No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using VXLAN to Implement DCI

Using VXLAN to Implement DCI

To meet the requirements of geographical redundancy, inter-regional operations, and user access, an increasing number of enterprises are deploying data centers (DCs) across multiple regions. Data Center Interconnect (DCI) is a solution that enables intercommunication between the VMs of multiple DCs. Using technologies such as VXLAN and BGP EVPN, DCI securely and reliably transmits DC packets over carrier networks. With DCI, intercommunication between the VMs of multiple DCs is possible regardless of whether these VMs reside on the same VLAN.

Three DCI solutions are currently available: end-to-end VXLAN, VLAN hand-off, and segment VXLAN. These solutions are described in the following table.
Table 5-1 DCI interconnection solutions

Solution

Scenario

Functionality

Advantage

Disadvantage

Using End-to-End VXLAN to Implement DCI

One end-to-end VXLAN tunnel is established between two DCs.

This solution is recommended for small-scale DCs.

NOTE:

This solution is only supported for IPv4 over IPv4 and IPv6 over IPv4 networks.

  • Layer 2 interconnection is implemented between VMs on the same subnet.
  • Layer 3 interconnection is implemented between VMs on different subnets.
  • The VXLAN tunnel is logically created within a DC and is easy to configure and maintain.
  • DCI devices are not required to maintain tenant MAC or IP address information.
  • The VNI and the routing protocols used in all DCs must be identical.
  • The VXLAN settings, including tenant MAC addresses, IP routing information, and RTs, for different DCs must be planned uniformly.
Using VLAN Hand-off to Implement DCI

One VXLAN tunnel is established in each DC. One VXLAN tunnel is also established between the DCI-VTEPs. Leaf nodes deployed on the edge of the DC network provide VLAN access for services. DCI-VTEPs process these services and send them to the peer DC.

This solution is recommended for large-scale, modular DCs.

NOTE:

This solution is only supported for IPv4 over IPv4 and IPv6 over IPv4 networks.

Layer 2 interconnection is implemented between VMs on the same subnet.

  • The routing protocols running in different DCs are independent. DCs are not required to use the same protocols.
  • VXLAN can encapsulate different information in different DCs. The solution is architecture-agnostic and allows interconnection between heterogeneous DCs.
  • It is not necessary to orchestrate information between DCs.
  • Bandwidth, policy, and broadcast storm control can be conveniently performed at the DCI ingress.
  • Performance requirements on DCI devices are high. DCI devices are required to maintain tenant MAC and IP address information.
  • Inter-DC communication is possible only for services on the same subnet.
Using Segment VXLAN to Implement DCI

One VXLAN tunnel segment is established in each of the two DCs. One VXLAN tunnel segment is also established between the DCs.

This solution is recommended for large-scale, modular DCs.

NOTE:

This solution is only supported for IPv4 over IPv4 networks.

Layer 3 interconnection is implemented between VMs on different subnets.

This section describes the Layer 3 intercommunication scenario. For details about the Layer 2 intercommunication scenario, see Using Segment VXLAN to Implement Layer 2 Interconnection Between DCs.

  • The routing protocols running in different DCs are independent. DCs are not required to use the same protocols.
  • VXLAN can encapsulate different information in different DCs. The solution is architecture-agnostic and allows interconnection between heterogeneous DCs.
  • It is not necessary to orchestrate information between DCs.
  • The solution uses Layer 3 interconnection, which reduces Layer 2 flooding and prevents broadcast storms in one DC from affecting other DCs.
  • Performance requirements on DCI devices are high. DCI devices are required to maintain tenant MAC or IP address information.
  • It is necessary to maintain multiple VXLAN tunnel segments, which increases the complexity of O&M.

Using End-to-End VXLAN to Implement DCI

End-to-end VXLAN establishes one end-to-end VXLAN tunnel between two DCs. As shown in Figure 5-17, BGP EVPN transmits MAC or host routing information between Leaf 1 in DC A and Leaf 4 in DC B. The next hop of the MAC or host route is not changed during transmission. This process establishes an end-to-end tunnel between the VTEPs on Leaf 1 and Leaf 4. The following uses VMa1 and VMb2 in Figure 5-17 as an example to describe the process of establishing a VXLAN tunnel and forwarding data packets within a subnet.

Figure 5-17 Using end-to-end VXLAN to implement DCI

Control Plane

  1. Leaf 1 learns the information of host VMa1, generates a BGP EVPN route, and sends it to Leaf 2. This BGP EVPN route carries the export VPN target of the local EVPN instance, and its next hop is the VTEP address on Leaf 1.
  2. Upon receipt of the BGP EVPN route, Leaf 2 sends it to Leaf 3 without changing the next hop of the route.
  3. Upon receipt of the BGP EVPN route, Leaf 3 sends it to Leaf 4 without changing the next hop of the route.
  4. Upon receipt of the BGP EVPN route, Leaf 4 checks the export VPN target of the EVPN instance that it carries. If the export VPN target carried by the route is the same as the import VPN target of the local EVPN instance, Leaf 4 accepts the route. If not, Leaf 4 discards the route. After accepting the BGP EVPN route, Leaf 4 obtains the next hop of the route, which is the VTEP address of Leaf 1. Leaf 4 then establishes a VXLAN tunnel to Leaf 1 according to the process described in VXLAN Tunnel Establishment.
NOTE:

The process of establishing a VXLAN tunnel across different subnets is not described in this section. For details, see VXLAN Tunnel Establishment.

