Presentation is loading. Please wait.

Presentation is loading. Please wait.

VXLAN Fundamentals, Architecture & Roadmap

Similar presentations


Presentation on theme: "VXLAN Fundamentals, Architecture & Roadmap"— Presentation transcript:

1 VXLAN Fundamentals, Architecture & Roadmap

2 Table of Contents Data Center IP Fabric ‘Building a strong Foundation’
What is ‘Network Virtualization’? VXLAN Overview VXLAN Packet details VXLAN Terminology VXLAN Host Discovery VXLAN BUM Traffic Handling VXLAN Layer 2 & Layer 3 Terminologies VXLAN Arista Architecture & Vision VXLAN Roadmap VXLAN Visbility

3 Data Center – ‘IP Fabric’ Building A Strong Foundation

4 Challenges with current network architecture
Oversubscription Legacy Data Center Model Ports on devices are oversubscribed ~ 8:1 Higher Oversubscription as traffic traverses north ~ 20:1 North to South Scalability Scales up and not scales out Dependent on specific hardware (mix & match) Not scalable to 40GbE / 100GbE Cost As multiple layers, it can get $$$ Mobility What happens if my “IP” changes? What happens if traffic pattern changes? Layer 2 Domain Layer 2 Domain Layer 2 Domain Layer 2 Domain Latency Multiple points of management, rampant oversubscription, wasteful cost model High latency Low predictability Multiple points of management, rampant oversubscription, wasteful cost model

5 Data Center ‘IP Fabric’
Support for East/West 80:20 traffic pattern Scale up to 64-way ECMP Spine designs All uplinks from ToR are Active/Active Support 100’000s of host ports Non-blocking / Non-oversubscribed architecture Deploy L3 routing protocols between leaf & spine i.e. BGP, OSPF, or ISIS Everything is only 3 hops away! Provide network mobility via ‘Overlay Network’

6 Arista – Spine/Leaf “IP Fabric” Architecture
VTEP1 IP Fabric Spine Tier Leaf Tier A 1 B 1 A2 B2 Bare Metal Servers Storage HYPERVISOR 1 HYPERVISOR 2 VTEP2 VTEP3 VTEP4 Network core is an IP fabric laid out in a Leaf-Spine architecture running ECMP between the two tiers Leaf switches - Arista 7150-x or 7050Q-x models are deployed at the TOR connecting virtualized servers, bare-metal servers, storage arrays and other devices Spine switches – Arista 7500’s are deployed at the core Routing Protocol – Either EGP (BGP) or IGP (OSPF / ISIS) is run in the IP fabric

7 What is Network Virtualization?

8 What is Network Virtualization?
Network Virtualization is not the same as Server Virtualization! As the above figure demonstrates, server virtualization is the partitioning of physical server resources, such as memory, I/O, storage and CPU. These resources are confined to the  physical construct of a single device and share little or no distributed state.  However, it is not possible to  partition a network switch’s CPU, ASIC, TCAM, and forwarding plane in the same way as a network switch shares distributed state information with other devices in order to build an efficient forwarding path through all the devices.

9 Physical Infrastructure i.e. Underlay Network
Overlays v Underlays Network virtualization: ability to separate, abstract and decouple the physical topology from a ‘logical’ or ‘virtual’ topology by using encapsulated tunneling. This logical network topology is often referred to as an ‘Overlay Network’. Overlay Network Physical Infrastructure i.e. Underlay Network VXLAN disassociates workloads from physical networks, allowing for possible transition to cloud based providers

10 Types of ‘Overlay’ Technologies
Any Overlay technology uses Location & Identity separation Location Identity Fabric Path VXLAN OTV LISP Underlay Protocol IS-IS BGP, OSPF, IS-IS Location Switch-ID IP address Identity Client MAC Client IP / Mac Identity Learning Flooding Flooding / Dynamic learning Mapping DB Vendor Proprietary Yes Non Intra & / or Inter DC Intra Both Inter

11 VXLAN Overview

12 Virtual Extensible Local Area Network (VXLAN)
Ethernet in IP overlay network Entire L2 frame encapsulated in UDP 50 bytes of overhead Include 24 bit VXLAN Identifier 16 M logical networks VXLAN can cross Layer 3 Tunnel between ESX hosts VMs do NOT see VXLAN ID IP multicast used for L2 broadcast/multicast, unknown unicast Technology submitted to IETF for standardization With Arista, Vmware, Red Hat, Citrix, Cisco, and Others Outer MAC DA Outer MAC SA Inner MAC DA InnerMAC SA Optional Inner 802.1Q Original Ethernet Payload Outer 802.1Q Outer IP DA Outer IP SA Outer UDP VXLAN ID (24 bits) CRC VXLAN Encapsulation Original Ethernet Frame

