Post on 07-Feb-2018
© 2010 Juniper Networks, Inc. www.juniper.net
VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia
Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) eparra@juniper.net
Legal Disclaimer: This statement of product direc2on sets forth Juniper Networks‘ current inten2on, and is subject to change at any 2me without no2ce. No purchases are con2ngent upon Juniper Networks delivering any feature or func2onality depicted on this statement.
2 Copyright © 2014 Juniper Networks, Inc.
VARIOUS ENCAPSULATION METHODS
TRILL Intel, Cisco, Brocade
IEEE 802.1aq Huawei, ALU
FabricPath Cisco
VCS Brocade
Qfabric Juniper
GRE Ethernet-over-GRE
IP-IP MPLS MPLS over GRE MPLS over UDP
L2TP GTP-U …etc
Fabrics Overlays Other VXLAN Cumulus, Arista,,
Broadcom, Cisco, VMware, Citrix, Red Hat
NVGRE Microsoft, Arista, HP,
Broadcom, Juniper
STT Nicira, Rackspace, eBay,
Yahoo!
Geneve VMware, Microsoft, Red
Hat, Intel
3 Copyright © 2014 Juniper Networks, Inc.
VXLAN PLATFORM AND VENDOR SUPPORT
Other T2 Platform Vendors Broadcom Trident 2 (aka “T2”) Platforms
QFX5100-48S (1RU) 48x10 GbE 6x40 GbE
QFX5100-96S (2RU) 96x10 GbE 8x40 GbE
QFX5100-24Q 24x40 GbE 2 x Modules:
8x10 or 4x40 GbE
Juniper MX-Series and EX9200
4 Copyright © 2014 Juniper Networks, Inc.
VXLAN ENCAPSULATION AND TERMINOLOGY
VTEP
Host-A Host-B Router-A Router-B
VXLAN
VXLAN Segment
VXLAN Tunnel End Point (VTEP)
VXLAN Network Identifier
(VNI)
DA MAC
SA MAC
VXLAN
IP
DA MAC
SA MAC
DA MAC
SA MAC
IP IP/UDP
VTEP VNI VNI
VXLAN Encapsulation
Terminology
1 2 3
DA MAC
SA MAC
IP
5 Copyright © 2014 Juniper Networks, Inc.
VIRTUAL EXTENSIBLE LOCAL AREA NETWORK (VXLAN) Encapsulation Overview Layer 2 Overlay scheme over Layer 3
network Designed for VM-to-VM communication
in mind VXLAN should be transparent to end
hosts Provide L2 segmentation ability > 4096
VLANs 24 bit VXLAN Network Identifier (VNI)
16M VXLAN segments
Forwarding Overview Data-Plane based learning and forwarding VXLAN relies on Data-Plane learning of
associated host MAC addresses to VTEP IP’s through source learning Similar to Layer 2 with flood and learn
Outer MAC DA
Outer MAC SA
Optional Outer
802.1Q
Outer IP DA
Outer IP SA
Outer UDP
VXLAN ID (24 Bits)
Inner MAC DA
Inner MAC SA
Optional Inner
802.1Q
Original Ethernet Payload
FCS
VXLAN Encapsulation Original Ethernet Frame
6 Copyright © 2014 Juniper Networks, Inc.
VXLAN: BROADCAST TRAFFIC EXPLAINED
VTEP VTEP
1) Host-A sends an ARP for Host-B. 2) Router-A looks up the VNI association for Host-B. 3) There is no entry and the ARP is VXLAN encapsulated and sent out to the IP multicast group per
that VNI. 4) Router-B receives the Multicast packet, verifies the validity of the VNI, and learns the inner
source MAC of Host-A. 5) Host-B receives the ARP and responds. 6) Router-B looks up the VNI associated for Host-A, and VXLAN unicasts to Router-A. 7) Router-A receives the unicast packet, verifies the validity of the VNI, and learns the inner source
MAC of Host-B.
