1 / 29

VXLAN, Enhancements, and Network Integration SAFNOG 2014 – South Africa

VXLAN, Enhancements, and Network Integration SAFNOG 2014 – South Africa. Russell Kelly Principal Engineer, Juniper Networks Router Business Unit (RBU) rgkelly@juniper.net.

azra
Download Presentation

VXLAN, Enhancements, and Network Integration SAFNOG 2014 – South Africa

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VXLAN, Enhancements, and Network IntegrationSAFNOG 2014 – South Africa Russell Kelly Principal Engineer, Juniper Networks Router Business Unit (RBU) rgkelly@juniper.net Legal Disclaimer: This statement of product direction sets forth Juniper Networks‘ current intention, and is subject to change at any time without notice.  No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.

  2. Various encapsulation methods Overlays Fabrics Other • GRE • Ethernet-over-GRE • IP-IP • MPLS • MPLS over GRE • MPLS over UDP • L2TP • GTP-U • …etc • TRILL • Intel, Cisco, Brocade • IEEE 802.1aq • Huawei, ALU • FabricPath • Cisco • VCS • Brocade • Qfabric • Juniper • VXLAN • Cumulus, Arista,, Broadcom, Cisco, VMware, Citrix, Red Hat • NVGRE • Microsoft, Arista, HP, Broadcom, Juniper • STT • Nicira, Rackspace, eBay, Yahoo! • Geneve • VMware, Microsoft, Red Hat, Intel

  3. VXLAN Platform and Vendor Support Other T2 Platform Vendors Broadcom Trident 2 (aka “T2”) Platforms QFX5100-48S (1RU) 48x10 GbE 6x40 GbE QFX5100-96S (2RU) 96x10 GbE 8x40 GbE QFX5100-24Q 24x40 GbE 2 x Modules: 8x10 or 4x40 GbE Juniper MX-Series and EX9200

  4. Virtual extensible local area network (VXLAN) • Forwarding Overview • Data-Plane based learning and forwarding • VXLAN relies on Data-Plane learning of associated host MAC addresses to VTEP IP’s through source learning • Similar to Layer 2 with flood and learn • But Why VXLAN? – An Encapsulation Overview • Layer 2 Overlay scheme over Layer 3 network • Designed with VM-to-VM communication in mind • VXLAN should be transparent to end hosts • Provide L2 segmentation ability > 4096 VLANs • 24 bit VXLAN Network Identifier (VNI) • 16M VXLAN segments Inner MAC SA Optional Inner 802.1Q Original Ethernet Payload Outer UDP Inner MAC DA VXLAN ID (24 Bits) Outer IP SA Optional Outer 802.1Q Outer IP DA Outer MAC SA Outer MAC DA FCS VXLAN Encapsulation Original Ethernet Frame

  5. VXLAN Encapsulation and Terminology VXLAN Encapsulation IP SA MAC DA MAC VXLAN IP/UDP IP IP SA MAC SA MAC SA MAC DA MAC DA MAC DA MAC Terminology VTEP VTEP VXLAN VNI VNI Host-B Host-A Router-B Router-A VXLAN Segment VXLAN Network Identifier (VNI) VXLAN Tunnel End Point (VTEP) 1 3 2

  6. VXLAN – why udp? • VXLAN uses UDP encapsulation to take advantage of the load balancing in the network. • The UDP source port is set to the hash of inner packet fields and the UDP destination port is set to the 4789 • Setting the UDP source port as packet hash allows for load balancing of the packets using 5-tuples. • The existing IP network infrastructure supports this and no changes are required to support VXLAN in the network

  7. Vxlan unicast traffic • Unicast traffic is sent using point to point tunnels between the source and destination VXLAN tunnel endpoint (VTEP). • UDP source port = hash of inner packet fields • UDP destination port = 4789 (configurable for inter-operability)

  8. Vxlan bum traffic • Broadcast, Unknown Unicast and Multicast (BUM) traffic is sent to a multicast group address • Each VXLAN segment is associated with a multicast group. • Each VTEP joins the multicast group associated with the VNI. • IGMP join is used by the VTEP to join the multicast group if the VTEP is a server. • IGMP join triggers a PIM join. • A multicast tree is built in the network and the BUM traffic is forwarded to all recipients in the multicast group.