13 Virtual eXtensible LAN: How does it work?
VM-2 /24 VM-1 /24 Layer 2 Domain between the VM vWire- VNI 10 VTEP VTEP Subnet-A Subnet-B SW VTEP Encap/Decap VXLAN VTEP HW VTEP Encap/Decap VXLAN Frames MAC&IP are UDP Encapsulated VXLAN could also be termed a tunneling scheme to overlay Layer 2 networks on top of Layer 3 networks. The VXLAN tunnels are stateless, so each frame is encapsulated according to a set of rules. The end point of the tunnel (VTEP) is located within the hypervisor on the server which houses the VM. The VNI and VXLAN related tunnel/outer header encapsulation are known only to the VTEP - the VM never sees it! Note : it is possible that the VTEPs could also be on a physical switch or physical ESXserver and could be implemented in software or hardware. Outbound Consider a VM within a VXLAN overlay network. This VM is unaware of VXLAN. To communicate with a VM on a different host, it sends a MAC frame destined to the target as before. The VTEP on the physical host looks up the VNI to which this VM is associated. It then determines if the destination MAC is on the same segment. If so, an outer header comprising an outer MAC, outer IP address and VXLAN header are inserted in front of the original MAC frame. The final packet is transmitted out to the destination, which is the IP address of the remote VTEP connecting the destination VM addressed by the inner MAC destination address. Inbound Upon reception, the remote VTEP verifies that the VNI is a valid one and is used by the destination VM. If so, the packet is stripped of its outer header and passed on to the destination VM. The destination VM never knows about the VNI or that the frame was transported with a VXLAN encapsulation. In addition to forwarding the packet to the destination VM, the remote VTEP learns the Inner Source MAC to outer Source IP address mapping. It stores this mapping in a table so that when the destination VM sends a response packet, there is no need for an "unknown destination" flooding of the response packet. Encapsulation at VTEP node is transparent to IP ECMP fabric

14 VXLAN Benefits Feature Benefits
Eliminates current networking challenges in the way of on-demand, virtual environment: VLAN Sprawl Single fault domains Scalability beyond 4096 segments Proprietary fabric solutions IP mobility Physical cluster size and locality Enables multi-tenancy at scale Decouples logical networks from physical infrastructure so that applications can be deployed without worrying about physical rack location, IP address or VLAN Based on open and well known standards

15 VXLAN Use Cases Physical to Virtual internetworking
Multi-hypervisor connectivity and integration Multi-tenant Cloud environments HA clusters across failure domains Dynamic growth Dynamic resource management

16 VXLAN Packet Details

17 VXLAN Packet VXLAN is a MAC-in-IP encapsulation
VNI – 24 bits – Therefore there can be 16 million VMs within the same domain The VNI scopes the inner MAC frame originated by the individual VM. Thus, you could have overlapping MAC addresses across segments but never have traffic "cross over" since the traffic is isolated using the VNI qualifier. This qualifier is in an outer header envelope over the inner MAC frame originated by the VM. VXLAN frame format The Frame format is: Outer MAC header - Optional 802.1q VLAN tag  Outer IP Header  Outer UDP Header  VXLAN Header  Inner Ethernet Header  Optional Inner 802.1a VLAN tag --> Payload (8 bytes) This is only for IPv4 frame format. IPv6 will be addressed in the future

18 VXLAN Header VXLAN Header is a 8 Byte field comprising of:
Flags (8 Bits) VxLAN Network Identifier (VNI) (24 Bits) Reserved (24 & 8 Bits) – Always set to zero. Flags (8 Bits) – I flag is set to 1 for a valid VxLAN Network ID (VNI). The remaining 7 bits (designated "R") are reserved fields and set to zero. VxLAN Network Identifier (VNI) (24 Bits) – Used for identification of the individual VxLAN overlay network on which the communicating VMs are situated. VMs in different VxLAN overlay networks cannot communicate. Reserved (24 & 8 Bits) – Always set to zero.

19 VXLAN Terminology

20 VXLAN Terminology – Physical Topology
VTEP1 IP Fabric Spine Tier Leaf Tier A 1 B 1 A2 B2 Bare Metal Servers Storage HYPERVISOR 1 HYPERVISOR 2 VTEP2 VTEP3 VTEP4 Hardware VTEP Software VTEP VTI VTI VXLAN Segments VXLAN Gateway VXLAN 10001 VXLAN 10002

21 VXLAN Terminology – Logical Topology
External Host Data Center Network VARP Default Gateway: VARP Default Gateway: VARP Default Gateway: VARP Default Gateway: VXLAN Segment VXLAN Segment VNI VTEP 1 VTEP 3 VTEP 1 VTEP 4 .1 .1 .1 .1 /24 VXLAN 10001 VXLAN 10002 /24 .2 .10 .11 .2 .3 .10 B1 B2 A1 A2 Bare Metal Storage Bare Metal Servers

