VXLAN Static Routing
Feature Name |
Release Information |
Feature Description |
---|---|---|
VXLAN Static Routing |
Release 24.4.1 |
Introduced in this release on: Fixed Systems (8700) (select variants only*) *VXLAN Static Routing is now supported on Cisco 8712-MOD-M routers. |
VXLAN Static Routing |
Release 24.2.11 |
You can now configure the source and destination virtual tunnel endpoints (VTEPs) for a particular traffic flow, which is particularly useful for scenarios where your data center is connected to an enterprise network, so multiple servers in the data center provide cloud services to your customers and the enterprise edge router. These endpoints help provide rapid convergence in case of failure. Plus, using the UDP header in the VXLAN packet, the VXLAN static routing (also called unicast VXLAN) facilitates network balancing by preventing the transmission of replicated packets. Alternatively, you can use Service Layer API for faster provisioning of VXLAN static routing. This feature is supported only on the following PIDs:
This feature introduces these changes:
|
Introduction to VXLAN
Traditionally, Virtual Local Area Networks (VLANs) are used to partition a single physical network into multiple logical networks. With VLANs, every VLAN has a VLAN ID, which is added to a frame to keep traffic unique. The VLAN ID is 12-bits long, allowing around 4000 unique VLANs.
But in today's networks, you might have a data center with lots of virtualization and need to isolate several virtual machines (VMs) from other VMs where you could easily run out of VLANs. So, there is a need to provide robust tunneling mechanisms to isolate and load-balance traffic inside the provider’s network.
Virtual Extensible LAN (VXLAN) addresses some of the limitations of traditional VLANs in large-scale and cloud-based environments. VXLAN is widely used in data center environments where there is a need for virtualized networks to support cloud computing and virtualization technologies. It is also used in service provider networks to provide virtualized network services to customers.
VXLAN is a tunneling protocol that stretches Layer 2 networks over an underlying Layer 3 IP network. The VXLAN tunnel endpoint (VTEP) encapsulates and de-encapsulates Layer 2 traffic. VTEP encapsulates Layer 2 Ethernet frames within the Layer 4 User Datagram Protocol (UDP) and transports the encapsulated frames over a Layer 3 network.
VXLAN introduces an 8-byte VXLAN header that consists of a 24-bit VXLAN network identifier (VNI) with the original Ethernet frame added in the UDP payload. The 24-bit VNI is used to identify Layer 2 segments and maintain Layer 2 isolation between the segments.
With all 24 bits in VNI, VXLAN can support 16 million LAN segments. The VNI is used to designate the individual VXLAN overlay network on which the communicating virtual machines (VMs) are situated. VMs in different VXLAN overlay networks cannot communicate with each other.
VXLAN is a Layer 2 tunneling protocol that connects multiple servers in a data center that provide cloud services to customers and the enterprise edge router. VXLAN automatically configures underlay tunnels between the router and servers and overlay routing within those tunnels. VXLAN creates virtual networks on top of an underlay network. The underlay network is typically a physical IP network. VXLAN underlay can be IPv4 or IPv6 packets. The underlay and overlay networks are independent, and changes in the underlay don't affect the overlay. You can add or remove a router in the underlay network without affecting the overlay network.
VXLAN allows you to tunnel Ethernet frames over IP transport that uses IP and UDP as the transport protocol. A tunnel is created that enables you to extend a Layer 2 segment over a Layer 3 network using MAC-in-UDP encapsulation. A VXLAN header is added to the Layer 2 frame and placed inside a UDP packet to send to the routed domain. The VXLAN adds Layer 2 header, and the remote endpoint can ignore this header. The VXLAN tunnel endpoint (VTEP) is a router that encapsulates and de-encapsulates Layer 2 traffic.
When a host sends traffic:
-
The VXLAN encapsulates the traffic in UDP and IP headers.
-
VXLAN encodes the flow information in the UDP source port to enable routers to perform flow-based load balancing.
Flow-based load balancing identifies different flows of traffic based on the key fields in the data packet. For example, IPv4 source and destination IP addresses can be used to identify a flow.
-
VXLAN encapsulates these packets into the tunnel with an IPv4 or IPv6 outer header.
