Shulou(Shulou.com)06/02 Report--

1.SDN line

In 2006, Stanford University released OpenFlow, which separates the forwarding and control plane of network devices, and realizes the flexible control of network traffic through a centralized control plane.

The core feature of Huawei data center SDN is that in addition to the moderate separation of transfer and control, through the separation of management and control, it can realize the automatic distribution of network services and help the agile distribution of data center services.

Current SDN commercial products

You can see that the leaders of traditional network products such as Cisco and Huawei still follow the path of "one way to black", that is, their own controller + free hardware forwarding device + VXLAN. But please note that "Big Boss decides history."

two。 Controller and Vxlan of Huawei SDN

Huawei Agile Controller (DCN) is the SDN controller under its data center, and the interface is shown in the following figure.

In the field of network technology, Overlay refers to a virtual technology model superimposed on the network architecture. Its general framework is to realize the bearing of applications on the network without large-scale modification of the basic network, and can be separated from other network services, and is mainly based on the basic network technology based on IP. Overlay technology is to build a virtual network on top of the existing physical network, and the upper application is only related to the virtual network (such as GRE tunnel and other technologies).

Overlay network is mainly composed of three parts: 1. Edge device: a device directly connected to a virtual machine 2. The control plane is mainly responsible for the establishment and maintenance of the virtual tunnel and the announcement of host accessibility information. Forwarding plane, physical network that carries Overlay messages

And contact Qianyitang's official website to learn about the course.

This definition leads to VxLAN, which is also an overlay technology.

VXLAN is more capable in supporting SDN, multi-tenancy and so on, so it has become a hot spot in the industry.

Advantages of VXLAN:

IP-based overlay only needs to be reachable by IP between border devices.

Split horizontally between tunnels and avoid loops in IP overlay TTL.

Data traffic is based on IP routing SPF and ECMP fast forwarding.

Network change real-time listening network-wide topology millisecond convergence.

Overlay+VNI builds virtual networks and supports up to 16m virtual networks.

Both physical devices and vSwitch can be deployed.

3. Use ESNP to complete SDN technology static VXLAN to achieve communication with the same subnet (different VLAN)

VXLAN (Virtual Extensible LAN, Virtual Extensible Local area Network) is one of the most influential NVO3. It realizes the virtual local area network based on LMAC in UDP through the packet encapsulation mode of IP overlay.

NVE in VXLAN network is identified by VTEP, VTEP (VXLAN Tunnel EndPoint,VXLAN tunnel endpoint

Each NVE has at least one VTEP,VTEP represented by the IP address of the NVE

Two VTEP can determine a VXLAN tunnel (point-to-point).

NVE in VXLAN network is identified by VTEP, VTEP (VXLAN Tunnel EndPoint,VXLAN tunnel endpoint)

Each NVE has at least one VTEP,VTEP represented by the IP address of the NVE

Two VTEP can determine a VXLAN tunnel, and the VXLAN tunnel between the VTEP will be shared by all VNI between the two NVE.

VTEP can encapsulate and unencapsulate VXLAN messages.

The source IP address in the VXLAN message is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP. A pair of VTEP addresses corresponds to a VXLAN tunnel. After encapsulating the message at the source end, the encapsulated message is sent to the destination VTEP through a tunnel, and the destination VTEP unencapsulates the received encapsulated message.

Network identity VNI (VXLAN Network Identifier)

Similar to the VLAN ID in the traditional network, it is used to distinguish VXLAN segments, and tenants with different VXLAN segments cannot communicate directly at layer 2. A tenant can have one or more VNI,VNI consisting of 24 bits, supporting up to 16m tenants

VNI-24 bits, used to identify virtual networks, support up to 16m. The same VNI can be understood by the reader as the same VLAN

In the eyes of users, they are still in the same network. As shown in the picture, × × VLAN can directly access × × × VLAN, while others refuse.

