Tag Archives: vxlan

Understanding VXLAN: A Guide to Virtual Extensible LAN Technology

In modern network architectures, especially within data centers, the need for scalable, secure, and efficient overlay networks has become paramount. VXLAN, or Virtual Extensible LAN, is a network virtualization technology designed to address this necessity by enabling the creation of large-scale overlay networks on top of existing Layer 3 infrastructure. This article delves into VXLAN and its role in building robust data center networks, with a highlighted recommendation for FS’ VXLAN solution.

What Is VXLAN?

Virtual Extensible LAN (VXLAN) is a network overlay technology that allows for the deployment of a virtual network on top of a physical network infrastructure. It enhances traditional VLANs by significantly increasing the number of available network segments. VXLAN encapsulates Ethernet frames within a User Datagram Protocol (UDP) packet for transport across the network, permitting Layer 2 links to stretch across Layer 3 boundaries. Each encapsulated packet includes a VXLAN header with a 24-bit VXLAN Network Identifier (VNI), which increases the scalability of network segments up to 16 million, a substantial leap from the 4096 VLANs limit.

VXLAN operates by creating a virtual network for virtual machines (VMs) across different networks, making VMs appear as if they are on the same LAN regardless of their underlying network topology. This process is often referred to as ‘tunneling’, and it is facilitated by VXLAN Tunnel Endpoints (VTEPs) that encapsulate and de-encapsulate the traffic. Furthermore, VXLAN is often used with virtualization technologies and in data centers, where it provides the means to span virtual networks across different physical networks and locations.

VXLAN

What Problem Does VXLAN Solve?

VXLAN primarily addresses several limitations associated with traditional VLANs (Virtual Local Area Networks) in modern networking environments, especially in large-scale data centers and cloud computing. Here’s how VXLAN tackles these constraints:

Network Segmentation and Scalability

Data centers typically run an extensive number of workloads, requiring clear network segmentation for management and security purposes. VXLAN ensures that an ample number of isolated segments can be configured, making network design and scaling more efficient.

Multi-Tenancy

In cloud environments, resources are shared across multiple tenants. VXLAN provides a way to keep each tenant’s data isolated by assigning unique VNIs to each tenant’s network.

VM Mobility

Virtualization in data centers demands that VMs can migrate seamlessly from one server to another. With VXLAN, the migration process is transparent as VMs maintain their network attributes regardless of their physical location in the data center.

What Problem Does VXLAN Solve
Overcoming VLAN Restrictions
The classical Ethernet VLANs are limited in number, which presents challenges in large-scale environments. VXLAN overcomes this by offering a much larger address space for network segmentation.


” Also Check – Understanding Virtual LAN (VLAN) Technology

How VXLAN Can Be Utilized to Build Data Center Networks

When building a data center network infrastructure, VXLAN comes as a suitable overlay technology that seamlessly integrates with existing Layer 3 architectures. By doing so, it provides several benefits:

Coexistence with Existing Infrastructure

VXLAN can overlay an existing network infrastructure, meaning it can be incrementally deployed without the need for major network reconfigurations or hardware upgrades.

Simplified Network Management

VXLAN simplifies network management by decoupling the overlay network (where VMs reside) from the physical underlay network, thus allowing for easier management and provisioning of network resources.

Enhanced Security

Segmentation of traffic through VNIs can enhance security by logically separating sensitive data and reducing the attack surface within the network.

Flexibility in Network Design

With VXLAN, architects gain flexibility in network design allowing server placement anywhere in the data center without being constrained by physical network configurations.

Improved Network Performance

VXLAN’s encapsulation process can benefit from hardware acceleration on platforms that support it, leading to high-performance networking suitable for demanding data center applications.

Integration with SDN and Network Virtualization

VXLAN is a key component in many SDN and network virtualization platforms. It is commonly integrated with virtualization management systems and SDN controllers, which manage VXLAN overlays, offering dynamic, programmable networking capability.

By using VXLAN, organizations can create an agile, scalable, and secure network infrastructure that is capable of meeting the ever-evolving demands of modern data centers.

FS Cloud Data Center VXLAN Network Solution

FS offers a comprehensive VXLAN solution, tailor-made for data center deployment.

Advanced Capabilities

Their solution is designed with advanced VXLAN features, including EVPN (Ethernet VPN) for better traffic management and optimal forwarding within the data center.

Scalability and Flexibility

FS has ensured that their VXLAN implementation is scalable, supporting large deployments with ease. Their technology is designed to be flexible to cater to various deployment scenarios.

