VXLAN Introduction

Shane CorbanNexus Marketing Manager

EMCWorld 2014

Co-sponsored by Intel®

Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Problems being addressed: VLAN scale – VXLAN extends the L2 segment ID field to 24-bits,

potentially allowing for up to 16 million unique L2 segments over the same network

Layer 2 segment elasticity over Layer 3 boundary – VXLAN encapsulates L2 frame in IP-UDP header

VXLAN perceived as “The Standard” way to create overlays• Ecosystem of vendors: VMware, F5, Broadcom, Brocade, Arista, etc.

Why VXLAN?

Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.

3

Terminology

• VTEP (VXLAN Tunnel End Point)• Performs VXLAN encap & decap• Usually located at the Aggregation Layer• Support for multiple VXLAN Edge

Devices (multi-homing) in the same site

• VNI (Virtual Network Identifier)• Mapping of VLAN to VXLAN (i.e., VNI

5000 maps to VLAN 20)• Can have multiple VNIs mapped to the

same VLAN

VXLAN Devices VTEP

VTEPVTEP

VTEP

Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.

4

VXLAN MAC Learning

Flood & Learn is used today Control-Plane based in future

Multicast is required Unicast with head-end replication in the future

PIM-SM or PIM-Bidir on Nexus 3100/7000 PIM-Bidir on Nexus 5600/N6K-X

Building the MAC Tables

Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.

5

VTEP Discovery

VTEPs join specified multicast group (*, G) PIM-SM or PIM-BiDir

Can have one multicast group per VNI Can have multiple VNIs per multicast group

Future support for an intelligent control plane for VTEP discovery

How VTEPs find each other

Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.

VXLAN Packet StructureOriginal L2 Frame Given a VXLAN Header with VNI

Original L2 FrameVXLAN Header F C S

Allows for 16M possible segmentsUDP

4789Hash of the inner L2/L3/L4

headers of the original frame.

Enables entropy for ECMP Load balancing in the

Network.

Src and Dst addresses of the

VTEPs

Src VTEP MAC Address

Next-Hop MAC Address

Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.

VXLAN Multicast Mode

L3 Core

VTEP VTEP VTEP

IGMP Report to Multicast Group 239.1.1.1

IGMP Report to Multicast Group

239.1.1.1IGMP Report to Multicast

Group 239.2.2.2

IGMP Report to Multicast Group 239.2.2.2

WebVM

WebVM

DBVM

DBVM

Multicast-enabled Transport

PIM not IGMP

Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.

ARP Request

L3 Core

VM 1 VM 3VM 2

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

IP A GARP Req

MAC IP AddrVM 1 VTEP 1

MAC IP AddrVM 1 VTEP 1

ARP Req

IP A GARP Req

ARP Req ARP Req

Multicast-enabled Transport

Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.

ARP Response

L3 Core

VM 1 VM 3VM 2

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

ARP Resp

MAC IP AddrVM 2 VTEP 2

Multicast-enabled Transport

VTEP 2 VTEP 1ARP Resp

ARP Resp

MAC IP AddrVM 1 VTEP 1

Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Blue & Purple VNI Sharing of Multicast Groups

L3 Core

WebVM

WebVM

DBVM

DBVM

VTEP 11.1.1.1

VTEP 33.3.3.3

VTEP 22.2.2.2

Blue VNI onGroup G

Purple VNI onGroup G

IP A GOrg Frame

IP A GOrg Frame

Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Current VXLAN Challenges

• Multicast may not be enabled in the infrastructure • Multicast scaling

Multicast Dependency

• Flooding required to handle BUM (Broadcast/Unknown Unicast/Multicast) traffic

• Unknown floods can cause network meltdowns

Flood and Learn based Learning

• Need the ability to connect to external nodes External

Connectivity

Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Planned Cisco VXLAN Enhancements• Head-end replication to allow unicast-

mode only operation• Introduce a control plane to allow for dynamic

VTEP discovery

Multicast Dependency

• Workload MAC addresses are known once they are connected to the VXLAN capable devices

• Leverage the control plane also to exchange L2/L3 address-to-VTEP association information

Flood and Learn based Learning

• Introduce VXLAN GatewaysExternal Connectivity

Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Unicast-OnlyTransport

East

South

VTEP

VXLAN Unicast ModeHead-End Replication

West VXLAN Encap 4

3 VTEP performs Head-End Replication

**Information statically configured or dynamically retrieved via control plane (VTEP discovery)

VTEP

VTEP

Overlay NeighborsSouth , IP CEast , IP B

2 VTEP retrieves the list of Overlay Neighbors**

BUM Frame 1A workload sends a L2 BUM* frame

IP A IP BBUM Frame

IP A IP B

IP C

IP A IP CBUM Frame

*Broadcast, Unknown Unicast or Multicast

5 Frames are unicasted to the neighbors

Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.

