Eps 1590: Vxlan
— The too lazy to register an account podcast
| Host image: | StyleGAN neural net |
|---|---|
| Content creation: | GPT-3.5, |
Host
Randy Mitchelle
Podcast Content
VXLAN is a robust encapsulation protocol used to create software-defined overlay networks, which can create Layer 2 segments over routing boundaries. The VXLAN protocol allows a virtual L2 network to be built on top of an existing physical L3 network using a technique called MAC-in-UDP encapsulation. Virtual Extensible Network is a proposed encapsulation protocol to enable an over-the-top network over existing L3 infrastructure.
VXLAN technology is a novel approach to network virtualization designed to solve the problem of scaling networks across large-scale cloud computing deployments. VXLAN VXLANs solves the aforementioned requirements for a datacenters Layer 2 and Layer 3 networking infrastructure while supporting VMs in a multi-tenant environment. This paper details the underlying terminology of theVirtual eXtensible Local Area Network which provides such a encapsulation scheme for meeting the above mentioned different requirements. A pseudo-VXLAN device provides interfaces to tunnel or overlap Ethernet networks over IPv4 and IPv6 networks using the Virtual eXtensible Local Area Network protocol.
EVPN-VXLAN can provide Layer 2 connectivity on physical infrastructures to devices on a virtual network, or allow Layer 3 routing. Well, simply put, VXLAN, or Virtual Extensible Lan, is a tunneling protocol that allows two level 2 segments to be connected together on top of a level 3 network. VxLAN is quite similar to VLAN, which encapsulates both layers 2 frames and segments networks as well. VxLANs encapsulate layer 2 Ethernet frames into UDP level 3 packets, meaning that a virtual subnet of level 2 can extend across the base level 3 networks.
This encapsulation process benefits from the fact that VXLAN encapsulation is transparent both to guest workload virtual machines, as well as to the underlying Layer 3 networking infrastructure. Because the VxLAN encapsulation happens on the hosts, the rest of the network infrastructure sees only IP traffic. Because of that, two virtual machines in the same network segment, but on different VLANs, can talk to each other via the VXLAN tunnel. We can resolve a common scenario by creating a single Gateway Address in network devices at both data centers, and adding VXLANs to join two VLANs together.
If there are big Layer 2 interconnection needs between the virtual machines connected to the different VTEPs, then VXLAN tunnels need to be established between those VTEPs. As described earlier, the Layer 2 domain can cross physical boundaries via VXLAN tunnels, making communication between VMs in a larger Layer 2 network possible. Because of this encapsulation, VXLAN could also be called as a tunneling scheme for overlaying Layer 2 networks over top of Layer 3 networks. When VxLAN is used in this architecture, an added advantage is that scaling of the underlaying networks does not impact the overlay.
The best way to ensure the VxLAN overlay has the required performance, scalability, reliability, and flexibility, while still allowing for changes in the underlying IP network, is by making the best use of a switched fabric topology. This topology is very VxLAN-relevant, as the supporting base layer can grow physically, or shrink, as the overlay grows, without impacting the overlay design.
As shown in Figure 1, VxLAN is a virtual Layer 2 network built over top of an existing physical Layer 3 network . An existing physical Layer 3 network . In terms of VXLAN technology, the underlay is an IP Layer 3 network which routes VXLAN packets like regular IP traffic. As we saw, VxLAN traffic is encapsulated before being sent across the network. The major difference between them is that VXLAN protocol uses Layer 2 underlaying network to encapsulate frames, whereas VXLAN uses Layer 3 for that purpose.
The VXLAN segment identifiers within each frame distinguish the distinct logical networks, which is why millions of isolated layer 2 VXLAN networks are allowed to exist together in the same Layer 3 infrastructure. With VXLAN, Virtual Machines running on VMware vSphere can connect to their desired logical networks and communicate with one another, even when located on different ESXi hosts across different clusters, or even across different datacenters.
VMware vSphere, with its ESXi hosts, vCenter, and VXLAN protocol, is a software package needed for configuring network virtualization with VXLAN support. Configuring VMware VXLAN in the ESXi hosts in a vSphere cluster is a process which generates the VXLAN VTEPs in the ESXi hosts, used for encapsulating and decapsulating the Layer 2 frames sent through network virtualization. In the context of network virtualization or Software Defined Networking , VXLAN technology is typically used as a foundation for larger orchestration tools, which sync states and configurations between multiple network devices.
When VMs share the physical network, even when Virtual Networking isolates the network segments at layer two, a Tor switch needs to work on MAC addresses from physical network devices and from the VMs network adapters in order to ensure L2 connectivity . VM MAC addresses operate only on a virtual stacked network and are not sent to the physical switches on an underlaying network.
For example, a fully L3 network with VXLAN overlay is not vulnerable to Span Tree failures, which some large Australian organisations are experiencing. Probably the biggest benefit that VXLAN solutions offer compared with purely Layer 2 networks is that they eliminate the risks associated with an L2 domain that stretches across several logical switches. This, combined with the fact that hardware-based VTEPs minimize the latency overheads of VXLAN implementations, means we can create a network that is both more scalable and robust, while not losing any performance. The leaf layer handles all of the functions of a VxLAN, such as creating the virtual network, as well as the mapping from a VLAN to a VNI.