10.) vxlan
29
©2015 Extreme Networks, Inc. All rights reserved VXLAN Solutions
-
Upload
jeff-green -
Category
Internet
-
view
66 -
download
0
Transcript of 10.) vxlan
PowerPoint Presentation
VXLAN Solutions
2015 Extreme Networks, Inc. All rights reserved
1
VXLAN EncapsulationVXLAN is a new encapsulation
VXLAN header with a 24bits IDFurther encapsulated in UDP/IPTransit nodes only see IP
2
2015 Extreme Networks, Inc. All rights reservedVXLAN TerminologyVXLAN encapsulation/decapsulation happens on a VTEPLTEP: Local VTEPRTEP: Remote VTEPVNI is a VXLAN Segment (tunnel) defined with a 24bits ID~16,7M unique IDs3
2015 Extreme Networks, Inc. All rights reservedIntroduction to Extreme Controller-less VXLANEXOS VXLAN requires specific HWX670G2X770X670G2 & X770 stacks
No additional license is needed to use VXLAN (Adv Edge)But Core License might be needed for IGP
VXLAN is defined in RFC7348EXOS will not support IP Multicast flooding & learningProvides alternatives for handling BUM traffic and VNI learningCurrent HW cannot support L3 Gateway VTEP
BUM traffic is flooded in HW with EXOSUsing ingress replication4
2015 Extreme Networks, Inc. All rights reservedVXLAN Scalability LimitsFeaturesLimits (per Switch)Virtual Networks (VNI)Up to 4000LTEP IP addresses1RTEP IP addresses512MAC-to-IP bindings64KECMP PathsEXOS Limits
5These are EXOS 21.1.1 limits.Future releases will increase scalability.Network VNI limit is 16,7M, as long as no Switch has more than 4000 VNI.
2015 Extreme Networks, Inc. All rights reservedTypical Design: Spine-Leaf6x770x770x770x770x670G2x670G2
L3
2015 Extreme Networks, Inc. All rights reservedL3 Protocol of ChoiceAny L3 protocol is eligibleOSPF, BGP, IS-ISManual configuration of VXLAN is required except with OSPF
EXOS recommendation is to use OSPFProprietary Opaque LSA used for dynamic learning VTEP/VNI pairOpaque LSA Type 11 used (multiple areas possible)EOS 8.62 is compatible3rd party IP Router supporting Opaque LSA should be transparent7
2015 Extreme Networks, Inc. All rights reservedDesign Value-AddedMLAG with VTEP is supported8x770x770x770x770x670G2x670G2
x670G2x670G2
2015 Extreme Networks, Inc. All rights reservedMLAG ConsiderationsAlternate IP for MLAG is NOT recommended with VXLAN
Multiple MLAG Peers feature (2 ISC per switch)A single ISC failure can cause data loss
The ISC link must carry a routed VLANSteady state traffic can traverse the ISCDepending on the topology a higher metric may be necessary for that link9
2015 Extreme Networks, Inc. All rights reservedWhos the VTEP?10x770x770x670G2
x670G2x670G2
VTEPVTEPx670V
VTEP
2015 Extreme Networks, Inc. All rights reservedVTEP @Spine ConsiderationsVTEP role @Spine not mandatoryNo VXLAN knowledge requiredAllows any existing IP routerBDX8, BD8K, X670V, etc.
Inbound traffic in the VXLAN fabric is L2Current HW doesnt support L3 Gateway VTEPExternal connectivity and L3 connected at the Edge11
2015 Extreme Networks, Inc. All rights reservedWhos the VTEP?12x770x770x670G2
x670G2x670G2
VTEPVTEPx670V
VTEPVTEPVTEP
2015 Extreme Networks, Inc. All rights reservedVTEP @Spine ConsiderationsVTEP also @SpineInbound traffic is L2Correct VTEP looked-up and forwarded toSpine must be VXLAN-capableScale can become an issueVNI limit to be considered
13
2015 Extreme Networks, Inc. All rights reserved
L3 and External Connectivity14
VTEPVTEPVTEPVXLAN FabricVTEPVTEPVTEP
@VRRP Active/ActiveVRRP Active/Active
2015 Extreme Networks, Inc. All rights reservedx670G2What about 1G servers?15x770x770x670G2x670G2
x670G2x670G2x460G2x460G2x460G2
VTEPVTEPx460G2
VTEP
1G servers can be directly connected to x670G2
2015 Extreme Networks, Inc. All rights reserved
16
How-ToLegacy Approach:Manual Configuration
2015 Extreme Networks, Inc. All rights reservedVXLAN Configuration Steps1- UnderlayIGPVXLAN Extensions2- LTEPMLAG or not?3- VLAN to VNI MappingManual life cycle of VLANs/VNIs17
2015 Extreme Networks, Inc. All rights reserved1- Underlay: one-time configuration18x770x770x670G2x670G2
create vlan lo0create vlan v10 tag 10create vlan v20 tag 20
enable jumbo-frame ports allconfig ip-mtu 9194 v10config ip-mtu 9194 v20
enable loopback-mode lo0config v10 add port 49 taggedconfig v20 add port 53 tagged
config lo0 ipaddress 192.168.1.1/32config v10 ipaddress 10.0.0.0/31config v20 ipaddress 10.0.0.2/31
enable ipforwarding
config ospf routerid 192.168.1.1config ospf add lo0 area 0.0.0.0 passiveconfig ospf add v10 area 0.0.0.0 link-type point-to-pointconfig ospf add v20 area 0.0.0.0 link-type point-to-pointenable ospf vxlan-extensionsenable ospf
