Arista VXLAN功能介绍

1、1VXLAN Fundamentals, Architecture & Roadmap21. Data Center IP Fabric Building a strong Foundation2. What is Network Virtualization?3. VXLAN Overview4. VXLAN Packet details5. VXLAN Terminology6. VXLAN Host Discovery7. VXLAN BUM Traffic Handling8. VXLAN Layer 2 & Layer 3 Terminologies9. VXLAN

2、Arista Architecture & Vision10.VXLAN Roadmap11.VXLAN Visbility3Data Center IP FabricBuilding A Strong FoundationScalability Scales up and not scales out Dependent on specific hardware (mix & match) Not scalable to 40GbE / 100GbELatency High latency Low predictabilityMobility What happens if

3、my “IP” changes? What happens if traffic pattern changes?Cost As multiple layers, it can get $Oversubscription Ports on devices are oversubscribed 8:1 Higher Oversubscription as traffic traverses north 20:1Layer 2 DomainLayer 2 DomainLegacy Data Center ModelMultiple points of management, rampant ove

4、rsubscription, wasteful cost modelLayer 2 DomainLayer 2 DomainNorth to SouthSupport for East/West 80:20 traffic patternScale up to 64-way ECMP Spine designs All uplinks from ToR are Active/ActiveSupport 100000s of host ports Non-blocking / Non-oversubscribed architectureDeploy L3 routing protocols b

5、etween leaf & spine i.e. BGP, OSPF, or ISISEverything is only 3 hops away!Provide network mobility via Overlay Network6VTEP1IP FabricSpine TierLeaf TierA 1B 1A2B2Bare Metal ServersBare Metal Storage HYPERVISOR 1HYPERVISOR 2VTEP2VTEP3VTEP4 Network core is an IP fabric laid out in a Leaf-Spine arc

6、hitecture running ECMP between the two tiers- Leaf switches - Arista 7150-x or 7050Q-x models are deployed at the TOR connecting virtualized servers, bare-metal servers, storage arrays and other devices- Spine switches Arista 7500s are deployed at the core - Routing Protocol Either EGP (BGP) or IGP

7、(OSPF / ISIS) is run in the IP fabric7What is Network Virtualization?8Network Virtualization is not the same as Server Virtualization!9Network virtualization: ability to separate, abstract and decouple the physical topology from a logical or virtual topology by using encapsulated tunneling. This log

8、ical network topology is often referred to as an Overlay Network. Overlay NetworkPhysical Infrastructure i.e. Underlay NetworkVXLAN disassociates workloads from physical networks, allowing for possible transition to cloud based providers 10Any Overlay technology uses Location & Identity separati

9、on LocationIdentityFabric PathVXLANOTVLISPUnderlay ProtocolIS-ISBGP, OSPF, IS-ISBGP, OSPF, IS-ISBGP, OSPF, IS-ISLocationSwitch-IDIP addressIP addressIP addressIdentityClient MACClient MACClient MACClient IP / MacIdentity LearningFloodingFlooding / Dynamic learningIS-ISMapping DBVendor ProprietaryYes

10、NonYesNonIntra & / or Inter DCIntraBothBothInter11VXLAN Overview12Ethernet in IP overlay network Entire L2 frame encapsulated in UDP50 bytes of overheadInclude 24 bit VXLAN Identifier16 M logical networksVXLAN can cross Layer 3Tunnel between ESX hostsVMs do NOT see VXLAN IDIP multicast used for

11、L2 broadcast/multicast, unknown unicastTechnology submitted to IETF for standardizationWith Arista, Vmware, Red Hat, Citrix, Cisco, and OthersOuter MACDAOuter MACSAOuter 802.1QOuter IP DAOuter IP SAOuter UDPVXLAN ID (24 bits)Inner MAC DAInnerMACSAOptional Inner 802.1Q Original Ethernet PayloadCRCVXL

12、AN EncapsulationOriginal Ethernet Frame13MAC&IP are UDP EncapsulatedEncapsulation at VTEP node is transparent to IP ECMP fabricVM-110.10.10.1/24VM-210.10.10.2/24Subnet-A Subnet-B Layer 2 Domain between the VMvWire- VNI 10HW VTEPEncap/DecapVXLAN FramesSW VTEPEncap/DecapVXLAN VTEPVTEPVTEP14Feature

13、 Benefits-Eliminates current networking challenges in the way of on-demand, virtual environment:- VLAN Sprawl- Single fault domains- Scalability beyond 4096 segments- Proprietary fabric solutions- IP mobility- Physical cluster size and locality-Enables multi-tenancy at scale-Decouples logical networ

14、ks from physical infrastructure so that applications can be deployed without worrying about physical rack location, IP address or VLAN-Based on open and well known standards15 Physical to Virtual internetworking Multi-hypervisor connectivity and integration Multi-tenant Cloud environments HA cluster

