No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Concepts of VXLANs

Basic Concepts of VXLANs

Virtual extensible local area network (VXLAN) is an NVO3 network virtualization technology that encapsulates data packets sent from virtual machines (VMs) into UDP packets and encapsulates IP and MAC addresses used on the physical network in outer headers before sending the packets over an IP network. The egress tunnel endpoint then decapsulates and sends the packets to the destination VM.

Figure 3-1 VXLAN architecture

VXLAN allows a virtual network to provide access services to a large number of tenants. Tenants are able to plan their own virtual networks, not limited by physical network IP addresses or broadcast domains. This greatly simplifies network management. Table 3-1 describes VXLAN concepts.

Table 3-1 VXLAN concepts

Concept

Description

Underlay and overlay networks

VXLAN allows virtual Layer 2 or Layer 3 networks (overlay networks) to be built over existing physical networks (underlay networks). Overlay networks use encapsulation technologies to transmit tenant packets between sites over Layer 3 forwarding paths provided by underlay networks. Tenants are aware of only overlay networks.

Network virtualization edge (NVE)

A network entity that is deployed at the network edge and implements network virtualization functions.

NOTE:

vSwitches on devices and servers can function as NVEs.

There are three NVE deployment modes, which are used according to the locations of NVE deployment:
  • Hardware mode: All NVEs are deployed on NVE-capable devices, which perform VXLAN encapsulation and decapsulation.

  • Software mode: All NVEs are deployed on vSwitches, which perform VXLAN encapsulation and decapsulation.

  • Hybrid mode: Some NVEs are deployed on vSwitches, and others on NVE-capable devices. Both vSwitches and NVE-capable devices may perform VXLAN encapsulation and decapsulation.

VXLAN tunnel endpoint (VTEP)

A VXLAN tunnel endpoint that encapsulates and decapsulates VXLAN packets. It is represented by an NVE on the controller.

A VTEP connects to a physical network and is assigned a physical network IP address, which is irrelevant to virtual networks.

In VXLAN packets, the source IP address is the local node's VTEP address, and the destination IP address is the remote node's VTEP address. This pair of VTEP addresses corresponds to a VXLAN tunnel.

VXLAN network identifier (VNI)

A VXLAN segment identifier similar to a VLAN ID. VMs on different VXLAN segments cannot communicate directly at Layer 2.

A VNI identifies only one tenant. Even if multiple end users belong to the same VNI, they are considered one tenant. A VNI consists of 24 bits and supports a maximum of 16M tenants.

In distributed VXLAN gateway scenarios, a VNI can be a Layer 2 or Layer 3 VNI.
  • A Layer 2 VNI is mapped to a BD in 1:1 mode for intra-segment transmission of VXLAN packets.
  • A Layer 3 VNI is bound to a VPN instance for inter-segment transmission of VXLAN packets.

Bridge domain (BD)

A Layer 2 broadcast domain through which VXLAN data packets are forwarded.

VNIs identifying VNs must be mapped to BDs in 1:1 mode so that the BDs can function as entities that transmit VXLAN traffic on a VXLAN network.

VBDIF interface

A Layer 3 logical interface created for a BD. Configuring IP addresses for VBDIF interfaces allows communication between VXLANs on different network segments and between VXLANs and non-VXLANs and implements Layer 2 network access to a Layer 3 network.

Virtual access point (VAP)

A VXLAN service access point that can be a Layer 2 sub-interface or VLAN.
  • If a Layer 2 sub-interface is used as a service access point, it can have different encapsulation types configured to transmit various types of data packets. After a Layer 2 sub-interface is added to a BD, the sub-interface can transmit data packets through this BD.
  • If a VLAN is used as a service access point, it can be bound to a BD for data packets in the VLAN to be transmitted through this BD.
Gateway

A device that ensures communication between VXLANs identified by different VNIs and between VXLANs and non-VXLANs.

A VXLAN gateway can be a Layer 2 or Layer 3 gateway.
  • Layer 2 gateway: allows tenants to access VXLANs and intra-segment communication on a VXLAN.

  • Layer 3 gateway: allows inter-segment VXLAN communication and access to external networks.

Traffic Encapsulation Types

When a Layer 2 sub-interface is used as a service access point, different encapsulation types can be configured for the sub-interface to transmit various types of data packets. After a Layer 2 sub-interface is added to a BD, the sub-interface can transmit data packets through this BD. Table 3-2 describes the different encapsulation types.
Table 3-2 Traffic encapsulation types

Traffic Encapsulation Type

Description

dot1q

If a Dot1q sub-interface receives a single-tagged VLAN packet, the sub-interface forwards only the packet with a specified VLAN ID. If a Dot1q sub-interface receives a double-tagged VLAN packet, the sub-interface forwards only the packet with a specified outer VLAN ID.

