VXLAN-EVPN-介绍

VxLAN和MP-BGPEVPN技术介绍©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublic议程VxLAN总体介绍MP-BGPEVPN基础MP-BGPEVPN控制平面VXLAN设计MP-BGPEVPNVXLAN配置©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublic什么是虚拟叠加网络?灵活的叠加虚拟网络•移动性–跟踪边缘设备连接的主机•伸缩性–减少核心网络状态，网络边缘分布式和分区处理•多租户–共享网络资源•灵活性/可编程，减少维护端点数量按需在底层承载网络之上快速部署虚拟业务网络©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicOverlay控制平面Encapsulation服务=VirtualNetwork(VN)标识=VNIdentifier(VNI)Underlay控制平面Underlay网络主机(end-points)Edge设备Edge设备4Overlay术语©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicOverlay属性服务边缘设备信令Layer2服务Layer3服务主机式Overlays网络式Overlays混合式Overlays数据平面学习控制平面学习5©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicOverlay服务类型Layer2Overlays•仿真LAN网段•TransportEthernetFrames(IPandnon-IP)•Singlesubnetmobility(L2domain)•ExposuretoopenL2flooding•UsefulinemulatingphysicaltopologiesLayer3Overlays•仿真路由的IP网络•TransportIPPackets•Fullmobilityregardlessofsubnets•Containnetworkrelatedfailures(floods)•Usefulinabstractingconnectivityandpolicy6©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLAN综述VXLAN解决的问题:•VLAN扩展性问题(4K)–VXLAN扩展二层分段识别ID字段到24位，理论上可以在同一个网络上标识1600万个唯一的二层网络分段•VM移动被限制在本地VLAN–VXLAN封装二层数据帧在IP-UDP报头，允许二层网络连接跨越三层路由网络。VXLAN技术综述:•MAC-in-UDP封装•利用底层传输网络的组播能力仿真二层网络中的BUM帧＊•利用ECMP实现底层网络之上的路径优化©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLAN帧格式MAC-in-IP封装8UnderlayOuterIPHeaderOuterMACHeaderUDPHeaderVXLANHeaderOriginalLayer-2FrameOverlay14Bytes(4BytesOptional)EtherType0x0800VLANIDTagVLANType0x8100Src.MACAddressDest.MACAddress484816161620BytesDest.IPSourceIPHeaderChecksumProtocol0x11(UDP)IPHeaderMisc.Data7281632328BytesChecksum0x0000UDPLengthVXLANPortSourcePort161616168BytesReservedVNIReservedVXLANFlagsRRRRIRRR824248SrcVTEPMACAddressNext-HopMACAddressSrcandDstaddressesoftheVTEPsAllowsfor16MpossibleegmentsUDP4789HashoftheinnerL2/L3/L4headersoftheoriginalframe.EnablesentropyforECMPLoadbalancingintheNetwork.50(54)BytesofOverhead©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLAN概述(1)9LocalLANSegmentPhysicalHostLocalLANSegmentPhysicalHostVirtualHostsLocalLANSegmentVirtualSwitchEdgeDeviceEdgeDeviceEdgeDeviceIPInterface©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLAN概述(2)10LocalLANSegmentPhysicalHostLocalLANSegmentPhysicalHostVTEPVTEPVTEPVVVEncapsulationVirtualHostsLocalLANSegmentVirtualSwitchVTEP–VXLANTunnelEnd-PointVNI/VNID–VXLANNetworkIdentifier©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLANVTEPVXLAN在VTEPs(VirtualTunnelEndPoint)终结隧道服务每个VTEP提供两个接口：一个负责本地主机桥接功能，另外一个连接核心网络提供VxLAN封装和解封装LocalLANSegmentIPInterfaceEndSystemEndSystemVTEPTransportIPNetworkLocalLANSegmentIPInterfaceEndSystemEndSystemVTEP©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLAN术语12•Layer-2VNI:•VNI(VXLANnetworkidentifier)carriedinVXLANpacketsbridgedacrossVTEPs(VXLANtunnelendpoint).ThisVNIisconfiguredperVLAN.•Layer-3VNI:•VNIcarriedintheVxLANpacketsroutedacrossVTEPs.ThisVNIislinkedperTenantVRF.•AnycastGW:•AllL3VTEPsareconfiguredwithsamemacandsamesubnetforhostfacingSVI.•VRFoverlayVLAN:•EveryTenantVRFwillneedaVlantobeconfiguredforVXLANrouting.•ThisVLANisconfiguredwithL3-VNI.•VXLANL2Gateway:•VTEPcapableofswitchingVLAN-VXLAN,VXLAN-VLANpacketswithinsameVNI.•VXLANL3Gateway:•VTEPcapableofroutingpacketsacrossdifferentVNIs.©2015Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicVXLANGateway类型•VXLANtoVLANBridging–(Layer-2Gateway)•VXLAN-to-VXLANRouting–(Layer-3Gateway)•VXLAN-to-VLANRouting–(Layer-3Gateway)13VVXLANRouterIngressVXLANpacketonREDsegmentEgressVXLANpacketisROUTEDtonewsegmentVVXLANRouterIngressVXLANpacketonREDsegmentEgresspacketisIEEE802.1qtaggedinterface.packetisROUTEDtonewVLANVVXLANLayer-2GatewayIngressVXLANpacketonREDsegmentEgresspacketisIEEE802.1qtaggedinterface.packetisBRIDGEDtonewVLAN©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicOverlay服务–Layer-2–Layer-3–Layer-2+Layer-3Tunnel封装Underlay传输网络•对等体发现机制•OverlayL2/L3Unicast流量•路由学习和分布机制–本地学习–远程学习控制平面•Overlay广播,未知单播(Layer-2)流量,组播流量(BUMtraffic)转发数据平面©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublic•基于Overlay的“事实上的标准”•利用Layer-3路由–被验证的,稳定和可扩展•ECMP等价多路径–所有链路负责转发•增加二层域空间到16M（传统的VLAN只有4K）•物理和虚拟主机环境的集成•多租户©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicFCSOuterMacHeaderOuterIPHeaderUDPHeaderVXLANHeaderOriginalL2FrameFCS8Bytes20BytesIPHeaderMiscDataProtocol0x11HeaderChecksumOuterSrc.IPOuterDst.IP7281632328BytesUDPSrc.PortUDPDstPortUDPLengthChecksum0x000016161616VXLANRRRR1RRRReservedVNIDReserved82424810or14BytesDst.MACAddr.Src.MACAddr.VLANType0x8100VLANIDTagEtherType0x08004848161616源和目的VTEP地址,允许在underlayIP网络之上的传输理论上扩展到16M标识VXLAN采用UDP端口4789内部帧的L2/L3/L4报头的哈希，用作ECMP/LACP负载均衡Underlay网络中下一跳的传输©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublic•可路由的IP网络•支持任何路由协议---OSFP,EIGRP,IS-IS,BGP,etc.IP传输网络•灵活的拓扑•推荐使用具备冗余路径的网络利用ECMP实现负载均衡•如果使用组播来复制和传输overlayBUM，则Underlay需要部署组播©2014Ciscoand/oritsaffiliates.Allrightsreserved.CiscoPublicDCCoreDCAggregationDCAccess三层架构设计DCCore/AggregationDCAccess聚合核心/汇聚的二层架构设计DCSpineDCLeaf交换矩阵式设计DC-1DC-2WANDC互联©2014