Shulou(Shulou.com)06/01 Report--

VXLAN is a kind of network virtualization technology in NVO3, which encapsulates the packet sent by the original host in UDP, encapsulates it with the IP and MAC of the physical network as the outer header, and then transmits it on the IP network. After arriving at the destination, the data is unencapsulated by the tunnel terminal and sent to the target host. CVM

Through VXLAN, virtual network can access a large number of tenants, and tenants can plan their own virtual network without considering the limitations of physical network IP address and broadcast domain, which reduces the difficulty of network management and meets the needs of data center layer 2 virtual migration and multi-tenant.

Similar to the traditional VLAN network, the VXLAN network also has mutual visits within the VXLAN network and between VXLAN networks.

Exchange of visits within VXLAN network

Through the VXLAN technology, the virtual layer 2 network can be built on the existing layer 3 network, and the layer 2 interworking between VM can be realized. The mutual access within the VXLAN network is shown in figure 1.

Figure 1 Mutual access within the VXLAN network

The concepts involved in the exchange of visits within the VXLAN network are as follows:

Network identity VNI (VXLAN Network Identifier)

Similar to the VLAN ID in the traditional network, it is used to distinguish VXLAN segments, and tenants with different VXLAN segments cannot communicate directly at layer 2. A tenant can have one or more VNI,VNI consisting of 24 bits, supporting up to 16m tenants.

Broadcast domain BD (Bridge Domain)

Similar to the traditional network, VLAN is used to divide broadcast domain, and BD is used to divide broadcast domain in VXLAN network.

In the VXLAN network, VNI is mapped to the broadcast domain BD at 1:1, and a BD represents a broadcast domain, and the VM in the same BD can interwork at layer 2.

VXLAN tunnel endpoint VTEP (VXLAN Tunnel Endpoints)

VTEP can encapsulate and unencapsulate VXLAN messages.

The source IP address in the VXLAN message is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP. A pair of VTEP addresses corresponds to a VXLAN tunnel. After encapsulating the message at the source end, the encapsulated message is sent to the destination VTEP through a tunnel, and the destination VTEP unencapsulates the received encapsulated message.

Virtual access Point VAP (Virtual Access Point)

VXLAN service access point, which can access the service based on VLAN or message flow encapsulation type (related introduction reference message identification):

Based on VLAN access service: establish one-to-one or many-to-one mapping between VLAN and BD on VTEP. In this way, when the VTEP receives the service side message, according to the mapping relationship between VLAN and BD, the message is forwarded in the BD.

Access service based on message flow encapsulation type: create layer 2 sub-interface on the physical interface of VTEP connection downlink service, and configure different flow encapsulation types, so that different interfaces can access different data packets. At the same time, the layer 2 subinterface is mapped to BD one by one. In this way, when the service message arrives at the VTEP, it will enter the specified layer 2 sub-interface. That is, according to the mapping relationship between layer 2 subinterface and BD, the message is forwarded in BD.

Network Virtual Edge NVE (Network Virtualization Edge)

NVE is a network entity that realizes the function of network virtualization. After the message is encapsulated and converted by NVE, a layer 2 virtual network can be established between NVE based on layer 3 basic network. The switch device in the figure is NVE.

Second-tier gateway

Similar to the layer 2 access equipment of the traditional network, the layer 2 gateway is used to solve the tenant access to the VXLAN virtual network in the VXLAN network, and it can also be used for the subnet communication of the same VXLAN virtual network.

Exchange of visits between VXLAN networks

The VM between different BD can not communicate directly at layer 2, so it is necessary to realize the layer 3 communication for VM through VXLAN layer 3 gateway. The network architecture for mutual access between VXLAN networks is shown in figure 2.

Figure 2. Exchange of visits between VXLAN networks

The concepts involved in the exchange of visits between VXLAN networks are as follows:

Three-tier gateway

Similar to the traditional network, users with different VLAN can not directly exchange layer 2 visits, and the VXLAN between different VNI and between VXLAN and non-VXLAN can not communicate with each other directly. In order to enable communication between VXLAN, as well as between VXLAN and non-VXLAN, the concept of VXLAN three-layer gateway is introduced.

Layer 3 gateways are used for cross-subnet communication of VXLAN virtual networks and access to external networks.

VBDIF interface

Similar to the method of using VLANIF to solve the interworking of different broadcast domains in the traditional network, the concept of VBDIF is introduced into VXLAN.

The VBDIF interface is configured on the VXLAN layer 3 gateway and is a layer 3 logical interface created based on BD. The configuration of IP address through VBDIF interface can realize the communication between VXLAN of different network segments, and between VXLAN and non-VXLAN, as well as layer 2 network access to layer 3 network.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.