What is vxlan? What are its advantages?

With the continuous development of network technology , Your network may be constantly expanding and exaggerating without limit , Gradually it will lose control .

Your network is growing and losing control .

You may have physical hosts and virtual machines distributed throughout the network and want them to enter the same network segment .

Expand VLAN It could be a solution , Because it can help you penetrate the physical network 2 layer .

But the problem is VLAN The quantity soon ran out ,so, The best solution is VxLAN.

Using this technology , You can use the existing page 3 The third layer is built on the network 2 Layer of the network .

All these distributed hosts can use VxLAN Come together .

This article will take you to learn VXLAN, Include VXLAN What is it? 、 How it works and where to use it , Its advantages and deployment methods will also be introduced .

Direct delivery ！

1. What is? VxLAN？

VxLAN（ Virtual scalable lan ） It is an industry standard Overlapping network virtualization technology .

It was originally designed to solve problems associated with large-scale network deployment （ Such as ISP Or cloud providers ） Scalability related issues in .

seeing the name of a thing one thinks of its function ,VxLAN Virtual ground span 3 The layer network infrastructure extends the 2 Layer network segment ,VxLAN Will be the first 2 Layer Ethernet frames are encapsulated in a package containing IP Address of the VXLAN In the packet .

VxLAN Segment by 24 position VNID（VxLAN IDentification） Field identification , This field can be extended to 1600 Ten thousand sections .

VxLAN By VMware、Cisco and Arista Network Standardized specifications created in cooperation with suppliers ,VxLAN stay RFC 7348 Is defined in .

VxLAN And VLAN

VxLAN And VLAN Very similar , It also encapsulates the 2 Layer frame and segment network .

The main difference yes VLAN Use the... On the layer 2 frame tag encapsulate , It can be extended up to 4000 individual VLAN.

On the other hand ,VXLAN take MAC Packaged in UDP in , And can be extended to 1600 m VxLAN Network segment .

VxLAN What are the main advantages of ？

VxLAN Has one of the following advantages

• Extensibility , Can span IP Network infrastructure 、 Across the page 2 Layer of the network .
• Scalability and flexibility ：VxLAN Increased scalability of the network or virtualized data center , It also makes its structure more flexible ,VLAN The first 2 The number of layer identifiers ranges from 4000 A sharp increase to 1600 m .
• Segmentation and multi tenancy ： VxLAN Provide a high level of security by segmenting the network ,VxLAN Flow is limited to VNI, So it is isolated , This segmentation also helps with multi tenant architectures , It must share a single infrastructure .
• The first 2 Simplified layer ： Simplify the network and reduce the number of 2 Layer spanning tree 、 Relay and VLAN Extended requirements .
• allow IP transfer ： VM You can migrate from a host in a subnet to another host in another subnet , Without change IP Address .
• The first 2 Tier and tier 3 Layer connection ： function VNI Virtual number 2 The layer is built on the run IP Of the 3 On top of the infrastructure ,VxLAN The switch will 2 The layer frame is encapsulated as 3 Layer packets .
• It is a software defined network (SDN)：VxLAN Connect the central network controller （ virtual network ） And the data plane （ Physical networks ） decoupling , Having a centralized controller simplifies network management 、 Deployment and monitoring . Support VxLAN An example of a covered software based virtual network switch is Open vSwitch.
• Hardware support ： Although running in software VxLAN More common , But some platforms pass ASIC Implement it in hardware , such as Cisco Of Nexus 9000-EX Platform switch .
• It's a standard ： VXLAN It's a technical standard , When you implement it , You will not be restricted by any supplier .

2. VxLAN Overlay Network design

VxLAN It's a kind of Overlapping packaging technology , It creates a virtual network over the existing physical network infrastructure .

It USES underlay IP The Internet , And build flexible two layers on it overlay Logical networks .

By covering , Any article 2 Layer connections can span the 3 Layer of the network .

There are many advantages to using overlay networks .

• The most obvious is its Division .
• Coverage and underlying network are completely independent , So if the underlying network topology changes , The overlay network will not be affected （ Design aspect ）.
• No need to add 、 Remove or update network devices , The overlay network can be redesigned .

Of course , Physical problems that affect underlying performance or uptime will be reflected in the overlay .

for example , If there are not enough devices to provide enough bandwidth , Coverage will also be affected .

Overlay VxLAN How to avoid being underlay The impact of change ？

Use switch fabric , be called Spine-and-Leaf.

