Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | cisco-data-center |
View: | 571 times |
Download: | 4 times |
© 2014 VCE Company, LLC. All rights reserved.
Shane Corban
Nexus Marketing Manager
VXLAN INTRODUCTION
Problems being addressed: VLAN scale – VXLAN extends the L2 segment ID field to 24-bits,
potentially allowing for up to 16 million unique L2 segments over the same network
Layer 2 segment elasticity over Layer 3 boundary – VXLAN encapsulates L2 frame in IP-UDP header
VXLAN perceived as “The Standard” way to create overlaysEcosystem of vendors: VMware, F5, Broadcom, Brocade, Arista, etc.
Why VXLAN?
3
TERMINOLOGY
VTEP (VXLAN Tunnel End Point)
Performs VXLAN encap & decap
Usually located at the Aggregation Layer
Support for multiple VXLAN Edge Devices (multi-homing) in the same site
VNI (Virtual Network Identifier)
Mapping of VLAN to VXLAN (i.e., VNI 5000 maps to VLAN 20)
Can have multiple VNIs mapped to the same VLAN
VXLAN Devices
VTEP
VTEPVTEP
VTEP
4
VXLAN MAC LEARNING
Flood & Learn is used today
Control-Plane based in future
Multicast is required
Unicast with head-end replication in the future
PIM-SM or PIM-Bidir on Nexus 3100/7000
PIM-Bidir on Nexus 5600/N6K-X
Building the MAC Tables
5
VTEP DISCOVERY
VTEPs join specified multicast group (*, G)PIM-SM or PIM-BiDir
Can have one multicast group per VNICan have multiple VNIs per multicast group
Future support for an intelligent control plane for VTEP discovery
How VTEPs find each other
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
VXLAN PACKET STRUCTUREORIGINAL L2 FRAME GIVEN A VXLAN HEADER WITH VNI
Original L2 FrameVXLAN Header F C S
Allows for 16M possible segmentsUDP 4789
Hash of the inner L2/L3/L4 headers of the original frame.
Enables entropy for ECMP Load balancing in the Network.
Src and Dst addresses of the VTEPs
Src VTEP MAC Address
Next-Hop MAC Address
VXLAN MULTICAST MODE
L3 Core
VTEP VTEP VTEP
IGMP Report to Multicast Group 239.1.1.1
IGMP Report to Multicast Group 239.1.1.1
IGMP Report to Multicast Group 239.2.2.2
IGMP Report to Multicast Group 239.2.2.2
WebVM
WebVM
DBVM
DBVM
Multicast-enabled Transport
PIM not IGMP
ARP REQUEST
L3 Core
VM 1 VM 3VM 2
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
IP A GIP A GARP Req
MAC IP AddrVM 1 VTEP 1
MAC IP AddrVM 1 VTEP 1
ARP Req
IP A GIP A GARP Req
ARP Req ARP Req
Multicast-enabled Transport
ARP RESPONSE
L3 Core
VM 1 VM 3VM 2
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
ARP Resp
MAC IP AddrVM 2 VTEP 2
Multicast-enabled Transport
VTEP 2 VTEP 1VTEP 2 VTEP 1ARP Resp
ARP Resp
MAC IP AddrVM 1 VTEP 1
BLUE & PURPLE VNI SHARING OF MULTICAST GROUPS
L3 Core
WebVM
WebVM
DBVM
DBVM
VTEP 11.1.1.1
VTEP 33.3.3.3
VTEP 22.2.2.2
Blue VNI onGroup G
Purple VNI onGroup G
IP A GIP A GOrg Frame
IP A GIP A GOrg Frame
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
Current VXLAN Challenges
• Multicast may not be enabled in the infrastructure • Multicast scaling
Multicast Dependency
• Flooding required to handle BUM (Broadcast/Unknown Unicast/Multicast) traffic
• Unknown floods can cause network meltdowns
Flood and Learn based Learning
• Need the ability to connect to external nodes External Connectivity
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
Planned Cisco VXLAN Enhancements
• Head-end replication to allow unicast-mode only operation
