One of the essential things to know before applying any network technology is to understand why we need it and what problem(s) it solves! Before talking about its applications, we need to answer the question: What is VXLAN?
VXLAN (Virtual eXtensible Local Area Network) is a MAC-in-IP/UDP encapsulation, and it is currently the most popular overlay encapsulation in use in Data Center networks. It is an open standard technology deployed by all networking vendors.
Why do we move to VXLAN Technology?
Applications requirements triggered the evolution of data center technologies. Data centers have evolved significantly over the past years. In the past, It took days or weeks to deploy applications in data centers, But with the evolution of data centers, the deployment time is expected to be minutes or even seconds.
VXLAN technology fulfills today’s data center requirements and challenges as follows:
- Agility: defines how long it takes for an application request to be fulfilled. In modern data centers, we should be able to reduce this time to a minimum.
- Scalability: defines the data center’s ability to keep working well when it is improved and changed in volume and size.
- Elasticity: defines the ability to adapt to changing demands and requirements. A data center must be able to add capacity without affecting existing application workloads.
- High Availability: defines the data center’s ability to be constantly operational (24 hours a day, 7 days a week, and 365 days a year).
- Mobility: defines the data center’s ability to provide data access (L2 and L3) where and when we need it.
- Segmentation: defines the ability to divide the data center fabric into smaller parts to improve network performance and security.
- Security: defines the ability to enforce application policies and prevent unauthorized access.
- Automation & Programmability: defines the ability to manage and execute the data center’s routine workflows and processes without human administration.
The Data Center Fabric Evolution Journey
The traditional designs for data centers are no longer sufficient to address all of today’s data center requirements.
- Spanning Tree Protocol (STP)–based networks served network requirements for several years, providing plug-and-play layer-2 loop-free networks. However, Various issues make the choice of STP for a large data center network difficult. Like:
- Convergence time issue: The tree needs to be recalculated on a link failure or switch failure in STP-based networks. This can significantly impact traffic convergence times because topology change notifications (TCNs) result in clearing the MAC tables on the switches. As link speeds go from 10G to 40G to 100G, even subsecond convergence times can result in significant traffic drops.
- Unused links issue: In the Spanning-tree protocol, many of the links between the various switches, which are part of the topology, are placed in a blocked state and considered redundant. So, network resources are not optimally utilized.
- Suboptimal forwarding: Because traffic is always forwarded along the tree through the root switch, a shorter path between a pair of non-root switches will not be utilized.
- Lack of Equal-Cost Multipath (ECMP) routing: Because only one path is active between a source switch and a destination switch in a traditional STP-based Layer 2 network, ECMP options are absent. Layer 3 networks, on the other hand, provide the ability to use more than one equal-cost path between a pair of routers. This is one of the significant reasons why Layer 3 networks have gained popularity.
- The virtual Port-channel (vPC) allows a downstream device (host or switch) to attach to a pair of switches. With vPC, a pair of switches (called vPC peers) is configured so the rest of the network sees the pair as a single logical switch. The downstream device is attached to both vPC peers using a regular Port-Channel configuration.
- Both links are in an active state, allowing active-active forwarding. Traffic to or from the downstream device may hash over to either peer and be forwarded.
- While vPC addresses some limitations of STP, it remains limited to a pair of switches only. In modern data center architecture, a more generic multipath solution is needed.
- Cisco FabricPath is a MAC-in-MAC encapsulation that eliminates the use of STP in Layer 2 networks. It uses IS-IS protocol with some extensions to distribute the topology information among the switches that are part of the fabricpath network.
- With fabricpath, switches behave like routers, building switch reachability tables and inheriting all the advantages of Layer 3 characteristics such as ECMP, no unused links in the network, and optimal forwarding between any pair of switches.
- Fabricpath is not supported in N3K and N9K switches; it is only supported in N5K and N7Ks. Also, fabricpath scalability is limited to the 4094 VLANs (it doesn’t scale well).
So, the VXLAN technology currently is the de facto overlay protocol for data center deployments. (Keep in mind Cisco ACI is based on VXLAN).
What is VXLAN? (Virtual eXtensible LAN Overview)
- VXLAN is a layer 2 in layer-3 overlay tunnel, specifically an Ethernet in IP/UDP tunnel (UDP port 4789).
- VXLAN is a standard-based technology (RFC-7348).
- VXLAN expands the VLAN namespace; it uses 24-bit space – 16,777,216 values.
- VXLAN allows layer-2 multipathing; it doesn’t need STP for loop prevention; it uses layer-3 ECMP over CLOS fabric.
- VXLAN doesn’t break layer-2 adjacency requirements. (e.g., vMotion in VMware).
- VXLAN allows for multi-tenancy and separation of customer traffic over shared underlay fabric. (use the same VLANs on different tenants).
- VXLAN allows the integration of physical and virtual workloads.
- VXLAN has two flavors: VXLAN Flood & Learn (old and rarely used). VXLAN BGP EVPN (widely used).
What is VXLAN (Terminologies and Components)
- VTEP: VXLAN Tunnel End Point.
- The device that performs VXLAN encapsulation & decapsulation.
- It could be hardware or software, e.g., Nexus 9000 vs. Cisco AVE (Application Virtual Edge).
- Each VTEP has several interfaces:
- Switchport interfaces on the local LAN segment to support local endpoints.
- Layer-3 interfaces to the transport network.
- SVI interfaces.
- A virtual tunnel interface. (NVE interface)
- NVE: Network Virtualization Edge.
- Logical representation of the VTEP.
- NVE interface is the tunnel interface.
- VNI / VNID: VXLAN Network Identifier.
- Replaces the VLAN ID.
- Replaces the VLAN ID.
- Underlay Network: The IP network that interconnects VTEPs together via the Spine switches.
- VXLAN Overlay: A VXLAN Overlay or VXLAN segment is a Layer-2 domain identified by the VNID that extends or tunnels traffic from one VTEP to another.
VXLAN Packet Encapsulation Structure
The following video shows how the original IP packet gets encapsulated in VXLAN in detail.
Conclusion
VXLAN, or Virtual Extensible LAN, is a network virtualization technology that allows a single physical network to be shared by multiple different organizations. It uses MAC-in-UDP encapsulation for packets and establishes a logical tunnel between the source and destination network devices.
I hope this summary was useful. For comprehensive content, you can refer to my Cisco Data Centers | VXLAN EVPN Udemy course.
Feel free to leave a comment or a question.