No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Centralized VXLAN Gateway Deployment in Static Mode

Centralized VXLAN Gateway Deployment in Static Mode

In centralized VXLAN gateway deployment in static mode, the control plane is responsible for VXLAN tunnel establishment and dynamic MAC address learning; the forwarding plane is responsible for intra-subnet known unicast packet forwarding, intra-subnet BUM packet forwarding, and inter-subnet packet forwarding.

Deploying centralized VXLAN gateways in static mode involves heavy workload and is inflexible, and therefore is inapplicable to large-scale networks. As such, deploying centralized VXLAN gateways using BGP EVPN is recommended.

The following VXLAN tunnel establishment uses an IPv4 over IPv4 network as an example. Table 4-1 shows the implementation differences between the other combinations of underlay and overlay networks and IPv4 over IPv4.
Table 4-1 Implementation differences

Combination Category

Implementation Difference

IPv6 over IPv4

  • During dynamic MAC address learning, a Layer 2 gateway learns the local host's MAC address using neighbor solicitation (NS) packets sent by the host.

  • In the inter-subnet interworking scenario, an IPv6 address must be configured for the Layer 3 gateway's VBDIF interface. During inter-subnet packet forwarding, the Layer 3 gateway needs to search its IPv6 routing table for the next-hop address of the destination IPv6 address, queries the ND table based on the next-hop address, and then obtains information such as the destination MAC address.

IPv4 over IPv6

  • The VTEPs at both ends of a VXLAN tunnel use IPv6 addresses, and IPv6 Layer 3 route reachability must be implemented between the VTEPs.

  • When intra-subnet BUM packets are forwarded, only ingress replication mode is supported.

IPv6 over IPv6

  • The VTEPs at both ends of a VXLAN tunnel use IPv6 addresses, and IPv6 Layer 3 route reachability must be implemented between the VTEPs.

  • During dynamic MAC address learning, a Layer 2 gateway learns the local host's MAC address using NS packets sent by the host.

  • When intra-subnet BUM packets are forwarded, only ingress replication mode is supported.

  • In the inter-subnet interworking scenario, an IPv6 address must be configured for the Layer 3 gateway's VBDIF interface. During inter-subnet packet forwarding, the Layer 3 gateway needs to search its IPv6 routing table for the next-hop address of the destination IPv6 address, queries the ND table based on the next-hop address, and then obtains information such as the destination MAC address.

VXLAN Tunnel Establishment

A VXLAN tunnel is identified by a pair of VTEP IP addresses. A VXLAN tunnel can be statically created after you configure local and remote VNIs, VTEP IP addresses, and an ingress replication list, and the tunnel goes Up when the pair of VTEPs are reachable at Layer 3.

On the network shown in Figure 4-1, Leaf 1 connects to Host 1 and Host 3; Leaf 2 connects to Host 2; Spine functions as a Layer 3 gateway.

  • To allow Host 3 and Host 2 to communicate, Layer 2 VNIs and an ingress replication list must be configured on Leaf 1 and Leaf 2. The peer VTEPs' IP addresses must be specified in the ingress replication list. A VXLAN tunnel can be established between Leaf 1 and Leaf 2 if their VTEPs have Layer 3 routes to each other.

  • To allow Host 1 and Host 2 to communicate, Layer 2 VNIs and an ingress replication list must be configured on Leaf 1, Leaf 2, and also Spine. The peer VTEPs' IP addresses must be specified in the ingress replication list. A VXLAN tunnel can be established between Leaf 1 and Spine and between Leaf 2 and Spine if they have Layer 3 routes to the IP addresses of the VTEPs of each other.

    NOTE:

    Although Host 1 and Host 3 both connect to Leaf 1, they belong to different subnets and must communicate through the Layer 3 gateway (Spine). Therefore, a VXLAN tunnel is also required between Leaf 1 and Spine.

Figure 4-1 VXLAN tunnel networking

Dynamic MAC Address Learning

VXLAN supports dynamic MAC address learning to allow communication between tenants. MAC address entries are dynamically created and do not need to be manually maintained, greatly reducing maintenance workload. The following example illustrates dynamic MAC address learning for intra-subnet communication on the network shown in Figure 4-2.

Figure 4-2 Dynamic MAC address learning
  1. Host 3 sends an ARP request for Host 2's MAC address. The ARP request carries the source MAC address being MAC3, destination MAC address being all Fs, source IP address being IP3, and destination IP address being IP2.

