Vxlan Concise Study Notes (original)

First, why need Vxlan, traditional VLAN technology can not solve what problem?

1. Because of the development of virtualization technology, the servers in the data center are simulated as virtual machines, which makes it easy to move, add and delete servers on the physical server.

The data center will have thousands of VMS, and VMS will typically need to be split into groups,

or the data center is leased to many users, and the VMs rented by each user also need to be partitioned into groups, such two-layer isolation, which is now mostly achieved through VLAN technology.

However, one drawback of VLAN technology is that the length of VLAN header reserved is too short only 12 bits, can only support 4,096 , is unable to meet the growing demand for VLAN.

There are 24 bits in the header of the Vxlan, which can support 2 of the VNI number of 24 parties. (identified by Vni in Vxlan, equivalent to VLAN ID)

2. Virtual machine requirements can be moved, that is, the user is not aware of the situation, the migration from this server to another server, may also be directly migrated to an offsite data center (Google vmotion Technology by yourself).

Traditional VLANs do not solve this problem, because if the user does not perceive virtual machine migration, then the VM IP address can not be changed, the traditional VLAN cannot resolve the VM migration does not change the IP address, because different VLAN IP address segment is different.

But vni the same vxlan, the IP address is within a network segment, and only a different IP address is used.

Second, the realization mechanism of Vxlan

650) this.width=650; "Src=" http://img.blog.csdn.net/20141202215913895?watermark/2/text/ ahr0cdovl2jsb2cuy3nkbi5uzxqvz2l0ahvixzi0mtqymty3/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/dissolve/70/ Gravity/center "style=" margin:0px;padding:0px;border:0px;width:661px; "/>

For example, VM1 and VM3 can be off-site two VMs, but using vxlan between them can be two layers of transmission, although actually across the mountains, but VM1 only feel close to VM3 only one switch.

The data frames sent by the VM are encapsulated/unpacked via Vtep (Virtual tunnel End Point), with Vxlan headers, outer UDP, outer IP headers, and outer Ethernet headers added to the original data frame, such as:

650) this.width=650; "Src=" http://img.blog.csdn.net/20141202215950399?watermark/2/text/ ahr0cdovl2jsb2cuy3nkbi5uzxqvz2l0ahvixzi0mtqymty3/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/dissolve/70/ Gravity/center "style=" margin:0px;padding:0px;border:0px;width:661px; "/>

Package Description:

1. Outer Purpose Mac fills the next hop Mac, usually the next-hop router's Mac

2. The outer destination IP is the IP of the destination Vtep, and the source IP address is the address of the local vtep.

3. The destination port for the outer UDP is a Vxlan-specific port.

Assume the initial state between VTEP1 and VTEP2, and the two ends address the following:

650) this.width=650; "Src=" http://img.blog.csdn.net/20141202220032192?watermark/2/text/ ahr0cdovl2jsb2cuy3nkbi5uzxqvz2l0ahvixzi0mtqymty3/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/dissolve/70/ Gravity/center "style=" margin:0px;padding:0px;border:0px;width:661px; "/>

1. After configuring the Vxlan, the administrator assigns each vni a multicast address, each of which is added to the appropriate multicast forwarding tree (VETP). (Refer to PIM-SM multicast forwarding tree for details)

2.VM1 needs to send a 192.168.0.101 message with the destination address VM2, first to send an ARP query message.

3.VTEP1 receives the ARP query message because the destination address of the ARP query is full F, encapsulating a group of broadcasts sent to the multicast group.

4.VNI other Vtep received the group broadcast text, after unpacking the VM1 's MAC address and VTEP1 address mapping relationship.

5.VTEP2 broadcasts the encapsulated ARP query message to all ports in the local VNI, VM2 receives the ARP query message, learns the relationship between 192.168.0.100 and VM1 's Mac, and responds to a unicast ARP response.

6.VTEP2 received an ARP response, encapsulated into a single broadcast sent to VTEP1, sent to Vtep1,vtep1 and then learned Vni 864-VTEP2-MAC2 mapping relationship, VM1 also learned 192.168.0.101-MAC2 mapping relationship.

Resources:

"Software defined networks: OpenFlow and VxLAN"

"Arista Networks VXLAN White Paper"

The following is my personal understanding of the Vxlan and the summary of the document, please master a lot of advice:)

Vxlan Concise Study Notes (original)