![]() Advantages: Inter-subnet traffic can be centrally managed, and gateway deployment and management are simplified. ![]() This section describes how a VXLAN tunnel is established to help you better understand how VXLAN works.Ĭentralized VXLAN gateway deployment has the following advantages and disadvantages: ![]() MAC Addr.) is the MAC address of the next hop along the path to the destination VTEP. MAC Addr.) is the MAC address of the VTEP connected to the source VM, and the destination MAC address (Dst. In this header, the source MAC address (Src. The outer MAC header is also called the outer Ethernet header. IP) is the IP address of the VTEP connected to the destination VM. IP) is the IP address of the VTEP connected to the source VM, and the destination IP address (Outer Dst. In the outer IP header, the source IP address (Outer Src. Port) is calculated using a hash algorithm based on the original Ethernet frame. In the UDP header, the destination port number (VXLAN Port) is fixed at 4789, and the source port number (UDP Src. The VXLAN header and the original Ethernet frame are used as UDP data. It also contains a VXLAN Flags field (8 bits, set to 00001000) and two reserved fields (24 bits and 8 bits, respectively). VXLAN packet format (outer IPv4 header used as an example)Īs shown in the preceding figure, a VXLAN tunnel endpoint (VTEP) encapsulates the following headers into the original Ethernet frame (original L2 frame) sent by a VM:Ī VXLAN header (8 bytes) contains a 24-bit VNI field, which is used to define different tenants on the VXLAN network. The following describes what the VXLAN packet looks like. And in terms of flexible migration, VXLAN establishes a virtual tunnel between two switches across the underlying IP network and virtualizes the network into a large "Layer 2 switch" (large Layer 2 network) to meet the requirement for large-scale dynamic VM migration.Īlthough VXLAN is an extension to VLAN, VXLAN is quite different from VLAN in terms of virtual tunnel establishment. In terms of scale, VXLAN uses the 24-bit VNI field to identify up to 16M tenants, far higher than that supported by VLAN (about 4000 tenants). VXLAN overcomes these shortfalls of VLAN. In addition, each VLAN is a small and fixed Layer 2 domain, and as such is not suitable for large-scale dynamic VM migration. According to standards, a VLAN network supports a maximum of about 4000 VLANs, failing to meet the requirement for tenant isolation on a large Layer 2 network. VLAN is a traditional network isolation technology. What Are the Differences Between VXLAN and VLAN? Theoretically, a maximum of 16M VXLAN segments are supported, meeting the requirements for identification and isolation of vast quantities of tenants. How does VXLAN meet these requirements? VXLAN adds a 24-bit VXLAN network identifier (VNI) that is equivalent to a VLAN ID to a VXLAN header. In this case, VLAN cannot meet these requirements. For example, public clouds or other large virtualized cloud data centers need to accommodate tens of thousands of tenants or even more. This is equivalent to the number of servers being multiplied. After server virtualization, a physical server hosts multiple VMs, and each of which has an independent IP address and MAC address. Sharp Increase in Tenants Raises Demand for Network IsolationĪccording to standards, a traditional VLAN network supports a maximum of about 4000 VLANs. Servers do not need to be aware of how data is forwarded within this "large switch". For servers, VXLAN virtualizes the entire infrastructure network into a large "Layer 2 virtual switch", with all servers connecting to this switch. Any two nodes can communicate through a VXLAN tunnel, regardless of the underlying network structure and other details. VXLAN provides a methodology for creating a virtual tunnel on the IP network to transparently forward user data when communication is required between a source and destination node on the IP network. It is this concept that inspired the design of VXLAN. This meets the requirements for dynamic VM migration. When a server is migrated from one port of the Layer 2 switch to another port, the IP address of the server can remain unchanged. To enable smooth VM migration over a large scope or even between regions, all involved servers must be deployed in a large Layer 2 domain.Ī Layer 2 switch can support Layer 2 communication between servers connected to the switch. Traditional three-layer network architecture limiting the dynamic VM migration scope
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |