Shulou(Shulou.com)06/01 Report--

vxlan theoretical basis

1. vxlan advantage;

1) Solve the 12-bit limit of VLAN Tag field, and support network isolation of up to 16M VXLAN segments through 24-bit VNI. The isolation and identification of users are no longer restricted, and a large number of tenants can be satisfied.

2) Except for VXLAN network edge devices, other devices in the network do not need to recognize the MAC address of the virtual machine, reducing the pressure on the MAC address learning of the device and improving the performance of the device.

3) MAC in UDP encapsulation is used to extend the two-layer network, realizing the decoupling of physical network and virtual network.

2. Basic concept of vxlan;

1) Underlay network and Overlay network:

The existing physical network is regarded as an Underlay network, and a virtual two-layer or three-layer network is constructed on it, that is, an Overlay network. (That is, the basic network for establishing VXLAN tunnel is called Underlay network, and the service network carried by VXLAN tunnel is called Overlay network.)

Overlay network uses encapsulation technology and three-layer forwarding path provided by Underlay network to realize tenant message transmission between different sites. For tenants, the Underlay network is transparent and only the Overlay network is perceived.

2）、NVE（Network Virtualization Edge）：

Network virtual edge node (NVE) is a network entity that implements network virtualization functions. After the packet is encapsulated and converted by NVE, a two-layer virtualized network can be established between NVE based on a three-layer basic network.

Note: Virtual Switch VSwitch on both appliance and server can be used as NVE.

3）、VTEP（VXLAN Tunnel Endpoints）：

VTEP is a VXLAN tunnel endpoint encapsulated in NVE and used for encapsulation and decapsulation of VXLAN packets.

The VTEP is connected to the physical network and assigned the IP address of the physical network, which is independent of the virtual network.

The source IP address in the VXLAN message is the VTEP address of the node, and the destination IP address in the VXLAN message is the VTEP address of the peer node. A pair of VTEP addresses corresponds to a VXLAN tunnel.

4）、VNI（VXLAN Network Identifier）：

Network ID, similar to VLAN ID, used to distinguish VXLAN segments. Virtual machines in different VXLAN segments cannot communicate with each other directly at Layer 2.

5）、BD（Bridge Domain）：

Layer 2 broadcast domain for forwarding datagrams in VXLAN networks.

In the VXLAN network, VNI is mapped to broadcast domain BD in a 1:1 manner, and BD becomes an entity for forwarding data packets in the VXLAN network.

6), VBDIF interface:

A three-layer logical interface created based on BD.

IP address configuration through VBDIF interface can realize communication between VXLANs of different network segments, VXLAN and non-VXLAN, and can also realize layer 2 network access to layer 3 network.

7）、VAP（Virtual Access Point）：

A virtual access point VAP, i.e., a VXLAN service access point, may be a Layer 2 sub-interface or VLAN.

8) Gateway:

Similar to VLANs, VXLANs between VNIs and VXLANs and non-VXLANs cannot communicate directly with each other. In order to enable communication between VXLANs and between VXLANs and non-VXLANs, VXLAN introduces a VXLAN gateway.

Vxlan Gateway Classification:

a. Layer 2 gateway: used to solve the problem of tenant access to VXLAN virtual network, and can also be used for subnet communication of the same VXLAN virtual network.

b. Layer 3 gateway: used for cross-subnet communication of VXLAN virtual network and access to external network.

vxlna message format;

1）、VXLAN header：

VXLAN Flags: 8 bits, the value is 00001000.

VNI: VXLAN network identifier, 24 bits, used to distinguish VXLAN segments.

Reserved: 24 bits and 8 bits, must be set to 0.

2）、Outer UDP header：

DestPort: The destination UDP port number is 4789.

b. Source Port: The source port number is the value calculated by the hash algorithm for the inner packet.

3）、Outer IP header：

IP SA: The source IP address is the IP address of the local VTEP of the VXLAN tunnel.

b. IP DA: The destination IP address is the IP address of the VTEP at the remote end of the VXLAN tunnel.

4）、Outer Ethernet header：

a. MAC DA: Look up the routing table according to the destination VTEP address on the VTEP to which the virtual machine sending the packet belongs, and the MAC address corresponding to the next-hop IP address in the routing table.

b. MAC SA: MAC address of the VTEP to which the VM sending the packet belongs.

c. 802.1Q Tag: Optional field, which is the VLAN Tag carried in the packet.

Ethernet Type: Ethernet message type.

4. vxlan Layer 3 gateway deployment mode;

1) Centralized gateway deployment:

Advantages: Centralized management of cross-subnet traffic, gateway deployment and management is relatively simple.

Disadvantages: forwarding path is not optimal, ARP entry specification bottleneck.

2) Distributed gateway deployment:

VXLAN distributed gateway refers to that under the typical "Spine-Leaf" networking structure, Leaf nodes are used as VXLAN tunnel endpoints, and each Leaf node can be used as a VXLAN Layer 3 gateway. Spine nodes do not sense VXLAN tunnels and only serve as forwarding nodes for VXLAN messages.