22 VXLAN Terminology Explained
VTEP: VXLAN Tunnel End Point VXLAN encapsulation and decapsulation happens at the VTEP VXLAN Gateway A device which bridges traffic from VXLAN and non-VXLAN environments. VXLAN gateways allow for physical and non virtualized devices to communicate with VXLAN networks A VXLAN gateway can be either a hardware or software device VNI: Virtual Network Identifier - a 24-bit number is also called the VXLAN segment ID. The system uses the VNI, along with the VLAN ID, to identify the appropriate tunnel. VXLAN Header – is an 8-byte header that contains the 24-bit VNI value.  It lives in between the UDP header and the inner MAC frame being carried over the VTI. VTI: VTEP Tunnel Interface - a switchport linked to a UDP socket that can be shared  between many VLANs. Packets bridged through a vlan into the VTI are sent out the UDP socket with a VXLAN header including a VNI.  The socket is bound to a fixed local port, but is not connected to any particular destination port or IP address; logically, we use sendto() (not send()) to transmit VXLAN-encapsulated frames on the socket. Packets arriving on the VTI (via the UDP socket, based on their UDP destination port) are demultiplexed into a VLAN for bridging.  A 24-bit VNI within the packet determines which VLAN the packet is mapped to for bridging. VXLAN Segment - is a Layer 2 overlay network over which VMs communicate. Only VMs within the same VXLAN segment can communicate with each other.

23 VXLAN Visibility

24 VXLAN Visibility - Arista’s vmTracer
Full physical to virtual visibility Network audit to ensure reachability Automated provisioning Workflow without finger pointing Other awesome capabilities

25 Monitoring VXLANs with vmTracer
Virtualization Rapidly correlate vlan to VNI switch5#:show vmtracer vxlan interface Ethernet48 Ethernet48: esx1.aristanetworks.com/ndsTest/dvuplink1 VM Name        VLAN vWire Network Multicast Exchange 5 Corp         Apache      6 web MySQL          7 ERP view VNIs across the data center from the CLI switch9#:show vmtracer vxlan all 7150s R1: Ethernet 48:esx1/vwTest/dvUplink 1 vWire:Corp -- VLAN:5 vWire:ERP -- VLAN:7 7150s R2: Ethernet 40:esx2/vwTest/dvUplink 1 vWire:web -- VLAN:6 vmTracer VTEP VTEP VTEP VTEP Hypervisor VMware NSX Physical

26 Automate Learning of VNI State
NSX Controller OVSDB VNI, VXLAN, VNI ID New VNI CalBears Multicast Group VNI ID Interface Ethernet 24 VXLAN VTEP VNI CalBears Interface Loopback0 VXLAN VTEP Gateway VNI Calbears IP Address /24 <--Network VM Oski VNI - CalBears

27 Where is my VM now? spine0 leaf1 leaf2 esx10 esx11
spine0: show vmtracer vxlan VNI-Name VNI #VTEPs Learning Mcast Group Status  Subnet   Auburn Flood Up /24 foo Flood Up /24 bar Flood Down /20 spine0: show vmtracer vxlan vni Auburn VNI Name: Auburn VNI Segment ID: VTEP Type Status   Inside Outside Learning  Mcast Grp        PIM-RP Switch  Port  Model ESX1 VMware Up  VNICs Flood ar16 eth S ar24 Arista Up/GW Flood ar24 loop S ar22 Arista Up/Up 1 MAC/IPs Flood ar22 eth S ESX4 VMware Up VNICs Flood ar2 eth T spine0 leaf1 leaf2 esx10 esx11 VNI ‘Test’: Aubie WarEagle vshield vm-tiger

28 Where is my VM now? 128.218.10.x 128.218.11.x spine0 leaf1 leaf2 esx1
spine0: show vmtracer interface vxlan Auburn VTEP: ESX1   Role: vSwitch Switch/Port: ar16.foo.com/eth15 Name VNIC Status   State    IP Address     Aubie Network Interface 1 Up/Up vMotion   WarEagle Network Interface 2 Up/Up VM-FT-A BooBama Network Interface 1 Up/Down VTEP: ar24 Role: Router Switch/Port: ar24.foo.com/loopback0 NAT/PAT Status #ARPs IP Address No Up/Up VTEP: ar22 Role: Port-VTEP Switch/Port: ar22.foo.com/eth2 FQDN IP MAC VLAN Status isilon16.foo.com ab-12-fe Up/Up spine0 leaf1 leaf2 x x esx1 esx11 VNI ‘Test’: Aubie WarEagle vshield vm-tiger

29 THANK YOU


Download ppt "VXLAN Fundamentals, Architecture & Roadmap"

Similar presentations


Ads by Google