VXLAN

The SR OS and Nuage solution for DC supports VXLAN (Virtual eXtensible Local Area Network) overlay tunnels as per RFC 7348.

VXLAN addresses the data plane needs for overlay networks within virtualized data centers accommodating multiple tenants. The main attributes of the VXLAN encapsulation are:

• VXLAN is an overlay network encapsulation used to carry MAC traffic between VMs over a logical Layer 3 tunnel.

• Avoids the Layer 2 MAC explosion, because VM MACs are only learned at the edge of the network. Core nodes simply route the traffic based on the destination IP (which is the system IP address of the remote PE or VTEP-VXLAN Tunnel End Point).

• Supports multi-path scalability through ECMP (to a remote VTEP address, based on source UDP port entropy) while preserving the Layer 2 connectivity between VMs. xSTP is no longer needed in the network.

• Supports multiple tenants, each with their own isolated Layer 2 domain. The tenant identifier is encoded in the VNI field (VXLAN Network Identifier) and allows up to 16M values, as opposed to the 4k values provided by the 802.1q VLAN space.

Figure 1 shows an example of the VXLAN encapsulation supported by the Nokia implementation.

As shown in Figure 1, VXLAN encapsulates the inner Ethernet frames into VXLAN + UDP/IP packets. The main pieces of information encoded in this encapsulation are:

• VXLAN header (8 bytes)

  • Flags (8 bits) where the I flag is set to 1 to indicate that the VNI is present and valid. The rest of the flags (‟Reserved” bits) are set to 0.

  • Includes the VNI field (24-bit value) or VXLAN network identifier. It identifies an isolated Layer 2 domain within the DC network.

  • The rest of the fields are reserved for future use.

• UDP header (8 bytes)

  • Where the destination port is a well-known UDP port assigned by IANA (4789).

  • The source port is derived from a hashing of the inner source and destination MAC/IP addresses that the 7750 SR, 7450 ESS, or 7950 XRS does at ingress. This creates an ‟entropy” value that can be used by the core DC nodes for load balancing on ECMP paths.

  • The checksum is set to zero.

• Outer IP and Ethernet headers (34 or 38 bytes)

  • The source IP and source MAC identifies the source VTEP. That is, these fields are populated with the PE’s system IP and chassis MAC address.

    Note:

    The source MAC address is changed on all the IP hops along the path, as is usual in regular IP routing.

  • The destination IP identifies the remote VTEP (remote system IP) and be the result of the destination MAC lookup in the service Forwarding Database (FDB).

    Note:

    All remote MACs are learned by the EVPN BGP and associated with a remote VTEP address and VNI.

Some considerations related to the support of VXLAN on the 7750 SR, 7450 ESS, and 7950 XRS are:

• VXLAN is only supported on network or hybrid ports with null or dot1q encapsulation.

• VXLAN is supported on Ethernet/LAG and POS/APS.

• IPv4 and IPv6 unicast addresses are supported as VTEPs.

• By default, system IP addresses are supported, as VTEPs, for originating and terminating VXLAN tunnels. Non-system IPv4 and IPv6 addresses are supported by using a Forwarding Path Extension (FPE).