No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Distributed VXLAN Gateway Deployment Using MP-BGP

Distributed VXLAN Gateway Deployment Using MP-BGP

NOTE:
The CE12800E switches do not support distributed VXLAN gateway deployment using MP-BGP.

In distributed VXLAN gateway deployment using Multi-protocol Extensions for Border Gateway Protocol (MP-BGP), the control plane is responsible for VXLAN tunnel establishment and dynamic MAC address learning; the forwarding plane is responsible for intra-subnet known unicast packet forwarding, intra-subnet BUM packet forwarding, and inter-subnet packet forwarding. This deployment mode provides only simple functions, because MP-BGP supports only IP route advertisement, not MAC address advertisement. If ARP broadcast suppression is required, EVN is needed. If distributed VXLAN gateways are needed, deploying distributed VXLAN gateways using BGP EVPN is recommended.

This function is only supported for IPv4 over IPv4 networks but not for other combinations of underlay and overlay networks.

VXLAN Tunnel Establishment

A VXLAN tunnel is identified by a pair of VTEP IP addresses. During dynamic VXLAN tunnel establishment, the local and remote VTEPs attempt to obtain the IP addresses of each other. A dynamic VXLAN tunnel can be established if the IP addresses obtained are reachable at Layer 3.

In distributed VXLAN gateway scenarios, leaf nodes, which can function as both Layer 2 and Layer 3 VXLAN gateways, are used as VTEPs to establish VXLAN tunnels. Spine nodes are unaware of the VXLAN tunnels and only forward VXLAN packets between different leaf nodes. On the network shown in Figure 4-37, a VXLAN tunnel is established between Leaf 1 and Leaf 2 for communication between Host 1 and Host 2 and between Host 3 and Host 2. Host 1 and Host 3 both connect to Leaf 1, and therefore communication between Host 1 and Host 3 is allowed through Leaf 1, but not the VXLAN tunnel.

Figure 4-37 VXLAN tunnel networking

When MP-BGP is used to dynamically establish a VXLAN tunnel, the local and remote VTEPs first establish a BGP VPNv4 peer relationship and then exchange BGP VPNv4 routes to transmit VNIs and VTEPs' IP addresses. Intra-subnet communication requires only Layer 2 forwarding. Therefore, the leaf nodes do not need to learn host IP routes or have L3VPN instances and BGP VPNv4 peers configured. In this scenario, VXLAN tunnels can be established in static mode. Inter-subnet communication requires Layer 3 forwarding, and therefore MP-BGP can be used to dynamically establish VXLAN tunnels.

NOTE:

MP-BGP is a multi-protocol extension of BGP-4. Legacy BGP-4 can manage IPv4 routes but not the routes of VPNs with overlapping address space. To correctly process VPN routes, MP-BGP defined in RFC supports multiple network protocols and uses the address family to differentiate network layer protocols. An address family can be an IPv4 address family or BGP VPNv4 address family. When VXLAN tunnels are dynamically established using MP-BGP, they are actually established over BGP VPNv4 routes.

Intra-subnet communication

On the network shown in Figure 4-37, to allow Host 3 and Host 2 to communicate, Layer 2 VNIs and an ingress replication list must be configured on Leaf 1 and Leaf 2. The peer VTEPs' IP addresses must be specified in the ingress replication list. A VXLAN tunnel can be established between Leaf 1 and Leaf 2 if they have Layer 3 routes to the IP addresses of the VTEPs of each other.

Inter-subnet communication

On the network shown in Figure 4-38, Host 1 and Host 2 reside on different subnets. Leaf 1 and Leaf 2 function only as Layer 3 VXLAN gateways and use MP-BGP to establish a VXLAN tunnel. The process is as follows:

Figure 4-38 Dynamic VXLAN tunnel establishment
  1. Layer 2 BDs are created on Leaf 1 and Leaf 2 and bound to Layer 2 VNIs.

  2. An L3VPN instance is configured on Leaf 1 and Leaf 2, and an RD, export VPN targets, and import VPN targets are configured for the L3VPN instance. Leaf 1 and Leaf 2 establish a BGP VPNv4 peer relationship. Because inter-subnet communication requires Layer 3 forwarding, the leaf nodes must learn the host IP routes and store them in the local IP routing table. To differentiate and isolate IP routing tables of different tenants, L3VPN instances are bound to VBDIF interfaces of the Layer 2 BDs. This configuration allows tenants' IP routes to be stored in the corresponding L3VPN routing table. An L3VPN instance must be associated with a Layer 3 VNI for the leaf node to determine the L3VPN routing table for forwarding data packets.

  3. Leaf 1 generates a direct route to Host 1's IP address. Then, Leaf 1 has an L3VPN instance configured to import the direct route, so that Host 1's IP route is saved to the routing table of the L3VPN instance and the Layer 3 VNI associated with the L3VPN instance is added. Figure 4-39 shows the host IP route.

    Figure 4-39 Local host IP route
    NOTE:

    If network segment route advertisement is required, use a dynamic routing protocol, such as OSPF. Then, configure an L3VPN instance to import the routes of the dynamic routing protocol.