15、s across failure domains Dynamic growth Dynamic resource management16VXLAN Packet Details17VXLAN is a MAC-in-IP encapsulation18VXLAN Header is a 8 Byte field comprising of:(a)Flags (8 Bits) (b)VxLAN Network Identifier (VNI) (24 Bits) (c)Reserved (24 & 8 Bits) Always set to zero. Reserved (24 &am

16、p; 8 Bits) Always set to zero. Flags (8 Bits) I flag is set to 1 for a valid VxLAN Network ID (VNI). The remaining 7 bits (designated R) are reserved fields and set to zero. VxLAN Network Identifier (VNI) (24 Bits) Used for identification of the individual VxLAN overlay network on which the communic

17、ating VMs are situated. VMs in different VxLAN overlay networks cannot communicate. 19VXLAN Terminology20VXLAN SegmentsSoftware VTEPHardware VTEPVTEP1IP FabricSpine TierLeaf TierA 1B 1A2B2Bare Metal ServersBare Metal Storage HYPERVISOR 1HYPERVISOR 2VTEP2VTEP3VTEP4VTIVXLAN GatewayVTIVXLAN 10001 VXLAN

18、 1000221VNIB2VTEP 4A210.100.1.0/2410.100.2.0/24.10.11.2.3VXLAN 10001VXLAN 10002.10.2VARP Default Gateway:10.100.1.1VARP Default Gateway:10.100.2.1ExternalHostDataCenterNetworkB1A1Bare Metal StorageBare Metal ServersVTEP 1VTEP 3VTEP 1VXLAN SegmentVXLAN SegmentVARP Default Gateway:10.100.1.1VARP Defau

19、lt Gateway:10.100.2.1.1.1.1.122 VTEP: VXLAN Tunnel End Point- VXLAN encapsulation and decapsulation happens at the VTEP VXLAN Gateway - A device which bridges traffic from VXLAN and non-VXLAN environments. - VXLAN gateways allow for physical and non virtualized devices to communicate with VXLAN netw

20、orks- A VXLAN gateway can be either a hardware or software device VNI: Virtual Network Identifier - a 24-bit number is also called the VXLAN segment ID. The system uses the VNI, along with the VLAN ID, to identify the appropriate tunnel. VXLAN Header is an 8-byte header that contains the 24-bit VNI

21、value. It lives in between the UDP header and the inner MAC frame being carried over the VTI. VTI: VTEP Tunnel Interface - a switchport linked to a UDP socket that can be shared between many VLANs. Packets bridged through a vlan into the VTI are sent out the UDP socket with a VXLAN header including

22、a VNI. The socket is bound to a fixed local port, but is not connected to any particular destination port or IP address; logically, we use sendto() (not send() to transmit VXLAN-encapsulated frames on the socket. Packets arriving on the VTI (via the UDP socket, based on their UDP destination port) a

23、re demultiplexed into a VLAN for bridging. A 24-bit VNI within the packet determines which VLAN the packet is mapped to for bridging. VXLAN Segment - is a Layer 2 overlay network over which VMs communicate. Only VMs within the same VXLAN segment can communicate with each other.23VXLAN Visibility24Fu

24、ll physical to virtual visibilityNetwork audit to ensure reachabilityAutomated provisioningWorkflow without finger pointingOther awesome capabilities25PhysicalPhysicalVirtualizationvmTracerVMware NSXVMware NSXHypervisorVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEP Rapidly correlate vlan to VNI switch5#:show vmtr

25、acer vxlan interface Ethernet48Ethernet48: Name VLANvWire NetworkMulticast-Exchange5Corp 172.20.20.0239.20.20.0 Apache 6web182.10.0.0220.10.10.0MySQL 7ERP172.20.30.0239.20.30.0 view VNIs across the data center from the CLIswitch9#:show vmtracer vxlan all7150s R1: Ethernet 48:esx1/vwTest/dvUplink 1vW

26、ire:Corp - VLAN:5vWire:ERP - VLAN:77150s R2: Ethernet 40:esx2/vwTest/dvUplink 1vWire:Corp - VLAN:5vWire:web - VLAN:626OVSDBVNI, VXLAN, VNI IDVM- OskiVNI - CalBearsNew VNI - CalBearsMulticast Group - 224.0.14.13VNI ID - 650782Interface Ethernet 24 VXLAN VTEP VNI CalBearsInterface Loopback0 VXLAN VTEP

27、 Gateway VNI Calbears IP Address 204.181.40.1/24-NetworkNSX Controller27AubieWarEaglevshieldvm-tigerVNI Test: 224.0.0.12spine0leaf1leaf2esx10esx11spine0: show vmtracer vxlanVNI-Name VNI#VTEPsLearning Mcast GroupStatus Subnet Auburn 5096 4 Flood224.0.1.95 Up 204.181.40.0/24 foo 15893425 5 Flood224.0.4.84 Up 128.218.56.0/24 bar 65456 45 Flood224.5.1.92 Down 192.168.10.0/20VNI Name: AuburnVNI Segment ID: 5096 VTEPType Status Inside Outside Learning Mcast Grp PIM-RP Switch Port