Leaf ridge （Underlay）+ VxLAN（Overlay）

Ensure that while allowing for underlying changes VxLAN Performance of coverage 、 Extensibility 、 The best way for reliability and flexibility is to take full advantage of the switching fabric topology .

The best example of a switched fabric topology is Spine-and-Leaf, It is often used as the underlying network .

Spine-and-Leaf Is an independent architecture , It is not VxLAN Unique , But usually with VxLAN Related to .

Usually the leaf ridges are VxLAN The bottom of the ,VxLAN Is overlay .

Spine-and-Leaf Two layers of ：

• Spine：Spine Layer switches are only used to pass through Leaf The switch delivers traffic , They don't know VxLAN.
• Leaf： The leaf layer of the switch interconnects the backbone and endpoints , Leaf layer switch creation VxLAN Tunnel 、 Encapsulate and place VLAN Mapping to VNI, perform VxLAN The leaf switch with this function is called VTPE（VxLAN End of Tunnel ）

All leaf switches have a link to each backbone switch , Every link between the branch and the switch passes through IGP Routing protocol （ for example BGP or OSPF） adopt IP Address for routing .

This topology makes each destination only two hops away .

Leaf-and-switch You can also use ECMP（ Equivalent multipath ） Recover or balance traffic load in case of backbone switch or link failure .

Leaf ridge structure topology and VxLAN Highly correlated , Because with the expansion of the overlay network , The underlying layer can be physically increased or decreased in size , Without affecting the design of the coverage .

Add... Above the base of the ridge VxLAN It can realize the East-West flow mode IP mobility 、 Full scalability and fault tolerance .

As your network expands , Your design doesn't need to change .

You just need to add more switches to the bottom layer 、IP Address and link .

3.VXLAN encapsulation

up to now , We know VxLAN Will be the first 2 The layer subnet extends to the 3 Layer network restrictions , It's like Spine-and-Leaf A logical overlay network is built on such a switching structure .

To achieve this ,VxLAN Will be the first 2 Layer Ethernet frames are encapsulated in VxLAN In the packet , The packet is also encapsulated in IP UDP In the head .

The image below shows VxLAN Packet format .

VxLAN Add the following fields to the original page 2 Layer frame ：

• Ministry MAC Headlines ： This is the header containing the next hop transmission information , It includes VxLAN The destination and source of the endpoint MAC Address 、VLAN ID（16 position ） And type , Outer layer MAC The size of the head is 14 byte .
• P header ： This header allows cross IP Network transmission , It includes VxLAN The destination and source of the endpoint IP Address , Outer layer IP The size of the header is 20 byte .
• UDP header ： This header identifies the packet as VxLAN, It contains UDP Source port 、VxLAN Port and UDP length ,UDP The size of the header is 8 Bytes .
• LAN header , This header is also known as VxLAN Network identifier (VNI).VNID Used to identify VxLAN Network segment , It is similar to MAC On the headlines VLAN ID Mark （16 position ）, But the size is 24 position , Most allow 1600 Ten thousand different sections .

4. VxLAN End of Tunnel (VTEP)

Any support VxLAN The endpoint of （ Such as mainframe 、 Switch or router ） Can be called VTPE（VxLAN End of Tunnel ）.

seeing the name of a thing one thinks of its function ,VTEP Our work is between each other establish and End Tunnel , let me put it another way , They encapsulate and unpack VxLAN Traffic .

P How to work ？

VTPE Use the 3 layer IP The address is connected to the underlying network ,VTPE There may be one or more associated with it VNI.

When there is the same VNI Of the 2 The layer frame arrives at the entrance VTEP when , It will use VxLAN and UDP/IP The header encapsulates the frame .

Then use the bottom layer IP The network transport sends it to the exit VTPE To unpack .

exit VTPE Delete IP and UDP Header and transmit the original page 2 Layer frame .

VTEP It can be a virtual or physical switch port , It is usually configured on a leaf switch .

VTEP Use the traditional bottom layer IP Routing and forwarding mechanism （ for example OSPF and EIGRP） communicate .

VTEP+IP transmission ：Bud node

In some cases , You may need a device to forward IP Flow and execute VxLAN encapsulation / decapsulation .

bud A node is a switching device with two roles , perform VxLAN Of related tasks VTEP And forward VxLAN The flow of IP Transmission equipment .

