《VXLAN简介:数据中心的未来之路.pdf》由会员分享,可在线阅读,更多相关《VXLAN简介:数据中心的未来之路.pdf(81页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveRichard LiconPrincipal Technical Marketing EngineerBRKDCN-1621The Future Path of Your Data CenterIntroduction to VXLAN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat wi
2、th the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.1234https:/ 2023 Cisco and/or i
3、ts affiliates.All rights reserved.Cisco PublicBRKDCN-16213 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSession AbstractThe need for flexibility in the data center opens the door to network overlays.Several standards have been proposed and implemented to enable virtuali
4、zed networks to be layered over a physical network.The data center network needs to be flexible enough to support workloads that can move from one host to another,and for new services to be deployed rapidly.VXLAN is one such technology that provides massively scalable virtual network overlays on top
5、 of existing IP infrastructures.Lets learn more about VXLAN and delve deeper into it.This session aims at covering what is VXLAN,how it really works,and what problems does it solve.This session will have configuration examples of how we enable a VXLAN Fabric.No prior knowledge of VXLAN is required.A
6、 basic understanding of Unicast and Multicast routing protocol is needed along with an understanding of MP BGP4BRKDCN-1621Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicEvolution of the Data CenterThe Need for network overlaysWhat is VXLAN?The Need for a Control PlaneConfigu
7、ring EVPN VXLAN ConclusionBRKDCN-16215Evolution of the Application Architecture 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEvolution of the Application Architectures7BRKDCN-1621Data InterfaceDatabaseBusiness LayerUser InterfaceMonolithicBare Metal ComputeWeb Applicati
8、onsVirtualizedMicroservice ArchitectureContainerContainerVirtualizedBare MetalApplicationMicroserviceMicroserviceMicroserviceMicroserviceEvolution of the Data Center Network 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEvolution of the Data Center Network9BRKDCN-1621Acc
9、essAccessAccessAggAggCoreCoreClassic Spanning-TreeSTP RootFHRP ActiveSTP 2ndRootFHRP StandbyAccessAccessAccessAggAggCoreCorevPC and Spanning-TreevPCvPCSTP RootFHRP ActiveSTP 2ndRootFHRP StandbyEvolution of the Data Center Network Architecture:Clos Networks 2023 Cisco and/or its affiliates.All rights
10、 reserved.Cisco Public#CiscoLiveEvolution of the Data Center Network3-Stage Clos Fabric11BRKDCN-1621LeafLeafLeafSpineSpineLeafLeafLeafLeafSpineLeafInputStageMiddleStageOutputStageIngressEgressMiddleInvented by Edson Erwin in 1938March 1953:A Study of Non-Blocking Switching Networks.(Clos,Charles)202
11、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEvolution of the Data Center Network12BRKDCN-1621LeafLeafLeaf“Spine”“Spine”CoreCoreVXLAN Flood&Learn(MAC-in-IP)vPCvPCFHRP ActiveFHRP ActiveLeafLeafLeafSpineSpineCoreCoreFabricPath(MAC-in-MAC)Anycast HSRPAnycast HSRPvPC 2023 Cisc
12、o and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEvolution of the Data Center Network5-Stage Fabric13BRKDCN-1621SuperSpine SuperSpine LeafLeafSpineSpineLeafLeafSpineSpinePOD1POD2Physical HostVirtualizedPhysical HostVirtualized 2023 Cisco and/or its affiliates.All rights reserved.Cis
13、co Public#CiscoLiveData Center Network ChallengesLegacy Architectures14BRKDCN-1621Suboptimal Forwarding:Suboptimal Forwarding:Path defined by Root Switch or FHRP ActiveOpEx/CapEx:OpEx/CapEx:Expensive to upgradeScale up with large ChassisLimited Scale:Limited Scale:No Control PlaneLimited Workload Mo
14、bilityConvergence Time:Convergence Time:STP high convergence timeTCN MAC Flush Unused Links:Unused Links:STP Redundant links in blocked stateRigid Network Services:Rigid Network Services:L4-L7 Services placed at Distribution Layer“Spine”=Not Really a SpineThe Need for Network Overlays 2023 Cisco and
15、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeafLeafLeafLeafLeafSpineSpineSpineSpineContainerBare MetalContainerContainerStorageStorageStorageEast-WestNorth-SouthBRKDCN-162116Evolution of the Data Center NetworkThe need for network overlays 2023 Cisco and/or its affiliates.All right
16、s reserved.Cisco Public#CiscoLiveOverlay TaxonomyOverlay ServicesTunnel EncapsulationUnderlay Network TransportControl-PlaneData-PlaneBRKDCN-162117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOverlay ServicesOverlay ServicesTunnel EncapsulationUnderlay Network Transpor
17、tControl-PlaneData-PlaneBRKDCN-162118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOverlay ServicesOverlay ServicesLayer-2Layer-3Layer-2&Layer-3BridgingPseudo-Wire RoutingIntegrated Routing&Bridging(IRB)BRKDCN-162119 2023 Cisco and/or its affiliates.All rights reserved.
