Interface VNI Multicast-group State Mode Type Flags Source-Interface: loopback1 (primary: 10.255.1.2, secondary: 0.0.0.0)Ĭodes: CP - Control Plane DP - Data Plane Interface: nve1, State: Up, encapsulation: VXLAN Under this NVE, we also map VNI to multicast group: interface nve1Īt this point minimal configuration for flood and learn over IP fabric is done. This loopback interface is used for Outer source IP address. Next, NVE (Network Virtualization Edge) interface – a logical interface where the encapsulation and de-encapsulation occurs. ! VLAN-based virtual network (VN) segment functionality VNI-to-VLAN mapping is easy: ! VXLAN functionality VNI represents Bridge domain in VXLAN so on every switch VNI is mapped to a local to nexus switch domain. In VXLAN, VLAN is local value and VNI is a global value for VXLAN fabric. Rendezvous Point High Availability Mechanisms VXLAN Data-Plane configuration Toni Pasanen did a very good job with describing Multicast configuration for VXLAN:Īnother good material is Cisco Learning. RFC7348 says “A side note here is that since each VTEP can act as both the source and destination for multicast packets, a protocol like bidirectional PIM (BIDIR-PIM - see ) would be more efficient.”
PIS-SM Anycast or Bidir-PIM can be used in VXLAN. Once a packet is flooded to every VTEP that is subscribed to a multicast group, a VTEP can learn source MAC address from original packet (inner headers) and VTEP’s loopback address that encapsulated and flooded this packet (outer headers), so traffic will be forwarded as unicast in future. First approach requires control plane to be involved, while second sounds exactly like multicast, so pure VXLAN using Data-Plane only (no Control-Plane in terms of VXLAN) requires multicast configuration. So, a single VTEP either should know about about every VTEP configured with the VNI or have the ability to send traffic without this knowledge. During this process frame should be delivered to every device that is configured with specific VNI. Since Learning, Aging and Filtering is done locally (other switches are not affected) – these are not important in terms of VXLAN.įlooding. As you should remember, a bridge domain (VLAN) is built with following functions: VXLAN allows you to build broadcast domains over 元 networks. It can be Leaf of Spine, but since VXLAN is usually represented as a topology where there is no special requirements for Spine switches, I guess it is safe to say that A VTEP is a Leaf switch that does VXLAN encapsulation. VXLAN Tunnel End Point (VTEP)Ī VTEP is a switch that does VXLAN encapsulation. Check out Petr Lapukhov’s talk – Building Scalable Data Centers: BGP is the Better IGP. For some reason, I have never seen EIGRP as a solution for the underlay, I guess it has something to do with the fact that the BGP is also distance-vector protocol (in a sense), and it is way more featurific than EIGRP. The purpose of the underlay configuration is to make sure that every device can reach each other by IP, so any routing solution will work: static, OSPF/IS-IS, EIGRP, BGP.
USE MAC ADDRESS FLOODING ATTACK CISCO INSTALL
Not enough throughput – install another Spine, if you have enough ports.Ĭheck out facebook’s approach for its DCs- Introducing data center fabric, the next-generation Facebook data center network Underlay The benefits of such scheme is predictable delay and scaling. It also called Leaf-Spine-Leaf topologies. If you think of traffic from a client connected to Leaf-1 and a client connected to Leaf-2, the path between them will be (Leaf-1)-Spine-(Leaf-2). A Spine switch has only connections to Leafs. A Leaf switch is a switch to which all clients are connected.
Usually, by IP fabric, people mean Leaf-Spine topologies. VNI represents a broadcast domain in VXLAN environment – devices connected to the same VNI can forward and receive ARP from each other. VXLAN is 8-byte header that contains L2 virtual network identifier (VNI) header which is 24-bit long. Since normally we have 元 MTU of 1500 bytes, with VXLAN we have 50 bytes of overhead for 元 PDU. | Outer Ethernet | - 14 bytes (SA, DA, Type) It means that original ethernet frame is encapsulated with VXLAN header and later with IP and UDP: +-+ VXLAN works on top of IP fabric utilizing ECMP in IP fabric, so it is MAC-in-IP encapsulation. Neither of these provide the same functionality as VXLAN does. There are two more of such techniques: TRILL and Fabric Path. VXLAN is a fancy way of getting rid of Classical Ethernet (CE) in your DC since no one likes half of the links being not utilized. This blog post is about VXLAN basics and how “pure” L2 (like switches do it) can be built with VXLAN encapsulation in IP fabric.
0 kommentar(er)
