SDN_VXLAN技术交流v1

©2009VMwareInc.AllrightsreservedSDN、VXLAN技术交流刘承罡cliu@vmware.com2Agenda我们眼里的SDNvxLan技术原理与标准化流程vxLan技术评估与发展展望3我们眼里的SDN4过去十年，VMware干了什么：把硬件计算资源通过软件实现物理资源•CPU、内存、芯片、I/O设备•资源利用率低软件•软件和硬件紧密耦合，迁移成本高•只有一个活动的操作系统示例•操作系统控制底层硬件软件抽象•模拟硬件•封装OS和应用程序虚拟化层•松耦合硬件和上层OS•增强隔离性•在一套硬件上复用VM，提高资源利用率5$1,8005days,2minutes$3002minutes$10,00010weeksEnterprisestorageVLANnetworksFirewall,load-balancerIDS,security,monitoringAvailability+过去十年，VMware为什么成功……65days,2minutes3minutesVDCSoftware-definedDatacenterServices未来如何？7软件定义的数据中心：SDDC物理架构层SDDC-2SDDC-1基础架构抽象层8计算资源虚拟化抽象层网络是SDDC的一个最大障碍物理架构层SoftwareDefinedDataCenterOne•Provisioningisslow•Placementislimited•Mobilityislimited•Hardwaredependent•Operationallyintensive9解决方案：SDN物理架构层计算资源虚拟化抽象层•Programmaticprovisioning•Placeanyworkloadanywhere•Moveanyworkloadanywhere•Decoupledfromhardware•Operationallyefficient网络资源虚拟化抽象层SoftwareDefinedDataCenterOne•Provisioningisslow•Placementislimited•Mobilityislimited•Hardwaredependent•Operationallyintensive10什么是SDN?和软件定义的计算类比……PhysicalCompute&Memory(Dell,HP,IBM,Quanta,…)ServerHypervisorRequirement:x86VirtualMachineVirtualMachineVirtualMachineApplicationApplicationApplicationx86EnvironmentPhysicalNetwork(Arista,Cisco,HP,Juniper,Cumulus,…)NetworkVirtualizationPlatformRequirement:IPTransportVirtualNetworkVirtualNetworkVirtualNetworkWorkloadWorkloadWorkloadL2,L3,L4-7NetworkServicesDecoupled11网络虚拟化=下一代的SDNSDN的特点-软件的灵活性-加速软件创新-硬件无关性虚拟化带来的优势-非破坏式的部署-和物理拓扑松耦合-服务组合-向后兼容L2L3VirtualNetworkL212NetworkVirtualizationPlatformSDN的关键组成部分PhysicalInfrastructure1231.隧道技术2.南北向网络服务3.操作与管理13vxLan技术原理与标准化14为什么要实现隧道---跨越物理位置的二层的扩展WebAppDBComputeClusterBComputeClusterAWeb隧道技术的一种，VXLAN讲二层网络的扩展和隔离从物理网络中解耦和出来,VXLANFabricWebTierneedstoexpand?Capacity?IPAddress?Network?15Sourceforpicture:DataCenterTop-of-RackArchitectureDesign~50hosts/rack~500hosts/Row500*20=10000VMs10000VMs/5=2000tenants.Eachwith2ormoreVLANs=4KEoRServices为什么要实现隧道内的二层隔离？16vxLan如何来帮助操作VLAN扩展•VXLAN能够对二层扩展进行大规模的扩展满足多租户的需要•可控制的南北向服务Sourceforpicture:DataCenterTop-of-RackArchitectureDesign~50hosts/rack~500hosts/Row500*20=10000VMs16MVXLANs4KVLANs17VirtualExtensibleLocalAreaNetwork(VXLAN)EthernetinIPoverlaynetwork•EntireL2frameencapsulatedinUDP•50bytesofoverheadInclude24bitVXLANIdentifier•16MlogicalnetworksVXLANcancrossLayer3TunnelbetweenESXhosts•VMsdoNOTseeVXLANIDIPmulticastusedforL2broadcast/multicast,unknownunicastTechnologysubmittedtoIETFforstandardization•WithCisco,Citrix,RedHat,Broadcom,Arista,andOthersOuterMACDAOuterMACSAOuter802.1QOuterIPDAOuterIPSAOuterUDPVXLANID(24bits)InnerMACDAInnerMACSAOptionalInner802.1QOriginalEthernetPayloadCRCVXLANEncapsulationOriginalEthernetFrame18vxLan标准化情况：DateVersionText2013-02-2203Newversionavailable:draft-mahalingam-dutt-dcops-vxlan-03(difffrom-02)2012-08-2202Newversionavailable:draft-mahalingam-dutt-dcops-vxlan-02(difffrom-01)2012-02-2401Newversionavailable:draft-mahalingam-dutt-dcops-vxlan-01(difffrom-00)2011-08-2700Newversionavailable:draft-mahalingam-dutt-dcops-vxlan-00工作原理（二层通信）–隧道初始化建立20ESX2VTEP2VM2MAC2L2/L3networkinfraESX1VTEP1VM1MAC1NetIDMACIPNetIDMACIP100MAC1IP1_vtep1BCASTMAC1ARPReq1MACHdrIPHdrDA:239.119.1.1SA:IP_vtep1UDPHdrVXLANHdrVXLANID:100BCASTMAC1ARPReq2Fororiginalbcast,encapw/ipmcast3EncappedpktcomesinviamcastBCASTMAC1ARPReq5MACHdrIPHdrDA:239.119.1.1SA:IP_vtep1UDPHdrVXLANHdrVXLANID:100BCASTMAC1ARPReq4LearninnersrcMAC/outersrcIPmappingVXLANprotocol–ARP查询VM1通过组播在其所属的vxlan对应的组播组中发送ARPrequest(BCASTINMULTICAST)21ESX2VTEP2VM2MAC2L2/L3networkinfraESX1VTEP1VM1MAC1NetIDMACIP100MAC2IP_vtep2NetIDMACIP100MAC1IP_vtep1MAC1MAC2ARPResp42MAC1islearnt,encapw/IPunicastMAC1MAC2ARPResp1MACHdrIPHdrDA:IP_vtep1SA:IP_vtep2UDPHdrVXLANHdrVXLANID:100MAC1MAC2ARPResp3LearninnersrcMAC/outersrcIPmappingMACHdrIPHdrDA:IP_vtep1SA:IP_vtep2UDPHdrVXLANHdrVXLANID:100MAC1MAC2ARPRespVM2通过单播向VM1发送ARP应答VXLANProtocol–ARP应答22ESX2VTEP2VM2MAC2L2/L3networkinfraESX1VTEP1VM1MAC1NetIDMACIP100MAC1IP1_vtep11234VXLANprotocol–发送数据MAC2MAC1DataMAC2MAC1DataMACHdrIPHdrDA:IP_vtep2SA:IP_vtep1UDPHdrVXLANHdrVXLANID:100MAC2MAC1DataMACHdrIPHdrDA:IP_vtep2SA:IP_vtep1UDPHdrVXLANHdrVXLANID:100MAC2MAC1DataNetIDMACIP100MAC2IP_vtep2VM1通过单播向VM2发送数据23ESX2VTEP2VM2MAC2L2/L3networkinfraESX1VTEP1GatewayMAC1MAC1MAC2DataMAC1MAC2DataMACHdrIPHdrDA:IP_vtep1SA:IP_vtep2UDPHdrVXLANHdrVXLANID:100MAC1MAC2DataMACHdrIPHdrDA:IP_vtep1SA:IP_vtep2UDPHdrVXLANHdrVXLANID:100MAC1MAC2DataVXLANProtocol（三层通信）–GatewayIPHdrDA:YahooSA:GWIPSWMACMAC1Data三层通信的精髓：vshieldedge24vxLan技术评估与发展展望25VXLAN精髓分析：两个关键组件VTEP和组播VTEP:VirtualTunnelEndPoint,所有的VM加入vxlan实际上是通过VTEP加入一个vxlan关联的组播组的方式来实现的每个VTEP上会维护一张表，记录属于同一个vxlan（二层网）的vm的mac地址，其所属主机的VTEP的ip地址，这个表如下表所示当一个VM1和一个二层内的其他VM（比如VM2）通信时，当且仅当VM1所在主机没有记录VM2所属的主机VTEP地址时候，VM1所在主机需要通过主机发送一个组播来查找VM2的MAC，以及VM2所在主机的VTEPIP下一步的展望：controller来替代组播，通过nicira的controller来实现NetIDMACIP100MA