VXLAN Introduction
-
Upload
cisco-data-center -
Category
Technology
-
view
779 -
download
7
description
Transcript of VXLAN Introduction
VXLAN Introduction
Shane CorbanNexus Marketing Manager
EMCWorld 2014
Co-sponsored by Intel®
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Problems being addressed: VLAN scale – VXLAN extends the L2 segment ID field to 24-bits,
potentially allowing for up to 16 million unique L2 segments over the same network
Layer 2 segment elasticity over Layer 3 boundary – VXLAN encapsulates L2 frame in IP-UDP header
VXLAN perceived as “The Standard” way to create overlays• Ecosystem of vendors: VMware, F5, Broadcom, Brocade, Arista, etc.
Why VXLAN?
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
3
Terminology
• VTEP (VXLAN Tunnel End Point)• Performs VXLAN encap & decap• Usually located at the Aggregation Layer• Support for multiple VXLAN Edge
Devices (multi-homing) in the same site
• VNI (Virtual Network Identifier)• Mapping of VLAN to VXLAN (i.e., VNI
5000 maps to VLAN 20)• Can have multiple VNIs mapped to the
same VLAN
VXLAN Devices VTEP
VTEPVTEP
VTEP
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
4
VXLAN MAC Learning
Flood & Learn is used today Control-Plane based in future
Multicast is required Unicast with head-end replication in the future
PIM-SM or PIM-Bidir on Nexus 3100/7000 PIM-Bidir on Nexus 5600/N6K-X
Building the MAC Tables
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
5
VTEP Discovery
VTEPs join specified multicast group (*, G) PIM-SM or PIM-BiDir
Can have one multicast group per VNI Can have multiple VNIs per multicast group
Future support for an intelligent control plane for VTEP discovery
How VTEPs find each other
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VXLAN Packet StructureOriginal L2 Frame Given a VXLAN Header with VNI
Original L2 FrameVXLAN Header F C S
Allows for 16M possible segmentsUDP
4789Hash of the inner L2/L3/L4
headers of the original frame.
Enables entropy for ECMP Load balancing in the
Network.
Src and Dst addresses of the
VTEPs
Src VTEP MAC Address
Next-Hop MAC Address
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VXLAN Multicast Mode
L3 Core
VTEP VTEP VTEP
IGMP Report to Multicast Group 239.1.1.1
IGMP Report to Multicast Group
239.1.1.1IGMP Report to Multicast
Group 239.2.2.2
IGMP Report to Multicast Group 239.2.2.2
WebVM
WebVM
DBVM
DBVM
Multicast-enabled Transport
PIM not IGMP
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ARP Request
L3 Core
VM 1 VM 3VM 2
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
IP A GARP Req
MAC IP AddrVM 1 VTEP 1
MAC IP AddrVM 1 VTEP 1
ARP Req
IP A GARP Req
ARP Req ARP Req
Multicast-enabled Transport
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
ARP Response
L3 Core
VM 1 VM 3VM 2
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
ARP Resp
MAC IP AddrVM 2 VTEP 2
Multicast-enabled Transport
VTEP 2 VTEP 1ARP Resp
ARP Resp
MAC IP AddrVM 1 VTEP 1
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Blue & Purple VNI Sharing of Multicast Groups
L3 Core
WebVM
WebVM
DBVM
DBVM
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
Blue VNI onGroup G
Purple VNI onGroup G
IP A GOrg Frame
IP A GOrg Frame
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Current VXLAN Challenges
• Multicast may not be enabled in the infrastructure • Multicast scaling
Multicast Dependency
• Flooding required to handle BUM (Broadcast/Unknown Unicast/Multicast) traffic
• Unknown floods can cause network meltdowns
Flood and Learn based Learning
• Need the ability to connect to external nodes External
Connectivity
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Planned Cisco VXLAN Enhancements• Head-end replication to allow unicast-
mode only operation• Introduce a control plane to allow for dynamic
VTEP discovery
Multicast Dependency
• Workload MAC addresses are known once they are connected to the VXLAN capable devices
• Leverage the control plane also to exchange L2/L3 address-to-VTEP association information
Flood and Learn based Learning
• Introduce VXLAN GatewaysExternal Connectivity
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Unicast-OnlyTransport
East
South
VTEP
VXLAN Unicast ModeHead-End Replication
West VXLAN Encap 4
3 VTEP performs Head-End Replication
**Information statically configured or dynamically retrieved via control plane (VTEP discovery)
VTEP
VTEP
Overlay NeighborsSouth , IP CEast , IP B
2 VTEP retrieves the list of Overlay Neighbors**
BUM Frame 1A workload sends a L2 BUM* frame
IP A IP BBUM Frame
IP A IP B
IP C
IP A IP CBUM Frame
*Broadcast, Unknown Unicast or Multicast
5 Frames are unicasted to the neighbors
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VXLAN HW L2 & L3 Gateways
Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Destination is in another segment.
