Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Vxlan deep dive session rev0.5 final
1. Virtual eXtensible
Local Area Network
(VXLAN)
RFC 7348 - A Framework for Overlaying Virtualized Layer 2 Networks over
Layer 3 Networks
CCIEx2 Security, Data Center
2014-10-25 KwonSun Bae.
2. Agenda
• What is VXLAN?
• Why use VXLAN?
• Before the learn VXLAN.
Acronyms and Definitions.
• VXLAN Overview.
VXLAN’s History.
• VXLAN Deep Dive.
VXLAN Packet Flow
VTEP
VXLAN Frame Format
• VXLAN Demo
Cisco VXLAN Configuration
VXLAN on vEOS
Packet Captures
• VXLAN Overlay Comparisons
(Options)
4. VXLAN is ...
• VXLAN
Virtual eXtensible Local Area Network
• VXLAN’s goal is allowing dynamic large scale isolated virtual L2 networks to be
created for virtualized and multi-tenant environments.
• VXLAN is one protocol of Network overlay.
• https://sites.google.com/site/amitsciscozone/home/data-center/vxlan
6. Why use VXLAN?
• Traditionally, all data centers use VLANs to enforce Layer2 isolation. As data
centers grow and needs arise for extending Layer2 networks across data center
or may be beyond a data center, the shortcomings of VLANs are evident. These
shortcomings are –
In a data center, there are requirements of thousands of VLANs to partition traffic in a
multi-tenant environment sharing the same L2/L3 infrastructure for a Cloud Service
Provider. The current limit of 4096 VLANs (some are reserved) is not enough.
Due to Server virtualization, each Virtual Machine (VM) requires a unique MAC address
and an IP address. So, there are thousands of MAC table entries on upstream switches.
This places much larger demand on table capacity of the switches.
VLANs are too restrictive in terms of distance and deployment. VTP can be used to deploy
VLANs across the L2 switches but most people prefer to disable VTP due to its
destructive nature.
Using STP to provide L2 loop free topology disables most redundant links. Hence, Equal-
Cost Multi-Path (ECMP) is hard to achieve. However, ECMP is easy to achieve in IP
network.
7. Why use VXLAN?
• Data Center Grows (Server Side)
https://www.arista.com/en/products/eos/cloud-scale-architecture/articletabs/0
8. Why use VXLAN?
• Types of Overlay Edge Devices
VXLAN – VTEP Deployment Designs
* Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
13. VXLAN History
• https://datatracker.ietf.org/doc/rfc7348/history/
14. Important Diff from Previous
• http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan-
02&url2=draft-mahalingam-dutt-dcops-vxlan-03
UDP Protocol NO fixed to 17 for IPv4
VXLAN Frame Format with IPv6 Outer Header added.
• http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan-
03&url2=draft-mahalingam-dutt-dcops-vxlan-04
A well-known UDP port (4789) has been assigned by IANA for VXLAN.
• http://www.ietf.org/rfcdiff?url1=draft-mahalingam-dutt-dcops-vxlan-
07&url2=draft-mahalingam-dutt-dcops-vxlan-08
VTEPs MUST not fragment VXLAN packets.
16. VXLAN BUM Traffic
over Transport Multicast
• VXLAN BUM (Broadcast, Unknown Unicast and Multicast) traffic is transported
over the VXLAN segment control multicast group.
* Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
17. VXLAN VTEP
Peer Discovery & Address Learning
* Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
18. VXLAN Packet Forwarding Flow
* Cisco Live 365 - LTRDCT-1223 - Implementing VXLAN in DataCenter
29. VXLAN
Overlay Comparisons
*Cisco Live 365 - BRKVIR-2014 - Architecting Scalable Clouds using VXLAN and N1kv
30. VXLAN / STT
Stateless Transport Tunneling Protocol
Similarities
• IP Transport
• IP Multicast
For broadcast and multicast frames
• Port Channel Load Distribution
5 Tuple Hashing (UDP vs TCP)
Differences
• IETF Draft Authors
VXLAN: Cisco, VMware, Citrix, Red Hat, Broadcom, Arista
STT: Nicira
• Encapsulation
VXLAN: UDP with 50 bytes
STT: “TCP-like” with 72 to 54 bytes (not uniform) *
• Segment ID Size
VXLAN: 24 bit
STT: 64 bit
• Firewall ACL can act on VXLAN UDP port
Firewalls will likely block STT since it has no TCP state
machine handshake
• Forwarding Logic
VXLAN: Flooding/Learning
STT: Not specified
31. VXLAN / NVGRE
Network Virtualization using Generic Routing Encapsulation
Similarities
• IP Transport
• IP Multicast
For broadcast and multicast frames
• 24 Bit Segment ID
Differences
• IETF Draft Authors
VXLAN: Cisco, VMware, Citrix, Red Hat, Broadcom, Arista
STT: Microsoft, Intel, Dell, HP, Broadcom, Emulex, Arista
• Encapsulation
VXLAN: UDP with 50 bytes
NVGRE: GRE with 42 bytes
• Port Channel Load Distribution
VXLAN: UDP 5-tuple hashing
Most (if not all) current switches do not hash on the GRE
header
• Firewall ACL can act on VXLAN UDP port
Difficult for firewall to act on the GRE Protocol Type field
• Forwarding Logic
VXLAN: Flooding/Learning
NVGRE: Not specified
32. VXLAN / OTV
Overlay Transport Virtualization
Similarities
• Same UDP based encapsulation
header
VXLAN does not use the OTV Overlay
ID field
• IP Multicast
For broadcast and multicast frames
(optional for OTV)
• 24 Bit Segment ID
Differences
• Forwarding Logic
VXLAN: Flooding/Learning
OTV: Uses the IS-IS protocol to advertise
the MAC address to IP bindings
• OTV can locally terminate ARP and
doesn’t flood unknown MACs
• OTV can use an adjacency server to
eliminate the need for IP multicast
• OTV is optimized for Data Center
Interconnect to extend VLANs between
or across data centers
• VXLAN is optimized for intra-DC and
multi-tenancy
33. VXLAN / LISP
Locator / ID Separation Protocol
Similarities
• Same UDP based encapsulation
header
VXLAN does not control flag bits or
Nonce/MapVersion field
24 Bit Segment ID
Differences
• LISP carries IP packets, while VXLAN
carries Ethernet frames
• Forwarding Logic
VXLAN: Flooding/Learning
LISP: Uses a mapping system to
register/resolve inner IP to outer IP mappings
• IP Multicast is only required to carry host IP
multicast traffic
• LISP is designed to give IP address (Identifier)
mobility / multi-homing and IP core route
scalability
• LISP can provide optimal traffic routing
when Identifier IP addresses move to a
different location