Vxlan and Linux service architectures1. Application Scenario:The technology of server virtualization2. Problems solved in practice:
Physical machines running more and more MAC addresses of virtual machines, resulting in increased data, the MAC Address table of the switch to expand the speed, will overwrite the MAC address.
Only 4096 of the VLAN VALN Group is restricted, and in the banking environment, this is a common problem.
Spannin
of ports. Even on the same switch, ports that are in different VLANs are not able to communicate. ThisA physical switch can be used as a switch for multiple logic.(2) Security of the network. Different VLANs cannot communicate directly, which eliminates the security of broadcast information.(3) Flexible management. Changing the network to which the user belongs does not have to change ports and wires, just change the software configuration.Second,Vxlan
1.vxlan Virtual extensible LAN is a overlay network technology that uses the Mac in UDP method toLine package, a total of 50 bytes of encapsulated headers. 2.VTEP adds a packet header to the virtual machine's packet, and these new headers are removed after the data arrives at the destination Vtep. 3. The Vxlan data plane is a tunnel-based data plane because the Vxlan
One Basic EnvironmentUse VMware virtual two Linux machines. The CentOS 7,linux kernel is as follows:4.5.3-1.el7.elrepo.x86_64If the kernel version is too low, Vxlan is not supported. Kernel upgrades can be done with commandsRPM--import https://www.elrepo.org/RPM-GPG-KEY-elrepo.orgRPM-UVH Http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpmyum--enablerepo=elrepo-kernel Install Kernel-ml-devel kernel-ml-yReboot to select New kernel after up
Vxlan and Linux service architectures1. Application Scenario:The technology of server virtualization2. Problems solved in practice:
Physical machines running more and more MAC addresses of virtual machines, resulting in increased data, the MAC Address table of the switch to expand the speed, will overwrite the MAC address.
Only 4096 of the VLAN VALN Group is restricted, and in the banking environment, this is a common problem.
Spannin
Tags: machine local ref pre script pos PNG log blobLinux Vxlan enables access to segment IP Interoperability for 2 machines- 在n1上ip l a vxlan0 type vxlan id 42 dstport 4789 remote 192.168.1.12 local 192.168.1.11 dev eth0ip -d l show dev vxlan0ip a a 12.1.1.1/24 dev vxlan0ip l s vxlan0 upip route # 去12.1.1.0/24的数据丢给了vxlan0口- 在n2上ip l a vxlan0 type vxlan id 42 ds
are discarded 2. VLAN in vxlan2.1 functionVLAN messages that communicate between virtual machines can be encapsulated into the Vxlan in an external network, similar to the QINQ (VLAN in VLAN).2.2 Group Network Diagram2.3 Stream Table Analysis
Policy Bridge
Virtual machine out of the message
Messages without VLAN information are sent down after Pkt_mark, and pkt_mark information is stored in registers:0x
650) this.width=650; "Src=" http://7xo6kd.com1.z0.glb.clouddn.com/ Upload-ueditor-image-20161113-1479026488351033984.jpg "/>In the previous section we created the Vxlan 100_net, which will deploy instance today and analyze the connectivity of the network.Launch new instance "CIRROS-VM1", network selection vxlan100.650) this.width=650; "Src=" http://7xo6kd.com1.z0.glb.clouddn.com/ Upload-ueditor-image-20161113-1479026488761089794.jpg "/>The IP assigned
/etc/neutron/plugins/ml2/ml2_conf.ini Agent L2_population False#[securitygroup]Crudini--set/etc/neutron/plugins/ml2/ml2_conf.ini securitygroup Enable_security_group TrueCrudini--set/etc/neutron/plugins/ml2/ml2_conf.ini securitygroup Enable_ipset TrueCrudini--set/etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver Neutron.agent.linux.iptables_ Firewall. OvshybridiptablesfirewalldriverThis article is from the Linux cluster application blog, so be sure to keep this source http://ipin
Http://www.sdnlab.com/12077.html SdnlabHow to realize the isolation of address space and data traffic between different tenants and applications is one of the first problems to realize the virtualization of data Center network. The so-called isolation of the address space means that the network (IP) addresses between different tenants and applications do not interfere with each other. In other words, two tenants can use the same network address completely. The so-called data traffic isolation me
). After restarting the Docker daemon for each host, the Docker container in the same segment as the host can be accessed across hosts. This scheme also has the problem of limitation and expansibility: for example, the address of the physical network segment should be divided into small pieces, distributed to each host, prevent the IP conflict; The subnet partition relies on the physical switch settings, and the host address space of the Docker container depends on the physical network partition
The previous sophomore layer technology, typically using Is-is routing technology at the bottom of the physical network, is based on a two-tier extension of the data center network, such as public trill, SPB Technology, and Cisco private OTV, Fabricpath technology, and some of the leading network virtualization technologies, The Vxlan, Nvgre and other protocols are used to break the limits of VLANs and Macs, extending the data center's sophomore netwo
difficulty. The Overlay virtual connection technology simplifies the connection between virtual machines, decoupling Virtual machines from physical networks. Then, through the VCF (Virtual Converged Framework) architecture, the network can be centrally controlled and managed to achieve interaction between Virtual machines and Virtual networks; the VXLAN protocol used in this architecture supports 16 million L2 isolation domains, which can also meet t
and weaken the functions of network devices. Of course, network equipment vendors will not agree, and network vendors also have their own virtualization technology, highlighting the implementation of hardware. hardware-based virtualization, in contrast, the host network virtualization technology is relatively soft. In this way, the host network virtualization technology is flexible, but the forwarding efficiency is low, while the network vendor virtualization is highly efficient, but not flexib
upgrade to a comprehensive vCloud network connection and security product, you will be able to add a variety of advanced services, such as VXLAN, VPN, firewall high availability, network isolation and Web load balancing.
VXLAN
VXLAN is the basis for creating an elastic and movable virtual data center. VXLAN technology
, add the API node, API node exposed to the external network, to ensure that the control node is not directly external, in order to improve the security of the system.2. The following elements are involved in the network:1) intranet and external network two routers, intranet routers simply run management data, to ensure communication between the nodes.2) Extranet router includes API access network, virtual machine network and Vxlan network3. The distr
we can choose the host mode and bridge mode provided by Docker itself. Host mode and host sharing network stack network performance is the highest, bridge mode needs to be evaluated.Kubernetes uses a flat network model that requires each pod to have a globally unique ip,pod that directly communicates across hosts. At present, the more mature plan is to use flannel. Flannel has several modes of operation, namely UDP, VXLAN, HOST-GW, and aws-vpc. AWS-V
storage devices between Compute and block storage hosts.
Manually created, connected to the physical/logical interface (typically a VLAN subinterface on the bond0), connecting the eth2 of the container.
OpenStack Networking tunnel/overlay Br-vxlan:
Mandatory.
Provides infrastructure for VXLAN tunnel/overlay networks.
Manually created, connected to the physical/logical i
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.