  2. Upon receipt of the ARP request, Leaf 1 determines that the Layer 2 sub-interface receiving the ARP request belongs to a BD that has been bound to a VNI (20), meaning that the ARP request packet must be transmitted over the VXLAN tunnel identified by VNI 20. Leaf 1 then learns the mapping between Host 3's MAC address, BDID (Layer 2 broadcast domain ID), and inbound interface (Port1 for the Layer 2 sub-interface) that has received the ARP request and generates a MAC address entry for Host 3. The MAC address entry's outbound interface is Port1.

  3. Leaf 1 then performs VXLAN encapsulation on the ARP request, with the VNI being the one bound to the BD, source IP address in the outer IP header being the VTEP's IP address of Leaf 1, destination IP address in the outer IP header being the VTEP's IP address of Leaf 2, source MAC address in the outer Ethernet header being NVE1's MAC address of Leaf 1, and destination MAC address in the outer Ethernet header being the MAC address of the next hop pointing to the destination IP address. Figure 4-3 shows the VXLAN packet format. The VXLAN packet is then transmitted over the IP network based on the IP and MAC addresses in the outer headers and finally reaches Leaf 2.

    Figure 4-3 VXLAN packet format
  4. After Leaf 2 receives the VXLAN packet, it decapsulates the packet and obtains the ARP request originated from Host 3. Leaf 2 then learns the mapping between Host 3's MAC address, BDID, and VTEP's IP address of Leaf 1 and generates a MAC address entry for Host 3. Based on the next hop (VTEP's IP address of Leaf 1), the MAC address entry's outbound interface is iterated to the VXLAN tunnel destined for Leaf1.

  5. Leaf 2 broadcasts the ARP request in the Layer 2 domain. Upon receipt of the ARP request, Host 2 finds that the destination IP address is its own IP address and saves Host 3's MAC address to the local MAC address table. Host 2 then responds with an ARP reply.

So far, Host 2 has learned Host 3's MAC address. Therefore, Host 2 responds with a unicast ARP reply. The ARP reply is transmitted to Host 3 in the same manner. After Host 2 and Host 3 learn the MAC address of each other, they will subsequently communicate with each other in unicast mode.

NOTE:

Dynamic MAC address learning is required only between hosts and Layer 3 gateways in inter-subnet communication scenarios. The process is the same as that for intra-subnet communication.

Intra-Subnet Known Unicast Packet Forwarding

Intra-subnet known unicast packets are forwarded only through Layer 2 VXLAN gateways and are unknown to Layer 3 VXLAN gateways. Figure 4-4 shows the intra-subnet known unicast packet forwarding process.

Figure 4-4 Intra-subnet known unicast packet forwarding
  1. After Leaf 1 receives Host 3's packet, it determines the Layer 2 BD of the packet based on the access interface and VLAN information and searches for the outbound interface and encapsulation information in the BD.
  2. Leaf 1's VTEP performs VXLAN encapsulation based on the encapsulation information obtained and forwards the packets through the outbound interface obtained.
  3. Upon receipt of the VXLAN packet, Leaf 2's VTEP verifies the VXLAN packet based on the UDP destination port number, source and destination IP addresses, and VNI. Leaf 2 obtains the Layer 2 BD based on the VNI and performs VXLAN decapsulation to obtain the inner Layer 2 packet.
  4. Leaf 2 obtains the destination MAC address of the inner Layer 2 packet, adds VLAN tags to the packets based on the outbound interface and encapsulation information in the local MAC address table, and forwards the packets to Host 2.

Host 2 sends packets to Host 3 in the same manner.

Intra-Subnet BUM Packet Forwarding

Intra-subnet BUM packet forwarding is completed between Layer 2 VXLAN gateways. Layer 3 VXLAN gateways do not need to be aware of the process. Intra-subnet BUM packets can be forwarded in ingress replication mode, centralized replication mode and multicast replication.