In order to transmit traffic to other VTEP,bud The node should be located at VxLAN VNI In the same multicast group used .

The image below shows Bud Examples of nodes . Hypothetical host 1 Want to communicate with the host 3 signal communication ,VTEP-2 and VTEP-3 Of or used for VXLAN VNI Multicast group .VTEP-2 Check from the packet VxLAN ID And according to IP Forward it , But if Host-1 Think and host-2 signal communication ,VTEP-2 You can also unpack VxLAN Data packets .

Not all platforms can be Bud node , Running both roles at the same time requires strong processing power .

stay ASIC Up operation VxLAN The platform of （ for example Cisco Nexus 9000 series ） Sufficient for such topologies .

Of VTEP redundancy

VTEP May fail , So you need to consider a way to provide redundancy and load sharing .

Although the design of the leaf ridge topology is already redundant and the leaves should not be connected to each other , But you can still introduce peer-to-peer interconnections between them to provide host level redundancy .

Two leaves VTEP The gateway can be through peer-link and keep-alive The link acts as a , You can use based on Cisco To achieve this , This function is called vPC（ Virtual port channel ）.

vPC yes Cisco Nexus On the switch 2 Layer function , Allows you to connect the host to both switches at the same time , This pair of virtual vPC Switches can provide redundancy for connected hosts , vPC Logic for sharing anycast addresses VTEP equipment .

5. Deploy VxLAN

VxLAN Is a standards based technology , Therefore, it is not restricted by specific suppliers , Can be supported by hardware or software .

You can VxLAN Host or VxLAN The gateway deploys the technology , You can limit deployment to one method or a combination of the two .

Host based VxLAN

VxLAN No need to deploy on the switch , It can also run on any host , As long as it supports VxLAN.

Such as management procedures , It can be configured to run on all its virtual machines VxLAN, function VTEP Functional vSwitch Encapsulate the traffic from the virtual machine before it reaches the physical switch .

because VxLAN Encapsulation occurs on the host , So the rest of the network infrastructure can only be seen IP Traffic , The advantage of host based deployment is that it can simplify the entire physical network , Others may support VxLAN Examples of hosts for include servers 、 A firewall 、 Load balancers, etc .

Gateway based VxLAN

When the host does not support VxLAN when , The best deployment method is to deploy directly on the switch or router .

When the switch executes VTEP When the function , It is called VxLAN gateway , The switch can perform VxLAN encapsulation / decapsulation , Can also be VLAN ID Convert to VNI,VxLAN The gateway creates a path to the target VTEP（ Host or gateway ） The tunnel , So the host and IP Infrastructure doesn't know VxLAN The existence of .

One benefit of gateway based deployment is that certain platforms （ for example Cisco Nexus 9000-EX） Can be implemented on hardware VxLAN, Directly from ASIC Instead of running from software VxLAN Can significantly improve performance .

Mixed deployment

You can also combine the two , Hybrid deployment refers to the deployment of VxLAN And VxLAN Some devices behind the gateway are used together , And there are some hosts running this machine VxLAN.

6. Put them together

So let's see VxLAN How to flow in simple VxLAN The process of moving from host to host in a network .

1. host A Want to communicate with the host at the other end of the network Z signal communication , host A（ I do not know! VxLAN） Create a regular page 2 Layer frame and send it to switch port , The receiving access switch port is configured with a specific VLAN. therefore , Switches will be VLAN ID Assigned to from host A Frame of .
2. have VTEP Role switches A（VxLAN gateway ） take （ Source ）VLAN ID And （ The goal is ）VxLAN ID mapping ,VTEP add to VxLAN head , And will be the first 2 The layer frame is encapsulated as 3 Layer packets , And cross the 3 Layer infrastructure forwarding .
3. Now? , The middle one 3 Layer infrastructure only sees IP Traffic , Don't know any VxLAN Information .VxLAN Traffic is transmitted through the tunnel . All routers on the underlying network can only see one IP header , So they just forward it accordingly .
4. The receiver （VxLAN gateway ）, It's also VTEP Of Switch B Open the packet , find VxLAN Information , Switch B Also understand VxLAN And know VxLAN ID To VLAN ID Mapping , So it receives packets , Find out VLAN ID, And use the target MAC Address to switch it to the corresponding access switch port .
5. host Z I don't know. VxLAN, It receives the host A The regular number sent is 2 Layer frame .