Ads 468x60px

Featured Posts

20 de febrero de 2017

Virtual Extensible LAN (VXLAN) Overlay

I have been writing about overlay technologies lately like Bridging (802.1q), Provider Bridging (802.1ad), Provider Backbone Bridging (802.1ah) and Shortest Path Bridging (802.1aq) but this time I want to write about a well-known and useful Layer 2 technology in datacenters to communicate Virtual Machines over a Layer 3 network. This technology is called Virtual Extensible LAN or VXLAN and it is increasingly deployed in big datacenters for replication services or because customers requirements go beyond of an unique datacenter or geographic site.

VXLAN is an host overlay technology that is useful for having any workload anywhere across Layer 3 boundaries which is a good news for VM mobility. In addition, this virtual technology scale up to 16 millions of segments thanks to the VXLAN encapsulation where we can have traffic and address isolation easily. Therefore, we are no longer limited by Layer 3 boundaries to spread large Layer 2 networks and also VM mobility is a reality between datacenters. Moreover, we can scale above 4K segments (VLAN limitation) which is already a requirement for service provider datacenters where secure multi-tenancy and traffic isolation is mandatory.

There are some benefits that I would like to highlight like layer 2 connectivity between devices over a layer 3 network, maybe this is the best advantage. We can also increase the scalability of the network above 4096 VLANs, which is useful for service providers with more than 4096 customers, for example. Another advantage is the chance to configure duplicate IPs in the same VXLAN domain but associated to different VNI or Virtual Network Identifier. We could also use VXLAN to extend layer 2 networks transparently through different VLANs with VLANs translation or vlan-xlation. This is a technology that allows us to migrate (VMotion for VMware) virtual machines over a layer 3 network or even communication with physical servers through VXLAN Gateways switches.

If we want to deploy and configure VXLAN, we should know about VXLAN concepts first. We already know about segments, then VXLAN segments are used for tunneling virtual machine traffic over a layer 3 network. On the other hand, the VNI concept used before is a 24-bits identifier to identify and address VXLAN segments. While the tunnel that is used for sending VXLAN packets encapsulated inside VXLAN Tunnel End Points or VTEP is called VXLAN Tunnel Interface or VTI. Therefore, we can have more than one VTEP in a switch. By last, we can use a VXLAN Gateway for bridging VXLAN domains with traditional VLANs transparently.

VXLAN Gateway Example
This layer 2 overlay scheme encapsulates the entire layer 2 frame in UDP datagrams, over the udp/4789 port by default, with 50 bytes of header overhead. This encapsulation technology, developed by VMware, Citrix, Red Hat and others, is transparent for virtual machines even for BUM (Broadcast, Unknown and Multicast) traffic where it is always used multicast.

VXLAN Packet Format

Regards my friends, extends your LAN and not stay behind.

13 de febrero de 2017

Shortest Path Bridging (SPB) Configuration

When I was studying at University, the IEEE working group posted 802.1aq draft but the SPB standard is already a reality ready for deployments since the IEEE approved the standard on March 2012. I was wondering if SPB is taught at Universities today or teachers keep teaching the traditional Spanning Tree Protocol (STP) without mentioning the pros and cons of using STP against SPB. This new technology was used inside the network of the Sochi Olympics by Avaya, which was capable of handling up 54 Tbps of traffic, and since then, we can see more and more deployments of SPB. Therefore, I'm lucky today for having two Alcatel-Lucent OmniSwitch 6860E with advanced routing license to test Shortest Path First and sharing with you the SPB configuration.

SPB configuration has two main steps

The first one is the Backbone configuration where we have to create the Backbone VLAN or BVLAN, which is the base of the SPB-M infrastructure and it will be associated with an equal cost tree (ECT) algorithm ID and a SPB service instance ID (I-SID). We also have to configure the SPB interfaces which will be associated with each BVLAN and they will send and receive ISIS Hello packets and link state PDU (LSP). In addition to enabling/disabling ISIS-SPB instances, we can configure ISIS-SPB global parameters like wait time intervals for customizing the Backbone SPB.

ISIS Hello packet
The second and last step is the Service configuration where we are going to configure SPB-M services associating a Service Manager ID with a BVLAN, I-SID and Service Access Point (SAP) to identify the customer traffic that will be encapsulated by the service. We also have to configure access ports where customers are going to be connected and it will be associated with a SAP. Optionally, we can configure a layer 2 profile to access port for 802.1X authentication or 802.3ad link aggregation. In addition, we'll have to configure Service Access Points (SAP) to bind a SPB service to an access port for defining which customer traffic will be encapsulated through the service.

OmniSwitch SPB Configuration
Once we have configured SPB, interconnected switches through Backbone interfaces and connected customers to access ports, we should verify the Backbone configuration and the Service configuration to know if everything is working as expected. For instance, we can see BVLANs with their ECT-algorithm ID of a Backbone testing configuration, and we can also see Service ID with their Administrative and Operational status of a Services testing configuration in the next images.

Backbone VLANs
SPB Services
If we are a little bit freak, or rather, professional network engineers, OmniSwitch has the tcpdump tool which allow us to analyse network traffic for troubleshooting propose. As a result, it's easy to get SPB frames to see customer frames encapsulated inside SPB frames where the standard 802.1ah, called Provider Backbone Bridging, makes a layer 2 tunnel through a layer 3 network to connect different customer sites or datacenters.

ICMP SPB frame
Regards my friends, configure Shortest Path Bridging in your network, it will be mandatory, now, or in the near future.

Related Posts Plugin for WordPress, Blogger...

Entradas populares