Ingress Replication
In ingress replication mode, after a BUM packet enters a VXLAN tunnel, the ingress VTEP performs VXLAN encapsulation based on the ingress replication list and sends the packet to all the egress VTEPs in the list. When the BUM packet leaves the VXLAN tunnel, the egress VTEPs decapsulate the BUM packet. Figure 4-5 shows the forwarding process of a BUM packet in ingress replication mode.
Figure 4-5 Forwarding process of an intra-subnet BUM packet in ingress replication mode
  1. After Leaf 1 receives Terminal A's packet, it determines the Layer 2 BD of the packet based on the access interface and VLAN information.
  2. Leaf 1's VTEP obtains the ingress replication list for the VNI, replicates packets based on the list, and performs VXLAN encapsulation by adding outer headers. Leaf 1 then forwards the VXLAN packet through the outbound interface.
  3. Upon receipt of the VXLAN packet, Leaf 2's VTEP and Leaf 3's VTEP verify the VXLAN packet based on the UDP destination port number, source and destination IP addresses, and VNI. Leaf 2/Leaf 3 obtains the Layer 2 BD based on the VNI and performs VXLAN decapsulation to obtain the inner Layer 2 packet.
  4. Leaf 2/Leaf 3 checks the destination MAC address of the inner Layer 2 packet and finds that it is a BUM MAC address. Therefore, Leaf 2/Leaf 3 broadcasts the packet onto the network connected to the terminals (not the VXLAN tunnel side) in the Layer 2 BD. Specifically, Leaf 2/Leaf 3 finds the outbound interfaces and encapsulation information not related to the VXLAN tunnel, adds VLAN tags to the packet, and forwards the packet to Terminal B/Terminal C.
NOTE:

Terminal B/Terminal C responds to Terminal A in the same process as intra-subnet known unicast packet forwarding.

Centralized Replication
When a BUM packet enters a VXLAN tunnel, the ingress VTEP performs ingress replication to encapsulate the BUM packet. In this mode, the ingress VTEP needs to send one copy of the packet to each remote VTEP, causing traffic to be flooded. The centralized replication mode can prevent this problem. In centralized replication mode, the centralized replication function is configured on the ingress VTEP and the flood proxy IP address is configured on the centralized replicator. When a BUM packet enters a VXLAN tunnel, the ingress VTEP only needs to send one copy of the packet to the centralized replicator, reducing flooded traffic on the network. The centralized replicator is also called flood gateway. The centralized replicator decapsulates and encapsulates the BUM packet and sends it to each egress VTEP. When the BUM packet leaves the VXLAN tunnel, the egress VTEPs decapsulate the BUM packet. Figure 4-6 shows the forwarding process of a BUM packet in centralized replication mode.
NOTE:

Centralized replication takes precedence over ingress replication. When both the vni flood-vtep and vni head-end peer-list commands are configured on a device, the VXLAN tunnel works in centralized replication mode.

Figure 4-6 Forwarding process of an intra-subnet BUM packet in centralized replication mode
  1. After Leaf 1 receives a packet from Terminal A, Leaf 1 determines the Layer 2 BD of the packet based on the access interface and VLAN information.
  2. Leaf 1's VTEP obtains the centralized replication tunnel for the VNI based on the Layer 2 BD and performs VXLAN encapsulation. Leaf 1 then forwards the VXLAN packet through the outbound interface.
  3. After Leaf 4 used as the centralized replicator receives the VXLAN packet, it checks the UDP destination port number, source and destination IP addresses, and VNI of the packet to determine the packet validity. After confirming that the packet is valid, the VTEP obtains the Layer 2 BD based on the VNI, decapsulates the VXLAN packet to obtain the inner Layer 2 packet, and then performs VXLAN encapsulation based on the matching ingress replication list. After VXLAN encapsulation, the outer source IP address is the VTEP address of Leaf 1. Therefore, MAC address learning among the VTEPs is not affected.
  4. After the VTEP on Leaf 2/Leaf 3 receives the VXLAN packet, it checks the UDP destination port number, source and destination IP addresses, and VNI of the packet to determine the packet validity. After confirming that the packet is valid, the VTEP obtains the BD based on the VNI and decapsulates the VXLAN packet to obtain the inner Layer 2 packet.
  5. Leaf 2/Leaf 3 checks the destination MAC address of the inner Layer 2 packet and finds that it is a BUM MAC address. Therefore, Leaf 2/Leaf 3 broadcasts the packet onto the network connected to the terminals (not the VXLAN tunnel side) in the Layer 2 BD. Specifically, Leaf 2/Leaf 3 finds the outbound interfaces and encapsulation information not related to the VXLAN tunnel, adds VLAN tags to the packet, and forwards the packet to Terminal B/Terminal C.
NOTE:

Terminal B/Terminal C responds to Terminal A in the same process as intra-subnet known unicast packet forwarding.

