16
© 2010 Juniper Networks, Inc. www.juniper.net VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) [email protected] Legal Disclaimer: This statement of product direc2on sets forth Juniper Networks‘ current inten2on, and is subject to change at any 2me without no2ce. No purchases are con2ngent upon Juniper Networks delivering any feature or func2onality depicted on this statement.

VXLAN, Enhancements, and Network Integration · PDF file© 2010 Juniper Networks, Inc. VXLAN, ... 7 Copyright © 2014 Juniper Networks, Inc. VXLAN INTEGRATION WITH EXISTING ... L3VPN

Embed Size (px)

Citation preview

© 2010 Juniper Networks, Inc. www.juniper.net

VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia

Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) [email protected]

Legal  Disclaimer:  This  statement  of  product  direc2on  sets  forth  Juniper  Networks‘  current  inten2on,  and  is  subject  to  change  at  any  2me  without  no2ce.    No  purchases  are  con2ngent  upon  Juniper  Networks  delivering  any  feature  or  func2onality  depicted  on  this  statement.  

2 Copyright © 2014 Juniper Networks, Inc.

VARIOUS ENCAPSULATION METHODS

  TRILL   Intel, Cisco, Brocade

  IEEE 802.1aq   Huawei, ALU

  FabricPath   Cisco

  VCS   Brocade

  Qfabric   Juniper

  GRE   Ethernet-over-GRE

  IP-IP   MPLS   MPLS over GRE   MPLS over UDP

  L2TP   GTP-U   …etc

Fabrics Overlays Other   VXLAN   Cumulus, Arista,,

Broadcom, Cisco, VMware, Citrix, Red Hat

  NVGRE   Microsoft, Arista, HP,

Broadcom, Juniper

  STT   Nicira, Rackspace, eBay,

Yahoo!

  Geneve   VMware, Microsoft, Red

Hat, Intel

3 Copyright © 2014 Juniper Networks, Inc.

VXLAN PLATFORM AND VENDOR SUPPORT

Other T2 Platform Vendors Broadcom Trident 2 (aka “T2”) Platforms

QFX5100-48S (1RU) 48x10 GbE 6x40 GbE

QFX5100-96S (2RU) 96x10 GbE 8x40 GbE

QFX5100-24Q 24x40 GbE 2 x Modules:

8x10 or 4x40 GbE

Juniper MX-Series and EX9200

4 Copyright © 2014 Juniper Networks, Inc.

VXLAN ENCAPSULATION AND TERMINOLOGY

VTEP

Host-A Host-B Router-A Router-B

VXLAN

VXLAN Segment

VXLAN Tunnel End Point (VTEP)

VXLAN Network Identifier

(VNI)

DA MAC

SA MAC

VXLAN

IP

DA MAC

SA MAC

DA MAC

SA MAC

IP IP/UDP

VTEP VNI VNI

VXLAN Encapsulation

Terminology

1 2 3

DA MAC

SA MAC

IP

5 Copyright © 2014 Juniper Networks, Inc.

VIRTUAL EXTENSIBLE LOCAL AREA NETWORK (VXLAN)   Encapsulation Overview   Layer 2 Overlay scheme over Layer 3

network   Designed for VM-to-VM communication

in mind   VXLAN should be transparent to end

hosts   Provide L2 segmentation ability > 4096

VLANs   24 bit VXLAN Network Identifier (VNI)

  16M VXLAN segments

  Forwarding Overview   Data-Plane based learning and forwarding   VXLAN relies on Data-Plane learning of

associated host MAC addresses to VTEP IP’s through source learning   Similar to Layer 2 with flood and learn

Outer MAC DA

Outer MAC SA

Optional Outer

802.1Q

Outer IP DA

Outer IP SA

Outer UDP

VXLAN ID (24 Bits)

Inner MAC DA

Inner MAC SA

Optional Inner

802.1Q

Original Ethernet Payload

FCS

VXLAN Encapsulation Original Ethernet Frame

6 Copyright © 2014 Juniper Networks, Inc.

VXLAN: BROADCAST TRAFFIC EXPLAINED

VTEP VTEP

1)  Host-A sends an ARP for Host-B. 2)  Router-A looks up the VNI association for Host-B. 3)  There is no entry and the ARP is VXLAN encapsulated and sent out to the IP multicast group per

that VNI. 4)  Router-B receives the Multicast packet, verifies the validity of the VNI, and learns the inner

source MAC of Host-A. 5)  Host-B receives the ARP and responds. 6)  Router-B looks up the VNI associated for Host-A, and VXLAN unicasts to Router-A. 7)  Router-A receives the unicast packet, verifies the validity of the VNI, and learns the inner source

MAC of Host-B.