• Introduce a control plane to allow for dynamic VTEP discovery
Multicast Dependency
• Workload MAC addresses are known once they are connected to the VXLAN capable devices
• Leverage the control plane also to exchange L2/L3 address-to-VTEP association information
Flood and Learn based Learning
• Introduce VXLAN GatewaysExternal Connectivity
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
Unicast-OnlyTransport
East
South
VTEP
VXLAN UNICAST MODEHEAD-END REPLICATION
West VXLAN Encap 4
3 VTEP performs Head-End Replication
**Information statically configured or dynamically retrieved via control plane (VTEP discovery)
VTEP
VTEP
Overlay NeighborsSouth , IP CEast , IP B
2 VTEP retrieves the list of Overlay Neighbors**
BUM Frame
1A workload sends a L2 BUM* frame
IP A IP BBUM Frame
IP AIP B
IP C
IP A IP CBUM Frame
*Broadcast, Unknown Unicast or Multicast
5 Frames are unicasted to the neighbors
VXLAN HW L2 & L3 GATEWAYS
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
Destination is in another segment.Packet is routed to the new segment
VXLANORANGE VXLANBLUE
Ingress VXLAN packet on Orange segment
VXLAN Router
V(X)LAN-to-V(X)LAN Routing (L3 Gateway)
N5600, N6K-X, N7K (F3), N9K
VXLAN ON HW PLATFORMSSUPPORTED FUNCTIONALITIES
VXLAN to VLAN Bridging (L2 Gateway)
N5600, N6K-X, N7K (F3), N9K, N31XXVXLANORANGE
Ingress VXLAN packet on Orange segment
Egress interface chosen (bridge may .1Q tag the packet)
VXLAN L2 Gateway
SVI
Egress interface chosen (bridge may .1Q tag the packet)
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
“SOFTWARE” VXLAN LAYER-2 GATEWAYPURELY AN HOST OVERLAY SOLUTION
VxLANuntagged
HypervisorVirtual
Machines
Virtual to Virtual
VNI 5000 VNI 5000VXLAN supported on Nexus1000v & Hypervisor
Switches
L3 Fabric
WAN/Core
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
INTER-VXLAN ROUTING USING SW L3 GATEWAYPURELY AN HOST OVERLAY SOLUTION
SW Gwy
VXLAN RoutingVNI 5000 <-> VNI
6000
Virtual to Virtual
VNI 5000 VNI 6000
VXLAN routing functions supported on Cisco
ASA1000v and CSR1000v
L3 Fabric
WAN/Core
VxLANuntagged
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
SW L3 GATEWAYCOMMUNICATING WITH THE EXTERNAL L3 DOMAIN
SW Gwy
VXLAN to VLAN Bridging VNI 5000 <-> V:LAN 100
Virtual to Physical
VNI 6000
VXLAN routing functions also supported on Cisco
ASA1000v and CSR1000vVLAN
L3 Fabric
WAN/Core
SVI 100
VxLANuntagged
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
VNI 6000
VXLAN-to-VLAN Bridging
Virtual to Physical
VxLANVLAN
untagged
VXLAN L2 Gateway
VXLAN L2 Gateway
VNI 5000
VLAN 10
VLAN 20
VXLAN VTEP
HW VXLAN L2 GATEWAY INTRA-SUBNET COMMUNICATION
L3 Fabric
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
L3 CloudVXLAN L3 Gateway
VXLAN L3 Gateway
HW VXLAN ROUTINGINTER-SUBNETS COMMUNICATION
VXLAN-to-VXLAN RoutingVNI 5000 <-> VNI 7000
VXLAN L2 Gateway
VXLAN L2 Gateway
VxLANVLAN
untagged
VLAN-to-VXLAN RoutingVNI 6000 <-> L3_Ext_Intf
VNI 5000VLAN 20VLAN 30VXLAN-to-VLAN
BridgingVNI 7000 <-> VLAN 30
VXLAN-to-VLAN BridgingVLAN 20 <-> VNI 6000
L3 Fabric
© 2014 VCE Company, LLC. All rights reserved. VCE Confidential
VXLAN L3 Gateway
VXLAN L3 Gateway
HW VXLAN ROUTINGNEXUS VTEP REDUNDANCY
VXLAN L2 Gateway
L3 Fabric
VXLAN L2 Gateway
L3 Gateway redundancy based on vPC and HSRP (2 nodes)
L2 Gateway redundancy based on vPC (anycast
VTEP address)vMAC Emulated VTEP