OcNOS-SP : Virtual Extensible LAN Guide : Virtual Extensible LAN Configuration Guide : Overview
Overview
This chapter provides an overview of Virtual eXtensible Local Area Network (VXLAN) and its implementation with OcNOS. VXLAN creates LAN segments using a MAC in IP encapsulation. The encapsulation carries the original L2 frame received from a host to the destination in another server using IP tunnels. The endpoints of the virtualized tunnel formed using VXLAN are called VTEPs (VXLAN Tunnel EndPoints). This technology allows the network to support several tenants with minimum changes in the network. The VTEPs carry tenant data in L3 tunnels over the network. The tenant data is not used in routing or switching. This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses on end devices, hosts/VM’s.
OcNOS supports VXLAN IPv4 tunnels, but both IPv4 and IPv6 hosts are supported.
Note: To configure VXLAN mapping to access ports, use one of the following two methods:
Enable NVO access-if mode on a physical interface: This method is supported in the Qumran1 series platforms.
Activate access-if-evpn mode on an L2 sub-interface: This method is supported in both Qumran1 and Qumran2 series platforms.
Due to the BCM limitation on 9600-56DX boards, if TWAMP and VXLAN are used simultaneously, the hardware profile for NVO VXLAN should be configured last.
Terminology
Terms related to VXLAN configuration are defined in the table below.
IGMP
Internet Group Management Protocol
PIM
Protocol Independent Multicast
VLAN
Virtual Local Area Network
VM
Virtual Machine
VNI
VXLAN Network Identifier (or VXLAN Segment ID)
VTEP
VXLAN Tunnel End Point. An entity that originates and/or terminates VXLAN tunnels
VXLAN
Virtual eXtensible Local Area Network
VXLAN Segment
VXLAN Layer 2 overlay network over which VMs communicate
VXLAN Gateway
An entity that forwards traffic between VXLANs
VXLAN Architecture
VXLAN runs over the existing networking infrastructure. It provides a means to “stretch” a Layer 2 network. In short, VXLAN is a Layer 2 overlay scheme on a Layer 3 network.
Each overlay is termed as a VXLAN segment. Only VMs within the same VXLAN segment can communicate with each other. Each VXLAN segment is identified through a 24-bit segment ID termed the “VXLAN Network Identifier (VNI)”. This allows up to 16 million VXLAN segments to coexist within the same administrative domain.
VNI identifies the scope of the inner MAC frame originated by the individual VM. Hence, we can have overlapping MAC addresses across segments but never have traffic “cross over” since the traffic is isolated using the VNI. The VNI is in an outer header that encapsulates the inner MAC frame originated by the VM.
Any packets (including ARP-ND) that are uplifted to the VXLAN CPU queue from any port are rate limited to 500 packets/second. This is done to protect the system and CPU during an ARP storm.
 
VXLAN Deployment - VTEPs across a Layer 3 Network