Overview
This chapter provides an overview of Virtual Extensible Local Area Network (VxLAN) and its implementation within OcNOS.
VxLAN
Virtual eXtensible Local Area Network (VxLAN) is widely used in Data Centers (DC) and Service Provider (SP) networks. It can also be applied in other environments where numerous virtual machines (VMs) require extensive virtualized network topologies for communication. VxLAN is an overlay transport virtualization technology commonly used in cloud networks to support the ever-increasing Virtual LAN (VLAN) and multi-tenant networks in data centers. It enables the "stretching" of a Layer 2 network over a physical Layer 3 network.
Overlay Network
VxLAN creates an overlay of virtual Layer 2 LAN segment tunnels using a MAC address, and Layer 4 UDP packets in IP encapsulation on top of the physical underlay Layer 3 infrastructure. Technically, it encapsulates L2 Ethernet frames received from a host with L3 IP/UDP packets in a VxLAN header and sends it to the destination in the cloud network using virtual IP tunneling. This allows for the extension of L2 networks across geographically distributed data centers without changing the underlying physical infrastructure.
Underlay Network
The underlay network consists of the physical Layer 2 and Layer 3 infrastructure, which provides the foundation for communication in the network. The underlay network is abstracted to form the virtual IP tunnel within the overlay network, allowing seamless communication across the VxLAN tunnel.
VxLAN Architecture
Typically, VxLAN network uses Spine-Leaf network architecture (Clos topology) and operates as an overlay network which is decoupled from the physical underlay infrastructure. This allows the physical servers to have mobile virtual machines across the globe.
VTEP
The endpoints of the virtualized tunnel formed using VxLAN are called VxLAN Tunnel EndPoints (VTEPs). This technology allows the network to support several tenants with minimum changes in the network. The VTEPs carry tenant data in virtual tunnels over the network. The tenant data is not used in routing or switching. This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses on end devices, hosts, or VMs.
Each overlay tunnel is termed as a VxLAN segment. Only VMs within the same VxLAN segment can communicate with each other. Each VxLAN segment is identified through a 24-bit segment ID termed the “VxLAN Network Identifier (VNI)”. This allows up to 16 million VxLAN segments to coexist within the same administrative domain.
The VNI determines the scope of the inner MAC frame originated from the individual VM. This ensures there can be overlapping MAC addresses across segments, but traffic remains isolated due to the VNI preventing cross-segment interference.
VxLAN Features:
• Leaf nodes act as VTEP for hosts to connect to the data center and provide VPN services
• With multihoming facility load distribution, link and node level redundancies of the Clos fabric are extended to hosts
• Hosts are identified using either the port number, port number with VLAN ID, or the port number with a stacked VLAN ID
• Any packets (including ARP-ND) that are uplifted to the VxLAN CPU queue from any port are rate limited to 500 packets per second. This is done to protect the system and CPU during an ARP storm.
• OcNOS supports both IPv4 and IPv6 hosts and IPv4 VxLAN tunnels.
• VxLAN works over UDP, with destination port 4789
VxLAN Deployment - VTEPs across a Layer 3 Network
Terminology
Terms related to VxLAN configuration are defined in the table below.
VLAN | Virtual Local Area Network |
VM | Virtual Machine |
VNI | VxLAN Network Identifier (or VxLAN Segment ID) |
VTEP | VxLAN Tunnel End Point. An entity that originates and/or terminates VxLAN tunnels |
VxLAN | Virtual eXtensible Local Area Network |
VxLAN Segment | VxLAN Layer 2 overlay network over which VMs communicate |