Академический Документы
Профессиональный Документы
Культура Документы
By Anand Nande
AGENDA
What is VXLAN ?
Why VXLAN ?
How does it work ?
So now we can migrate VMs across subnets?
What about routing across VXLANs?
Any Performance Impact?
Demo
What is it ?
Virtual eXtensible Local Area Network
Why VXLAN?
What problems does it address and how am I selling it
STP blocks the use of links to avoid the replication and looping of frames.
This is a prob to some DC admins who pay for ports and links
Resiliency due to multipathing - not available.
2^12 = 4096
A 12-bit VLAN ID used to divide multiple broadcast domains
STP blocks few ids from this domain
Multi-tenant Environments
Is it possible to address need for multiple VLANs per tenant w/ 4096 limit?
L3 networks not a comprehensive solution. 2 tenants might use the same set of Layer 3
addresses within their networks.
VXLAN Encapsulation
The L2 Ethernet Frame
Hypervisor 2
Hypervisor 1
10.0.0.1
10.0.0.2
VM2-1
VM1-1
VTEP-1
172.16.1.0/24
VNI=10
192.168.1.0/24 VNI=20
IP=172.16.1.10
MAC=52:54:00:0e:08:b3
VNI=10
VTEP-2
IP=172.16.1.12
MAC=52:54:00:30:de:e3
VNI=10
L3 Network
VM1-2
IP=192.168.1.100
MAC=00:0C:29:2F:32:A0
VNI=20
VM2-2
IP=192.168.1.111
MAC=00:0C:29:2F:23:A0
VNI=20
VNI ID
REMOTE VTEP
52:54:00:a0:1b:bb
10
192.168.122.186
52:54:00:8a:bd:ff
10
192.168.122.101
VTEP-1s table
MAC
VNI ID
REMOTE VTEP
52:54:00:60:18:f9
10
192.168.122.141
52:54:00:8a:bd:ff
10
192.168.122.101
MAC
VNI ID
REMOTE VTEP
52:54:00:a0:1b:bb
10
192.168.122.186
52:54:00:60:18:f9
10
192.168.122.141
VTEP-2s table
packet
capture
on one
of the
VTEPs
Additional
Wireshark
plugin
required to
analyse the
UDP data here
Hypervisor 2
Hypervisor 1
10.0.0.1
10.0.0.2
VM2-1
Flows related to
vm1-1 removed on
VTEP-1
VTEP-1 and added to
VTEP-2
172.16.1.0/24
VNI=10
VTEP-2
IP=172.16.1.12
MAC=52:54:00:30:de:e3
VNI=10
VM1-2
IP=192.168.1.100
MAC=00:0C:29:2F:32:A0
VNI=20
VM1-1
IP=172.16.1.10
MAC=52:54:00:0e:08:b3
VNI=10
virtual:physical
[VXLAN-to-VLAN]
- vlan to router
- hardware VTEP(router) only does bridging
- on physical router:
- in_ports, out_ports, loopback_ports
1. in_ports > bridge into a vlan > lo_ports
2. router_fib > next_hop > physical_world
An overlay network is simply a computer network which is built on top of another network.
The added flexibility comes at a cost, due to the additional processing overhead for encapsulation
and de-encapsulation of packets. This consumes both CPU resources and degrades network
performance, especially for high speed connections.
By introducing hardware offloading capabilities that can be found in some of todays modern NICs,
the added overhead for packet processing can be offloaded to the NIC hardware, resulting in
improved CPU utilization and higher throughput.
Demo
Lets put this into action by creating a simple topology
192.168.122.141
192.168.122.186
192.168.122.101
Hands on
[On your KVM host or laptop]
# yum install virt-manager
libvirt* qemu-kvm openvswitch
# cd /var/lib/libvirt/images
## Get the mininet vmdk image
from the mininet website
## write the spawn.sh
# chmod +x spawn_vm.sh
# ./spawn_vm.sh <vmname>
(note you need to spawn 2
mininet VMs, hence use the above
script 2wice)
References
-