  4. Leaf 1 generates and sends a BGP VPNv4 route in the L3VPN instance to Leaf 2. This route carries the extended BGP remote-nexthop attribute, L3VPN instance's RD and export VPN targets, and destination IP address prefix. The destination IP address prefix identifies Host 1's host IP address; the remote-nexthop attribute carries the VXLAN tunnel type, VXLAN tunnel's destination IP address (Leaf 1's VTEP IP address), Layer 3 VNI, and gateway MAC address. Figure 4-40 shows the format of the remote-nexthop attribute.

    Figure 4-40 Format of the remote-nexthop attribute
  5. After Leaf 2 receives a BGP VPNv4 route from Leaf 1, Leaf 2 matches the export VPN targets of the route against the import VPN targets of the local L3VPN instance. If a match is found, the route is accepted. If no match is found, the route is discarded. If the route is accepted, Leaf 2 obtains Leaf 1's VTEP IP address from the remote-nexthop attribute. If the VTEP IP address is reachable at Layer 3, a VXLAN tunnel to Leaf 1 is established.

  6. Leaf 2 obtains Host 1's IP address and Layer 3 VNI, stores Host 1's IP route in the routing table of the L3VPN instance, and sets the next hop's iterated outbound interface to the VXLAN tunnel interface. Figure 4-41 shows the host IP route.

    Figure 4-41 Remote host IP route

Leaf 1 establishes a VXLAN tunnel to Leaf 2 in the same process.

Dynamic MAC Address Learning

VXLAN supports dynamic MAC address learning to allow communication between tenants. MAC address entries are dynamically created and do not need to be manually maintained, greatly reducing maintenance workload. In distributed VXLAN gateway scenarios, inter-subnet communication requires Layer 3 forwarding; MAC address learning is implemented using ARP between the local host and gateway. The following example illustrates dynamic MAC address learning for intra-subnet communication on the network shown in Figure 4-42.

Figure 4-42 Dynamic MAC address learning
  1. Host 3 sends an ARP request for Host 2's MAC address. The ARP request carries the source MAC address being MAC3, destination MAC address being all Fs, source IP address being IP3, and destination IP address being IP2.

  2. Upon receipt of the ARP request, Leaf 1 determines that the Layer 2 sub-interface receiving the ARP request belongs to a BD that has been bound to a VNI (20), meaning that the ARP request packet must be transmitted over the VXLAN tunnel identified by VNI 20. Leaf 1 then learns the mapping between Host 3's MAC address, BDID (Layer 2 broadcast domain ID), and inbound interface (Port1 for the Layer 2 sub-interface) that has received the ARP request and generates a MAC address entry.

  3. Leaf 1 then performs VXLAN encapsulation on the ARP request, with the VNI being the one bound to the BD, source IP address in the outer IP header being the VTEP's IP address of Leaf 1, destination IP address in the outer IP header being the VTEP's IP address of Leaf 2, source MAC address in the outer Ethernet header being NVE1's MAC address of Leaf 1, and destination MAC address in the outer Ethernet header being the MAC address of the next hop pointing to the destination IP address. Figure 4-43 shows the VXLAN packet format. The VXLAN packet is then transmitted over the IP network based on the IP and MAC addresses in the outer headers and finally reaches Leaf 2.

    Figure 4-43 VXLAN packet format
  4. After Leaf 2 receives the VXLAN packet, it decapsulates the packet and obtains the ARP request originated from Host 3. Leaf 2 then learns the mapping between Host 3's MAC address, BDID, and VTEP's IP address of Leaf 1 and generates a MAC address entry.

  5. Leaf 2 broadcasts the ARP request in the Layer 2 domain. Upon receipt of the ARP request, Host 2 finds that the destination IP address is its own IP address and generates a MAC address entry. Host 2 then responds with an ARP reply.

So far, Host 2 has learned Host 3's MAC address. Therefore, Host 2 responds with a unicast ARP reply. The ARP reply is transmitted to Host 3 in the same manner. After Host 2 and Host 3 learn the MAC address of each other, they will subsequently communicate with each other in unicast mode.

Intra-Subnet Known Unicast Packet Forwarding

Intra-subnet known unicast packets are forwarded only through Layer 2 VXLAN gateways and are unknown to Layer 3 VXLAN gateways. Figure 4-44 shows the intra-subnet known unicast packet forwarding process.

Figure 4-44 Intra-subnet known unicast packet forwarding
  1. After Leaf 1 receives Host 3's packet, it determines the Layer 2 BD of the packet based on the access interface and VLAN information and searches for the outbound interface and encapsulation information in the BD.
  2. Leaf 1's VTEP performs VXLAN encapsulation based on the encapsulation information obtained and forwards the packets through the outbound interface obtained.
  3. Upon receipt of the VXLAN packet, Leaf 2's VTEP verifies the VXLAN packet based on the UDP destination port number, source and destination IP addresses, and VNI. Leaf 2 obtains the Layer 2 BD based on the VNI and performs VXLAN decapsulation to obtain the inner Layer 2 packet.
  4. Leaf 2 obtains the destination MAC address of the inner Layer 2 packet, adds VLAN tags to the packets based on the outbound interface and encapsulation information in the local MAC address table, and forwards the packets to Host 2.

