Network base Network base.

Slides:

Advertisements

Similar presentations

Overlay Transport Virtualization (OTV)

Advertisements

L3 + VXLAN Made Practical

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

NCCA 2014 Performance Evaluation of Non-Tunneling Edge-Overlay Model on 40GbE Environment Nagoya Institute of Technology, Japan Ryota Kawashima and Hiroshi.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.

1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.

LOGO Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Local Area Network (LAN) Layer 2 Switching and Virtual LANs (VLANs) Chapter 6.

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

1Group 07 IPv6 2 1.ET/06/ ET/06/ ET/06/ EE/06/ EE/06/ EE/06/6473 Group 07 IPv6.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE

Chapter 4: Managing LAN Traffic

IEEE 802.1q - VLANs Nick Poorman.

1 Internet Protocol. 2 Connectionless Network Layers Destination, source, hop count Maybe other stuff –fragmentation –options (e.g., source routing) –error.

Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.

Chapter 8: Virtual LAN (VLAN)

VXLAN – Deepdive Module 5

CCNP Network Route IPV-6 Part-I IPV6 Addressing: IPV-4 is 32-BIT, IPV-6 is 128-BIT IPV-6 are divided into 8 groups. Each is 4 Hex characters. Each group.

1 RFC Transmission of IPv6 Packets over IEEE Networks Speaker: Li-Wen Chen Date:

1 © OneCloud and/or its affiliates. All rights reserved. VXLAN Overview Module 4.

DHCP Options for Configuring Tenant Identifier and Multicast Addresses in Overlay Networks Behcet Sarikaya Frank Xia.

Chapter 17 Connecting Devices And Virtual LANs 17.# 1

Network Layer4-1 Datagram networks r no call setup at network layer r routers: no state about end-to-end connections m no network-level concept of “connection”

STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.

Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 Module 10 Routing Fundamentals and Subnets.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Cisco Networking Training (CCENT/CCT/CCNA R&S) Rick Rowe Ron Giannetti.

Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.

Switches – Continued. Switches If a switch has N ports with multiple computers per port, then how many simultaneous transmissions can you have? Explain.

Active-active access in NVO3 network draft-hao-l2vpn-evpn-nvo3-active-active-00 July 20131Active-active access in NVO3 network Weiguo Hao(Huawei) Yizhou.

Virtual Local Area Networks In Security By Mark Reed.

Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.

UDP Encapsulation for IP Tunneling

Virtual Private Networks

Virtual Local Area Networks or VLANs

Link Layer 5.1 Introduction and services

ODL SFC, Implementing IETF SFC November 14, 2016

Instructor Materials Chapter 5: Ethernet

Scaling the Network: The Internet Protocol

draft-xu-isis-nvo-cp-00 Xiaohu Xu (Huawei) Saumya Dikshit (Cisco)

Chapter 4 Data Link Layer Switching

IPSec IPSec is communication security provided at the network layer.

Net 323: NETWORK Protocols

Ethernet : Framing and Addressing

CS 457 – Lecture 10 Internetworking and IP

Connecting LANs, Backbone Networks,

G0/0 ip address nve-only (only required for transparent mode)

Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs

CPEG512 Advanced Computer Networks

NTHU CS5421 Cloud Computing

Connections Johan Lukkien

EVPN a very short introduction

1 ADDRESS RESOLUTION PROTOCOL (ARP) & REVERSE ADDRESS RESOLUTION PROTOCOL ( RARP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University,

Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks

Internet Protocol, Version 6 (IPv6)

Scaling the Network: The Internet Protocol

Ch 17 - Binding Protocol Addresses

Network Fundamentals – Chapter 5

MICROSOFT NETWORK VIRTUALIZATION

Applicability of EVPN to NVO3 Networks

Multicasting Unicast.

Editors: Bala’zs Varga, Jouni Korhonen

Tim Strakh CEO, IEOFIT CCIE RS, CCIE Sec CCIE Voice, CCIE DC

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

Network base Network base

Tunnel Why this slade

Tunnel IPIP Do not support multi CAST and ipv6 GRE Vxlan （1 to N ） IPSEC (transport and tunnel) Racoon Openswan strongswan NVGRE Geneve STT L2TP(Layer 2 Tunneling Protocol) PPTP(Point to Point Tunneling Protocol) LSP (MPLS VPN) ...

