VXLAN TECHNOLOGY BASICS
VXLAN is a standard NV03 technology defined by the IETF. VXLAN is essentially a tunneling technology that extends Layer 2 networks across Layer 3 infrastructure by encapsulating Layer 2 packets into UDP packets using MAC-in-UDP encapsulation.
Basic Concepts of VXLAN
Figure 5.8 shows the basic structure of a VN constructed on top of an IP network through VXLAN tunnels.
FIGURE 5.8 VXLAN model.
VXLAN involves the following elements that do not exist on traditional campus networks:
- • VXLAN Tunnel Endpoints (VTEPs): VXLAN edge devices of a VXLAN tunnel that encapsulate and decapsulate VXLAN packets. In a VXLAN packet, the source IP address is the local VTEP address, and the destination IP address is the remote VTEP address. One pair of such VTEP addresses identifies a VXLAN tunnel. The border node and edge node described in Section 5.2.2 are both VTEPs, and they play an important role in VXLAN.
- • VXLAN Network Identifier (VNI): In a similar way to VLAN IDs on a traditional network, VNIs differentiate subnets in a VN. Layer 2 communication is not allowed between users on different subnets. A VNI is 24 bits long, which means it supports approximately 16 million subnets.
- • BD: Each VNI is mapped to a BD, and users in the same BD communicate with each other at Layer 2.
VXLAN Packet Format
In the VXLAN encapsulation process, after receiving a packet from a host, the source VTEP adds a VXLAN header, UDP header, IP header, and Ethernet header to the original packet in sequence. This new packet is known as a VXLAN packet. Upon receipt of the VXLAN packet, the destination VTEP decapsulates the packet to obtain the original packet and forwards the original packet to the destination host. Figure 5.9 shows the VXLAN packet format.
Table 5.2 describes the fields in a VXLAN packet.
FIGURE 5.9 VXLAN packet format.
TABLE 5.2 Description of Fields in a VXLAN Packet
|
Field |
Description |
|
VXLAN header |
VXLAN Flags (16 bits) Group ID (16 bits): specifies a user group ID. When the first bit of VXLAN Flags is 1, the value is a group ID; when the first bit of VXLAN Flags is 0, the value is all Os VNI: specifies a VXLAN network identifier Reserved: this 8-bit field is reserved and set to 0 |
|
Outer UDP header |
Source port (16 bits): specifies the source UDP port number, which is calculated based on the inner Ethernet packet header using the hash algorithm DestPort (16 bits): specifies the destination UDP port number. The value is 4789 UDP length (16 bits): specifies the length of a UDP packet, which is total length of the UDP header and UDP data UDP checksum (16 bits): used for error-checking of the UDP header and UDP data |
(Continued)
TABLE 5.2 (Continued) Description of Fields in a VXLAN Packet
|
Field |
Description |
|
Outer IP Header |
IP SA (32 bits): specifies the source IP address, which is the IP address of the source VTEP of a VXLAN tunnel IP DA (32 bits): specifies the destination IP address, which is the IP address of the destination VTEP of a VXLAN tunnel Protocol (8 bits): specifies the next protocol following the datagram |
|
Outer Ethernet header |
MAC DA (48 bits): specifies the destination MAC address, which is the MAC address of the next-hop device on the path to the destination VTEP MAC SA (48 bits): specifies the source MAC address, which is the MAC address of the source VTEP that sends the packet 802.IQ tag (32 bits): specifies the VLAN tag in the packet. This field is optional Ethernet type (16 bits): specifies the type of the Ethernet frame. The value is 0x0800 in an IP packet |
As described, the VXLAN network model and packet format convey the following VXLAN features:
- • Compared with Layer 2 isolation using 12-bit VLAN IDs, VXLAN uses 24-bit VNIs to support the isolation of up to 16 million VXLAN segments, meeting the requirements of a large number of tenants.
- • A VXLAN header includes a VNI that can be flexibly associated with other services, such as Layer 2 and Layer 3 VPNs.
- • On a VXLAN network, only edge devices need to identify the MAC addresses of hosts.
VXLAN uses MAC-in-UDP encapsulation to extend Layer 2 networks, decoupling VNs from the physical network. In addition, tenants can plan VNs without the need to consider IP addresses and BDs on the physical network, greatly simplifying network management.
• The VXLAN-encapsulated UDP source port number is calculated based on the inner Ethernet packet header using the hash algorithm. Load balancing can be performed on the physical network without parsing inner packets, increasing the network throughput.