Integration with FS’s Portfolio

The VXLAN solution integrates seamlessly with FS’s broader portfolio, (such as the N5860-48SC and N8560-48BC, also have strong performance on top of VXLAN support), providing a consistent operational experience across the board.

End-to-End Security

As security is paramount in the data center, FS’s solution emphasizes robust security features across the network fabric, complementing VXLAN’s inherent security advantages.

In conclusion, FS’ Cloud Data Center VXLAN Network Solution stands out by offering a scalable, secure, and management-friendly approach to network virtualization, which is crucial for today’s complex data center environments.

An Overview on EVPN and LNV

Bombarded with assorted network applications and protocols, the technologies and solutions for network virtualization delivery have been enriched greatly over past years. Among those technologies, VXLAN, also called virtual extensible local area network, is the key network virtualization. It enables layer 2 segments to be extended over an IP core (the underlay). The initial definition of VXLAN (RFC 7348) only relied on a flood-and-learn approach for MAC address learning. Now, a controller or a technology such as EVPN and LNV in Cumulus Linux can be realized. In this post, we are going to make an exploration on those two techniques: LNV and EVPN.

VXLAN

Figure 1: VXLAN

What Is EVPN

EVPN is also named as Ethernet VPN. It is largely considered as a unified control plane solution for the controller-less VXLAN, allowing for building and deploying VXLANs at scale. The EVPN relies on multi-protocol BGP (MP-BGP) to transport both layer 2 MAC and layer 3 IP information at the same time. It enables a separation between the data layer and control plane layer. By having the combined set of MAC and IP information available for forwarding decisions, optimized routing and switching within a network becomes feasible and the need for flooding to do learning gets minimized or even eliminated.

What Is LNV

LNV is the short of lightweight network virtualization. It is a technique for deploying VXLANs without a central controller on bare metal switches. Typically, it’s able to run the VXLAN service and registration daemons on Cumulus Linux itself. The data path between bridge entities is established on the top of a layer 3 fabric by means of a simple service node coupled with traditional MAC address learning.

The Relationship Between EVPN and LNV

From the above wiki of the EVPN and LNV, it’s easy for us to notice these two technologies are both the applications of VXLAN. For LNV, it can be used to deploy VXLAN without an external controller or software suite on the bare-metal layer 2/3 switches running Cumulus Linux network operating system (NOS). As for EVPN, it is a standards-based control plane for VXLAN, which can be used in any usual bare-metal devices, such as network switch and router. Typically, you cannot apply LNV and EVPN at the same time.

Apart from that, the deployments for EVPN and LNV are also different. Here, we make a configuring model for each of them for your better visualization.

EVPN Configuration Case

 

EVPN

Figure 2: EVPN

In the EVPN-VXLAN network segments shown in Figure 2 (Before), hosts A and B need to exchange traffic. When host A sends a packet to host B or vice versa, the packet must traverse the switch A, a VXLAN tunnel, and the switch B. By default, routing traffic between a VXLAN and a Layer 3 logical interface is disabled. If the functionality is disabled, the pure Layer 3 logical interface on the switch A drops Layer 3 traffic from host A and VXLAN-encapsulated traffic from the switch B. To prevent the pure Layer 3 logical interface on the switch A from dropping this traffic, you can reconfigure the pure Layer 3 logical interface as a Layer 2 logical interface, like Figure 2 (After). After that, you need to associate this interface with a dummy VLAN and a dummy VXLAN network identifier (VNI). Then, an Integrated routing and bridging (IRB) interface need to be created, which provides Layer 3 functionality within the dummy VLAN.

LNV Configuration Case

 

LNV

Figure 3: LNV

The two layer 3 switches are regarded as leaf 1 and leaf 2 in the above figure. They are running with Cumulus Linux and have been configured as bridges. Containing physical switch port interfaces, the two bridges connect to the servers as well as the logical VXLAN interface associated with the bridge. After creating a logical VXLAN interface on both leaf switches, the switches become VTEPs (virtual tunnel end points). The IP address associated with this VTEP is most commonly configured as its loopback address. In the image above, the loopback address is 10.2.1.1 for leaf 1 and 10.2.1.2 for leaf 2.

Summary

In this post, we have introduced the two techniques of network virtualization: EVPN and LNV. These two applications of network virtualization delivery share some similarities, but also quite a lot of differences. Being satisfied with the simplicity, agility, and scalability over the network, the EVPN has been a popular choice in the market.