Vxlan distributed gateway features:

a. The same Leaf node can be used as either a VXLAN Layer 2 gateway or a VXLAN Layer 3 gateway, with flexible deployment.

b. Leaf node only needs to learn ARP entries of its own connection server, instead of learning ARP entries of all servers like centralized three-layer gateway, which solves the ARP entry bottleneck problem brought by centralized three-layer gateway and has strong network scale expansion capability.

5. E××× Basic principles;

E××× (Ethernet Virtual Private Network) is an ××× technology used to interconnect two-layer networks.

E××× defines several new BGP E×× routes by extending BGP protocol. These BGP E×× routes can be used to transfer VTEP addresses and host information. E×× can be applied to VXLAN networks to transfer VTEP discovery and host information learning from data plane to control plane.

6. BGP E××× routing

1) Type2 routing--MAC/IP routing:

Route Distinguishor: This field is RD (Route Distinguishor) value set under E××× instance.

Ethernet Segment Identifier: This field is the unique identifier defined by the connection between the current device and the peer.

Ethernet Tag ID: This field is the VLAN ID actually configured on the current device.

MAC Address Length: This field is the length of the host MAC address carried by this route.

MAC Address: This field is the MAC address of the host carried by this route.

IP Address Length: This field is the mask length of the host IP address carried by this route.

IP Address: This field is the host IP address carried by this route.

MPLS Label1: This field is the Layer 2 VNI carried by this route.

MPLS Label2: This field is the Layer 3 VNI carried for this route.

The role of Type2 routing in the vxlan control plane:

1. Host MAC address announcement:

In order to realize Layer 2 visits between hosts on the same subnet, VTEP at both ends need to learn MAC of hosts from each other. As BGP E××× peers, VTEPs can advertise the acquired host MAC to each other by exchanging MAC/IP routes. The MAC Address Length and MAC Address fields are the host MAC address.

2. Host ARP notification:

MAC/IP routing can carry both host MAC address and host IP address, so this routing can be used to transfer host ARP entries between VTEPs to implement host ARP advertisements.

3. Host IP routing advertisement:

In a distributed gateway scenario, to achieve Layer 3 access across subnet hosts, both VTEPs (acting as Layer 3 gateways) need to learn host IP routes from each other. As BGP E××× peers, VTEPs can advertise the acquired host IP routes to each other by exchanging MAC/IP routes. The IP Address Length and IP Address fields are the destination address of the host IP route, and the MPLS Label2 field must carry the Layer 3 VNI. MAC/IP routing is also known as IRB (Integrated Routing and Bridge) routing.

Note: ARP type routing carries valid information: host MAC address + host IP address + Layer 2 VNI;IRB type routing carries valid information: host MAC address + host IP address + Layer 2 VNI+ Layer 3 VNI. Therefore, IRB type routing includes ARP type routing, which can be used not only for host IP route advertisements, but also for host ARP advertisements.

2) Type3 routing--Inclusive Multicast routing:

Composed of prefix and PMSI attributes, each field is explained as follows:

Route Distinguishor: This field is RD (Route Distinguishor) value set under E××× instance.

Ethernet Tag ID: This field is the VLAN ID on the current device. All zeros in this route.

IP Address Length: This field is the mask length of the local VTEP IP address carried by this route.

Originating Router's IP Address: This field is the local VTEP IP address carried by this route.

Flags: This field is a flag bit that identifies whether the current tunnel needs leaf node information. In vxlan scenarios, this field has no practical significance.

Tunnel Type: This field is the tunnel type carried by this route.

MPLS Label: This field is the Layer 2 VNI carried by this route.

Tunnel Identifier: This field carries tunnel information for this route. Currently, in VXLAN scenarios, this field is also the local VTEP IP address.

This type of routing is mainly used in the VXLAN control plane for automatic discovery of VTEP and dynamic establishment of VXLAN tunnels. As BGP E××× peer, VTEP transfers layer 2 VNI and VTEP IP address information to each other through Inclusive Multicast routing. The Originating Router's IP Address field is the IP address of the VTEP at the local end, and the MPLS Label field is the Layer 2 VNI. If the IP address of the peer VTEP is reachable by Layer 3 routing, a VXLAN tunnel to the peer is established. At the same time, if the VNI of the opposite end is the same as that of the local end, a head-end replication table is created for subsequent BUM message forwarding.

3) Type5 routing--IP prefix routing:

Route Distinguishor: This field is RD (Route Distinguishor) value set under E××× instance.

Ethernet Segment Identifier: This field is the unique identifier defined by the connection between the current device and the peer.

Ethernet Tag ID: This field is the VLAN ID actually configured on the current device.

IP Prefix Length: This field is the length of the IP prefix mask carried by this route.

IP Prefix: This field is the IP prefix carried by this route.

GW IP Address: This field is the default gateway address. This field has no practical significance in VXLAN scenarios.

MPLS Label: This field is the Layer 3 VNI carried for this route.

The IP Prefix Length and IP Prefix fields of this type of route can carry either the host IP address or the network segment address:

1. When carrying host IP addresses, this type of routing has the same effect in the VXLAN control plane as IRB type routing, and is mainly used for host IP routing advertisements in distributed gateway scenarios.

2. When the network segment address is carried, the host in the VXLAN network can access the external network by passing this type of route.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.