18、Cisco Public#CiscoLiveTunnel EncapsulationOverlay ServicesTunnel EncapsulationUnderlay Network TransportControl-PlaneData-PlaneBRKDCN-162120 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTunnel EncapsulationTunnel EncapsulationLayer-2Layer-3MPLS L2VPNQ-in-QNVO3(VXLAN)MPL
19、S L3VPNGRELISPBRKDCN-162121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnderlay Network TransportOverlay ServicesTunnel EncapsulationUnderlay Network TransportControl-PlaneData-PlaneBRKDCN-162122 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL
20、iveUnderlay Network TransportUnderlay Network TransportLayer-2Layer-3IS-ISSTPIS-IS*OSPFBGP*IS-IS operates at L2 but transports L2&L3BRKDCN-162123 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveControl-PlaneOverlay ServicesTunnel EncapsulationUnderlay Network TransportCont
21、rol-PlaneData-PlaneBRKDCN-162124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveControl-PlaneControl-PlaneLearningLocalRemoteRoute DistributionPeer DiscoveryFlood&LearnBGPFlood&LearnBGPBRKDCN-162125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi
22、veData-PlaneOverlay ServicesTunnel EncapsulationUnderlay Network TransportControl-PlaneData-PlaneBRKDCN-162126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveData-PlaneData-PlaneBRKDCN-162127EncapsulationUnicast ForwardingBUM(Broadcast,Unknown Unicast,Multicast)Imposition
23、(Encapsulate)Deposition(Decapsulate)Layer-2Layer-3Unicast-based*Multicast-based*Ingress/Head-End Replication*PIMVXLANVirtual Extensible LAN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat is VXLAN?Standards-based encapsulationRFC 7348MAC-in-IPTransport IndependentLaye
24、r-3 Transport(Underlay)UDP EncapsulationMulti-path capablePer Flow EntropyFlexible NamespaceSegmentationBRKDCN-162129 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveUnderlay TaxonomyEdge Devices host the VTEP Responsible for the encapsulation and decapsulation of the VXLA
25、N HeaderVVVEdge Device(NVE)Underlay Transport NetworkHosts(Endpoint)(Physical/Virtual)Edge Devices(NVEs)UnderlayControl-PlaneHosts(Endpoint)(Physical/Virtual)V VTEP:VXLAN Tunnel EndpointNVE:Network Virtualization EdgePhysical HostVirtualizedVirtualizedBRKDCN-162130 2023 Cisco and/or its affiliates.A
26、ll rights reserved.Cisco Public#CiscoLiveOverlay TaxonomyVVVTunnel EncapsulationOverlay Control-PlaneService=Virtual NetworkIdentifier=VN Identifier(VNI/VNID)VVVEdge Device(NVE)Underlay Transport NetworkEdge Devices(NVEs)UnderlayControl-PlaneV VTEP:VXLAN Tunnel EndpointNVE:Network Virtualization Edg
27、ePhysical HostVirtualizedVirtualizedHosts(Endpoint)(Physical/Virtual)Hosts(Endpoint)(Physical/Virtual)BRKDCN-162131 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVTEP Device RolesLeafLeafBorder LeafLeafLeafSpineSpineSpineSpineContainerBare MetalContainerContainerVVVVVInt
28、ernetSpineSpine:Interconnects Leafs and Border LeafsBorder LeafBorder Leaf:External ConnectivityLeafLeaf:Hosts and Other Devices ConnectBRKDCN-162132 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN(or Virtual)Tunnel Endpoint VTEPVTEPEthernetVLAN 100VNIVVXLANVirtualiz
29、edVirtualizedVXLAN Tunnel Endpoint-Network Virtualization EdgeEach VTEP is uniquely identified by an IP AddressVTEP Discovers or learns remote VTEPs,and end hosts attached to themVTEP bridges when forwarding packets within the same VNI and Routes for Inter-VNI trafficBRKDCN-162133 2023 Cisco and/or
30、its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN EncapsulationClassic EthernetOverlayEthernet FrameVXLAN EncapsulationVXLAN EncapsulationEthernet FrameVTEPEthernetVLAN 100VNIVVXLANVirtualizedVirtualizedBRKDCN-162134 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
31、oLiveVXLAN Encapsulation/Packet FormatVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDP(Port 4789)Inner MAC SAInner MAC DAOptional Inner 802.1qOriginal Ethernet PayloadCRCVXLAN EncapsulationOriginal Ethernet FrameVTEPEthernetVLAN 100VNIVVXLANVirtualizedVirtualizedBRKDCN-162135 2023
32、Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN Packet FormatVXLAN uses MAC in UDP encapsulation Adds UDP and VXLAN Header before original Ethernet FrameVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDP(Port 4789)VXLAN Encapsulation(50/54 Bytes)IP/UDP/VXL
33、AN14 Bytes4 Bytes20 Bytes8 Bytes8 BytesBRKDCN-162136 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN Header DetailsVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPVXLAN Encapsulation(50/54 Bytes)IP/UDP/VXLANFlagsR R R R I R R RVXLAN Network Identifi
34、er(VNI)ReservedReserved1 Byte(8 bits)3 Bytes(24 bits)1 Byte(8 bits)3 Bytes(24 bits)14 Bytes4 Bytes20 Bytes8 Bytes8 BytesBRKDCN-162137 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN Header DetailsVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPVXLAN
35、 Encapsulation(50/54 Bytes)IP/UDP/VXLANFlagsR R R R I R R RVXLAN Network Identifier(VNI)ReservedReserved1 Byte(8 bits)3 Bytes(24 bits)1 Byte(8 bits)3 Bytes(24 bits)14 Bytes4 Bytes20 Bytes8 Bytes8 Bytes Flags Field:I-flag(set to 1)for valid VNI.Other flags remain as R(set to 0)BRKDCN-162138 2023 Cisc
36、o and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN Header DetailsVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPVXLAN Encapsulation(50/54 Bytes)IP/UDP/VXLANFlagsR R R R I R R RVXLAN Network Identifier(VNI)ReservedReserved1 Byte(8 bits)3 Bytes(24 bits)1 Byte(8
37、bits)3 Bytes(24 bits)14 Bytes4 Bytes20 Bytes8 Bytes8 Bytes Flags Field:I-flag(set to 1)for valid VNI.Other flags remain as R(set to 0)VNI Field:Allows VNI 1-16,777,215(some implementation only 4096-16,777,215)BRKDCN-162139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVX
38、LAN Header DetailsVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPVXLAN Encapsulation(50/54 Bytes)IP/UDP/VXLANFlagsR R R R I R R RVXLAN Network Identifier(VNI)ReservedReserved1 Byte(8 bits)3 Bytes(24 bits)1 Byte(8 bits)3 Bytes(24 bits)14 Bytes4 Bytes20 Bytes8 Bytes8 Bytesvlan 15vn-
39、segment 31234BRKDCN-162140 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTransport IndependenceVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPInner MAC SAInner MAC DAOptional Inner 802.1qOriginal Ethernet PayloadCRCVXLAN Encapsulation(50/54 Bytes)Origi