-
After the traffic reaches the destination router, the router decapsulates the packet and sends it to the destination host.
-
VXLAN adds the custom source MAC address in the inner header that encodes the information in the MAC address where your internal network devices can extract the required information.
For more information on VXLAN, see Key Concepts.
Benefits of VXLAN
VXLAN provides the following benefits:
-
High throughput through dedicated VPN connectivity between servers and enterprise edge routers.
-
Allows the creation of overlay networks independent of the underlying physical network, which provides greater flexibility in network design and deployment.
-
Flexible placement of multitenant segments throughout the data center with the creation of isolated virtual networks for multiple tenants, providing greater security and separation between different users.
-
Extends Layer 2 segments over the underlying shared network infrastructure to manage tenant workloads across physical pods in the data center.
-
Uses a 24-bit VXLAN Network Identifier (VNI) which enables the creation of up to 16 million unique virtual networks, providing greater scalability.
-
Facilitates network load balancing using the source UDP port within the VXLAN outer header.
VXLAN Static Routing
You can use VXLAN static routing to interconnect non-VXLAN, such as MPLS and VXLAN domains. VXLAN static routing defines the path for VXLAN traffic from the source VTEP to reach the destination VTEP and involves configuring static routes on the underlying Layer 3 network to direct the VXLAN traffic to the appropriate VTEPs.
VXLAN supports up to 160000 static routes by default. However, you can increase the scale value up to one million VXLAN static routes for IPv6 tunnel remote nexthop using the hw-module profile cef vxlan ipv6-tnl-scale command.
Benfits of VXLAN Static Routing
-
You can use static routes in scenarios where consistent routing decisions are required. Because the static routes are manually configured and the routing behavior is predictable and stable.
-
You can specify the next hop for each destination using static routes and thereby have direct control over traffic.
-
Static routes are useful for specific traffic engineering or policy requirements.
-
You do not have to maintain routing tables for static routing, hence reduces any overhead associated with routing protocols.
Restrictions for VXLAN Static Routing
-
Identical remote next hops with the same NVE with different VNI is not supported.
-
Two same remote next hops in the same VRF, when the VNI is different, are not supported. However, same next hops with different NVE is supported.
-
The index can be the same within a single VRF for the same VNI. However, the same VNI for different VRFs, must have a different index.
-
Source MAC address in the static encapsulation route cannot be a multicast address.
Topology
Let’s understand how VXLAN static routing works using this topology.
In this topology,
-
The PE router receives Layer 3 traffic on the VRF interface.
-
The VXLAN tunnel starts at the PE router and terminates on the transit router or the servers behind the transit router.
-
A BGP session is established over the tunnel.
-
When Layer 3 traffic enters the PE router from the CPE, the PE router encapsulates the packet into the VXLAN tunnel and sends the traffic to the transit routers. Traffic that enters the PE has the VLAN tags for tracking customers within your network domain. VLANs map to VRF on the PE and to the VXLAN VNI. VXLAN encapsulation can be IPv4 or IPv6.
-
The traffic is distributed based on your configured UDP source port. UDP source port value ranges from 49152 to 65535.
-
The VXLAN tunnel terminates at the transit router.
-
The transit router decapsulates the packet and performs an IP lookup to route traffic to the customer VM.
Similarly, the traffic from the VM is encapsulated as VXLAN. There will be an additional L2 header in the packet that must be terminated. Both VXLAN and the inner L2 header are terminated on the PE.
VXLAN Static Routing using Service Layer API
You can configure VXLAN static routing using Service Layer API, which results in faster provisioning, easier scaling, and improved overall management of VXLAN networks.
Large cloud providers often need to provision tunneling mechanisms quickly and at a large scale to isolate end customer traffic dynamically. However, the traditional method of configuring the router through CLI might not be efficient. We provide Service Layer API as an alternate way to manage routers to address this challenge. With Service Layer API, you can have granular control of network traffic over the forwarding plane. It leverages Google's gRPC to generate client and server bindings, which allows users to program the forwarding plane using a variety of programming languages.
For more information on Service Layer API, see the Use Service Layer API to Bring your Controller on Cisco IOS XR Router chapter in the Programmability Configuration Guide for Cisco 8000 Series Routers.