OcNOS DC : Virtual Extensible Local Area Network Guide : Virtual eXtensible Local Area Network Configuration Guide : Overview
Overview
This chapter provides an overview of Virtual eXtensible Local Area Network (VXLAN) and its implementation with OcNOS. VXLAN creates LAN segments using a MAC in IP encapsulation. The encapsulation carries the original L2 frame received from a host to the destination in another server using IP tunnels. The endpoints of the virtualized tunnel formed using VXLAN are called VTEPs (VXLAN Tunnel EndPoints). This technology allows the network to support several tenants with minimum changes in the network. The VTEPs carry tenant data in L3 tunnels over the network. The tenant data is not used in routing or switching. This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses on end devices, hosts/VM’s.
OcNOS supports VxLAN IPv4 tunnels, but both IPv4 and IPv6 hosts are supported.
Terminology
Terms related to VXLAN configuration are defined in the table below.
IGMP
Internet Group Management Protocol
PIM
Protocol Independent Multicast
VLAN
Virtual Local Area Network
VM
Virtual Machine
VNI
VXLAN Network Identifier (or VXLAN Segment ID)
VTEP
VXLAN Tunnel End Point. An entity that originates and/or terminates VXLAN tunnels
VXLAN
Virtual eXtensible Local Area Network
VXLAN Segment
VXLAN Layer 2 overlay network over which VMs communicate
VXLAN Gateway
An entity that forwards traffic between VXLANs
VXLAN Architecture
VXLAN runs over the existing networking infrastructure. It provides a means to “stretch” a Layer 2 network. In short, VXLAN is a Layer 2 overlay scheme on a Layer 3 network.
Each overlay is termed as a VXLAN segment. Only VMs within the same VXLAN segment can communicate with each other. Each VXLAN segment is identified through a 24-bit segment ID termed the “VXLAN Network Identifier (VNI)”. This allows up to 16 million VXLAN segments to coexist within the same administrative domain.
VNI identifies the scope of the inner MAC frame originated by the individual VM. Hence, we can have overlapping MAC addresses across segments but never have traffic “cross over” since the traffic is isolated using the VNI. The VNI is in an outer header that encapsulates the inner MAC frame originated by the VM.
Any packets (including ARP-ND) that are uplifted to the VxLAN CPU queue from any port are rate limited to 500 packets/second. This is done to protect the system and CPU during an ARP storm.
 
VXLAN Deployment - VTEPs across a Layer 3 Network