Shulou(Shulou.com)06/01 Report--

Introduction to the principle and basic Application of VXLAN

VXLAN introduction:

I heard that VXLAN was a time when IDC was building a lot, mainly to deal with the resource exhaustion of cloud platform VLAN.

The real exposure to this technology is in the metropolitan area network, which is used to do OverLay across three-tier devices. In fact, there is no difference in nature.

Why use VXLAN on IDC? There are three reasons:

1. The original two-tier technical resources are not enough, coupled with the outdated STP technology, can not keep up with the current demand. Now they are all virtual group networks, which require that the IP and MAC of the migration machines remain unchanged, so it is difficult to achieve the tradition.

two。 Driven by small networks and private networks. Now virtualization manufacturers such as IRF/VPC are not compatible with each other, and the key is that they have their own requirements for the network architecture. Therefore, it gives up the idea of networking together with different technologies.

3. Other new technologies are either too expensive or too complex. To use, OK, first buy a line card, and then upgrade the software. This is the biggest headache for users and operation and maintenance personnel, but also the most fundamental reason. The good thing about VXLAN is that it is compatible with the equipment and can be supported by upgrading the software at a low cost.

How does VXLAN realize his value?

1. Added 8-byte vxlan header, where 24bit's VNI expands the number of 'VLAN'

two。 Using UDP as the head across three layers, it is not a dream to get through the three layers to form a pan-second layer.

3. As a three-layer tunnel technology, it must know the corresponding three-layer IP and send the packaged data to the peer for parsing.

/ / nothing else. It looks very simple and technical.

VXLAN packet format:

Take a screenshot of the packet format:

These pictures are not very clear, it seems inconvenient, I will from what the original bag, to how to process the later bag, to make a brief explanation:

The original bag--

[destination MAC] | [Source IP] | [VLAN tag] | [destination MAC] | [Source IP] | [data]

The process for the access device to get the packet:

1. PE finds out which VNI the device belongs to according to the MAC flow table

two。 Determine the VTEP IP address and MAC address to be delivered

3. Press into VXLAN head, UDP head, IP head and Eth head according to the information obtained.

[destination MAC-VTEP] [Source MAC-PE] [VLAN-PE to Vtep] | [Source IP-PE] [destination IP-VTEP] | [UDP-4798] | [Vxlan flag-8bit] [Vxlan VNI-24bit] | [payload of the original package]

Vxlan tunnel establishment and maintenance:

The functions of Vxlan are similar to VPLS and GRE and can be classified as tunneling technology. As for the tunnel, it must be intentional and can be connected at both ends, so how does Vxlan technology carry out dialogue and communication?

1. Multicast learns the VTEP IP/VNI/MAC of the peer

two。 If you receive a Vxlan package, you will learn automatically when you unpack it.

3. Learn from other routing protocol extension protocols, and other protocols are used as carriages to pull over information.

A) ISIS extension, need to configure ENDS/ENDC, private, complex

B) BGP extension, need to configure RR/client, private, simple, mature

C) SDN controller, standard protocol, call Netconf/Openflow, and the first packet is sent to the middleman controller, which requires slightly higher controller throughput

/ / as you can see, Vxlan is very similar to vlan learning without the help of layer 3 protocols.

The text is difficult to understand. Take a look at the diagram (from figure C).

(1)。 Data initiation

a. One VNI per user. The customer has configured VNI and wants to go to VM2.

B. VTEP1 found this VNI, and the multicast used is 239.119.1.1

/ / Note: at this time, VM1 does not know the MAC of VM2, and VTEP1 does not know which VTEP has VM2.

(2)。 Looking for VM2

A. VTEP1 encapsulates the ARP packet of VM1 as a multicast packet with a destination address of 239.119.1.1

b. Because the VTEP2 page has VNI100, it is only natural to receive this multicast packet.

C. VTEP unpacked the package, found that the customer was in his own name, and immediately recorded VM1 (MAC) and VTEP1 (IP)

d. Unpacking and forwarding. VM2 received this ARP packet.

(3) .VM2 feedback its own information

A. VM2 received an ARP packet and returned an ARP response just like a normal packet.

B. VTEP2 received a packet destined for VM1

c. Because VM1 and VTEP1 are already in the flow table, send unicast to VTEP1

D. VTEP1 received a reply and learned that VTEP2 is the PE of VM2

E. VTEP1 records VTEP2 (IP) and VM2 (MAC) in the flow table

f. Unpack and send VM2's reply to VM1

/ / since then, VM1 has known about VM2's MAC,VTEP1 and VTEP2 and the corresponding relationship between them.

/ / therefore, all future conversations between VM1 and VM2 will be forwarded by VTEP1 and VTEP2 unicast!

Supplement: how do various manufacturers achieve the establishment of Vxlan?

CISCO: two kinds of interfaces are defined, Switch interface and IP interface,switch interface to connect customers, IP interface to the outside, looking for VTEP. Added NVE interface (Network Virtualization Edge, network virtual edge node), similar to tunnel (similar to PW), associated IP, multicast group address, Vxlan

H3C:ENDP (Enhanced Neighbor Discovery Protocol, enhanced neighbor Discovery Protocol), after discovering VTEP, use this protocol to establish Vxlan tunnel

Vxlan Gateway:

The communication requirements of a real IDC server are:

1. VM to VM in the same VNI

2. VM to VM in different VNI

3. VM to the public network server

The VM communication within the same VNI can be contacted directly through multicast; the communication between different VNI requires the help of Vxlan gateway; the interconnection between VM and external network requires layer 3 routing.

What is the Vxlan gateway?

1. Many people have heard of multi-segment PW (mspw). The gateway of Vxlan is similar to the intermediate node of multi-segment PW.

two。 Its function is to establish Vxlan tunnels with different VNI to solve cross-VNI communication.

3. It also acts as Border, providing layer 3 routing when there is a need to access the external network.

The knowledge of Vxlan gateway is also related to the networking of the network. after all, it can not be handled by the gateway.

And from a security point of view, the gateway also needs to be backed up and redundant.

There is a lot of knowledge about this part, which will be introduced in the next chapter.

2018-4-30

By Lukas

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.