VXLAN Deep Dive

I’ve been spending my free time digging into network virtualization and network overlays.  This is part 1 of a 2 part series, part 2 can be found here: http://www.definethecloud.net/vxlan-deep-divepart-2.  By far the most popular virtualization technique in the data center is VXLAN.  This has as much to do with Cisco and VMware backing the technology as the tech itself.  That being said VXLAN is targeted specifically at the data center and is one of many similar solutions such as: NVGRE and STT.)  VXLAN’s goal is allowing dynamic large scale isolated virtual L2 networks to be created for virtualized and multi-tenant environments.  It does this by encapsulating frames in VXLAN packets.  The standard for VXLAN is under the scope of the IETF NVO3 working group.

 

VxLAN Frame

The VXLAN encapsulation method is IP based and provides for a virtual L2 network.  With VXLAN the full Ethernet Frame (with the exception of the Frame Check Sequence: FCS) is carried as the payload of a UDP packet.  VXLAN utilizes a 24-bit VXLAN header, shown in the diagram, to identify virtual networks.  This header provides for up to 16 million virtual L2 networks.

Frame encapsulation is done by an entity known as a VXLAN Tunnel Endpoint (VTEP.)  A VTEP has two logical interfaces: an uplink and a downlink.  The uplink is responsible for receiving VXLAN frames and acts as a tunnel endpoint with an IP address used for routing VXLAN encapsulated frames.  These IP addresses are infrastructure addresses and are separate from the tenant IP addressing for the nodes using the VXLAN fabric.  VTEP functionality can be implemented in software such as a virtual switch or in the form a physical switch.

VXLAN frames are sent to the IP address assigned to the destination VTEP; this IP is placed in the Outer IP DA.  The IP of the VTEP sending the frame resides in the Outer IP SA.  Packets received on the uplink are mapped from the VXLAN ID to a VLAN and the Ethernet frame payload is sent as an 802.1Q Ethernet frame on the downlink.  During this process the inner MAC SA and VXLAN ID is learned in a local table.  Packets received on the downlink are mapped to a VXLAN ID using the VLAN of the frame.  A lookup is then performed within the VTEP L2 table using the VXLAN ID and destination MAC; this lookup provides the IP address of the destination VTEP.  The frame is then encapsulated and sent out the uplink interface.

image

Using the diagram above for reference a frame entering the downlink on VLAN 100 with a destination MAC of 11:11:11:11:11:11 will be encapsulated in a VXLAN packet with an outer destination address of 10.1.1.1.  The outer source address will be the IP of this VTEP (not shown) and the VXLAN ID will be 1001.

In a traditional L2 switch a behavior known as flood and learn is used for unknown destinations (i.e. a MAC not stored in the MAC table.  This means that if there is a miss when looking up the MAC the frame is flooded out all ports except the one on which it was received.  When a response is sent the MAC is then learned and written to the table.  The next frame for the same MAC will not incur a miss because the table will reflect the port it exists on.  VXLAN preserves this behavior over an IP network using IP multicast groups.

Each VXLAN ID has an assigned IP multicast group to use for traffic flooding (the same multicast group can be shared across VXLAN IDs.)  When a frame is received on the downlink bound for an unknown destination it is encapsulated using the IP of the assigned multicast group as the Outer DA; it’s then sent out the uplink.  Any VTEP with nodes on that VXLAN ID will have joined the multicast group and therefore receive the frame.  This maintains the traditional Ethernet flood and learn behavior.

VTEPs are designed to be implemented as a logical device on an L2 switch.  The L2 switch connects to the VTEP via a logical 802.1Q VLAN trunk.  This trunk contains an VXLAN infrastructure VLAN in addition to the production VLANs.  The infrastructure VLAN is used to carry VXLAN encapsulated traffic to the VXLAN fabric.  The only member interfaces of this VLAN will be VTEP’s logical connection to the bridge itself and the uplink to the VXLAN fabric.  This interface is the ‘uplink’ described above, while the logical 802.1Q trunk is the downlink.

image

Summary

VXLAN is a network overlay technology design for data center networks.  It provides massively increased scalability over VLAN IDs alone while allowing for L2 adjacency over L3 networks.  The VXLAN VTEP can be implemented in both virtual and physical switches allowing the virtual network to map to physical resources and network services.  VXLAN currently has both wide support and hardware adoption in switching ASICS and hardware NICs, as well as virtualization software.

GD Star Rating
loading...
VXLAN Deep Dive, 4.6 out of 5 based on 36 ratings

Comments

  1. Hi to all, because I am really eager of reading this webpage’s
    post to be updated on a regular basis. It consists of pleasant data.

    GD Star Rating
    loading...
  2. When some onne searches for his vital thing, so he/she desires to bbe
    available that in detail, so that thing is maintained
    over here.

    GD Star Rating
    loading...
  3. Tattoos were covered up, Rosacea, birth marks – it seemed
    to be able to do a fantastic job at covering without actually looking like
    makeup. Now gently rub it on the scar in circular motion before rinsing with
    cold water. Anti-oxidant chemicals are valued for their wide healing actions.

    GD Star Rating
    loading...
  4. I don’t even understand how I finished up here, but I assumed this
    publish was once good. I don’t understand who you’re however definitely you are going to a well-known blogger in the event you aren’t already.
    Cheers!

    GD Star Rating
    loading...
  5. What i doo not realize iis if truth be told how you’re
    not really a lot more smartly-favored than you may bbe right
    now. You are very intelligent. You already know therefore signifiantly in relation to this subject, produced me for my part imagine it
    from a loot oof numerous angles. Its like women and
    men are not involved until it’s one thing to ddo
    with Lady gaga! Your personal stuffs great. Always
    dea with itt up!

    GD Star Rating
    loading...
  6. A Top Crimebuster Exposed How a Crack Squad were Sent to
    Dubai – An Exclusive News
    Recently a top crimebuster has revealed the news related to crack squad, which was sent to Dubai.
    The main aim was to hunt down the VAT criminals, who were threatening to bankrupt Britain.
    According to David Odd, the criminals involved in this carousel fraud took £3.5 billion from
    taxpayers. The worst part is that it took them only one year to accomplish their fraudulent goals.

    Assistant Director of HM Revenue and Customs Investigation, Scotland said that his officials were
    helping the authorities of other European countries to deal with carousel fraud
    and it was in fact this cooperation that lead to unearthing of massive scam in Scotland back in 1990.

    The accused claimed VAT on goods, as according to them they imported the goods and then exported them
    abroad. The amazing part was that those goods
    never existed. No one had an idea that the total scam would
    cost £3.5 billion in 2006.
    David Odd believes if these carousel frauds are not checked on time, it would lead to Treasury losses that
    would remain unrecoverable at large and lead the whole country towards an unavoidable financial crises.

    The infamous Imran Hussain, known as Immy from Glasgow,
    34 years old man, was also found in connection with the fraudsters.
    He is allegedly responsible for a VAT scam of £300
    million.
    Later on HMRC introduced a verification program to control VAT repayments claims.
    A lot of efforts are being made for the efficient
    control and is expected to reduce the impact of VAT fraud due to these

    GD Star Rating
    loading...
  7. Chickens are, after all, farmyard animals so there will be a
    certain amount of odors coming form the coop. With many people vying
    for the same thing, prices are pushed upwards. Pick
    your login name through the boot screen and you will start into Windows, where you are able
    to run System improve from the Start selection as typical.

    GD Star Rating
    loading...

Speak Your Mind

*