VXLAN
Virtual Extensible LAN (VXLAN) is the key to campus network virtualization and is a Network Virtualization over Layer 3 (NVO3) technology. The following elaborates the background and fundamentals of NVO3.
NVO3 was first proposed for data center network virtualization scenarios. In the NVO3 architecture, an IP-based Layer 3 underlay network is constructed, and overlay networks are built on top of the underlay network using tunnels in order to support large-scale tenant networks. Speaking of the basic principle of NVO3, it virtualizes a network topology over a physical network, and each virtual network instance is created on top of the physical network. The original packet of an access terminal is encapsulated on a Network Virtualization Edge (NVE) node, with the encapsulation identifier containing the information about the device for decapsulation (a remote NVE node) and the destination IP address. After receiving the encapsulated packet, the remote NVE node decapsulates the packet to obtain the complete original packet, and then transmits it to the target end user. As encapsulated packets are transmitted over a Layer 3 IP network, IP devices (including routers and switches) on the transport network are able to process these encapsulated packets based on their original forwarding capability. Therefore, NVO3 is similar to traditional Layer 3 tunneling technologies. In addition to adopting the existing IP forwarding mechanism, NVO3 builds a new logical network on top of the traditional IP network, independent of the physical network environment. The logical network is agnostic to physical devices and employs a forwarding mechanism the same as the IP forwarding mechanism. As such, the technical threshold needed to use NVO3 is greatly lowered, and this is why NVO3 is rapidly gaining great momentum on data center networks in only a few years.
In addition to VXLAN, mainstream NVO3 technology solutions include Network Virtualization using Generic Routing Encapsulation (NVGRE) and Stateless Transport Tunneling (STT). VXLAN has the following advantages over NVGRE and STT:
- The existing network does not need to be reconstructed, but NVGRE requires that network devices support Generic Routing Encapsulation (GRE).
- The standard User Datagram Protocol (UDP) is used to transmit traffic, without the need to modify the transport layer. However, STT needs to modify the traditional Transmission Control Protocol (TCP).
- Most commercial network chips support VXLAN.
Therefore, VXLAN is an ideal choice for building a virtualized campus network.
VXLAN Fundamentals
In VXLAN environments, data packets sent from the source host are encapsulated into UDP packets and then encapsulated with the IP and MAC addresses used on a physical network in outer headers for transmission over an IP network. After arriving at the destination, the packets are decapsulated on the destination VXLAN tunnel endpoint (VTEP) and forwarded to the destination host. Figure 1-3 illustrates a virtual network constructed over a Layer 3 network infrastructure through a VXLAN tunnel. The virtual network using the VXLAN technology (VXLAN network for short) contains the following elements that are not included in the traditional campus network:
- VTEP: an edge device on the VXLAN network which encapsulates or decapsulates VXLAN packets. In VXLAN packets, the source IP address is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP. A pair of VTEP addresses identifies a VXLAN tunnel. The border and edge nodes described in Virtual Campus Network Architecture Overview are VTEPs, which are the major role on a VXLAN network.
- VXLAN Network Identifier (VNI): Similar to VLAN IDs on a traditional network, VNIs are used to distinguish different subnets in a VN. Users with different VNIs cannot directly communicate at Layer 2. A VNI consists of 24 bits, which enables up to 16 million subnets on a VXLAN network.
- Bridge domain (BD): Just as a single VLAN is a broadcast domain in a traditional network, a BD is a Layer 2 broadcast domain through which VXLAN data packets are forwarded. On a VXLAN network, VNIs are mapped to BDs in 1:1 mode. A BD represents a broadcast domain, and users in the same BD can communicate at Layer 2.
Centralized and Distributed Gateways
Similar to inter-VLAN user communication on a traditional network, users in different BDs on a VXLAN network also need to communicate through a Layer 3 VXLAN gateway. The interfaces on a Layer 3 VXLAN gateway are usually VBDIF interfaces, which are Layer 3 logical interfaces created by BD. IP addresses can be configured for VBDIF interfaces to implement communication between different VXLAN segments and between VXLAN and non-VXLAN segments, and connect a Layer 2 network to a Layer 3 network.
Depending on different network locations, VXLAN gateways are classified into centralized gateways and distributed gateways.
- In centralized gateway mode, Layer 3 gateways are deployed on the same device. As shown in Figure 1-4, all inter-subnet traffic is forwarded by the Layer 3 gateway, which implements centralized traffic management.
- In distributed gateway mode, Layer 2 and Layer 3 gateways are deployed on the same device. A Layer 2 VXLAN gateway is similar to a Layer 2 access device on a traditional network. As illustrated in Figure 1-5, the VTEPs on the VXLAN network function as Layer 2 gateways to connect to hosts, and also function as Layer 3 gateways to implement inter-subnet communication and external network access.