  9. VXLAN: Broadcast Traffic Explained Host-A sends an ARP for Host-B. Router-A looks up the VNI association for Host-B. There is no entry and the ARP is VXLAN encapsulated and sent out to the IP multicast group per that VNI. Router-B receives the Multicast packet, verifies the validity of the VNI, and learns the inner source MAC of Host-A. Host-B receives the ARP and responds. Router-B looks up the VNI associated for Host-A, and VXLAN unicasts to Router-A. Router-A receives the unicast packet, verifies the validity of the VNI, and learns the inner source MAC of Host-B. Multicast Enabled VXLAN VTEP VTEP Host-B Host-A Router-B Router-A

  10. VXLAN Integration with existing services • Overview • Terminate (aka “Stitch”) VXLAN segments into existing network services, such as L3VPN, VPLS and E-VPN • Use routing/switch instances as centralized anchor points within a geography • Integration Areas • Data Center Interconnect (DCI) • Virtual Provide Cloud Gateway • Access to Edge • MBH, Business, Residential, Wholesale • Subtending nodes VPLS EVPN L3VPN IRB.0 IRB.1 Bridge-Domain.0 VLAN-ID: 100 LAN VNI 100 LAN Virtual-Switch.0 VLAN-ID: 101 LAN LAN VNI 101

  11. Broadcast Domain Representation Layer-3 IRB VNI 100 Broadcast Domain E-VPN VXLAN NH VNI 200 L2 VLAN

  12. Inter-VXLAN Routing • Use Cases: • Inter-Connecting • VXLAN Segments • L2 - VLANS • L3 – IRB • L2VPN / L3VPN • VPLS / E-VPN • Augment Merchant Silicon with In-House Silicon • Example: Trident-2 does not support the ability to route packets into VXLAN tunnels and vice versa based on payload IP header. • Controlled VTEP Broadcast Replication Router-A Bridge-Domain or Virtual-Switch IRB VTEP VTEP VXLAN, VNI # 100 VXLAN, VNI # 200 VTEP VTEP Router-C Router-B

  13. UNICAST ONLY VXLAN • Enhancements: • Broadcast replication using VXLAN Unicast • Endpoints are statically defined • In-line Data Plane learning and forwarding functions the same • Use Cases: • No IP Multicast support between VTEPs • A static point-to-point deployment, whereby a given VNI only has two VTEPs • VXLAN communication must be secure using a mechanism that does not support IP Multicast No Multicast VTEP VXLAN, VNI # 100 Router-B VTEP VTEP VXLAN, VNI # 200 Router-A VTEP Router-C

  14. Control Modes Data Plane Based Control Plane Based Controller VTEP VTEP VTEP VTEP VDS VDS VM VM VM VM VTEP VTEP VM VM VM VM • VXLAN IETF Draft based • Multicast for L2-BUM traffic • Or Unicast BUM replication • P2P tunnels built by the controller • Juniper Contrail or VMware NSX • OVSBD (or NETCONF) • Controller MAC Learning • Can be combined with Data Plane Control

  15. L2 USE-CASES: L2 SDN GATEWAY CAPABILITIES Physical Data Center Connectivity V-Motion Over Distance Hybrid Cloud L2 WAN L2 WAN VirtualData Center PhysicalData Center PhysicalData Center VirtualNetwork Virtual Network VirtualNetwork L2 L2 • Inter-DC L2 gateway across virtualized DC sites • VM mobility across DC • Intra-DC L2 gateway – multi tenant • VM mobility across the DC • Programmatic L2 connectivity to non-virtualized data centers • Inter-DC L2 gateway on edge router – multi tenant • DC instances connected across L2 WAN (i.e.: VPLS) • VM mobility across

