Basics of VXLAN (Virtual Extensible LAN)
VXLAN or Virtual Extensible LAN is an overlay tunnelling scheme where we can extend the layer 2 domain over a layer 3 underlay network.
vxlan basics also cover its major use in extending VLAN across geographically spread Data-Centers. vMotion across data-centres requires us to have the same L2 domain across data-centres and hence this can be easily achieved with the help of VXLAN overlay.
Related – VXLAN Interview Questions
VXLAN encapsulated Packet Format:
- VTI (VxLAN Tunnel Interface): It is a switch port linked to a UDP socket to be shared between many VLANs. VXLAN header encapsulation and de-multiplexing occur at this interface. Encapsulation at the headend of VXLAN tunnel and de-multiplexing at the tail-end.
- VNI ( VXLAN Network Identifier or VXLAN Segment ID): It is a 24-bit number that distinguishes between VLANs being carried over the VTI.
- VTEP (VXLAN Tunnel Endpoint): It is an entity where either a VXLAN tunnel originates or terminates.
- VXLAN Segment: A network-wide layer-2 domain implemented as an overlay network of VTEPs interconnected using VXLAN Tunnel Interfaces.
Ways to Implement VXLAN –
There are two ways to implement this based on the use cases in Data Centers:
- Bridging: When the two hosts communicating are on the same subnet and no gateways are required on the VTEPs. In this case, packets can be simply bridged over the VTIs from source VTEP to destination VTEP.
- Routing: When the two hosts communicating are on different subnet and gateway is required on the VTEP. A packet will be routed from the source VLAN to the destination VLAN on the first hop VTEP. And then will be bridged to remote VTEP.
VXLAN Control Plane Options –
- HER (Head End Replication) aka Ingress Replication in Cisco.
- BGP EVPN
Sample Configuration of VXLAN Tunnel:
VXLAN Sample Scenario :
Let’s consider a scenario where you as a network engineer or administrator have been asked to add 1000+ virtual machines into the same LAN segment of Data Center. However, some caveats are –
- VLANs are already reaching their full capacity of 4000+ VLANs
- VMs will be placed across different segments (layer 3 hops) in the Data Center.
In order to achieve this outcome, 1st thing that comes to mind is to run L2 network on top of layer 3 Routing. This is where VxLAN comes to fore which helps us to extend L2 Network over Layer 3. VxLAN simplifies the network by removing the spanning-tree protocol, trunking, and stretching VLAN’s. Virtual machines can move in same VLAN’s across layer 3 boundary. VxLAN is standard based, hence no need to lock into a particular vendor. It uses MAC MAC-in-UDP encapsulation to render a way of extending Layer 2 segments across the data center network.
VNI’s and VLAN:
Every VLAN has a VLAN ID and this VLAN ID is added to frame to keep traffic separated from other VLANs. The ID is 12 bit long allowing 4095 unique VLAN’s. VxLAN is also similar to VLAN where each VxLAN segment has a VLAN identifier called VNI. It is 24bit long and has scalability upto 16 million segments which allows much larger space via VID’s as compared to VLANs. Let’s take an example where you are supposed to provide 8 VLANs to each customer (Total of 500 customers). This is where VLAN IDs will exhaust and VxLAN will act as guardian angel. VxLAN has the ability to have 16 million VID’s and now you can have unique VLAN for every customer across the network.
Overlays and Underlays:
VxLAN creates virtual networks on top of existing infrastructure – this makes VxLAN is an overlay technology. On the other hand, underlying network is layer 3 network and it is generally built by using an underlying protocol such as EIGRP, OSPF or ISIS. All the ports in this network are
- Routed ports
- No spanning-tree and
- Provides Equal cost multiple paths for load sharing and fast recovery.
VxLAN allows full use of all the link bandwidth with no links in blocking or backup state. As mentioned earlier, VXLAN is an overlay network where each VNI is a separate virtual network and runs over the underlay (each of these VNI’s is called a bridge domain). In order to create a virtual network, traffic is 1st encapsulated with UDP and IP and then sent to the destination where it is decapsulated. The main reason for separating the underlay and overlay is that underlay can be changed without redesigning the overlay as long the IP connectivity and reachability is intact.
VTEP and Encapsulation
Switches and routers that are participating in the VxLAN have a special interface called VTEP. VTEP provides the connection between overlay and underlay. Each VTEP has an IP address in the underlay network it also has one or more VNI’s, for the delivery of the packet between source and destination. VTEP creates a stateless tunnel. This tunnel exists only long enough to deliver the VxLAN frame. When a frame from host reaches the local switch
- the frame is encapsulated by VTEP in IP and UDP headers
- the switch then forwards the traffic over the underlay
- when traffic reaches on destination switch frame is decapsulated and sent to the destination host