Understanding VTEPs and VNIs in VXLAN Environment

What are VTEPs (VXLAN Tunnel EndPoints)?

VTEPs (VXLAN tunnel endpoints) provide connectivity between overlay and underlay networks and are responsible for frame encapsulation into VXLAN packets to transport them across IP networks (underlay) and perform de-encapsulation once packet leaves VXLAN channel. The underlay network is not aware of VXLAN, for him VXLAN packet is just like any other normal packet.

VTEPs (VXLAN tunnel endpoints) can be hardware based (Cisco Nexus 9000 switch series) or software based (VXLAN capable hypervisor switch in hypervisor host).

VTEPs (VXLAN tunnel endpoints) have two interfaces:

Local LAN interface – to give local communication by bridging endpoints connected to VTEPs
IP interface – to connect the underlay layer 3 network also known as transport network. The IP address bind to the IP interface helps to uniquely identify VTEP in the network.

VTEPs (VXLAN tunnel endpoints) use an IP interface to learn about remote VTEPs (VXLAN tunnel endpoints) within its VXLAN segments and remote MAC address to VTEPs (VXLAN tunnel endpoints) mapping.

As overlay and underlay networks are independent of each other. Overlay networks are virtual and require an underlay network to function; however changes made in an overlay network do not impact the underlay network. Links can be added/removed in the underlay network as long as destination is reachable by routing protocol overlay network remains unchanged.

Encapsulation and decapsulation of VXLAN traffic

Encapsulation and decapsulation of VXLAN traffic done by VTEPs by adding additional fields such as:

External MAC address (tunnel endpoint VTEP destination media access control address)
External source MAC address (Tunnel VTEP source Mac address)
External destination IP address (tunnel endpoint VTEP destination IP address)
External source IP address (Tunnel VTEP source IP address)
External UDP header (UDP port: 4789)

What is a VXLAN Network Identifier (VNI)?

The VXLAN Network Identifier (VNI) is meant to identify a specific virtual network in a data plane and performs a function similar to a VLAN ID in regular networks. VNI uses 24-bit and can create 16,777,215 (16 million) VXLANs. Which is much higher as compared to 12-bit VLAN ID which can only create 4096 VLANs. Two main VNI scopes are:

VNIs (network wide scope) – same value is used across for identification of layer 3 virtual network on all network edge devices. This is ideally suited for data centers where central orchestration systems are used to auto provision networks. Having similar VNI makes ease of operations and simplification of requirements for network edge devices (physical and virtual).
VNIs (Locally assigned) – As per RFC 4364 an alternate approach is supported. Local significance for network edge devices for the identifier to allow seamless stitching together to a VPN which spans across IP based overlay networks and MPLS VPN.

VXLAN Features

VXLAN acts as extension for VLAN (layer 2) and extend layer 2 segments so tenant workload can be distributed across physical pods in data centers.
VXLAN provides 24-bit segment ID referred as VXLAN network identifier (VNID) to enable 16 million VXLAN segments.
VXLAN packets transmission happens through underlay network based on layer 3 header and it takes advantage of layer 3 routing, ECMP routing and all other available routing protocols to use all paths.

Continue Reading:

NVGRE vs VXLAN: Detailed Comparison

VXLAN and Related terms

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)