Packet is routed to the new segmentVXLANORANGE VXLANBLUE
Ingress VXLAN packet on Orange segment
VXLAN
Router
V(X)LAN-to-V(X)LAN Routing (L3 Gateway) N5600, N6K-X, N7K (F3), N9K
VXLAN on HW PlatformsSupported Functionalities
VXLAN to VLAN Bridging (L2 Gateway) N5600, N6K-X, N7K (F3),
N9K, N31XX
VXLANORANGE
Ingress VXLAN packet on Orange segment
Egress interface chosen (bridge may .1Q tag the
packet)
VXLAN L2 Gateway
SVI
Egress interface chosen (bridge may .1Q tag the
packet)
Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
“Software” VXLAN Layer-2 GatewayPurely an Host Overlay Solution
VxLANuntagged
HypervisorVirtual
Machines
Virtual to Virtual
VNI 5000 VNI 5000VXLAN supported on Nexus1000v &
Hypervisor Switches
L3 Fabric
WAN/Core
Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Inter-VXLAN Routing using SW L3 GatewayPurely an Host Overlay Solution
SW Gwy
VXLAN RoutingVNI 5000 <-> VNI
6000
Virtual to Virtual
VNI 5000 VNI 6000
VXLAN routing functions supported on Cisco
ASA1000v and CSR1000v
L3 Fabric
WAN/Core
VxLANuntagged
Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.
SW L3 GatewayCommunicating with the External L3 Domain
SW Gwy
VXLAN to VLAN Bridging
VNI 5000 <-> V:LAN 100
Virtual to Physical
VNI 6000VXLAN routing functions also supported on Cisco
ASA1000v and CSR1000v
VLAN
L3 Fabric
WAN/Core
SVI 100
VxLANuntagged
Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VNI 6000VXLAN-to-VLAN
Bridging
Virtual to Physical
VxLANVLAN
untagged
VXLAN L2 Gateway
VXLAN L2 Gateway
VNI 5000VLAN 10
VLAN 20
VXLAN VTEP
HW VXLAN L2 Gateway Intra-Subnet Communication
L3 Fabric
Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.
L3 CloudVXLAN L3 Gateway
VXLAN L3 Gateway
HW VXLAN RoutingInter-Subnets Communication
VXLAN-to-VXLAN Routing
VNI 5000 <-> VNI 7000VXLAN L2 Gateway
VXLAN L2 Gateway
VxLANVLAN
untagged
VLAN-to-VXLAN Routing
VNI 6000 <-> L3_Ext_Intf
VNI 5000VLAN 20VLAN 30VXLAN-to-VLAN
BridgingVNI 7000 <-> VLAN
30
VXLAN-to-VLAN Bridging
VLAN 20 <-> VNI 6000
L3 Fabric
Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.
VXLAN L3 Gateway
VXLAN L3 Gateway
HW VXLAN RoutingNexus VTEP Redundancy
VXLAN L2 Gateway
L3 Fabric
VXLAN L2 Gateway
L3 Gateway redundancy based on vPC and HSRP (2
nodes)
L2 Gateway redundancy based on vPC (anycast
VTEP address)vMAC Emulated VTEP
Thank you.
Q & A