  • When performing VXLAN encapsulation on packets, a Dot1q Layer 2 sub-interface removes the outer tags of the packets.
  • When performing VXLAN decapsulation on packets, a Dot1q Layer 2 sub-interface adds specified VLAN tags to the packets.
When setting the encapsulation type to dot1q for a Layer 2 sub-interface, note the following:
  • The VLAN IDs specified for the Layer 2 sub-interface cannot be the same as either the VLAN IDs of packets allowed to pass through the corresponding Layer 2 interfaces or the MUX VLAN IDs.
  • Layer 2 and Layer 3 sub-interfaces cannot have the same VLAN IDs specified.

untag

An untagged Layer 2 sub-interface receives only packets that do not carry VLAN tags.

  • When performing VXLAN encapsulation on packets, an untagged Layer 2 sub-interface does not add any VLAN tag to the packets.
  • When performing VXLAN decapsulation on packets, an untagged Layer 2 sub-interface removes the VLAN tags of single-tagged inner packets or the outer VLAN tags of double-tagged inner packets.
When setting the encapsulation type to untag for a Layer 2 sub-interface, note the following:
  • Ensure that the corresponding physical interface of the Layer 2 sub-interface does not have any configuration, and is removed from the default VLAN.
  • Untagged Layer 2 sub-interfaces can be configured only for Layer 2 physical interfaces and Eth-Trunk interfaces.
  • An interface can have only one untagged Layer 2 sub-interface configured.

qinq

A QinQ sub-interface receives only tagged packets with specified inner and outer VLAN tags.

  • When performing VXLAN encapsulation on packets, a QinQ sub-interface removes two VLAN tags from packets if the action of the Layer 2 sub-interface is set to removing two VLAN tags and maintains the VLAN tags of packets if the action of the Layer 2 sub-interface is not set to removing two VLAN tags.
  • When performing VXLAN decapsulation on packets, a QinQ sub-interface adds two specific VLAN tags to packets if the action of the Layer 2 sub-interface is set to removing two VLAN tags and maintain the VLAN tags of packets if the action of the Layer 2 sub-interface is not set to removing two VLAN tags.
When a Layer 2 sub-interface with the encapsulation type of default or QinQ transparent transmission (without the rewrite pop double command) is bound to a BD, this BD does not support IGMP snooping, DHCP snooping, VBDIF interfaces, or ARP broadcast suppression.
NOTE:

The traffic behavior for QinQ interfaces bound to the same BD must be the same. In a VXLAN networking, the traffic behavior for different devices' QinQ interfaces bound to the same BD must be the same.

If a QinQ Layer 2 sub-interface have an outer VLAN ID range or inner VLAN ID range, the rewrite pop double command cannot be configured on the interface.

The outer VLAN encapsulated for a Layer 2 QinQ sub-interface cannot be the same as the default VLAN and allowed VLAN of the corresponding Layer 2 main interface.

default

A default Layer 2 sub-interface receives all packets, irrespective of whether the packets carry VLAN tags.

When performing VXLAN encapsulation and decapsulation on packets, a default Layer 2 sub-interface does not process VLAN tags of the packets.

When setting the encapsulation type to default for a Layer 2 sub-interface, note the following:
  • Ensure that the interface for the Layer 2 sub-interface is not added to any VLAN.
  • Default Layer 2 sub-interfaces can be configured only for Layer 2 physical interfaces and Eth-Trunk interfaces.
  • If a default Layer 2 sub-interface is created for an interface, the interface cannot have other types of Layer 2 sub-interfaces configured.
NOTE:
When a sub-interface that is configured with dot1q and QinQ receives double-tagged VLAN packets, the QinQ sub-interface preferentially processes the packets. For example, if a dot1q and QinQ sub-interface carries the VLAN ID of 10 for dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of 20, the QinQ sub-interface preferentially processes the packet. If a dot1q and QinQ sub-interface carries the VLAN ID of 10 for dot1q and outer VLAN ID of 10 and inner VLAN ID of 20 for QinQ and receives a packet with the outer VLAN ID of 10 and inner VLAN ID of non-20, the dot1q sub-interface preferentially processes the packet.
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 24934

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next