VXLAN Tunnel Establishment

A VXLAN tunnel is identified by a pair of VTEP IP addresses. During VXLAN tunnel establishment, the local and remote VTEPs attempt to obtain IP addresses from each other. A VXLAN tunnel can only be established if the obtained VTEP IP addresses can reach each other at Layer

3. When BGP EVPN is used to dynamically establish a VXLAN tunnel, the local and remote VTEPs first establish a BGP EVPN peer relationship before exchanging BGP EVPN routes to learn the VNIs and VTEP IP addresses from each other.

On the network shown in Figure 5.13, Host 1 and Host 3 are attached to VTEP 2, Host 2 is attached to VTEP 3, and a Layer 3 gateway is deployed on VTEP 1. To allow Host 3 and Host 2, which are on the same subnet, to communicate with each other, a VXLAN tunnel needs to be established between VTEP 2 and VTEP 3. To allow Host 1 and Host 2 on different subnets to communicate with each other, VXLAN tunnels need to be established between VTEP 2 and VTEP 1 and between VTEP 1 and VTEP 3. Although Host 1 and Host 3 are both attached to VTEP 2, they belong to different subnets and must communicate through the Layer 3 gateway (VTEP 1). For this reason, a VXLAN tunnel is also required between VTEP 2 and VTEP 1.

The following example illustrates how to use BGP EVPN to dynamically establish a VXLAN tunnel between VTEP 2 and VTEP 3, as shown in Figure 5.14.

1. VTEP 2 and VTEP 3 first establish a BGP EVPN peer relationship. Then, local EVPN instances are created on VTEP 2 and VTEP 3, and a route distinguisher (RD), export VPN target (ERT), and import

VXLAN tunnel establishment

FIGURE 5.13 VXLAN tunnel establishment.

Dynamic VXLAN tunnel establishment

FIGURE 5.14 Dynamic VXLAN tunnel establishment.

VPN target (IRT) are configured for each EVPN instance. Layer 2 BDs are created and bound to VNIs and EVPN instances. After IP addresses are configured on VTEP 2 and VTEP 3, they generate a BGP EVPN route and advertise it to each other. The BGP EVPN route carries the ERT list of the local EVPN instance and an inclusive multicast route (Type 3 route defined in BGP EVPN).

2. When VTEP 2 and VTEP 3 receive a BGP EVPN route from each other, they match the ERT list of the remote EVPN instance carried in the route against the IRT list of the local EVPN instance. If a match is found, the route is accepted. If no match is found, the route is discarded. If the route is accepted, VTEP 2 and VTEP 3 obtain each other’s IP address and VNI carried in the route. If the IP addresses are reachable at Layer 3, the VTEPs establish a VXLAN tunnel. If the remote VNI is the same as the local VNI, an ingress replication list is created to forward subsequent BUM packets.

The process of dynamically establishing a VXLAN tunnel between VTEP 2 and VTEP 1 and between VTEP 3 and VTEP 1 using BGP EVPN is the same as that between VTEP 2 and VTEP 3.

Dynamic MAC Address Learning

VXLAN uses dynamic MAC address learning to facilitate communication between end users. MAC address entries are dynamically created and therefore do not require manual maintenance, greatly reducing the maintenance workload. Figure 5.15 illustrates how intrasubnet hosts dynamically learn each other’s MAC address.

1. When Host 3 communicates with VTEP 2 for the first time, VTEP 2 learns the mapping between Host 3’s MAC address, BD ID, and inbound interface (Port 1) that has received the ARP packet, and generates a MAC address entry for Host 3, with the outbound interface set to Port 1. In addition, VTEP 2 generates a BGP EVPN route based on the ARP entry of Host 3 and advertises the route to VTEP 3. The BGP EVPN route carries the ERT list of VTEP 2’s EVPN instance, next-hop attribute (VTEP 2’s IP address), and MAC/IP route (Type 2 route defined in BGP EVPN). Figure 5.16 shows the format of a MAC/IP route. In this example, the MAC Address Length and MAC Address fields identify the MAC address of Host 3, and the MPLS Labell field identifies the Layer 2 VNI.

Dynamic MAC address learning

FIGURE 5.15 Dynamic MAC address learning.

MAC/IP route

FIGURE 5.16 MAC/IP route.

2. When receiving the BGP EVPN route from VTEP 2, VTEP 3 matches the ERT list of the EVPN instance carried in the route against the IRT list of the local EVPN instance. If a match is found, the route is accepted. If no match is found, the route is discarded. If the route is accepted, VTEP 3 obtains the mapping between Host 3’s MAC address, BD ID, and VTEP 2’s IP address (next-hop attribute), and generates a MAC address entry for Host 3. Based on the next-hop attribute, the MAC address entry’s outbound interface is recursed to the VXLAN tunnel destined for VTEP 2.

VTEP 2 learns Host 2’s MAC address in the same way.

3. When Host 3 attempts to communicate with Host 2 for the first time, Host 3 sends an ARP request for Host 2’s MAC address, with the destination MAC address set to all Fs and the destination IP address set to IP 2. By default, VTEP 2 broadcasts the ARP request to devices on the same network segment as the interface that receives the request. To reduce broadcast packets, ARP broadcast suppression can be enabled on VTEP 2. With this function enabled, VTEP 2 searches the local MAC address table for the MAC address of Host 2 based on the destination IP address in the received ARP request. Then, if Host 2’s MAC address is found, VTEP 2 replaces the destination MAC address with this MAC address, and unicasts the ARP request to VTEP 3 through the VXLAN tunnel established between them. VTEP 3 then forwards the received ARP request to Host 2. In this way, Host 2 learns Host 3’s MAC address and responds with a unicast ARP reply. After Host 3 receives the ARP reply, it learns Host 2’s MAC address.

By this stage, Host 3 and Host 2 have learned the MAC address of each other, and they can communicate in unicast mode.
 
Source
< Prev   CONTENTS   Source   Next >