Vxlan Vxlan （L2 in L4 udp) https://tools.ietf.org/html/rfc7348 0 1 2 3 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 VXLAN Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R|R|R|R|I|R|R|R| Reserved | | VXLAN Network Identifier (VNI) | Reserved |

Vxlan Vxlan （L2 in L4 udp) https://tools.ietf.org/html/rfc7348

Vxlan background https://tools.ietf.org/html/rfc7348#section-3 Limitations Imposed by Spanning Tree and VLAN Ranges Multi-tenant Environments 4094 VLAN limit cross-pod expansion（"stretched" L2） Inadequate Table Sizes at ToR Switch

Vxlan background https://tools.ietf.org/html/rfc7348#section-3 Limitations Imposed by Spanning Tree and VLAN Ranges Multi-tenant Environments 4094 VLAN limit cross-pod expansion（"stretched" L2） Inadequate Table Sizes at ToR Switch

Vxlan Unicast https://tools.ietf.org/html/rfc7348#section-4.1 VNI identifies the scope of the inner MAC frame originated by the individual VM remote VTEP learns and stores the mapping from inner source MAC to outer source (VNI，inner MAC，outer vtep_ip)

Vxlan Broadcast https://tools.ietf.org/html/rfc7348#section-4.2 broadcast packet is sent out to the IP multicast group mapping between the VXLAN VNI and the IP multicast group

Vxlan VXLAN gateways traffic between VXLAN and non-VXLAN

Vxlan Linux implement Stephen Hemminger (iproute2 maintainer) drivers/net/vxlan.c

Vxlan Doc Documentation/networking/vxlan.txt 1. Create vxlan device # ip li add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1 2. Delete vxlan device # ip link delete vxlan0 3. Show vxlan info # ip -d link show vxlan0

Vxlan Doc Documentation/networking/vxlan.txt 1. Create forwarding table entry # bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0 2. Delete forwarding table entry # bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0 3. Show forwarding table # bridge fdb show dev vxlan0

NVGRE NVGRE (L2 in L3) Terminology Each VSID(24 bits) represents a virtual L2 broadcast domain Terminology https://tools.ietf.org/html/draft-sridharan- virtualization-nvgre-08#page-4

NVGRE Key field（Initial version） https://tools.ietf.org/html/draft-sridharan- virtualization-nvgre-00#section-3.2 TNI: lower 24 bits, Tenant Network Identifier. The Key Present (bit 2 in the GRE header) is always set to 1. upper 8 bits: reserved for use by NVGRE endpoints. NVGRE endpoints MUST set this value to zero

NVGRE Key field（Initial version） 0 1 2 3 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 GRE Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 | |1|0| Reserved0 | Ver | Protocol Type 0x6558 | | Tenant Network ID (TNI) | FlowID |

NVGRE Key field （Latest version） Virtual Subnet ID (VSID): 24-bit, identify the NVGRE based Virtual Layer 2 Network. FlowID: 8-bit, provide per-flow entropy for flows in the same VSID. MUST NOT be modified by transit devices. The encapsulating NVE SHOULD provide as much entropy as possible in the FlowId. If a FlowID is not generated, it MUST be set to all zero.

NVGRE Key field （Latest version） 0 1 2 3 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 GRE Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0 | |1|0| Reserved0 | Ver | Protocol Type 0x6558 | | Virtual Subnet ID (VSID) | FlowID |

NVGRE Broadcast and Multicast Traffic sent to the assigned multicast address. N-Way unicast

NVGRE Unicast Traffic the destination PA corresponding to the location of the destination endpoint.

NVGRE IP Fragmentation

NVGRE Try to provide a experience by docker

VXLAN vs NVGRE ??

TOPOLOGY On mxh host

TOPOLOGY qbr: br-tun br-int br-ex security layer （ovs not support iptable tap) Check the security group apply to the VM tap #iptables -S |grep tap-xxxxx br-tun # ovs-ofctl dump-flows br-tun Network computer br-int Computer br-ex