  16. L3 USE-CASES: L3 GATEWAY CAPABILITIES Intra-Data CenterVxLAN Routing L3 Multicast routing for VXLAN Inter-Data CenterVxLAN Routing Internet Data Center 2 Physical Network Multicast WAN L3 WAN PhysicalData Center Virtual Data Center VxLAN 1 VxLAN 2 Virtual Data Center 1 Virtual Data Center 2 • Intra-DC L3 gateway • Routes VxLAN between different virtual networks – multi tenancy • Programmatic L3 connectivity to non-virtualized data centers • Multicast gateway for LAN and WAN • Routes multicast traffic between VXLAN and non VXLAN environments • Inter-DC L3 gateway • Routes VxLAN traffic between data centers • Inter-DC (ie: L3VPN) and Internet routing protocols (ie: BGP)

  17. VXLAN - evpn/vpls– vxlan overview Data Plane Learning Data Plane Learning PE1 PE3 Vxlan Tunnel VPLS Data Plane Learning TOR Vxlan Tunnel TOR VLAN 1 MAC1 VLAN 1 MAC11 IP Cloud IP Cloud MPLS EVPN Cont. Plane Learning PE2 PE4 Vxlan Tunnel Vxlan Tunnel BGP/LDP signaling on WAN VLAN 2 MAC 2 VLAN 2 MAC22 Data Center Interconnect Data Center Site1 Data Center Site 2 Underlay IGP BGP/LDP for signaling Underlay IGP VXLAN VPLS/EVPN VXLAN

  18. VXLAN – evpn – BUM forwarding overview 10 BGP signaling on WAN PE1 PE3 VLAN10 SM MACA DM -FFFFF 2 5 3 9 7 6 8 1 4 @ @ @ @ @ @ @ @ @ Vxlan Tunnel Vxlan Tunnel TOR 10 VLAN 1 MAC1 VLAN 1 MAC11 IP Cloud IP Cloud MPLS PE2 PE4 Vxlan Tunnel TOR Vxlan Tunnel VLAN 2 MAC22 VLAN 2 MAC 2 VXLAN ENCAP BD ID EVPN DECAP BD Lookup Egress NH BD Identification SMAC Learning BD Lookup VXLAN DECAP BD Identification SMAC Learning BD Lookup VXLAN DECAP • EVPN ENCAP • IMNH • UNH SMAC Learning BD Lookup VXLAN Encap VNI:1001 MCG – 239.1.1.2 S IP – 11.10.10.1 VNI:1001 MCG – 239.1.1.2 S IP – 11.10.10.2 VNI:1000 MCG – 239.1.1.1 S IP – 10.10.10.2 VNI:1000 MCG – 239.1.1.1 S IP – 10.10.10.1

  19. VXLAN – evpn – unicast forwarding overview 14 11 12 16 13 15 17 BGP signaling on WAN PE1 PE3 VLAN1 SM MAC-A DM MAC-B VLAN10 SM MAC-A DM MAC-B Vxlan Tunnel Vxlan Tunnel TOR 10 VLAN 1 MAC1 VLAN 1 MAC11 IP Cloud IP Cloud MPLS PE2 PE4 Vxlan Tunnel TOR Vxlan Tunnel VLAN 2 MAC22 VLAN 2 MAC 2 EVPN Encapsulation via UNH BD Identification SMAC Learning BD Lookup VXLAN DECAP SMAC Learning BD ID BD Lookup for DMAC VXLAN ENCAP EVPN DECAP BD ID BD Lookup BD ID SMAC learning thru S-IP VXLAN De-encapsulation BD Lookup for DMAC VXLAN Encap

  20. VXLAN – evpn – vxlan overview - BASE EVPN Cont. Plane Learning Data Plane Learning Data Plane Learning PE1 PE3 Vxlan Tunnel TOR Vxlan Tunnel TOR VLAN 1 MAC1 VLAN 1 MAC11 IP Cloud IP Cloud MPLS PE2 PE4 Vxlan Tunnel Vxlan Tunnel Ethernet Frame Ethernet Frame Original Ethernet Frame Original Ethernet Frame VXLAN Header VXLAN Header BGP signaling on WAN VLAN 2 MAC 2 VLAN 2 MAC22 MPLS Header Ethernet Frame • Operational Notes • In the BGP route Advertisement there is no need to carry VNI id • Label Allocation need only be assigned per EVI basis. • Translation possible VXLAN-VLAN, VNIDx-VNIDy (use BD) One to one mapping between VNI< > EVI.

