VXLAN Introduction 2

© 2014 VCE Company, LLC. All rights reserved.

Shane Corban

Nexus Marketing Manager

VXLAN INTRODUCTION

Problems being addressed: VLAN scale – VXLAN extends the L2 segment ID field to 24-bits,

potentially allowing for up to 16 million unique L2 segments over the same network

Layer 2 segment elasticity over Layer 3 boundary – VXLAN encapsulates L2 frame in IP-UDP header

VXLAN perceived as “The Standard” way to create overlaysEcosystem of vendors: VMware, F5, Broadcom, Brocade, Arista, etc.

Why VXLAN?

3

TERMINOLOGY

VTEP (VXLAN Tunnel End Point)

Performs VXLAN encap & decap

Usually located at the Aggregation Layer

Support for multiple VXLAN Edge Devices (multi-homing) in the same site

VNI (Virtual Network Identifier)

Mapping of VLAN to VXLAN (i.e., VNI 5000 maps to VLAN 20)

Can have multiple VNIs mapped to the same VLAN

VXLAN Devices

VTEP

VTEPVTEP

VTEP

4

VXLAN MAC LEARNING

Flood & Learn is used today

Control-Plane based in future

Multicast is required

Unicast with head-end replication in the future

PIM-SM or PIM-Bidir on Nexus 3100/7000

PIM-Bidir on Nexus 5600/N6K-X

Building the MAC Tables

5

VTEP DISCOVERY

VTEPs join specified multicast group (*, G)PIM-SM or PIM-BiDir

Can have one multicast group per VNICan have multiple VNIs per multicast group

Future support for an intelligent control plane for VTEP discovery

How VTEPs find each other

© 2014 VCE Company, LLC. All rights reserved. VCE Confidential

VXLAN PACKET STRUCTUREORIGINAL L2 FRAME GIVEN A VXLAN HEADER WITH VNI

Original L2 FrameVXLAN Header F C S

Allows for 16M possible segmentsUDP 4789

Hash of the inner L2/L3/L4 headers of the original frame.

Enables entropy for ECMP Load balancing in the Network.

Src and Dst addresses of the VTEPs

Src VTEP MAC Address

Next-Hop MAC Address

VXLAN MULTICAST MODE

L3 Core

VTEP VTEP VTEP

IGMP Report to Multicast Group 239.1.1.1




WebVM

WebVM

DBVM

DBVM

Multicast-enabled Transport

PIM not IGMP

ARP REQUEST

L3 Core

VM 1 VM 3VM 2

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

IP A GIP A GARP Req

MAC IP AddrVM 1 VTEP 1


ARP Req

IP A GIP A GARP Req

ARP Req ARP Req


ARP RESPONSE

L3 Core

VM 1 VM 3VM 2

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

ARP Resp



VTEP 2 VTEP 1VTEP 2 VTEP 1ARP Resp

ARP Resp


BLUE & PURPLE VNI SHARING OF MULTICAST GROUPS

L3 Core

WebVM

WebVM

DBVM

DBVM

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

Blue VNI onGroup G

Purple VNI onGroup G

IP A GIP A GOrg Frame

IP A GIP A GOrg Frame


Current VXLAN Challenges

• Multicast may not be enabled in the infrastructure • Multicast scaling

Multicast Dependency

• Flooding required to handle BUM (Broadcast/Unknown Unicast/Multicast) traffic

• Unknown floods can cause network meltdowns

Flood and Learn based Learning

• Need the ability to connect to external nodes External Connectivity


Planned Cisco VXLAN Enhancements

• Head-end replication to allow unicast-mode only operation

• Introduce a control plane to allow for dynamic VTEP discovery

Multicast Dependency

• Workload MAC addresses are known once they are connected to the VXLAN capable devices

• Leverage the control plane also to exchange L2/L3 address-to-VTEP association information

