Is VXLAN the Answer to the Network virtualization Question?

Source: Internet
Author: User
Tags vmworld vpls

Network virtualization is a growing topic of interest and for some good reasons as networks scale to meet the challenges O F Cloud computing They is running up against VLAN scaling limitations. There has been several network overlay technologies released that seek to address the challenges with network scaling and To enable workload mobility. One of these technologies is VXLAN. It has a few proponents who say that it can meet the requirements for network virtualization. While it sounds good on the surface, it's worth it to take a closer look. With VMWorld happening the week in San Francisco I ' m sure that network virtualization would be a hot topic, especially con Sidering the VMware Nicera news, so I thought I-D comment on it and offer some thoughts and options.

The origins of VXLAN
The VXLAN Buzz started during a keynote at VMworld in August. When VMware CTO Steve Herrod announced the Virtual Extensible LAN Protocol, which VMware positions as a technology that "enables mult I-tenant networks at scale, as the first step towards logical, software-based networks so can be created On-demand, Enab ling  Enterprises to leverage capacity wherever it ' s available. Networking Vendors Cisco and Arista is actively promoting VXLAN and has collaborated with VMware to develop and test the Technology on their products. Cisco highlighted VXLAN at their Cisco Live User conference again in June and Arista are demoing it at VMWorld, Howeve R with the Nicira announcement VMWare seems to has taken that next step. VXLAN sounds interesting, so let's see how good of a idea it is. 

What VXLAN are and what it Does
VXLAN is a new framework this requires the creation of overlay networks for virtual machines (VMs) to communicate with EAC h other and/or to move VMs over an overlay network both within a data center and between data centers. VXLAN implements a Layer 2 network isolation technology that uses a 24-bit segment identifier to scale beyond the 4K limit Ations of VLANs.  VXLAN technology creates LAN segments by using a overlay approach with MAC in IP encapsulation. Vendors who promote VXLAN say, traditional data center/cloud networks fall short in both key areas and VXLAN would solve These issues:

1. multi-tenancy IaaS scalability:network Isolation technologies such as VLAN and VRF may not provide enough Network SEGM Ents for large cloud deployments.

2. Virtual Machine Mobility:layer 3 boundaries Create silos this Virtual machines (VMs) cannot cross, limiting the Scalab Ility of the VM resource pools that cloud deployments rely on.

The primary goals behind this network architecture is to:
1. Increase traditional VLAN limits from 4,094 to a larger, as yet undetermined, number of virtual networks in a Multi-ten Ant (Cloud IaaS) deployment.

2. Enable VM mobility across Layer 3 subnets as cloud deployments grow into multiple L3 subnets.

The proposed solution is a new protocol, VXLAN, which are captured in an IETF draft version XX, see link http://tools.ietf. org/html/draft-mahalingam-dutt-dcops-vxlan-00. The proposal is still a experimental state and there are no confirmed date for ratification.

Some Issues with VXLAN
Multicast:a complicating aspect is the VXLAN expects multicast to being enabled on physical networks, and it does MAC flood ing to learn end points. This would impact the performance and scalability of existing physical network segments in the data center, and over the WA N, creating design, scalability and operational challenges.

Overlay tunnels:since VXLAN is an Overlay tunnel, it adds a layer to the network that must be managed, and creates Operat  Ional and scaling challenges. It imposes new end-points, usually a vSwitch, that takes the L2 frames from the VMs, encapsulate them and attaches an IP h Eader. VXLAN creates considerations around what's the IP address termination device should be.

Lack of control plane:most of the control Plane complexities such as segment ID allocation, and multi-cast is not addres Sed by VXLAN. To solve these issues you need a control plane, but VXLAN does not has one so it puts the problem on the network. A control plane mechanism is needed to solve this problem. The question is if it should are an SDN controller or the router.

Tunnels in tunnels:interoperability with the widely used VPLS/MPLS network segmentation scheme are not yet defined with VX LAN and VXLAN tunnels can ' t prevent themselves from being tunneled further, creating complexity as well as a lack of visib Ility in to network traffic, hindering application performance management, as well as potentially impacting the benefits O F VXLAN.

Security:vxlan security is not addressed in the draft yet. Typically, security for overlay protocols are addressed with IPSEC tunnels. This would add additional overhead and the solutions would become burdensome to implement and manage.

Scalability:the VXLAN Overlay network originates from a VMS on a server at the software level and this could impact overal L performance as Administrators scale their VM deployments. In addition, many best practices and protocols developed for physical infrastructure need to being replicated for VXLAN Ftware, adding more performance and scalability challenges. Potentially this process should is off loaded to the physical switch using a technology such as VEPA.

Physical DEVICES:A Challenge with the end points being vswitches are that you can only connect virtual ports to VXLAN s Egments, so you can ' t connect your physical firewall, server load balancer, or router directly. You have the to use virtualized versions, which run in the VMs, so performance could is a issue and you need to manage server load. Deploying virtualized appliances have some advantages but we still need to sort out interoperability with the physical net Work.

Some Consideration and takeaways
The ability to stretch L2 adjacencies to accommodate the live migration of VMs are considered important for IaaS. Currently the viable construct to provide isolation/separation for L2 are the VLAN, so a large number of VLANs is seen as Desirable. Most network switching equipment only supports 4,096 VLANs, however, several of Juniper ' s product lines scale beyond the V LAN limitation.  The MX Series routers support 256,000 VLANs for example. There is ways to overcome VLAN limitations such as QinQ, or VLAN stacking, Vcdni, and Provider Backbone. Bridging.

Preservation of private IP subnets while enabling VM mobility across Layer 3 boundaries are seen as desirable for Large-sca Le cloud deployments. Juniper provides technologies that enable L2 stretch as Virtual Chassis on the Juniper EX systems and VPLS on the MX ser IES and the QFabric System, with integrated L2 and L3, which scales massively.

VXLAN does not has a control plane and it uses multi-cast to flood the network for endpoint discovery, so it poses contro L Plane scalability and network manageability issues. This could is addressed by integrating VXLAN with a SDN controller or by deploying another overlay tunneling protocol tha T is managed from an SDN controller instead. There is a number of such devices on the market and Juniper is evaluating some of them for interoperability with our Equi Pment.

Since it runs in the hypervisor VXLAN uses GKFX resources and performance cannot be guaranteed. A method is needed to ensure priority allocation of compute resources in a hypervisor environment if this type of Technolo Gy is going to scale or the tunnel processing needs to being offloaded to the physical switch perhaps using VEPA technology. Juniper partners with IBM, provides a VEPA enable soft switch For example and Juniper have included VEPA in JUNOS 12.1.

At Juniper we continue to evaluate the overlay network technology as it evolves and we is working to find answers that fi T the needs of our customers as we develop technologies to support network virtualization. We is taking a close look at VXLAN and the value of the it can deliver for our customer ' s networks.

I know that I had not covered everything but I hope the this post had provided some valuable information to help you Eva Luate your technology choices and see the value of the VXLAN can bring to your network.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.