Host 2 sends packets to Host 3 in the same manner.

Intra-Subnet BUM Packet Forwarding

Intra-subnet BUM packets are forwarded only through Layer 2 VXLAN gateways and are unknown to Layer 3 VXLAN gateways. An ingress replication list must be configured for forwarding BUM packets when a VXLAN tunnel is created. When a BUM packet enters a VXLAN tunnel, the ingress VTEP uses ingress replication to perform VXLAN encapsulation. When the BUM packet leaves the VXLAN tunnel, the egress VTEP decapsulates the BUM packet. Figure 4-45 shows the BUM packet forwarding process.
NOTE:

Ingress replication: After an interface receives BUM packets, the local VTEP obtains a list of VTEPs on the same VXLAN segment as itself through the control plane and sends a copy of the BUM packets to every VTEP in the list. Ingress replication allows BUM packets to be transmitted in broadcast mode, independent of multicast routing protocols.

Figure 4-45 Intra-subnet BUM packet forwarding
  1. After Leaf 1 receives a packet from Terminal A, it determines the Layer 2 BD of the packet based on the access interface and VLAN information.
  2. Leaf 1's VTEP obtains the ingress replication list for the VNI, replicates the packet based on the list, and performs VXLAN encapsulation by adding outer headers. Leaf 1 then forwards the VXLAN packet through the outbound interface.
  3. Upon receipt of the VXLAN packet, Leaf 2's VTEP and Leaf 3's VTEP verify the VXLAN packet based on the UDP destination port number, source and destination IP addresses, and VNI. Leaf 2/Leaf 3 obtains the Layer 2 BD based on the VNI and performs VXLAN decapsulation to obtain the inner Layer 2 packets.
  4. Leaf 2/Leaf 3 checks the destination MAC address of the inner Layer 2 packet and finds it a BUM MAC address. Therefore, Leaf 2/Leaf 3 broadcasts the packet onto the network connected to the terminals (not the VXLAN tunnel side) in the Layer 2 BD. Specifically, Leaf 2/Leaf 3 finds the outbound interface and encapsulation information not related to the VXLAN tunnel, adds VLAN tags to the packets, and forwards the packets to Terminal B/Terminal C.
NOTE:

Terminal B/Terminal C responds to Terminal A in the same process as intra-subnet known unicast packet forwarding.

Inter-Subnet Packet Forwarding

Inter-subnet packets must be forwarded through a Layer 3 gateway. Figure 4-46 shows the inter-subnet packet forwarding process in distributed VXLAN gateway scenarios.

Figure 4-46 Inter-subnet packet forwarding
  1. After Leaf 1 receives a packet from Host 1, it finds that the destination MAC address of the packet is a gateway MAC address so that the packet must be forwarded at Layer 3.
  2. Leaf 1 determines the Layer 2 BD of the packet based on the inbound interface and accordingly finds the L3VPN instance bound to the VBDIF interface of the Layer 2 BD based on the destination IP address of the packet. Leaf 1 then searches the L3VPN routing table, obtains the Layer 3 VNI and next hop address of the host route, and finds that the iterated outbound interface is a VXLAN tunnel interface. Figure 4-47 shows the host route in the L3VPN routing table.
    Figure 4-47 Host route in the L3VPN routing table
    Because the packet must be transmitted over a VXLAN tunnel, Leaf 1 performs VXLAN encapsulation as follows:
    • Obtains the MAC address based on the VXLAN tunnel's source and destination IP addresses and replace the source and destination MAC addresses in the inner Ethernet header.
    • Encapsulates the packet with the Layer 3 VNI.
    • Encapsulates the VXLAN tunnels' source and destination IP addresses in the outer IP header, and Leaf 1's NVE1 MAC address as the source MAC address and MAC address of the next hop pointing to the destination IP address as the destination MAC address in the outer Ethernet header.
  3. The VXLAN packet is then transmitted over the IP network based on the IP and MAC addresses in the outer headers and finally reaches Leaf 2.
  4. After Leaf 2 receives the VXLAN packet, it decapsulates the packet and finds that the destination MAC address is its own MAC address so that the packet must be forwarded at Layer 3.
  5. Leaf 2 determines the L3VPN instance bound to the Layer 3 VNI of the packet, searches the L3VPN routing table, and finds the next hop being the gateway IP address. Leaf 2 replaces the destination MAC address with Host 2's MAC address (MAC2) and source MAC address with Leaf 2's MAC address and sends the packet to Host 2. Figure 4-48 shows the host route in the L3VPN routing table.
    Figure 4-48 Host route in the L3VPN routing table

The packet forwarding process from Host 2 to Host 1 is similar.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 25568

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next