No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VXLAN Dual-Active Access

VXLAN Dual-Active Access

NOTE:

The CE12800E switches do not support VXLAN dual-active access.

Background

To improve reliability, servers are often dual-homed to a VXLAN network through double network adapters. When one network adapter of a server fails, services are not interrupted.

In the preceding scenario, two network adapters work in active/standby mode. Only the active network adapter can receive and send packets, whereas the standby network adapter cannot. This results in a waste of the network adapter and link bandwidth. Two network adapters are required to work in dual-active mode to forward traffic simultaneously, fully using network adapters and bandwidth resources.

Figure 5-5 VXLAN dual-active access networking

As shown in Figure 5-5, Server2 is dual-homed to a VXLAN network. The two access devices through which Server2 is dual-homed can be virtualized into one device using the M-LAG technology. The dual-homed devices use the same VTEP. For the remote device, it can be considered that Server2 is connected to the VXLAN network through a logical device.

Concepts

In Figure 5-5, the concepts relevant to VXLAN dual-active access are described as follows:
  • Same VTEP

    In VXLAN dual-active access networking, when the same VTEP IP address is configured for the access devices connected to a dual-homed server, the devices encapsulate the same VTEP IP address in VXLAN packets. To other devices on the same VXLAN network, the two devices function as one logical device.

  • Peer-link

    There must be a direct link between two devices where M-LAG is deployed and the link must be a peer-link, which is a protection link.

    After an interface is configured as a peer-link interface, the device automatically creates a QinQ Layer 2 sub-interface for each VNI on the interface. The QinQ Layer 2 sub-interface is used to add the two M-LAG-enabled devices to the corresponding BD of the VNI. Users cannot perform operations on the QinQ sub-interface.

    When traffic enters the peer-link interface, the switch can map IP packets based on the DSCP priority only and map non-IP packets based on the priority configured using the port priority command only.

  • Dynamic Fabric Service (DFS) group

    A DFS group is used for device pairing to ensure correct service packet forwarding in VXLAN dual-active access networking.

  • M-LAG interface

    An M-LAG interface is an Eth-Trunk that is established between two M-LAG-enabled devices and connects to a server.

Working Mechanism of Access-Side M-LAG

The following describes M-LAG protocol packets and their functions.
  • M-LAG negotiation packet

    As shown in Figure 5-5, after the M-LAG configuration is complete, the devices exchange M-LAG negotiation packets over the peer-link to pair with each other. They pair up to form a DFS group before negotiating to determine the master and backup states.

  • M-LAG heartbeat packet

    As shown in Figure 5-5, after completing master/backup negotiation, the devices send M-LAG heartbeat packets over network-side links to detect the status of the remote device.

The following figure describes how devices configured with M-LAG determine the master/backup and link status when the network is normal and faulty.
  • In VXLAN dual-active access networking that is running normally:

    The Eth-Trunk links are both in the Up state, and PE1 and PE2 load balance traffic. Services are isolated unidirectionally on the peer-link and at the M-LAG and network sides to prevent loops on the network.

    Figure 5-6 No fault
  • When the peer-link fails:

    The master and backup states of the devices determine the Eth-Trunk status. The Eth-Trunk on the master device is still Up. The Eth-Trunk on the backup device becomes Down, and the dual-homing networking changes into single-homing networking. If the peer-link fails but the heartbeat status is normal, the M-LAG interface on the backup device enters the Error-Down state. When the peer-link recovers, the physical interface in Error-Down state is restored to the Up state.

    NOTE:

    If a peer-link interface and an M-LAG interface are deployed on the same card, a failure of the peer-link interface will cause the M-LAG interface to fail. In this situation, the Eth-Trunks at both ends become Down, causing a traffic forwarding failure and service interruption. To improve reliability, the peer-link interface and M-LAG interface must be deployed on different cards.

    Figure 5-7 Peer-link failure
  • When the master device fails:

    The backup device becomes the master device and continues forwarding traffic, with its Eth-Trunk still in the Up state. The Eth-Trunk on the master device becomes Down, and dual-homing networking changes into single-homing networking.

    NOTE:

    If the backup device fails, the master and backup states remain unchanged and the Eth-Trunk of the backup device becomes Down. The Eth-Trunk on the master device is still in Up state and continues forwarding traffic, and dual-homing networking changes into single-homing networking.

    Figure 5-8 Master device failure
  • When an Eth-Trunk on the VXLAN network fails:

    The M-LAG master and backup states remain unchanged, and traffic is switched to another Eth-Trunk. The faulty Eth-Trunk becomes Down. M-LAG stops traffic forwarding on the faulty Eth-Trunk, and dual-homing networking changes into single-homing networking.

    Figure 5-9 Eth-Trunk failure
  • When an uplink in an M-LAG fails:

    After traffic is sent to the device with a faulty uplink, the traffic cannot be forwarded. In this scenario, you can configure Monitor Link to monitor the status of uplinks and downlinks, ensuring proper traffic forwarding. If an uplink fails, the corresponding downlink goes Down so that traffic can be switched to another link for forwarding.

    Figure 5-10 Uplink failure

Packet Forwarding Process in VXLAN Dual-Active Access Networking

In VXLAN dual-active access networking, the same VTEP address is manually configured on Device1 and Device2 so that Device1 and Device2 encapsulate the same VTEP address in VXLAN packets.

As shown in Figure 5-5, a peer-link is deployed between Device1 and Device2, and the two devices use the same VTEP address. Server2, Device1, and Device2 constitute VXLAN dual-active access networking. VXLAN protocol processes traffic of different types and from different directions differently.

  • Unicast traffic from a dual-active interface

    Device1 and Device2 work in load balancing mode to forward traffic together.
    NOTE:

    Numbers 1 and 2 in the figure represent different types of traffic.

    Figure 5-11 Unicast traffic from a dual-active interface

  • BUM traffic from a dual-active interface

    BUM traffic from Server2 is load balanced between Device1 and Device2. The following uses the forwarding process on Device1 as an example.

    After receiving BUM traffic, Device1 forwards the BUM traffic to Device2 through the peer-link, encapsulates the traffic, and transmits the encapsulated traffic to the next hop on the network side. When the traffic arrives at Device2, Device2 forwards the traffic only to Server3 but not to Server2 or the VXLAN network side according to the unidirectional isolation mechanism.

    Figure 5-12 BUM traffic from a dual-active interface

  • Unicast traffic from the VXLAN network

    If unicast traffic is sent to a dual-active interface, the traffic is encapsulated with the same VTEP address and load balanced between Device1 and Device2, which then forward the traffic to the attached dual-homed device.

    Figure 5-13 Unicast traffic from the VXLAN network

  • BUM traffic from the VXLAN network

    The BUM traffic that is sent to a dual-active interface and encapsulated with the same VTEP address is load balanced between Device1 and Device2. The following uses Device1 as an example.

    Device1 decapsulates and forwards the traffic to each user-side interface. Because the peer-link is isolated from the backup interface, traffic arriving at Device2 is not forwarded to Server2, avoiding routing loops.

    Figure 5-14 BUM traffic from the VXLAN network

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 24898

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next