Host-A Host-B Router-A Router-B
VXLAN
Multicast Enabled
7 Copyright © 2014 Juniper Networks, Inc.
VXLAN INTEGRATION WITH EXISTING SERVICES
Virtual-Switch.0 VLAN-ID: 101
Bridge-Domain.0 VLAN-ID: 100
LAN LAN VNI 100
LAN LAN VNI 101
IRB.0 IRB.1
L3VPN VPLS EVPN Overview Terminate (aka “Stitch”) VXLAN segments into
existing network services, such as L3VPN, VPLS and E-VPN Use routing/switch instances as centralized
anchor points within a geography
Integration Areas Data Center Interconnect (DCI) Virtual Provide Cloud Gateway Access to Edge MBH, Business, Residential, Wholesale Subtending nodes
8 Copyright © 2014 Juniper Networks, Inc.
INTER-VXLAN ROUTING
VTEP VTEP
Bridge-Domain or Virtual-Switch
VXLA
N, V
NI #
100
Use Cases: Inter-Connecting
VXLAN Segments L2 - VLANS L3 – IRB L2VPN / L3VPN VPLS / E-VPN
Augment Merchant Silicon with In-House Silicon Example: Trident-2 does not support the
ability to route packets into VXLAN tunnels and vice versa based on payload IP header.
Controlled VTEP Broadcast Replication
Router-B Router-C
Router-A
VXLAN
, VNI # 200
IRB
VTEP VTEP
9 Copyright © 2014 Juniper Networks, Inc.
BROADCAST DOMAIN REPRESENTATION
IRB
L2
VNI 100
VNI 200 NH
Broadcast Domain
Layer-3
E-VPN VXLAN
VLAN
10 Copyright © 2014 Juniper Networks, Inc.
UNICAST ONLY VXLAN
Router-A
Router-B
Enhancements: Broadcast replication using VXLAN Unicast Endpoints are statically defined In-line Data Plane learning and forwarding
functions the same
Use Cases: No IP Multicast support between VTEPs A static point-to-point deployment, whereby a
given VNI only has two VTEPs VXLAN communication must be secure using a
mechanism that does not support IP Multicast
Router-C
VXLAN, VNI # 100
VXLAN, VNI # 200
No Multicast
VTEP
VTEP
VTEP
VTEP
11 Copyright © 2014 Juniper Networks, Inc.
CONTROL MODES
VM VM
VM VM
VDS
VTEP
VTEP
VM VM
VM VM
VDS
VTEP
VTEP
VXLAN IETF Draft based Multicast for L2-BUM traffic Or Unicast BUM replication
P2P tunnels built by the controller Juniper Contrail or VMware NSX OVSBD (or NETCONF)
Controller MAC Learning Can be combined with Data Plane Control
Controller
Data Plane Based Control Plane Based
VTEP VTEP
12 Copyright © 2014 Juniper Networks, Inc.
DAYONE GUIDE: VXLAN CASE STUDIES
Tentatively Scheduled for May, 2014
Day One Guide Native VXLAN with Multicast
PIM/OSPFv2 Unicast Only VXLAN
No Multicast Inter-VXLAN Routing
Network Service Integration VXLAN over IPSec Transport
IPsec Tunnel Mode
13 Copyright © 2014 Juniper Networks, Inc.
SUMMARY VXLAN Consideration Think beyond VXLAN’s design use cases Use platform diversity to your advantage
Economics, Power, Space, …etc
JUNOS VXLAN Support Target Release: JUNOS 14.1
May timeframe Account teams can provide beta images
Feel free to email me accordingly
16 Copyright © 2014 Juniper Networks, Inc.
REFERENCES
Standards
VXLAN: A Framework for Overlay Virtualized L2 Networks over L3 Networks http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-08
Generic Overlay OAM and Datapath Failure Detection
http://www.ietf.org/id/draft-jain-nvo3-overlay-oam-01.txt The Open vSwitch Database (OVSDB) Management Protocol
http://tools.ietf.org/html/rfc7047