We complete the further understanding of VXLAN through the following experiments

Topology:

Step 1. Complete the underlying IGP to prepare for subsequent BGP and other protocols

That is, the implementation of the underlay network (the traditional IP network implemented by OSPF) has been completed. Verify as follows:

Protocol verification

[~ SPINE-GE1/0/1] dis ospf peer brief OSPF Process 1 with Router ID 3.3.3.3Area Id Interface Neighbor id State 0.0.0.0 GE1/0/0 1.1.1.1 Full 0.0.0.0 GE1/0/1 2.2.2. 2 Full data test: ping-a 3.3.3.3 1.1.1.1 PING 1.1.1.1: 56 data bytes Press CTRL_C to break Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=18 ms Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=5 msping-a 3.3.3.3 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=10 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=6 ms step 2. The service access point implements Leaf1interface GE1/0/2 description Conn2ACCESS undo shutdown / / ensures that the interface connecting to the access network opens bridge-domain 10 / / creates a bridge domain 10vxlan vni? INTEGER Value of VXLAN network identifier / / you can see that the network identity range of VXLAN is 16Mvxlan vni 10 / / configure VLXAN's VNI tag interface g1Accord 2.1 mode L2 / / create layer 2 subinterface, which is used to bind BD encapsulation dot1q vid 10 / / dot1q to remove the VLAN TAG in the frame before encapsulating the VLAN TAG (decoupling, that is, VLAN is no longer meaningful). Here the VID is the TAG bridge-domain 10 / / BD domain that sends out the frame and is bound to the subinterface, so that the frame carrying TAG10 can be forwarded through the subinterface. Later, BD will combine with VNI [Leaf1] display bridge-domain The total number of bridge-domains is: 1----MAC_LRN: MAC learning STAT: Statistics; SPLIT: Split-horizon;BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;*down: Administratively down; FWD: Forward; DSD: Discard -BDID State MAC-LRN STAT BC MC UC SPLIT Description -10 up enable disable FWD FWD FWD disable! Leaf2interface GE1/0/2 description Conn2ACCESS undo shutdownbridge-domain 20vxlan vni 10interface g1Accord 0 Leaf2interface GE1/0/2 description Conn2ACCESS undo shutdownbridge-domain 20vxlan vni 10interface 2.1 mode L2 encapsulation dot1q vid 20 bridge-domain 20 [Leaf2] display bridge-domain The total number of bridge-domains is: 1 Murray- -MAC_LRN: MAC learning STAT: Statistics; SPLIT: Split-horizon;BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;*down: Administratively down; FWD: Forward; DSD: Discard -BDID State MAC-LRN STAT BC MC UC SPLIT Description -20 up enable disable FWD FWD FWD disable step 3. Create a VXLAN tunnel

That is to create a VXLAN tunnel

Configure headend replication function Leaf:interface Nve 1 / / create logical interface NVE1 source 1.1.1.1 / configure the source address of VTEP vni 10 head-end peer-list 2.2.2.2 / / notice that the ID of the VNI of NVE on both sides is the same! Leaf2interface Nve1 source 2.2.2.2 vni 10 head-end peer-list 1.1.1.1 [~ Leaf1] dis vxlan vni Number of vxlan vni: 1VNI BD-ID State-10 10 up

Step 4. Experimental data on and off

The host sends data to the terminal of another network

PC > ping 172.16.1.2

Ping 172.16.1.2: 32 data bytes Press Ctrl_C to breakFrom 172.16.1.2: bytes=32 seq=1 ttl=128 time=93 msFrom 172.16.1.2: bytes=32 seq=2 ttl=128 time=78 msFrom 172.16.1.2: bytes=32 seq=3 ttl=128 time=78 msFrom 172.16.1.2: bytes=32 seq=4 ttl=128 time=78 msFrom 172.16.1.2: bytes=32 seq=5 ttl=128 time=47 ms--- 172.16.1.2 ping statistics-5 packet (s) transmitted 5 packet (s) received 0.00% packet loss round-trip min/avg/max = 47-74-93 ms experiment completed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.