Saturday, November 28, 2015

VXLAN simplified - what, why and how ?

What is VXLAN?

  • VXLAN - Virtual eXtensible Local Area Network, is an encapsulation or tunneling method to carry the L2 overlay network traffic on top of L3 networks.
  • VXLAN encapsulates original L2 frames in to a UDP packet (Port 4789).
  • It is developed by VMware, Cisco, Arista and Broadcom.


Why use VXLAN?


Let’s imagine a datacenter network scenario where there is a requirement for a customer or system to have the virtual machines in a single subnet or broadcast domain. The virtual machines are located in different hosts which are separated by racks, datacenters or even geographically and are in separate L3 segments of the network. How do we fulfill the requirement? VXLAN to the rescue.

By virtualizing Layer 2 VXLAN can bridge datacenters without changing address or gateway. A smart guy might ask: “We can do that with OTV, then why VXLAN?” Well, it’s true that they can serve the same purpose, but the difference is the limitation of number of LAN segments which is 4094 (maximum VLANs) in case of OTV. The VXLAN header provides a 24-bit address space called the VNI (VXLAN Network Identifier) to separate out tenant segments, which is 16 million.

How does VXLAN work?


Two major terminology of VXLAN are VTEP and VNI.

VTEP -  VXLAN Tunnel End Point, as the name implies it’s the point where VM traffic is encapsulated or de-encapsulated. This function is performed in the hypervisor or switch.

VNI - Virtual Network Identifier, which is used to identify VXLAN segments. All the hosts configured in a VNI are considered to be in the same broadcast domain and synchronized (Ex. MAC and ARP table).
VXLAN control plane can operate in three modes for traffic replication: Multicast, Unicast and Hybrid

Multicast Mode
  • Multicast mode relies on the capability multicast protocols (IGMP, PIM) of the physical network devices.
  • In this mode a multicast address is associated with each VXLAN segment or VID. Each host hosting the VM related to that segment joints the multicast group.
  • Broadcast, Unknown unicast and Multicast traffic known in short as BUM from the VMs are transmitted using multicast capability of the physical network devices.

Figure: Multicast mode

Unicast Mode
  • In unicast mode a Proxy VTEP referred as UTEP, is elected in each physical network segment to replicated multi destination traffic or BUM.
  • This mode does not need any special configuration or features in the physical network devices.
Figure: Unicast mode

Hybrid Mode
  • Hybrid mode is very similar to the unicast mode, other than multicast capability used only in the physical L2 switches. Multicast routing (PIM) is not required.
  • Multicast is used to replicate BUM traffic in the same physical L2 domain. Unicast is used to replicate BUM traffic between different physical network subnet.
Figure: Hybrid mode


Reference:

2 comments: