Presentation is loading. Please wait.

Presentation is loading. Please wait.

VXLAN – Deepdive Module 5

Published byEsmond Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "VXLAN – Deepdive Module 5"— Presentation transcript:

1 VXLAN – Deepdive Module 5
Cisco Live 2014 4/24/2017 VXLAN – Deepdive Module 5 Preeti- this slide should be changed to the template what you are using.

2 Agenda VXLAN Bridging VXLAN Gateway VXLAN Routing
VXLAN Implementing Underlay and Overlay VXLAN Ingress Replication VXLAN Design Agenda

3 VxLAN Deep Dive – Nexus9000 Nexus 9000 Series – VXLAN Support
NXOS Mode Only VXLAN is supported across the Nexus 9000 series platforms. The VXLAN Gateway functionality is supported across all form factors and line cards. Integrated VxLAN routing functionality is only supported on ACI-enabled Modules. This is not control plane – this is how everyone else does it! Nexus 9300 Series Nexus 9500 Series

4 VXLAN- Bridging

5 VxLAN Deep Dive – Nexus9000 VxLAN Bridging
VXLAN bridging is the function provided by VTEP devices to extend a VLAN or VXLAN VNI over the Layer 3 infrastructure VTEP HOST VLAN 100 VXLAN 50000 IP Network VXLAN Bridging -Briding is the ability to extend lay 2 between 2 VTEP over Layer 3 network - If you’re doing port-local feature you can go up to 16 million – if not you are limited to 4094 vlans still

6 Configuring VXLAN Bridging
N9K-Leaf-1# show vxlan Vlan VN-Segment ==== ========== ---- N-Way ---- Multiple L2 domains with multicast can be enabled under single nve interface vlan 100   vn-segment 50000 vlan 101   vn-segment 50001 interface nve0   source-interface loopback0   overlay encapsulation vxlan   member vni mcast-group   member vni mcast-group interface Ethernet1/1 description connected to Host-1 switchport switchport mode trunk pim neighors - Local switching is supported if the 2 hosts are on the same vlan connected to the same VTEP – in this case, encapsulation and decapsulation doesn’t occur VTEP-1 VTEP-2 VTEP-3 VTEP-n Host 1 MAC1, IP 1 VLAN 100 Host 11 MAC11, IP 11 VLAN 101 Host 2 MAC2, IP 2 VLAN 100 Host 11 MAC11, IP 11 VLAN 101

7 VXLAN Bridging – Learning and Forwarding
Underlay SIP: VTEP-IP-1 DIP: VTEP-IP-2 SMAC: MAC_V1 DMAC: hop-by-hop UDP VXLAN VNID: 50000 SMAC: MAC1 DMAC: MAC2 SIP: IP_1 DIP: IP_2 Overlay ---- N-Way ---- MAC Table on VTEP1 MAC Address VXLAN ID Remote VTEP MAC2 50000 VTEP-2 (IP) 2 VTEP-1 VTEP-2 VTEP-3 VTEP-n S-IP: IP1 D-IP: IP2 S-MAC: MAC1 D-MAC: MAC2 1 S-IP: IP1 D-IP: IP2 S-MAC: MAC1 D-MAC: MAC2 3 Add real mac-table Host 1 MAC1, IP 1 VLAN 100 Host 11 MAC11, IP 11 VLAN 101 Host 2 MAC2, IP 2 VLAN 100 Host 3 MAC3, IP 3 VLAN 101 VXLAN VNID 100

8 VXLAN Bridging- Forwarding
Host-1 (VLAN 100) Host-2 (VLAN 100) Host-11 (VLAN 101) Host-3 (VLAN 101) ---- N-Way ---- 50001 MAC Table on VTEP1 MAC Address VXLAN ID Remote VTEP MAC2 50000 VTEP-2 (IP) MAC3 50001 VTEP-3 (IP) 50000 VTEP-1 VTEP-2 VTEP-3 VTEP-n Move the MAC table on left side Need to change the arrow one direction Host 1 MAC1, IP 1 VLAN 100 Host 11 MAC11, IP 11 VLAN 101 Host 2 MAC2, IP 2 VLAN 100 Host 3 MAC3, IP 3 VLAN 101 VXLAN VNID 101 VXLAN VNID 100

9 VXLAN- Gateway

10 VXLAN L2 Gateway VXLAN gateway connects VXLAN and traditional VLAN environments A physical VTEP device can provide a hardware-based VXLAN gateway function Common use case is where a hypervisor VTEP initiates VXLAN tunnels on one side and a physical VTEP device on the other side provides VXLAN gateway service to terminate the VXLAN tunnel and map the VXLAN VNI to a traditional VLAN VTEP HOST Hypervisor VTEP HOST (VXLAN Gateway) VLAN IP Network VXLAN - Gateway is anytime you’re doing vlan to vxlan switching or vxlan to vlan switching

11 VXLAN Layer2 Gateway - Forwarding
Host-1 (connected to H/W VTEP) Host-5 (connected to S/W VTEP) MAC Table on VTEP-5 MAC Address VXLAN ID Remote VTEP MAC1 50000 VTEP-1 (IP) ---- N-Way ---- MAC Table on VTEP-1 MAC Address VXLAN ID Remote VTEP MAC5 50000 VTEP-5 (IP) 1 Software based VTEP VNID 50000 VXLAN 4 VTEP-1 VTEP-2 VTEP-3 VTEP-4 VM OS VTEP-5 VXLAN Gateway 2 Show communication from Soft VTEP to VTEP-1, remote VLAN from the s/w VTEP 3 Host-5 MAC5/ VNID 5000 Host A MAC1 /

12 Egress VXLAN packet is ROUTED to new segment
VXLAN Gateway Types VXLAN Taxonomy V VXLAN Layer-2 Gateway Ingress VXLAN packet on RED segment Egress packet is IEEE 802.1q tagged interface. packet is BRIDGED to new VLAN VXLAN to VLAN Bridging (Layer-2 Gateway) VXLAN-to-VXLAN Routing (Layer-3 Gateway) VXLAN-to-VLAN Routing (Layer-3 Gateway) V VXLAN Router Ingress VXLAN packet on RED segment Egress VXLAN packet is ROUTED to new segment V VXLAN Router Ingress VXLAN packet on RED segment Egress packet is IEEE 802.1q tagged interface. packet is ROUTED to new VLAN

13 VXLAN- Routing -Routing is a problem with T2 assic
- With t2 you can use loopback to do re-circulation

14 IP Network VXLAN Routing
VXLAN routing is also referred to as inter-VXLAN routing. It provides IP routing service between two VXLAN VNIs in the overlay network in a way similar to inter-VLAN routing. HOST VXLAN VNI 40000 IP Network VXLAN Routing VXLAN VNI 45000 As the building blocks of the Data Center (Compute, Storage, Applications, Network) become increasingly intertwined, businesses are looking at ways to further increase agility, flexibility, and scale, whilst reducing time-to-deployment and ease maintenance tasks.

15 VXLAN – Inter VLAN Routing with Routing Block
---- N-Way ---- VTEP-1 VTEP-2 VTEP-3 VTEP-4 Routing Block IP GW for VxLAN extended VLANs VTEP-5 VTEP-6 Host-1 (VLAN 100) Host-3 (VLAN 101) interface ten2/0/0.100 ip address ! interface ten2/0/0.101 ip address Host 1 MAC_1/ IP_1 Vlan 100 Host 3 MAC_3 / IP_3 Vlan 101 Challenges/Limitations Hair-pinning Additional router(s) MAC Table on VTEP-5 MAC Address VXLAN ID Remote VTEP MAC3 50001 VTEP-3 (IP) MAC Table on VTEP-1 MAC Address VXLAN ID Remote VTEP GW1_MAC 50000 VTEP-5 (IP) 5 2 S-IP: IP1 D-IP:IP3 S-MAC: MAC1 D-MAC: GW1_MAC 1 6 3 4 T2 cannot switch VXLAN to different vlan that is why we need a routing block With CONTROL PLANE – we can do routing This solution is not scalable – BGP EVPN will solve this issue

16 VXLAN – Inter VLAN Routing with On-stick-VTEP
On-the-stick VTEP Gateway SVI Layer2 trunk ---- N-Way ---- VTEP-1 VTEP-2 VTEP-3 VTEP-4 Host 11 MAC11, IP 11 VLAN 101 Host 1 MAC1, IP 1 VLAN 100 Host3 MAC3, IP3 3 4 2 Layer3 link 5 Challenges/Limitations Migration for L3 boundary Sub-optimal paths Configuration changes on infra/spine 1 6 Same changes as previous slide, Manish suggested to add summary slide with all challenges Solution: MP-BGP EVPN Control-Plane

17 VXLAN- Implementing Underlay and Overlay

18 Step 1- VXLAN Underlay Network
Spine Leaf Design Enable IP network Enable Routing Protocol Spine ---- N-Way ---- Underlay IP Network Start without any box – just physical topology Basic ip routing is only enabled at the spine level Leaf

19 Step 2 -VXLAN Underlay Network
Spine/Leaf Switches Configure IP address on physical Enable Loopback addresses ---- N-Way ---- Layer3 Links interface loopback0   ip address /32 ! interface Ethernet1/1 ip address /30 IP Network Vlan-based - How to do summarization? Type 2 (host) – we can do Type 5

20 Step 3-VXLAN Underlay Network-Enable Routing
Layer3 links N9K-Leaf-1# show ip ospf neighbors OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface FULL/DR :09: Eth2/2 FULL/DR :26: Eth2/3 Network reachability via any routing protocol of choice ---- N-Way ---- interface loopback0 ip address /32 ip router ospf 1 area ! interface Ethernet1/1 ip address /30 router ospf 1   router-id IGP (OSPF/EIGRP)

21 Step 4-VXLAN Underlay Network – Enable Multicast
N9K-Standalone-Pod4# show ip pim neighbor PIM Neighbor Status for VRF "default" Neighbor Interface Uptime Expires DR Bidir- BFD Priority Capable State Ethernet2/ w2d :01: no n/a Ethernet2/ w2d :01: no n/a N9K-Standalone-Pod4# ---- N-Way ---- Enable Multicast on the underlay network (PIM-SM, PIM-BiDr) interface loopback0   ip address /32   ip router ospf 1 area   ip pim sparse-mode interface eth1/1   ip address /30   ip ospf network point-to-point ! ip pim rp-address group-list /8 IGP (OSPF/EIGRP) Multicast pim neighors

22 Step 5-VXLAN – Enabling VXLAN VTEP
N9K-Leaf-1# show nve interface nve 1 Interface: nve1, State: Up, encapsulation: VXLAN VPC Capability: VPC-VIP-Only [not-notified] Local Router MAC: f40f.1bae.4d8f Host Learning Mode: Control-Plane Source-Interface: loopback0 (primary: , secondary: ) ---- N-Way ---- Enable nv overlay features on leaf nodes Configure nve (network virtual) interface feature nv overlay feature vn-segment-vlan-based interface nve0   source-interface loopback0   overlay encapsulation vxlan pim neighors VTEP-1 VTEP-2 VTEP-3 VTEP-n

23 Configuring VXLAN VTEP – Cont’d
N9K-Leaf-1# show vxlan Vlan VN-Segment ==== ========== ---- N-Way ---- Multiple L2 domains with multicast can be enabled under single nve interface vlan 100   vn-segment 50000 interface nve0   source-interface loopback0   overlay encapsulation vxlan   member vni mcast-group interface Ethernet1/1 description connected to Host-1 switchport switchport mode access switchport access vlan 100 pim neighors VTEP-1 VTEP-2 VTEP-3 VTEP-n Host 1 MAC1, IP 1 VLAN 100 Host 2 MAC2, IP 2 VLAN 100 Host 11 MAC11, IP 11 VLAN 101

24 VXLAN- Lab

25 VXLAN- Ingress Replication

26 VXLAN Flooding Flooding of Broadcast/Unknown-unicast/Multicast (BUM) packets across underlying core network: Option 1: Use multicast IP core Each VNI is mapped to a multicast group. For BUM packets coming on access side interfaces, they are encapsulated with VNI group address as DIP and sent out along the multicast tree to core Option 2: Use Ingress Replication (IR) Some customers would want to avoid using multicast in their core Remote VTEPs are statically configured per VNI BUM packets ingressing on access side are replicated to all remote static VTEPs in the VNI, each is encapsulated with one VTEP IP as unicast DIP Support multiple VTEPs per VNI and a VTEP in multiple VNIs Whenever we talk about the Layer 2 we know one thing is that for the Broadcast/Unknown-unicast and the multicast packets we need to flood across the bridging domain. In the case of VxLAN this means we need to flood packets across the underlying core network to reach to every switch participating in the bridging domain. So there are two options. The first one is using the multicast IP core. This option is already supported by the first 9K VxLAN feature. In this option every VNI is mapped to a multicast group. For the BUM traffic coming on the access side , BPG encapsulate with the group assigned to the VNI and the packets is going to send along the multicast tree. The second option is using the ingress replication. In this case, if the customer doesn’t want to use multicast or they don’t have the multicast deployed in their IP network, they can use the IR, ingress replication. In this option user explicit configures the remote VTEPs on each VNI. Then the BUM traffic coming on the access side is going to replicate to each remote VNI static configure and the each replication is going to encapsulate with the one VTEP IP as unicast DIP. For this IR support, we support multiple VTEPs per VNI and also support a VTEP in multiple VNIs.

27 VxLAN Flooding (cont'd)
Up to 16 static IR VTEPs is recommended. Multicast and IR configuration can co-exist on the same switch, but on different VNIs. Multicast-core learned VTEP vs. IR static VTEP: Learned VTEP tunnel will be removed when all dynamically learned MACs that are associated with the VTEP are aged out. IR static VTEP tunnel is kept alive as long as the route to the VTEP is available. [Note: The presenter has included additional notes which are located below the transcript text.] Currently, we only supporting this static configured remote VTEPs. In the future release, we going to support the EVPN-IR which means that the user can enable the VTEP propagation by BGP protocol. For this release, up to 16 static VTEPs is tested and also recommended to the customer. On each switch we support the multicast IR configuration on the same box but it has to be on different VNIs, so this is mainly for the migration case. If the customer before has the multicast-core and later wants to migrate to the IR, they can keep the multicast configuration on some VNI and also the static-configured IR on some other VNIs. Now what’s the difference between the multicast-core learned VTEPs versus the IR VTEPs? For the multicast-learned VTEPs, they will be keep alive until the last dynamic MACs associated with this VTEP is aged out. In other ways, when all the MACs age out, so the dynamic-learned VTEPs will be removed. In the case of IR static-configured VTEP, they are going to keep alive as long as the route to the VTEP is available. Additional Presenter Notes: Note: in the current release, command “host-reachability protocol bgp” enables propagation of remote host information (MACs and/or IPs). - 16 static IR is now 128 !!!

28 VXLAN Peer and Host Learning Options
Data-Plane Control-Plane Core Multicast Unicast Flood and Learn Peer Learning: DP EVPN-Multicast Peer Learning: BGP Vlan 2 vn-segment 4098 Interface nve 1 member vni 10000 mcast-group Vlan 2 vn-segment 10000 Interface nve 1 host-reachability protocol bgp member vni 4098 mcast-group Static Ingress-Replication Peer Learning: CLI EVPN Ingress-Replication Peer Learning: BGP Vlan 2 vn-segment 4098 Interface nve 1 member vni 4098 ingress-replication protocol static Vlan 2 vn-segment 4098 Interface nve 1 host-reachability protocol bgp member vni 4098 ingress-replication protocol bgp

29 Ingress Replication (IR) – Topology and configuration (1)
VTEP-3 Host-C feature nv overlay feature vn-segment-vlan-based vlan 10 vn-segment 10000 interface nve1 no shutdown source-interface loopback0 member vni 10000 ingress-replication protocol static peer-ip peer-ip Ethernet 1/1: Loopback0 : VxLAN L2 Gateway E1/1 Router-3 IP Network Router-1 Router-2 1 1 E1/1 No discussion. E1/1 Ethernet 1/1: Loopback0: VxLAN L2 Gateway Ethernet 1/1: Loopback0: VxLAN L2 Gateway VTEP-2 VTEP-1 E1/2 E1/2 Host-B MAC: 0.0.2 IP: MAC : 0.0.1 IP : Host-A

30 Ingress Replication (IR) – Topology and configuration (2)
feature nv overlay feature vn-segment-vlan-based vlan 10 vn-segment 10000 vlan 11 vn-segment 10001 interface nve1 no shutdown source-interface loopback0 member vni 10000 ingress-replication protocol static peer-ip peer-ip member vni 10001 VTEP-3 Host-4 VLAN10 Ethernet 1/1: Loopback0 : VxLAN L2 Gateway Host-5 VLAN11 E1/1 Router-3 IP Network Router-1 Router-2 E1/1 In the case of the IR, say in this case for example we have three VTEPs and two VTEPs have two VLANs, VLAN10 and VLAN11, and VTEP-2 only has one VLAN, VLAN10. So here is the sample configuration. VTEP-10 mapped to the VN-segment and VLAN11 mapped to the VN-segment Inside the VLAN interface and the configuration of the member VNI is specified ingress-replication protocol static, and you list all the peers so the remote VTEP is for the VTEP-2 and the is the VTEP-3 here. For the VLAN, VNI 10001, so this is for VLAN11, because only VTEP-3 has VLAN11, so you can specify only the peer-IP for VTEP-3. [Note: The slide builds out as the speaker continues.] When the packet’s coming from VLAN10 to VTEP-1, it’s going to replicate twice. So the first replication is going to send to VTEP-3, and second packet is going to send VTEP-2. So you see this, the ingress gateway is going to generate two replications and this unicast to each of the remote VTEPs. For the packets coming from the VLAN11 and just one replication can be sent to VTEP-3. Ethernet 1/1: Loopback0 : VxLAN L2 Gateway VTEP-2 VTEP-1 Ethernet 1/1: Loopback0 : VxLAN L2 Gateway Host-1 Host-2 Host-3 VLAN10 VLAN10 VLAN11

31 IR Configuration If a set of VNIs have the same group of remote VTEPs, use range command: feature vn-segment-vlan-based feature nv overlay vlan 1, vlan 11 vn-segment 10011 vlan 12 vn-segment 10012 vlan 13 vn-segment 10013 vlan 14 vn-segment 10014 vlan 100 vn-segment 10100 interface nve1 no shutdown source-interface loopback200 member vni ingress-replication protocol static peer-ip peer-ip peer-ip If you have a case, let’s say, different VNIs are supporting the same set of remote VTEPs, you can use the range configuration. So if I find the range of VNIs and I get the same set of VTEPs.

32 VXLAN IR Flooding & Address Learning
End System End System VXLAN VNID: 10000 Outer S-IP: IP-1 Outer D-IP: IP-3 S-MAC: MAC-1 D-MAC: MAC-3 ARP Request for IP B Src MAC: MAC-A Dst MAC: FF:FF:FF:FF:FF:FF UDP 2’ 2 VXLAN VNID: 10000 Outer S-IP: IP-1 Outer D-IP: IP-2 S-MAC: MAC-1 D-MAC: MAC-2 ARP Request for IP B Src MAC: MAC-A Dst MAC: FF:FF:FF:FF:FF:FF UDP ARP Request for IP B Src MAC: MAC-A Dst MAC: FF:FF:FF:FF:FF:FF 3 VTEP 1 IP-1 MAC-1 VTEP 2 IP-2 MAC-2 VTEP 3 IP-3 VTEP-3 MAC Address VXLAN ID Remote VTEP MAC-A 10 IP-1 ARP Response from IP B Src MAC: MAC-B Dst MAC: MAC-A 4 VTEP-2 End System B MAC-B IP-B IP Unicast Core 7 ARP Response from IP B Src MAC: MAC-B Dst MAC: MAC-A VTEP-1 3 ARP Request for IP B Src MAC: MAC-A Dst MAC: FF:FF:FF:FF:FF:FF VXLAN VNID: 10000 Outer S-IP: IP-2 Outer D-IP: IP-1 S-MAC: MAC-2 D-MAC: MAC-1 ARP Response from IP B Src MAC: MAC-B Dst MAC: MAC-A UDP 5 Let’s look at the packet flow and see for the flooding and also for the MAC learning. [Note: The slide builds out as the speaker continues.] In this case we also have three VTEPs, A, B and C. Each VTEP has one host behind. This has two hosts. See the packets is coming from the End System A. This is a ARP request packet. On the VTEP-1 it’s going to generate two replication copies. One is toward VTEP-2, and you can see here the D-MAC is the next hop. The inner copies exactly same for this ARP request, and outer header D-MAC is the next hop toward VTEP-2. So in this case it looks like a directly connected associated VTEP-2 D-MAC, and the source MAC is VTEP-1’s D-MAC. The outer D-IP is the IP-2, VTEP-2. So this packet reached to the VTEP-2 and also the VTEP-1 also generate another unicast copy toward VTEP-3. So you see, pretty much similar. Both VTEP-2 and VTEP-3 we see the copy. So the VTEP-2 is going to learn this MAC, so the MAC-A is going to mark associate with the VTEP-1, so this the IP address of VTEP-1. And also the host behind the VTEP-2 has the ARP IP B, so it’s going to send the response back. So this response is going to be unicast back to the VTEP-1. So the VTEP-1 is going to learn the MAC as well. I forgot to mention that VTEP-3 whenever the VTEP-3 receive the packets it’s going to also [??] the MAC learning. So when the VTEP-3 receives the packets it’s going to send to the end host A. Okay, any questions so far? Any questions? Okay, no questions so far. ARP Request for IP B Src MAC: MAC-A Dst MAC: FF:FF:FF:FF:FF:FF 1 End System A MAC-A IP-A 6 MAC Address VXLAN ID Remote VTEP MAC-B 10 IP-2 MAC Address VXLAN ID Remote VTEP MAC-A 10 IP-1

33 VXLAN- Ingress Replication Lab

34 VXLAN- Design

35 VxLAN Deep Dive – Nexus 9000 Forwarding – Virtual Port Channel
When Virtual Port Channel (vPC) is enabled an ‘anycast’ VTEP address is programmed on both vPC peers Symmetrical forwarding behavior on both peers Multicast topology prevents BUM traffic being sent to the same IP address across the L3 network Prevents duplication of flooded packets vPC peer-gateway feature must be enabled on both peers VXLAN header is not carried on the vPC Peer link VXLAN AnyCast VTEP AnyCast VTEP VLAN

36 VxLAN Deep Dive – Nexus 9000 Forwarding – Design Considerations
VTEP VLAN When VxLAN is being routed the next hop for VXLAN encapsulated frames needs to be over an L3 interface Alternatively, all SVIs from a VxLAN Gateway must point to the same physical next hop Same VxLAN header MAC Destination Address for all VxLAN encapsulated packets sent from the same physical port VxLAN VTEP downstream of a Nexus 2000 FEX is not supported

37 VxLAN Deep Dive – Nexus 9000 Deployment Scenarios – L2 Extension across Pods
L3 Core VxLAN Overlay Pod 1 Pod 2

38 VxLAN Deep Dive – Nexus 9000 Deployment Scenarios – Virtual to Physical
VTEP VTEP VxLAN Enabled Hypervisor VxLAN Enabled Hypervisor

39 VXLAN Design with VXLAN Bridging only L2 Extension across Pods
L3 Core L2 Link L3 Link VTEP (Layer-2 only) VTEP (Layer-2 only) VXLAN Overlay (VLAN Extension) Pod 1 Pod 2 IP GW IP GW Layer-2 VLAN Domain Layer-2 VLAN Domain