x670G2
2015 Extreme Networks, Inc. All rights reservedx670G21- Underlay: MLAG specific case19x670G2x770x770
x670G2create vlan lo0create vlan ISC tag 4000create vlan routed-isc tag 11
enable sharing 47 grouping 47,48 algorithm address-based L3_L4 lacpenable jumbo-frame ports allconfig ip-mtu 9194 routed-isc
enable loopback-mode lo0config ISC add port 47 taggedconfig routed-isc add port 47 tagged
config lo0 ipaddress 192.168.1.2/32config routed-isc ipaddress 10.0.0.15/31
enable ipforwarding
config ISC ipaddress 1.1.1.2/31
config ospf routerid 192.168.1.2config ospf add lo0 area 0.0.0.0 passiveconfig ospf add routed-isc area 0.0.0.0 link-type point-to-pointenable ospf vxlan-extensionsenable ospfp2p L3 vlans to Spine are omitted for clarity
2015 Extreme Networks, Inc. All rights reserved2- LTEP: single ToR20x770x770x670G2x670G2
x670G2create vlan tenant1 tag 100disable igmp snooping tenant1
config virtual-network local-endpoint ipaddress 192.168.1.1
create virtual-network vnet1config virtual-network vnet1 vxlan vni 13370config virtual-network vnet1 monitor onconfig virtual-network vnet1 add vlan tenant1Theres a 1-on-1 mapping VLAN VNILTEP can be in a user-created VRVTEP/VNI knowledge is flooded via OSPF=> No need to manually configure remote VTEP
vMAN is working as a DEMO feature
2015 Extreme Networks, Inc. All rights reserved
x670G22- LTEP: MLAG ToR21x770x770
x670G2x670G2create vlan vltepcreate vlan tenant1 tag 100config tenant1 add port 47 taggeddisable igmp snooping tenant1
enable loopback-mode vltepconfig vltep ipaddress 172.16.0.1/32
enable ipforwarding vltepconfig ospf add vltep area 0.0.0.0 passive
config virtual-network local-endpoint ipaddress 172.16.0.1
create virtual-network vnet1 config virtual-network vnet1 vxlan vni 13370config virtual-network vnet1 monitor onconfig virtual-network vnet1 add vlan tenant1Note that both MLAG Peer have the same Virtual LTEP IP Address
2015 Extreme Networks, Inc. All rights reserved3- VLAN to VNI Mapping and LearningWith the use of enable ospf vxlan-extensions remote VTEP learning is dynamicManual configuration doesnt require that burdenEasier to configure and manage
Adding and removal of VNI needs to be done by CLI on local VTEP22
2015 Extreme Networks, Inc. All rights reservedStatic case23x770x770x670G2x670G2
x670G2create virtual-network remote-endpoint vxlan ipaddress 172.16.0.1config virtual-network vnet1 add remote-endpoint vxlan ipaddress 172.16.0.1If vxlan-extensions turned offNeed to configure on each VTEP every necessary Remote VTEP/VNI pairsStatic mappingAllows saving of remote VTEP in the config
2015 Extreme Networks, Inc. All rights reserved
24
How-ToModern Approach:Dynamic Configuration DEMO
2015 Extreme Networks, Inc. All rights reservedFull AutomationProblem statementvxlan-extensions allows for dynamic learning of VTEP/VNI pairs throughout the networkUsers still have to configureUnderlayMLAG if necessaryLTEPVNI and VLAN mapping
Full automation is about answering these pain points25
2015 Extreme Networks, Inc. All rights reservedComponentsTo achieve that, several features need to be in placeVm-tracking for MAC and VLAN snoopingDCM and ExtremeIAC for VM authenticationezvxlan.py script interface started
1) DCM authenticates a new VM2) vm-tracking triggers automated VLAN creation (if necessary) for that new VM3) ezvxlan.py configures vxlan-extensions and VXLAN (if necessary) and maps VLAN ID to VNI4) vxlan-extensions floods that knowledge to all OSPF routers26
2015 Extreme Networks, Inc. All rights reservedWorkflow1- DCM authenticates a new VM2- vm-tracking automatically creates new VLAN3- ezvxlan.py enables ospf vxlan-extensions if needed & configures LTEP (if needed). It creates VNI based on VLAN name (if needed) and binds it to the new VLAN4- ospf vxlan-extensions advertises the new VTEP/VNI pair to the network27
SYS_VLAN_1337ospf vxlan-extensionslocal-endpoint 192.168.1.1virtual-network SYS_VN_1337VNI 1337
2015 Extreme Networks, Inc. All rights reservedLimitationsezvxlan.py cannot configure LTEP IP if MLAG is presentManual configuration is required
ezvxlan.py is not started by defaultRequirement to manually enable it onceWill run along with EXOS including restart after switch reboot
ezvxlan.py doesnt work (yet) with Stackingxmod upgrade will be required
Demo feature in EXOS 21.1.1Targeted for GA in 21.1.228run script ezvxlan.py startshow process ezvxlan
2015 Extreme Networks, Inc. All rights reservedThank You
WWW.EXTREMENETWORKS.COM
2015 Extreme Networks, Inc. All rights reserved
