No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

What Is VXLAN

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
What is VXLAN

What is VXLAN

Overview of VXLAN

As one of the core cloud computing technologies, server virtualization has been widely used in data centers. With the development of enterprise services and rapid growth of VMs, VMs need to migrate frequently. This brings the following problems to traditional networks:

  • The VM scale is limited by network specifications.

    On a traditional Layer 2 network, data packets are forwarded at Layer 2 based on MAC address entries. The MAC address capacity of Layer 2 devices on the access side is limited, and cannot support access of a large number of VMs.

  • The isolation capability of traditional networks is limited.

    VLAN is a mainstream network isolation technology. However, the VLAN tag field defined in IEEE 802.1Q has only 12 bits and can identify only a maximum of 4096 VLANs, which cannot meet the isolation requirements of a large number of tenants.

  • The VM migration scope is limited.

    To ensure services continuity during VM migration, the IP addresses and MAC addresses of the VMs must remain unchanged before and after the migration. This means that VM migration must occur in one Layer 2 domain. However, VM migration in Layer 2 domains of traditional data center networks is limited to a small scope.

To address the preceding problems, overlay network technologies are gradually evolved to meet the network capability requirements of cloud computing. There are multiple overlay technologies, such as Virtual eXtensible Local Area Network (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), and Stateless Transport Tunneling (STT). This document describes VXLAN that is the most widely used overlay technology.

VXLAN is one of the Network Virtualization over Layer 3 (NVO3) technologies defined by the Internet Engineering Task Force (IETF) and is essentially a tunneling technology. VXLAN adds the VXLAN header to an original data frame, encapsulates the frame into a UDP packet, and forwards the UDP packet in traditional IP network transmission mode. After the UDP packet arrives at the end point, the end point removes the outer header and sends the original data frame to the target terminal.

The end point of a VXLAN tunnel as shown in Figure 1-1 is called VXLAN Tunnel Endpoint (VTEP), which encapsulates and decapsulates VXLAN packets. A VXLAN tunnel is defined by a pair of VTEPs. The source VTEP encapsulates packets and sends them to the destination VTEP through the VXLAN tunnel. The destination VTEP decapsulates the received packets.

Figure 1-1 VXLAN network model

A VXLAN network is a virtual Layer 2 network constructed on a Layer 3 network to enable communication of hosts at Layer 2. Compared with VLAN, VXLAN has higher flexibility and scalability, and addresses the following issues:

  • Limitation of the VM scale imposed by network specifications

    Data packets sent by VMs are encapsulated in IP data packets. The network is only aware of the encapsulated network parameters. This greatly reduces the number of MAC address entries required by large Layer 2 networks.

  • Limitation of network isolation capabilities

    VXLAN technology extends the number of isolation identifier bits to 24 bits, which greatly increases the number of tenants that can be isolated. Theoretically, up to 16 million tenants can be isolated. VXLAN introduces a network identifier similar to VLAN ID, which is called VXLAN Network ID (VNI). Each VNI has 24 bits and can identify up to 16 million tenants, meeting the isolation requirements of a large number of tenants.

  • Limitation of the VM migration scope imposed by the network architecture

    VXLAN encapsulates Ethernet packets in IP packets and transmits them over routes on a network to construct a large Layer 2 network. Therefore, VM migration is not restricted by the network architecture. In addition, a routed network has good scalability, self-healing capability, and load balancing capability.

VXLAN Packet Format

As shown in Figure 1-2, VXLAN uses the MAC-in-UDP packet encapsulation mode. The VXLAN header, UDP header, outer IP header, and outer MAC header are added to the original data frame in sequence.

Figure 1-2 VXLAN packet format
  • VXLAN Header: contains the 24-bit VNI field and 8-bit VXLAN flag bit. The other fields are reserved.
  • UDP Header: contains the destination port number fixed at 4789. The VXLAN header and the original Ethernet frame are used as UDP data.
  • Outer IP Header: The source IP address is the IP address of the source VTEP and the destination IP address is the IP address of the destination VTEP.
  • Outer MAC Header: The source MAC address is the MAC address of the source VTEP, and the destination MAC address is the MAC address of the next-hop device on the route to the destination VTEP.

VXLAN Packet Forwarding Mechanism

Packets forwarded on a VXLAN network are classified into two types by forwarding mode: broadcast, unknown unicast, and multicast (BUM) packets and known unicast packets. The following describes the forwarding process of the two types of packets respectively.

Forwarding of BUM Packets

On a VXLAN network, BUM packets can be forwarded in ingress replication, centralized replication, and multicast replication modes. The configuration of the centralized replication and multicast replication modes is complex. The following uses the commonly used ingress replication mode as an example.

Figure 1-3 Forwarding process of BUM packets

As shown in Figure 1-3, BUM packets are forwarded as follows:

  1. VM_A broadcasts an ARP Request packet, requesting the MAC address of VM_C. In the ARP Request packet, the source MAC address is MAC_A and the destination MAC address is all Fs.
  2. After receiving the ARP Request packet, VTEP_1 determines the VNI and ingress replication list of the VXLAN tunnel. VTEP_1 replicates the ARP Request packet based on the ingress replication list, performs VXLAN encapsulation, and sends the encapsulated packet to each tunnel.