  21. VXLAN – evpn – vxlan overview – VNI Aware EVPN Cont. Plane Learning Data Plane Learning Data Plane Learning PE1 PE3 Vxlan Tunnel TOR Vxlan Tunnel TOR VLAN 1 MAC1 VLAN 1 MAC11 IP Cloud IP Cloud MPLS PE2 PE4 Vxlan Tunnel Vxlan Tunnel Ethernet Frame Ethernet Frame Original Ethernet Frame Original Ethernet Frame VXLAN Header VXLAN Header BGP signaling on WAN VLAN 2 MAC 2 VLAN 2 MAC22 MPLS Header Ethernet Frame • Operational Notes • In the BGP route Advertisement, there is need to carry VNI id • Label Allocation need to done per EVI + Per VNI basis. (basically per VLAN – bridge domain) Many to one mapping between VNIs < > EVI.

  22. Dayone Guide: VXLAN Case Studies • Day One Guide • Native VXLAN with Multicast • PIM/OSPFv2 • Unicast Only VXLAN • No Multicast • Inter-VXLAN Routing • Network Service Integration • VXLAN over IPSec Transport • IPsec Tunnel Mode Tentatively Scheduled for May, 2014

  23. Summary • VXLAN Consideration • Think beyond VXLAN’s design use cases • Use platform diversity to your advantage • Economics, Power, Space, …etc • JUNOS VXLAN Support • Target Release: JUNOS 14.1 • May timeframe • Account teams can provide beta images • Feel free to email me accordingly

  24. Thank you…

  25. Backup Slides

  26. vxlan packet flow – ARP request from vxlan MAC: M3 IP: 10.10.10.3 HOST H3 VXLAN Gateway MAC-D IP4 HOST H4 DMAC = MG SMAC = MA FF:FF:FF:FF:FF:FF HOST H5 FF:FF:FF:FF:FF:FF IP NETWORK SIP = IP1 DIP = 235.1.1.1 M1 M1 UDP Learn MAC M1 to IP1 binding VXLAN (VNI=10) 0x0806 0x0806 Inner L2 MAC-B IP2 VTEP TOR B VTEP TOR A MAC-A IP1 VTEP SERVER ….. MAC-C IP3 ….. VM 3 VM 2 VM 1 HOST H2 HOST H1 VNI: 10 MGroup: 235.1.1.1 MAC: MG MAC: M1 IP: 10.10.10.1 ARP for 10.10.10.3

  27. vxlan packet flow – ARP response from L2 MAC: M3 IP: 10.10.10.3 HOST H3 MX – VXLAN Gateway MAC-D IP4 ARP response for 10.10.10.3 HOST H4 DMAC = MAC-A SMAC = MAC-D HOST H5 M1 M1 SIP = IP4 DIP = IP1 IP NETWORK M3 M3 UDP VXLAN (VNI=10) 0x0806 0x0806 Inner L2 ….. ….. MAC-B IP2 VTEP TOR B MAC-C IP3 VTEP TOR A MAC-A IP1 VTEP SERVER VM 3 VM 1 VM 2 VNI: 10 Mgroup: 235.1.1.1 MAC: MG HOST H2 HOST H1 MAC: M1 IP: 10.10.10.1

  28. VXLAN packet format • VXLAN uses a MAC in User Datagram Protocol (MAC-in-UDP) encapsulation technique and a 24-bit segment identifier in the form of a VXLAN ID.

  29. References • Standards • VXLAN: A Framework for Overlay Virtualized L2 Networks over L3 Networks • http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-08 • Generic Overlay OAM and Datapath Failure Detection • http://www.ietf.org/id/draft-jain-nvo3-overlay-oam-01.txt • The Open vSwitch Database (OVSDB) Management Protocol • http://tools.ietf.org/html/rfc7047

More Related