Host-A Host-B Router-A Router-B

VXLAN

Multicast Enabled

7 Copyright © 2014 Juniper Networks, Inc.

VXLAN INTEGRATION WITH EXISTING SERVICES

Virtual-Switch.0 VLAN-ID: 101

Bridge-Domain.0 VLAN-ID: 100

LAN LAN VNI 100

LAN LAN VNI 101

IRB.0 IRB.1

L3VPN VPLS EVPN   Overview   Terminate (aka “Stitch”) VXLAN segments into

existing network services, such as L3VPN, VPLS and E-VPN   Use routing/switch instances as centralized

anchor points within a geography

  Integration Areas   Data Center Interconnect (DCI)   Virtual Provide Cloud Gateway   Access to Edge   MBH, Business, Residential, Wholesale   Subtending nodes

8 Copyright © 2014 Juniper Networks, Inc.

INTER-VXLAN ROUTING

VTEP VTEP

Bridge-Domain or Virtual-Switch

VXLA

N, V

NI #

100

Use Cases:   Inter-Connecting

  VXLAN Segments   L2 - VLANS   L3 – IRB   L2VPN / L3VPN   VPLS / E-VPN

  Augment Merchant Silicon with In-House Silicon   Example: Trident-2 does not support the

ability to route packets into VXLAN tunnels and vice versa based on payload IP header.

  Controlled VTEP Broadcast Replication

Router-B Router-C

Router-A

VXLAN

, VNI # 200

IRB

VTEP VTEP

9 Copyright © 2014 Juniper Networks, Inc.

BROADCAST DOMAIN REPRESENTATION

IRB

L2

VNI 100

VNI 200 NH

Broadcast Domain

Layer-3

E-VPN VXLAN

VLAN

10 Copyright © 2014 Juniper Networks, Inc.

UNICAST ONLY VXLAN

Router-A

Router-B

Enhancements:   Broadcast replication using VXLAN Unicast   Endpoints are statically defined   In-line Data Plane learning and forwarding

functions the same

Use Cases:   No IP Multicast support between VTEPs   A static point-to-point deployment, whereby a

given VNI only has two VTEPs   VXLAN communication must be secure using a

mechanism that does not support IP Multicast

Router-C

VXLAN, VNI # 100

VXLAN, VNI # 200

No Multicast

VTEP

VTEP

VTEP

VTEP

11 Copyright © 2014 Juniper Networks, Inc.

CONTROL MODES

VM VM

VM VM

VDS

VTEP

VTEP

VM VM

VM VM

VDS

VTEP

VTEP

  VXLAN IETF Draft based   Multicast for L2-BUM traffic   Or Unicast BUM replication

  P2P tunnels built by the controller   Juniper Contrail or VMware NSX   OVSBD (or NETCONF)

  Controller MAC Learning   Can be combined with Data Plane Control

Controller

Data Plane Based Control Plane Based

VTEP VTEP

12 Copyright © 2014 Juniper Networks, Inc.

DAYONE GUIDE: VXLAN CASE STUDIES

Tentatively Scheduled for May, 2014

 Day One Guide   Native VXLAN with Multicast

  PIM/OSPFv2   Unicast Only VXLAN

  No Multicast   Inter-VXLAN Routing

  Network Service Integration   VXLAN over IPSec Transport

  IPsec Tunnel Mode

13 Copyright © 2014 Juniper Networks, Inc.

SUMMARY  VXLAN Consideration   Think beyond VXLAN’s design use cases   Use platform diversity to your advantage

  Economics, Power, Space, …etc

 JUNOS VXLAN Support   Target Release: JUNOS 14.1

 May timeframe   Account teams can provide beta images

 Feel free to email me accordingly

© 2010 Juniper Networks, Inc. www.juniper.net

THANK YOU…

© 2010 Juniper Networks, Inc. www.juniper.net

BACKUP SLIDES

16 Copyright © 2014 Juniper Networks, Inc.

REFERENCES

Standards

VXLAN: A Framework for Overlay Virtualized L2 Networks over L3 Networks http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-08

Generic Overlay OAM and Datapath Failure Detection

http://www.ietf.org/id/draft-jain-nvo3-overlay-oam-01.txt The Open vSwitch Database (OVSDB) Management Protocol

http://tools.ietf.org/html/rfc7047