VXLAN HW L2 & L3 Gateways

Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Destination is in another segment.

Packet is routed to the new segmentVXLANORANGE VXLANBLUE

Ingress VXLAN packet on Orange segment

VXLAN

Router

V(X)LAN-to-V(X)LAN Routing (L3 Gateway) N5600, N6K-X, N7K (F3), N9K

VXLAN on HW PlatformsSupported Functionalities

VXLAN to VLAN Bridging (L2 Gateway) N5600, N6K-X, N7K (F3),

N9K, N31XX

VXLANORANGE

Ingress VXLAN packet on Orange segment

Egress interface chosen (bridge may .1Q tag the

packet)

VXLAN L2 Gateway

SVI

Egress interface chosen (bridge may .1Q tag the

packet)

Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.

“Software” VXLAN Layer-2 GatewayPurely an Host Overlay Solution

VxLANuntagged

HypervisorVirtual

Machines

Virtual to Virtual

VNI 5000 VNI 5000VXLAN supported on Nexus1000v &

Hypervisor Switches

L3 Fabric

WAN/Core

Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Inter-VXLAN Routing using SW L3 GatewayPurely an Host Overlay Solution

SW Gwy

VXLAN RoutingVNI 5000 <-> VNI

6000

Virtual to Virtual

VNI 5000 VNI 6000

VXLAN routing functions supported on Cisco

ASA1000v and CSR1000v

L3 Fabric

WAN/Core

VxLANuntagged

Cisco Confidential 18© 2013-2014 Cisco and/or its affiliates. All rights reserved.

SW L3 GatewayCommunicating with the External L3 Domain

SW Gwy

VXLAN to VLAN Bridging

VNI 5000 <-> V:LAN 100

Virtual to Physical

VNI 6000VXLAN routing functions also supported on Cisco

ASA1000v and CSR1000v

VLAN

L3 Fabric

WAN/Core

SVI 100

VxLANuntagged

Cisco Confidential 19© 2013-2014 Cisco and/or its affiliates. All rights reserved.

VNI 6000VXLAN-to-VLAN

Bridging

Virtual to Physical

VxLANVLAN

untagged

VXLAN L2 Gateway

VXLAN L2 Gateway

VNI 5000VLAN 10

VLAN 20

VXLAN VTEP

HW VXLAN L2 Gateway Intra-Subnet Communication

L3 Fabric

Cisco Confidential 20© 2013-2014 Cisco and/or its affiliates. All rights reserved.

L3 CloudVXLAN L3 Gateway

VXLAN L3 Gateway

HW VXLAN RoutingInter-Subnets Communication

VXLAN-to-VXLAN Routing

VNI 5000 <-> VNI 7000VXLAN L2 Gateway

VXLAN L2 Gateway

VxLANVLAN

untagged

VLAN-to-VXLAN Routing

VNI 6000 <-> L3_Ext_Intf

VNI 5000VLAN 20VLAN 30VXLAN-to-VLAN

BridgingVNI 7000 <-> VLAN

30

VXLAN-to-VLAN Bridging

VLAN 20 <-> VNI 6000

L3 Fabric

Cisco Confidential 21© 2013-2014 Cisco and/or its affiliates. All rights reserved.

VXLAN L3 Gateway

VXLAN L3 Gateway

HW VXLAN RoutingNexus VTEP Redundancy

VXLAN L2 Gateway

L3 Fabric

VXLAN L2 Gateway

L3 Gateway redundancy based on vPC and HSRP (2

nodes)

L2 Gateway redundancy based on vPC (anycast

VTEP address)vMAC Emulated VTEP

Thank you.

Q & A