    In the encapsulated packet, the outer destination IP addresses are the IP addresses of the peer VTEPs (VTEP_2 and VTEP_3) respectively. The encapsulated packet is transmitted over the IP network based on the outer MAC address and IP address until it reaches the peer VTEPs.

  3. After the packet reaches VTEP_2 and VTEP_3, VTEP_2 and VTEP_3 decapsulate it to obtain the original packet sent by VM_A. At the same time, VTEP_2 and VTEP_3 learn the mapping among MAC address of VM_A, VNI, and IP address of VTEP_1, and save the mapping in the local MAC address tables. Then, VTEP_2 and VTEP_3 send the original packet to the hosts in the corresponding Layer 2 domain.

    After receiving the ARP Request packet, VM_C sends an ARP Reply packet (while VM_B discards the ARP Request packet). Because VM_C has learned the MAC address of VM_A, the ARP Reply Packet is a known unicast packet.

Forwarding of Known Unicast Packets

Figure 1-4 Forwarding process of known unicast packets

As shown in Figure 1-4, VM_C sends an ARP Reply packet to VM_A, which is a known unicast packet. The known unicast packet is forwarded as follows:

  1. VM_C sends an ARP Reply packet to VM_A with the source MAC address being MAC_C and the destination MAC address being MAC_A.
  2. After receiving the ARP Reply packet sent by VM_C, VTEP_3 determines the VNI and performs VXLAN encapsulation on the packet.

    Since VTEP_3 has learned the MAC address of VM_C, the outer destination IP address in the encapsulated packet is the IP address of the peer VTEP (VTEP_1). The encapsulated packet is transmitted over the IP network based on the outer MAC address and IP address until it reaches VTEP_1.

  3. After the packet reaches VTEP_1, VTEP_1 decapsulates it to obtain the original packet sent by VM_C. Then, VTEP_1 sends the decapsulated packet to VM_A.

VXLAN Gateway

Different VLANs need to communicate with each other through Layer 3 gateways. Similarly, Layer 3 gateways are also required for communication between VXLANs with different VNIs.

In the typical spine-leaf VXLAN networking, Layer 3 VXLAN gateways can be classified into centralized gateways and distributed gateways based on their deployment locations.

Centralized Gateway Deployment

In the centralized gateway networking, Layer 3 gateways are centrally deployed on one spine node, as shown in the following figure. Inter-subnet traffic is forwarded through the Layer 3 gateways.

Figure 1-5 Centralized gateway networking diagram

In the centralized gateway networking, inter-subnet traffic can be centrally managed. Gateway deployment and management are simple, but inter-subnet traffic of VMs on the same leaf node needs to be forwarded by the spine node. Therefore, the traffic forwarding path is not optimal. In addition, all entries of terminals whose traffic is forwarded at Layer 3 need to be generated on the spine node. However, the spine node supports only a limited number of entries. When the number of tenants increases, it may become a network bottleneck.

Distributed Gateway Deployment

In the distributed VXLAN gateway networking, each leaf node functions as a VTEP and as a Layer 3 VXLAN gateway. The spine node is unaware of VXLAN tunnels and only forwards VXLAN packets.

Figure 1-6 Distributed gateway networking diagram

Layer 3 VXLAN gateways are deployed on leaf nodes to enable inter-subnet communication of VMs on the same leaf node. In this way, traffic is directly forwarded by the leaf nodes without passing through the spine node. This conserves bandwidth resources. Unlike centralized Layer 3 gateways that need to learn ARP entries of all hosts, a leaf node in the distributed VXLAN gateway scenario only needs to learn the ARP entries of hosts connected to itself. This eliminates the bottleneck caused by limited ARP entry specifications in the centralized Layer 3 gateway scenario and improves network expansion capabilities.

In the distributed gateway scenario, a control plane is required to transmit host routes between Layer 3 gateways to ensure communication between hosts. To meet this requirement, Ethernet VPN (EVPN) is introduced as the VXLAN control plane. By referring to the BGP/MPLS IP VPN mechanism, EVPN defines several types of BGP EVPN routes by extending BGP. It advertises routes on the network to implement automatic VTEP discovery and host address learning.

For details about BGP EVPN, visit CloudEngine 12800 and 12800E V200R005C00 Configuration Guide - VXLAN

Related Information

VXLAN can construct a large Layer 2 network on top of a Layer 3 network based on an existing IP network. It is the most popular overlay technology. VXLAN can be deployed on physical switches, routers, or virtual switches (vSwitches) on servers. A network with physical switches or routers as VTEPs is called network overlay network. This networking mode provides high processing performance and supports communication between non-virtualized physical servers. However, the physical switches or routers are required to support VXLAN. A network with vSwitches function as VTEPs is called host overlay network. This networking mode has low network requirements and does not require network devices to support VXLAN. However, the processing performance of vSwitches is lower than that of physical switches or routers.

Currently, Huawei switches and routers support hardware-based VXLAN and can function as VTEPs on VXLAN networks. For more details about VXLAN on Huawei switches and routers, visit the following websites:

Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100086966

Views: 512

Downloads: 32

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next