Data Packet Forwarding

End-to-end VXLAN supports inter-subnet packet forwarding as well as the forwarding of known unicast packets and BUM packets on the same subnet. The data packet forwarding process in end-to-end VXLAN is the same as that shown in Distributed VXLAN Gateway Deployment Using BGP EVPN and is therefore not described here.

Using VLAN Hand-off to Implement DCI

VLAN hand-off establishes one VXLAN tunnel in each DC and another tunnel between the DCI-VTEPs. Leaf nodes deployed on the edge of the DC network can access the DCI-VTEPs through Layer 2 sub-interface. As shown in Figure 5-18, BGP EVPN is configured to establish VXLAN tunnels in both DC A and DC B so that the VMs deployed in each DC can communicate with each other. Through Layer 2 sub-interfaces, Leaf 2 accesses DCI-VTEP 1 and Leaf 3 accesses DCI-VTEP 2. EVPN is configured to establish a VXLAN tunnel between DCI-VTEP 1 and DCI-VTEP 2 so that the VMs can communicate across DCs. Leaf 2 and Leaf 3 decapsulate the VXLAN packets they receive from DCs and send them to a DCI-VTEP. The DCI-VTEP receives these packets, re-encapsulates them into VXLAN packets, and then sends them to the peer DCI-VTEP. This process allows VXLAN tunnels to provide end-to-end bearing for inter-DC packets and ensures that the VMs in different DCs can communicate with each other.

Figure 5-18 Using VLAN hand-off to implement DCI

Control Plane

The process for advertising the routes of the VXLAN tunnels configured between Leaf 1 and Leaf 2 in DC A, between Leaf 3 and Leaf 4 in DC B, and between DCI-VTEP 1 and DCI-VTEP 2 is the same as that shown in VXLAN Tunnel Establishment and is therefore not described here.

Forwarding Plane

VLAN hand-off supports the forwarding of known unicast packets and BUM packets on the same subnet. The following uses the forwarding of known unicast packets within a subnet as an example. The process for forwarding BUM packets is not described in this section.

NOTE:

For details about BUM packet forwarding, see BUM Packet Forwarding Within a Subnet.

  1. After receiving Layer 2 packets from VMa1 in DC A that are destined for VMb2 in DC B, Leaf 1 obtains the corresponding Layer 2 broadcast domain from the VLAN information in the packets and the port that they access. Leaf 1 determines the outbound interface and encapsulation information for that broadcast domain, and accordingly encapsulates the received packets into VXLAN packets and forwards them through the outbound interface.
  2. As shown in Figure 5-19, Leaf 2 receives VXLAN packets from Leaf 1 in DC A and determines the validity of these packets based on the destination UDP port, source and destination IP address, and VNI. Leaf 2 then decapsulates the packets based on their VNI or Layer 2 broadcast domain to obtain the Layer 2 packets inside them. Leaf 2 searches the MAC address table of the corresponding Layer 2 broadcast domain for the destination MAC address contained inside these packets and obtains the appropriate outbound interface and VLAN encapsulation information for them. Finally, Leaf 2 encapsulates the VLAN packets using the VLAN information obtained and sends them through the outbound interface NVE2.
    Figure 5-19 Forwarding data packets within a subnet (1)
  3. As shown in Figure 5-19, DCI-VTEP 1 receives VLAN packets and obtains the corresponding Layer 2 broadcast domain from the VLAN information in the packets and the port that they access. DCI-VTEP 1 determines the outbound interface and encapsulation information for that broadcast domain, and accordingly encapsulates the packets into VXLAN packets and forwards them through the outbound interface.
  4. As shown in Figure 5-20, DCI-VTEP 2 receives these VXLAN packets and determines their validity based on the destination UDP port, source and destination IP address, and VNI. DCI-VTEP 2 then decapsulates the packets based on the Layer 2 broadcast domain obtained based on the VNI. After obtaining the Layer 2 packets inside these VXLAN packets, DCI-VTEP 2 searches the MAC address table of the corresponding Layer 2 broadcast domain for the destination MAC address contained inside these packets and obtains the appropriate outbound interface and VLAN encapsulation information for them. Finally, DCI-VTEP 2 encapsulates the VLAN packets using the VLAN information obtained and sends them through the outbound interface NVE4.
    Figure 5-20 Forwarding data packets within a subnet (2)
  5. As shown in Figure 5-20, Leaf 3 receives VLAN packets and obtains the corresponding Layer 2 broadcast domain from the VLAN information in the packets and their inbound interface. Leaf 3 determines the outbound interface and encapsulation information for that broadcast domain, and accordingly encapsulates the packets into VXLAN packets and forwards them through the outbound interface.
  6. Leaf 4 receives VXLAN packets and determines their validity based on the destination UDP port, source and destination IP address, and VNI. Leaf 4 then decapsulates the packets based on the Layer 2 broadcast domain obtained based on the VNI. After obtaining the Layer 2 packets inside these VXLAN packets, Leaf 4 searches the local MAC address table for the destination MAC address contained inside these packets and obtains the appropriate outbound interface and encapsulation information for them. Finally, Leaf 4 adds VLAN tags to the packets and forwards them to VMb2 in DC B, which is connected to Leaf 4.