Multicast replication
To reduce flooded traffic caused by the use of ingress replication to send BUM packets, configure the multicast replication mode. In multicast replication mode, all VTEPs with the same VNI join the same multicast group. A multicast routing protocol, such as PIM, is used to create a multicast forwarding entry for the multicast group. When the source VTEP receives a BUM packet, it adds a multicast destination IP address, such as 225.0.0.1, to the BUM packet before sending the packet to the remote VTEPs based on the created multicast forwarding entry, reducing flooded packets. The remote VTEPs decapsulate the VXLAN packet. Figure 4-7 shows the forwarding process of a BUM packet in multicast replication mode.
Figure 4-7 Forwarding process of an intra-subnet BUM packet in multicast replication mode
  1. After receiving a packet from Terminal A, Leaf 1 determines the Layer 2 BD of the packet based on the access interface and VLAN information.
  2. Leaf 1's VTEP obtains the multicast replication address for the VNI based on the Layer 2 BD and performs VXLAN encapsulation. The encapsulated VXLAN packet is displayed as a multicast packet. The VTEP forwards it to Leaf 4 based on the matching multicast forwarding entry.
  3. After receiving the multicast packet, Leaf 4 directly forwards it to Leaf 2 and Leaf 3 based on the matching multicast forwarding entry.
    NOTE:

    Leaf 4 acts as a non-gateway node and directly forwards multicast packets. Leaf 4 can be configured as a gateway node. In this case, Leaf 4 needs to forward multicast packets and decapsulate VXLAN packets. In this way, Leaf 4 is called a BUD node.

  4. After the VTEP on Leaf 2/Leaf 3 receives the packet, it finds that the packet is a VXLAN packet after searching for the outbound interface (NVE interface) in a matching multicast forwarding entry. It checks the UDP destination port number, source and destination IP addresses, and VNI of the packet to determine the packet validity. After confirming that the packet is valid, the VTEP obtains the Layer 2 BD based on the VNI and decapsulates the VXLAN packet to obtain the inner Layer 2 packet.
  5. Leaf 2/Leaf 3 checks the destination MAC address of the inner Layer 2 packet and finds that it is a BUM MAC address. Therefore, Leaf 2/Leaf 3 broadcasts the packet onto the network connected to the terminals (not the VXLAN tunnel side) in the Layer 2 BD. Specifically, Leaf 2/Leaf 3 finds the outbound interfaces and encapsulation information not related to the VXLAN tunnel, adds VLAN tags to the packet, and forwards the packet to Terminal B/Terminal C.
NOTE:
  • After the multicast replication or centralized replication mode is configured, the ingress replication list is used to generate the remote VTEP address list for VXLAN tunnel establishment. Then the multicast replication or centralized replication mode, not the ingress replication mode, applies to BUM packets.

  • Terminal B/Terminal C responds to Terminal A in the same process as intra-subnet known unicast packet forwarding.

Inter-Subnet Packet Forwarding

Inter-subnet packets must be forwarded through a Layer 3 gateway. Figure 4-8 shows inter-subnet packet forwarding in centralized VXLAN gateway scenarios.

Figure 4-8 Inter-subnet packet forwarding
  1. After Leaf 1 receives Host 1's packet, it determines the Layer 2 BD of the packet based on the access interface and VLAN information and searches for the outbound interface and encapsulation information in the BD.
  2. Leaf 1's VTEP performs VXLAN encapsulation based on the outbound interface and encapsulation information and forwards the packets to Spine.
  3. After Spine receives the VXLAN packet, it decapsulates the packet and finds that the destination MAC address of the inner packet is the MAC address (MAC3) of the Layer 3 gateway interface (VBDIF10) so that the packet must be forwarded at Layer 3.
  4. Spine removes the inner Ethernet header, parses the destination IP address, and searches the routing table for a next hop address. Spine then searches the ARP table based on the next hop address to obtain the destination MAC address, VXLAN tunnel's outbound interface, and VNI.
  5. Spine performs VXLAN encapsulation on the inner packet again and forwards the VXLAN packet to Leaf 2, with the source MAC address in the inner Ethernet header being the MAC address (MAC4) of the Layer 3 gateway interface (VBDIF20).
  6. Upon receipt of the VXLAN packet, Leaf 2's VTEP verifies the VXLAN packet based on the UDP destination port number, source and destination IP addresses, and VNI. Leaf 2 then obtains the Layer 2 BD based on the VNI and removes the outer headers to obtain the inner Layer 2 packet. It then searches for the outbound interface and encapsulation information in the Layer 2 BD.
  7. Leaf 2 adds VLAN tags to the packets based on the outbound interface and encapsulation information and forwards the packets to Host 2.

Host 2 sends packets to Host 1 in the same manner.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 24952

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next