40、nal Ethernet FrameMACIP/UDPDestinationVTEP IPSourceVTEP IP14 Bytes4 Bytes20 Bytes8 Bytes8 BytesBRKDCN-162141 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMultipath CapableVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPInner MAC SAInner MAC DAOptional
41、Inner 802.1qOriginal Ethernet PayloadCRCVXLAN Encapsulation(50/54 Bytes)Original Ethernet FrameMACIP/UDPUDP Dest.Port:4789UDP Src.Port:Per-FlowDestinationVTEP IPSourceVTEP IP14 Bytes4 Bytes20 Bytes8 Bytes8 BytesBRKDCN-162142 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive
42、Multipath CapableVXLANOuterMACSA/DAOptional Outer802.1qOuterIP SAOuterIP DAOuterUDPInner MAC SAInner MAC DAOptional Inner 802.1qOriginal Ethernet PayloadCRCVXLAN Encapsulation(50/54 Bytes)Original Ethernet FrameMACIP/UDPUDP Dest.Port:4789UDP Src.Port:Per-FlowDestinationVTEP IPSourceVTEP IP14 Bytes4
43、Bytes20 Bytes8 Bytes8 BytesMAC SA/DAIP SA/DAProtocolPortBRKDCN-162143Flood and Learn 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFlood&LearnNo Control PlaneVXLAN EVPNEVPN as the Control PlaneTwo Modes of VXLANLimited ScaleRequires Centralized GatewayL2/L3 Host&Subnet r
44、eachability exchangedDistributed Anycast GatewayOptimized Workload MobilityBRKDCN-162145 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)MAC:0000
45、.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162146VXLAN Flood and Learn(F&L)Host A to Host B Communication VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineS
46、pineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)1Host A Sends out an ARP RequestARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFFMAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162147VXLAN Flood and Learn(F&L)Host
47、A to Host B Communication VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)2VTEP1 Receives
48、 ARP RequestPerforms Layer 2 Lookup based on VNI and DMACARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFFMACVNIVTEP0000.3000.11013001Ethernet1/11MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162148VXLAN Flood and Learn(F&L)Host A to Host B Communicatio
49、n VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)VTEP1 encapsulates the packet with VXLA
50、N HeaderMACVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFF3MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162149VXLAN Flood and Learn(F&L)Host A to Host B Communication VNI:30001IP Subnet:192.168.1.0Multicast Group:
51、239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)MACVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.110
52、1DMAC:FFFF.FFFF.FFFF4VXLAN Encapsulated packet is sent over the IP Core over the multicast treeMAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162150VXLAN Flood and Learn(F&L)Host A to Host B Communication VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco
53、and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)MACVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFF5
54、VTEP3 decapsulates VXLAN packet Layer 2 Learning results with the following entry:MACVNIVTEP0000.3000.11023001Ethernet1/80000.3000.1101300110.200.200.1MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162151VXLAN Flood and Learn(F&L)Host A to Host B Communication VNI:30001IP
55、 Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.
