Network overlay mode VLAN, VxLAN, GRE

What is overlay network
1. One packet (or frame) is encapsulated within another packet, and the encapsulated packet is forwarded to the tunnel endpoint before being disassembled.
2. Overlay network is the use of this so-called "package in the bag" technology to securely hide one network in another network, and then migrate the network segment.



First, VLAN introduction


VLANis the abbreviation for the English virtual local area network, the Chinese name is "VLAN", and VLANs are
A logical division of a local area network (LAN) device (note, not physically) into a network segment (or
A smaller LAN LAN), enabling virtual Workgroup (unit) data exchange technology.
VLAN this emerging technology is mainly used in switches and routers, but current mainstream applications are still in the switch
。 However, not all switches have this feature, only three-tier switches have this capability, which can be checked
See the corresponding switch instructions.

The benefits of VLANs are mainly three:
(1) Separation of ports. Even on the same switch, ports that are in different VLANs are not able to communicate. This
A physical switch can be used as a switch for multiple logic.
(2) Security of the network. Different VLANs cannot communicate directly, which eliminates the security of broadcast information.
(3) Flexible management. Changing the network to which the user belongs does not have to change ports and wires, just change the software configuration.


Second,Vxlan Introduction

What is Vxlan
Vxlan Full name Virtual Extensible LAN, is an overlay network technology or tunneling technology. The Vxlan packets emitted by the virtual machine are encapsulated in UDP and encapsulated with the ip/mac of the physical network as Outer-header, then transmitted on the physical IP net, then the tunnel endpoint is unpacked and the data is sent to the destination virtual machine.

Why do I need Vxlan

1. Limits on the number of VLANs
4,096 VLANs are far from meeting the needs of a large-scale cloud computing Datacenter

2. Limitations of physical network infrastructure
IP subnet-based zoning limits deployment of application loads that require two-tier network connectivity

3. Tor Switch Mac table exhausted
Virtualization and things to traffic cause more Mac table entries

4. Multi-tenancy scenario
IP address overlap?


What is tunneling technology

Tunneling Technology (tunneling) is a way of transmitting data between networks by using the infrastructure of the internetwork. The data (or payload) that is passed by using a tunnel can be a data frame or package of different protocols. The tunneling Protocol re-encapsulates the data frames or packets of other protocols and sends them through the tunnel. The new frame header provides routing information to pass the encapsulated payload data over the Internet.
The tunnels described here are similar to point-to-point connections, which enable network services from many sources of information to be transported through different tunnels in the same infrastructure. Tunneling technology uses a point-to-point communication protocol instead of a switched connection to connect a data address through a routed network. Tunneling technology allows authorized mobile users or authorized users to access the corporate network at any time, anywhere.
By tunneling, you can implement: * Force traffic to a specific address * hide private network address * Deliver non-IP packets on IP network * Provides data security support


Tunnel Technical Benefits
Tunnel protocol has many advantages, for example, in dial-up network, most users accept the dynamic IP address assigned by the ISP, while the enterprise network usually uses security measures such as firewall and NAT to protect its network, and enterprise employees can not access intranet resources through the firewall when they dial the Internet through the ISP. After adopting the tunnel protocol, the enterprise Dial-up user can get the intranet IP address, and the PPP frame can be encapsulated, and the user data packet will reach the intranet through the firewall.

Application of tunnels
VPN implementation is the use of tunneling technology, the enterprise network of data encapsulated in the tunnel for transmission. Tunneling protocol can be divided into second Layer Tunneling Protocol PPTP, L2F, L2TP and Third Layer Tunneling Protocol GRE, IPSEC. Their essential difference is that the user's packet is encapsulated in which packet is transmitted in the tunnel.

Introduction of GRE

GRE features
1. Achieve two IP communication across different networks
2.L3 Upper Packing L3
3. Encapsulated in IP packets
4. Point-to-point tunneling


GRE Benefits
Rebuild L2, L3 communications without changing the underlying network architecture
Enables network guest interoperability between different hosts
Convenient guest Migration
Increased number of support networks


for the GRE tunnel, the main disadvantage is

One is the addition of the GRE header will cause the switch hardware to be fragmented by software to be fragmented (STT technology can compensate for this);
The second is the GRE broadcast, and the tunnel will be virtual two layer through, broadcast storm more severe. But for the virtual machine, because the VM is fully able to know the IP and MAC address mapping relationship, there is no need to pass the ARP broadcast according to IP to find the MAC address, currently neutron in this similar blueprint can prohibit broadcasting. So the individual is more optimistic about STT technology, because currently Openvswitch and Linux kernel have not realized STT, so neutron currently no STT plugin (but there are Vxlan and GRE plugin).

Reprint: Http://www.aboutyun.com/forum.php?mod=viewthread&tid=9666&highlight=vxlan

Network overlay mode VLAN, VxLAN, GRE