Flood and Learn based Learning

• Introduce VXLAN GatewaysExternal Connectivity


Unicast-OnlyTransport

East

South

VTEP

VXLAN UNICAST MODEHEAD-END REPLICATION

West VXLAN Encap 4

3 VTEP performs Head-End Replication

**Information statically configured or dynamically retrieved via control plane (VTEP discovery)

VTEP

VTEP

Overlay NeighborsSouth , IP CEast , IP B

2 VTEP retrieves the list of Overlay Neighbors**

BUM Frame

1A workload sends a L2 BUM* frame

IP A IP BBUM Frame

IP AIP B

IP C

IP A IP CBUM Frame

*Broadcast, Unknown Unicast or Multicast

5 Frames are unicasted to the neighbors

VXLAN HW L2 & L3 GATEWAYS


Destination is in another segment.Packet is routed to the new segment

VXLANORANGE VXLANBLUE

Ingress VXLAN packet on Orange segment

VXLAN Router

V(X)LAN-to-V(X)LAN Routing (L3 Gateway)

N5600, N6K-X, N7K (F3), N9K

VXLAN ON HW PLATFORMSSUPPORTED FUNCTIONALITIES

VXLAN to VLAN Bridging (L2 Gateway)

N5600, N6K-X, N7K (F3), N9K, N31XXVXLANORANGE

Ingress VXLAN packet on Orange segment

Egress interface chosen (bridge may .1Q tag the packet)

VXLAN L2 Gateway

SVI

Egress interface chosen (bridge may .1Q tag the packet)


“SOFTWARE” VXLAN LAYER-2 GATEWAYPURELY AN HOST OVERLAY SOLUTION

VxLANuntagged

HypervisorVirtual

Machines

Virtual to Virtual

VNI 5000 VNI 5000VXLAN supported on Nexus1000v & Hypervisor

Switches

L3 Fabric

WAN/Core


INTER-VXLAN ROUTING USING SW L3 GATEWAYPURELY AN HOST OVERLAY SOLUTION

SW Gwy

VXLAN RoutingVNI 5000 <-> VNI

6000

Virtual to Virtual

VNI 5000 VNI 6000

VXLAN routing functions supported on Cisco

ASA1000v and CSR1000v

L3 Fabric

WAN/Core

VxLANuntagged


SW L3 GATEWAYCOMMUNICATING WITH THE EXTERNAL L3 DOMAIN

SW Gwy

VXLAN to VLAN Bridging VNI 5000 <-> V:LAN 100

Virtual to Physical

VNI 6000

VXLAN routing functions also supported on Cisco

ASA1000v and CSR1000vVLAN

L3 Fabric

WAN/Core

SVI 100

VxLANuntagged


VNI 6000

VXLAN-to-VLAN Bridging

Virtual to Physical

VxLANVLAN

untagged

VXLAN L2 Gateway

VXLAN L2 Gateway

VNI 5000

VLAN 10

VLAN 20

VXLAN VTEP

HW VXLAN L2 GATEWAY INTRA-SUBNET COMMUNICATION

L3 Fabric


L3 CloudVXLAN L3 Gateway

VXLAN L3 Gateway

HW VXLAN ROUTINGINTER-SUBNETS COMMUNICATION

VXLAN-to-VXLAN RoutingVNI 5000 <-> VNI 7000

VXLAN L2 Gateway

VXLAN L2 Gateway

VxLANVLAN

untagged

VLAN-to-VXLAN RoutingVNI 6000 <-> L3_Ext_Intf

VNI 5000VLAN 20VLAN 30VXLAN-to-VLAN

BridgingVNI 7000 <-> VLAN 30

VXLAN-to-VLAN BridgingVLAN 20 <-> VNI 6000

L3 Fabric


VXLAN L3 Gateway

VXLAN L3 Gateway

HW VXLAN ROUTINGNEXUS VTEP REDUNDANCY

VXLAN L2 Gateway

L3 Fabric

VXLAN L2 Gateway

L3 Gateway redundancy based on vPC and HSRP (2 nodes)

L2 Gateway redundancy based on vPC (anycast

VTEP address)vMAC Emulated VTEP

Technology

VXLAN Introduction 2