56、1.2MACVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFF6VTEP 3 performs a Layer 2 LookupBased on VNI=30001,DMAC=FFFF.FFFF.FFFFVTEP 3 forwards the Broadcast packet to all hosts part of VNI 30001(Host B)VXLAN Flood and Learn(F&L)Host A to Host B C
57、ommunication MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162152 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)MA
58、CVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFF7Host B sends out an ARP Response to VTEP3ARP Response for 192.168.1.101SMAC:00:00:30:00:11:02DMAC:00:00:30:00:11:01VXLAN Flood and Learn(F&L)Host A to Host B Communication MAC:0000.3000.1102IP:1
59、92.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162153VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1
60、.2(0100.5E01.0102)MACVNIVTEP0000.3000.11013001Ethernet1/11ARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFF8VTEP3 receives the packet Performs local learning and destination lookup based on VNI=30001DMAC=00:00:30:00:11:01MACVNIVTEP0000.3000.11023001Ethernet1/80000.3000.1101300110.2
61、00.200.1VXLAN Flood and Learn(F&L)Host A to Host B Communication MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162154VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1L
62、eaf-2VTEP2SpineSpineHost AHost BIP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)9VTEP3 encapsulates the packet with a VXLAN Header&forwards it to VTEP1 VXLAN Flood and Learn(F&L)Host A to Host B Communication MACVNIVTEP0000.3000.11013001Ethernet1/11MACVNIVTEP0000.3000.110230
63、01Ethernet1/80000.3000.1101300110.200.200.1MAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101BRKDCN-162155VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineHo
64、st AHost BMAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101IP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)VXLAN Flood and Learn(F&L)Host A to Host B Communication MACVNIVTEP0000.3000.11013001Ethernet1/11MACVNIVTEP0000.3000.11023001Ethernet1/80000.3000.110
65、1300110.200.200.1VTEP1 Performs Layer 2 Learning and destination lookup based on VNI 30001,DMAC 0000.3000.1101BRKDCN-16215610VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1Leaf-2VTEP2SpineSpineH
66、ost AHost BMAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101IP:10.200.200.1IP:10.200.200.3Destination Group 239.1.1.2(0100.5E01.0102)VXLAN Flood and Learn(F&L)Host A to Host B Communication MACVNIVTEP0000.3000.11013001Ethernet1/11MACVNIVTEP0000.3000.11023001Ethernet1/80000.3000.11
67、01300110.200.200.1ARP Response packet delivered to Host AARP Response for 192.168.1.101SMAC:00:00:30:00:11:02DMAC:00:00:30:00:11:01BRKDCN-16215711VNI:30001IP Subnet:192.168.1.0Multicast Group:239.1.1.2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLeaf-3VTEP3Leaf-1VTEP1L
68、eaf-2VTEP2SpineSpineHost AHost BMAC:0000.3000.1102IP:192.168.1.102MAC:0000.3000.1101IP:192.168.1.101IP:10.200.200.1IP:10.200.200.3VXLAN Flood and Learn(F&L)Host A to Host B Communication MACVNIVTEP0000.3000.11013001Ethernet1/11MACVNIVTEP0000.3000.11023001Ethernet1/80000.3000.1101300110.200.200.1Host
69、 MAC Information is populated at both VTEPs(1&3)Host A&B know of each others MAC-IP Binding Subsequent traffic between Host A&Host B is unicast over VXLAN between VTEP1&VTEP3BRKDCN-162158 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMultidestination Traffic is“Flooded”o
70、ver the VXLAN Tunnel between VTEPs to“Learn”about the Host MAC addresses located behind the VTEPs so subsequent communication is delivered via UnicastFlood&Learn MechanismBRKDCN-162159See hidden slides for packet walk 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFlood&L
71、earn MechanismIngress Replication or Head-End ReplicationLeaf-4VTEP4Leaf-1VTEP1Leaf-20VTEP20SpineSpineHost AHost DARP Request for 192.168.1.102SMAC:0000.3000.1101DMAC:FFFF.FFFF.FFFFHost TLeaf-3VTEP3Host CLeaf-2VTEP2Host BOne unicast replica per remote VTEPIncreases traffic load throughout the networ