40 VXLAN Design with VXLAN Bridging only STP/VPC Replacement - Routing off-box
DC Core L2 Link L3 Link Challenges: Hard to Scale --- Layer-2 fault domain size grows as the POD grows Layer-3 DC Aggregation IP GW Layer-2 Layer-2 VLAN Domain DC Access

41 VXLAN Design with VXLAN Bridging only STP/VPC Replacement - Routing off-box
Traditional Layer-2 POD Design DC Core L2 Link L3 Link Challenges: Layer-2 connectivity is constrained below each access switch, limiting application workload mobility DC Aggregation Layer-3 Network Layer-3 Layer-2 DC Access IP GW IP GW IP GW IP GW

42 VXLAN Design with VXLAN Bridging only Traditional Layer-2 POD Replacement
DC Core L2 Link L3 Link VxLAN extends Layer2 over Layer 3 boundary Challenges: Routing between VxLAN extended Layer-2 segments DC Aggregation VXLAN Overlay DC Access VTEP VTEP VTEP VTEP

43 VXLAN Design with VXLAN Bridging only Traditional L2 POD Replacement
Option A: Router on A Stick Design with a Routing Block DC Core L2 Link L3 Link Router on a stick design to provide IP gateway and routing function for VxLAN extended Layer-2 segments DC Aggregation VXLAN Overlay Routing Block Layer-3 Layer-2 DC Access VTEP VTEP VTEP VTEP VLAN Dark Blue VLAN Red Routing Routing IP GW for VxLAN extended VLANs

44 VXLAN Design with VXLAN Bridging only Traditional L2 POD Replacement
Option B: VTEP on A Stick Design to Keep IP GW on Aggregation DC Core L2 Link L3 Link VTEP on a stick design Aggregation Switches are the centralized IP gateway. IP GW for VxLAN Extended VLANs DC Aggregation Routing VTEP VTEP VXLAN Overlay DC Access VTEP VTEP VTEP VTEP VLAN Dark Blue VLAN Red

45 VXLAN Design with VXLAN Bridging only Spine-Leaf Deployment
L2 Link L3 Link Spine Router on a stick design to provide IP gateway and routing function for VxLAN extended Layer-2 segments VXLAN Overlay Leaf VTEP VTEP VTEP VTEP VLAN Dark Blue VLAN Red Routing IP GW for VxLAN Extended VLANs

46 VXLAN EVPN Control Plane Functions in Bronte Release
VXLAN eVPN - Supports a BGP ethernet VPN (EVPN) control plane Anycast IP gateway ARP Suppression Ingress Replication VXLAN MIB/counters

47 VXLAN Deepdive Summary
VXLAN extends the Ethernet header to embed additional VLAN information VXLAN enables L2 traffic to tunnel over L3 boundaries VTEPs terminate traffic going Virtual/Physical and vice versa The Nexus9000 supports VxLAN: Bridging Gateway Routing (When using modules with the NorthStar ASIC) VXLAN is supported with Virtual Port Channels

48 Thank You

Download ppt "VXLAN – Deepdive Module 5"

Similar presentations

Identifying MPLS Applications

Identifying MPLS Applications
Overlay Transport Virtualization (OTV)

Overlay Transport Virtualization (OTV)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
L3 + VXLAN Made Practical

L3 + VXLAN Made Practical
Network Virtualization Overlay Control Protocol Requirements draft-kreeger-nvo3-overlay-cp-00 Lawrence Kreeger, Dinesh Dutt, Thomas Narten, David Black,

Network Virtualization Overlay Control Protocol Requirements draft-kreeger-nvo3-overlay-cp-00 Lawrence Kreeger, Dinesh Dutt, Thomas Narten, David Black,
Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA

Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.

Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
Network Overlay Framework Draft-lasserre-nvo3-framework-01.

Network Overlay Framework Draft-lasserre-nvo3-framework-01.
MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks

MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.

InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.

Similar presentations

Ads by Google