No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches VXLAN Best Practices

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Traffic Forwarding Model Design

Traffic Forwarding Model Design

Traffic on the VXLAN network is classified into the following types:

  • North-south traffic: access traffic between servers on the VXLAN network and external network
  • East-west traffic: access traffic between servers on the VXLAN network

Traffic forwarding model of hardware distributed VXLAN using the spine/leaf two-layer architecture

Figure 1 shows forwarding of some traffic in hardware distributed VXLAN using the spine/leaf two-layer architecture.

Figure 2-33 Forwarding of some traffic in hardware distributed VXLAN using the spine/leaf two-layer architecture

North-south traffic is classified into the following types based on the service model:

  • Traffic passes through a firewall and an LB, and is forwarded to a router through a gateway.
  • Traffic is directly transmitted to the external network without passing a firewall and an LB.
  • Traffic passes through a firewall but not an LB, and is forwarded to a router through a gateway.

East-west traffic is classified into the following types based on the service model:

  • Traffic in the same subnet and VRF: Traffic is directly forwarded on the leaf node, or is encapsulated on the leaf node and decapsulated on the other leaf node after traversing the spine node.
  • Traffic across subnets and in the same VRF: After traffic is encapsulated with the VXLAN header on the leaf node, the leaf node searches for the 32-bit host route and sends it to the destination leaf node. Then the spine node forwards traffic at Layer 3 based on routes.
  • Traffic across subnets and in different VRFs: When secure control of a firewall is required, traffic is forwarded according to a. When secure control of a firewall is not required, traffic is forwarded according to b.
    1. After traffic is encapsulated with the VXLAN header on the leaf node, the leaf node searches for the default route and sends it to the border leaf node. The border leaf node decapsulates the traffic and imports it to the firewall. The firewall controls inter-VRF traffic using security policies.
    2. Inter-VRF traffic is forwarded based on routes that are imported in EVPN processes based on VPN targets on each leaf node, and then is forwarded to the destination leaf node based on the queried 32-bit host route.

Traffic Forwarding Model of Hardware Distributed VXLAN Using the Gateway/Spine/Leaf Three-Layer Architecture

Figure 2 shows forwarding of some traffic in hardware distributed VXLAN using the gateway/spine/leaf three-layer architecture.

Figure 2-34 Forwarding of some traffic in hardware distributed VXLAN using the gateway/spine/leaf three-layer architecture

North-south traffic is classified into the following types based on the service model:

  • Traffic passes through a firewall and an LB, and is forwarded to a router through a gateway.
  • Traffic is directly transmitted to the external network without passing a firewall and an LB.
  • Traffic passes through a firewall but not an LB, and is forwarded to a router through a gateway.

East-west traffic is classified into the following types based on the service model:

  • Traffic in the same subnet and VRF: Traffic is directly forwarded on the leaf node, or is encapsulated on the leaf node and decapsulated on the other leaf node after traversing the spine node.
  • Traffic across subnets and in the same VRF: After traffic is encapsulated with the VXLAN header on the leaf node, the leaf node searches for the 32-bit host route and sends it to the destination leaf node. Then the spine node forwards traffic at Layer 3 based on routes.
  • Traffic across subnets and in different VRFs: When secure control of a firewall is required, traffic is forwarded according to a. When secure control of a firewall is not required, traffic is forwarded according to b.
    1. After traffic is encapsulated with the VXLAN header on the leaf node, the leaf node searches for the default route and sends it to the border leaf node. The border leaf node decapsulates the traffic and imports it to the firewall. The firewall controls inter-VRF traffic using security policies.
    2. Inter-VRF traffic is forwarded based on routes that are imported in EVPN processes based on VPN targets on each leaf node, and then is forwarded to the destination leaf node based on the queried 32-bit host route.
Translation
Download
Updated: 2018-07-02

Document ID: EDOC1100004176

Views: 19754

Downloads: 578

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next