Using Segment VXLAN to Implement DCI

Segment VXLAN establishes one VXLAN tunnel segment in each of the two DCs and also establishes one VXLAN tunnel segment between the DCs. As shown in Figure 5-21, BGP EVPN is used to create VXLAN tunnels in distributed gateway mode within both DC A and DC B so that the VMs deployed in each DC can communicate with each other. Leaf 2 and Leaf 3 are the edge devices within the DCs that connect to the backbone network. BGP EVPN is used to configure VXLAN tunnels on Leaf 2 and Leaf 3 so that the VXLAN packets received by one DC can be decapsulated, re-encapsulated, and sent to the peer DC. This process provides end-to-end bearing for inter-DC VXLAN packets and ensures that VMs in different DCs can communicate with each other.

Figure 5-21 Using segment VXLAN to implement DCI

Control Plane

The following describes how segment VXLAN tunnels are established.

NOTE:

The process of advertising routes on Leaf 1 and Leaf 4 is not described in this section. For details, see VXLAN Tunnel Establishment.

  1. Leaf 4 learns the IP address of VMb2 in DC B and saves it to the routing table for the L3VPN instance. Leaf 4 then sends a BGP EVPN route to Leaf 3.
  2. As shown in Figure 5-22, Leaf 3 receives the BGP EVPN route and obtains the host IP route contained in it. Leaf 3 then establishes a VXLAN tunnel to Leaf 4 according to the process described in VXLAN Tunnel Establishment. It sets the next hop of the route to the VTEP address of Leaf 3, re-encapsulates the route with the Layer 3 VNI of the L3VPN instance, and sets its source MAC address to the MAC address of Leaf 3. Finally, Leaf 4 sends the re-encapsulated BGP EVPN route to Leaf 2.
    Figure 5-22 Control plane
  3. Leaf 2 receives the BGP EVPN route and obtains the host IP route contained in it. Leaf 2 then establishes a VXLAN tunnel to Leaf 3 according to the process described in VXLAN Tunnel Establishment. It sets the next hop of the route to the VTEP address of Leaf 2, re-encapsulates the route with the Layer 3 VNI of the L3VPN instance, and sets its source MAC address to the MAC address of Leaf 2. Finally, Leaf 2 sends the re-encapsulated BGP EVPN route to Leaf 1.
  4. Leaf 1 receives the BGP EVPN route and establishes a VXLAN tunnel to Leaf 2 according to the process described in VXLAN Tunnel Establishment.

Data Packet Forwarding

NOTE:

A general overview of the packet forwarding process on Leaf 1 and Leaf 4 is provided as follows. For additional information, see Inter-Subnet Packet Forwarding.

  1. Leaf 1 receives Layer 2 packets destined for VMb2 from VMa1 and determines that the destination MAC addresses in these packets are all gateway interface MAC addresses. Leaf 1 terminates the Layer 2 packets and finds the L3VPN instance corresponding to the VBDIF interface through which VMa1 accessed the bridge domain. Leaf 1 then searches the L3VPN instance routing table for the VMb2 host route, encapsulates the received packets as VXLAN packets, and sends them to Leaf 2 over the VXLAN tunnel.
  2. As shown in Figure 5-23, Leaf 2 receives and parses these VXLAN packets. Leaf 2 finds the L3VPN instance corresponding to the Layer 3 VNI of the packets and then searches the L3VPN instance routing table for the VMb2 host route. Leaf 2 re-encapsulates these VXLAN packets, and sends these packets to Leaf 3.
    Figure 5-23 Data packet forwarding
  3. As shown in Figure 5-23, Leaf 3 receives and parses these VXLAN packets. Leaf 3 finds the L3VPN instance corresponding to the Layer 3 VNI of the packets and then searches the L3VPN instance routing table for the VMb2 host route. Leaf 3 re-encapsulates these VXLAN packets, and sends these packets to Leaf 4.
  4. Leaf 4 receives and parses these VXLAN packets. Leaf 4 finds the L3VPN instance corresponding to the Layer 3 VNI of the packets and then searches the L3VPN instance routing table for the VMb2 host route. Using this routing information, it forwards the packets to VMb2.
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 30748

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next