VXLAN 101
Virtual eXtensive Local Area Network (VXLAN)
A framework for tunneling Ethernet (Layer 2) traffic over IP (Layer 3) networks
Traditional Ethernet (Layer 2) networks have many issues and limitations, such as Spanning-Tree Protocol (STP), limited amount of possible VLAN IDs and large MAC address tables that the switches need to maintain.
This issues and limitations are relevant to various environments, whether it is a data center or a service provider network.
STP - this protocol is used in order to block redundant links and prevent potential loops in the network. It is true that there are ways to overcome this, by using protocols and techniques such as Port-Channels (POs) or Virtual Port-Channels (VPCs). In general, it becomes more of a legacy protocol that we want to get rid of, and you can see an additional example of this approach in Spine-Leaf topologies adopted in data center networks.
VLAN IDs - having a 12-bit field in an Ethernet frame allows us to have up to 4096 VLAN IDs (including reserved, meaning that there are about 4000 VLAN IDs we can actually use). Imagine a Service Provider network serving hundreds of customers, each requiring several VLANs for various needs. If we are talking about 500 customers, it means that an equal split will let us to configure only 8 VLANs per customer. This example can also be reflected in the data center world, where virtual machines are grouped into different VLANs, meaning that network engineers might need to have thousands of them in order to partition the traffic. There are ways to overcome this, such as Q-in-Q or recycling the same VLAN IDs over different switches, as long as they are not connected and overlapping. But once again, this is not ideal.
MAC address tables - due to the extensive use of virtualization, each server is able to host tens and even hundreds of virtual machines, each having it’s own MAC address. It means that each port learns a big amount of MAC addresses which are registered, and this is only from one physical port. Now imagine a Top of Rack (ToR) switch in a data center, having 48 ports, each connecting to a different host - we are talking about hundreds and even thousands of MAC addresses.
How VXLAN works?
VXLAN is based on an Overlay and Underlay concept, whereas the Underlay network is our traditional IP (Layer 3) physical network consisting of switches, routers, firewalls etc., and an Overlay (Layer 2) virtual network which is the VXLAN tunneling. The overlay concept is not limited to VXLAN only, and you can actually see it in other examples such as GRE or IPSec tunnels.
领英推荐
VXLAN terminology
VXLAN Network Identifier (VNI) - used to identify the VXLAN and is similar to VLAN ID. This field consists of?24-bits,?which means that potentially we can have 16,777,215 ( ~16 million) VXLANs. In comparison to the standard VLAN ID limitation it’s a lot, eliminating the previous issue even for the biggest service providers.
VXLAN Tunnel Endpoint (VTEP) - the device that is responsible for encapsulating and de-capsulating Layer 2 traffic. Ultimately, it is the interconnect point between the Overlay and Underlay networks. In todays world, VTEP can be seen in many forms, both software and hardware based. Each VTEP has two interface types:
VXLAN mapping
In traditional networks, when a host A wants to communicate with host B, it uses an ARP request which is flooded across all ports using broadcast, where eventually host B will reply with its IP.
With VXLAN, each VTEP has a VXLAN mapping (forwarding) table that maps a destination MAC address to a remote VTEP IP address. There are different control plane solutions for VTEP to learn about a MAC address:
Summarization - VXLAN advantages
To summarize this article, let’s go through the advantages using VXLAN provides us with:
Resources:
Senior Solution Engineer at Netapp | AWS Certified Solution Architect - Professional | Multi-disciplinary IT Professional | Product Manager | +10k Connections influencer
2 年GENEVE is the new standard