bit VNID is used to identify
Layer 2 segments and to maintain Layer 2 isolation between the segments. With all 24 bits in the VNID, VXLAN
can support 16 million LAN segments.
Regular Ethernet Frame
VID = 12 bits
Therefore, only 4096
vlans can be used
Further some are
reserved
VNID = 24 bits
Therefore, 16 million VNI can be used
VxLan Terminology
VTEP
VXLAN tunnel endpoints (VTEPs) are devices that terminate VXLAN tunnels. They
perform VXLAN encapsulation and de-encapsulation.

Each VTEP has two interfaces.

One is a Layer 2 interface on the local LAN segment to support a local endpoint
communication through bridging.

The other is a Layer 3 interface on the IP transport network. The IP interface has a
unique address that identifies the VTEP device in the transport network. The VTEP
device uses this IP address to encapsulate Ethernet frames and transmit the packets on
the transport network. A VTEP discovers other VTEP devices that share the same VNIs
it has locally connected. It advertises the locally connected MAC addresses to its peers.
It also learns remote MAC Address-to-VTEP mappings through its IP interface.
VTEP Interfaces
VxLan Underlay and Overlay
Underlying IP network, called underlay network, is independent of the VXLAN overlay.

The underlay network forwards the VXLAN encapsulated packets based on the outer IP address header.
The outer IP address header has the initiating VTEP's IP interface as the source IP address and the
terminating VTEP's IP interface as the destination IP address.

The purpose of the underlay in the VXLAN fabric is to advertise the reachability of VTEP and to give a
fast and reliable transport for the VXLAN traffic
VxLan Overlay Types
- L2 overlay
- L3 overlay
VxLan Distributed Anycast gateway
Distributed Anycast Gateway refers to the use of default gateway addressing that uses the same IP
and MAC address across all the leafs that are a part of a VNI.

This ensures that every leaf can function as the default gateway for the workloads directly connected to it.
The distributed Anycast Gateway functionality is used to facilitate flexible workload placement, and optimal
traffic forwarding across the VXLAN fabric.
VxLan Control Plane
VxLan control Plane
- Multicast Flood and Learn
- MPBGP EVPN
Flood and Learn Multicast-Based Learning Control Plane
When configuring VXLAN with a multicast based control plane, every VTEP
configured with a specific VXLAN VNI joins the same multicast group. Each
VNI could have its own multicast group, or several VNIs can share the same
group.
The multicast group is used to forward broadcast, unknown unicast, and multicast
(BUM) traffic for a VNI. The multicast configuration must support Any-Source
Multicast (ASM) or PIM BiDir.

Learning
VTEPs only learn local MAC addresses of devices that are directly connected to
them. Remote MAC address to VTEP mappings are learned via conversational
learning.
VXLAN MPBGP EVPN Control Plane
When the local switch sees the new MAC/IP, it signals the new location to rest of the network. Eliminate or
reduce flooding in the data center.

Flooding is reduced by distributing MAC reachability information via MP-BGP EVPN to optimize flooding
relating to L2 unknown unicast traffic. Optimization of reducing broadcasts associated with ARP is achieved by
distributing the necessary information via MPBGP EVPN. The information is then cached at the access switches.

The MPBGP EVPN control plane approach provides:


• IP reachability information for endpoints
• Distribution of host MAC reachability reduces unknown unicast flooding.
• Distribution of host IP/MAC bindings helps local ARP suppression.
• Host mobility.
• A single address family (MPBGP EVPN) to distribute both L2 and L3 route reachability information.
VxLan vni mapping
Vlan to VNID mapping
Vlan to VNID mapping - different vlan mapping
Vlan to VNID mapping - Overlapping Vlan mapping across tenants
VRF to VNID mapping
Building Multicast VxLan
Steps to build Multicast Vxlan
1. Build underlay
2. Configure ip reachability between Vtep
3. Configure multicast to allow flood and learn
4. Configure nve
MP BGP Control Plane
MPBGP EVPN
- Allows for vtep peer discovery and authentication
- This control plane mechanism allows us to overcome security risks

- Vtep 1st establishes BGP neighbor adjacency with other vteps / RRs
- Then BGP updates includes vtep info and end host NLRI

- When BGP updates are received, Peer List is also formed


- This peer list is also used as Vtep Peer List for authorization
MPBGP EVPN steps

- Step1: local vtep completes local learning


- Step2: local vtep advertises learned info to remote vteps using BGP
- Step3: local vtep also receives info from remote vteps using BGP
Comparison of control plane
Packet Flow
Vxlan Configuration commands

You might also like