72、kExample:10MB of BUM traffic for 20 remote VTEPs=200MB of BUM trafficIngress Replication to each VTEPBRKDCN-162160 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy VXLAN?-How did we get here?61BRKDCN-1621Scale beyond 4k Segments(VLAN ID Limitation)VM MobilityEfficient u
73、se of bandwidth(Blocked/Unused Links/STP)Workload Portability(VLANs Limited by L3 boundaries)Secure MultitenancyScale up to 16M SegmentsSeamless VM MobilityLeverages ECMP(Path Optimization)Any Workload Anywhere(Across L3 Boundaries)Traffic and Address IsolationVXLAN DeliversEVPNEthernet VPN 2023 Cis
74、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEVPN in the Data CenterIETF RFC/Draft for Control and Data Plane63BRKDCN-1621EVPN MP-BGP RFC 7432Control-PlaneData-PlaneMultiprotocol Label Switching(MPLS)draft-ietf-l2vpn-evpnProvider Backbone Bridges(PBB)draft-ietf-l2vpn-pbb-evpnNe
75、twork Virtualization Overlay(NVO)draft-ietf-bess-evpn-overlayEVPN over NVO Tunnels(i.e.,VXLAN)for Data Center Fabric EncapsulationsProvides Layer-2 and Layer-3 Overlays over IP Networks 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEVPN in the Data CenterIETF RFC/Draft f
76、or Control and Data PlaneRFC/DraftRFC/DraftTitleTitleCategoryCategoryRFC 7348Virtual Extensible Local Area Network Data PlaneRFC 7432BGP MPLS Based Ethernet VPNSControl Planedraft-ietf-bess-evpn-overlayNetwork Virtualization Overlay Solution using EVPNControl Planedraft-ietf-bess-evpn-inter-subnet-f
77、orwardingIntegrated Routing and Bridging in EVPNControl Planedraft-ietf-bess-evpn-prefix-advertisementIP Prefix Advertisement in EVPNControl Planedraft-tissa-nvo3-oam-fmNVO3 Fault Management/OAMManagement PlaneBRKDCN-162164For your reference 2023 Cisco and/or its affiliates.All rights reserved.Cisco
78、 Public#CiscoLiveBGP EVPN Route Types-RFC 7432Route TypeIP Prefix RouteEthernet Segment RouteInclusive Multicast Ethernet Tag RouteMAC/IP Advertisement RouteDescriptionEthernet Auto-Discovery EAD RouteRFC/DraftRFC 7432draft-ietf-bess-evpn-prefix-advertisementBRKDCN-162165For your reference 2023 Cisc
79、o and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBGP EVPN*Route Types-RFC 7432Route TypeIP Prefix RouteEthernet Segment RouteInclusive Multicast Ethernet Tag RouteMAC/IP Advertisement RouteDescriptionEthernet Auto-Discovery EAD RouteRFC/DraftRFC 7432draft-ietf-bess-evpn-prefix-adver
80、tisementBGP Based Multi-HomingMass Withdrawal/Aliasing L2 VNI MAC or MAC-IP fromL2 MAC Learning or ARPDynamic Peer Discovery for EVPN Ingress ReplicationBGP Based Multi-HomingBUM DF Election/Split-HorizonIETF Draft,Advertise IP Prefixes*Type 6-Selective Multicast Ethernet Tag Route*Type 7/8-IGMP Syn
81、c RoutesBRKDCN-162166For your reference 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMP-BGP VPN Terminology67BRKDCN-1621LeafLeafSpineSpineSpineSpineLeafVVVXLAN TunnelsVXLAN TunnelsVVPN Address FamilyVPN Address FamilyA Multi-Protocol BGP Extension to Distribute VPN Rout
82、esNVE3NVE2NVE1Virtual Routing&Forwarding(VRF)Virtual Routing&Forwarding(VRF)Overlay MAC or IP Routes are stored in dedicated VRF tables(MAC or IP VRF)VRF Parameter:Name:VRF-GreenVRF Parameter:Name:VRF-GreenRoute Distinguisher(RD)Route Distinguisher(RD)8-byte Field,VRF ParameterValue to make the MAC
83、or IP Routes unique(RD+VPN prefix)RD:1:100RD:1:100Route Target(RT)Route Target(RT)8-byte Field,VRF ParameterValue for the Import/Export Rules of VPN Routes(MAC or IP)into the VRFImport RT:10:10Export RT:10:10Import RT:10:10Export RT:10:10RD:10.1/16BGP AdvertisementVPN-IPv4 Address=RD:10.1/16BGP Next
84、-Hop=NVE1Route-Target=10:10RD:10.1/16 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFlood&Learn(RFC7348)Ethernet over IPNo Spanning-Tree(terminates at NVE)Endpoint Learning is based on Flood and Learn(its in the name)Requires Extra Work for RoutingFHRP for Default Gatewa
85、yOver-the-Top VRF-lite for Prefix Routing(or use the Underlay?!)Control-Plane ComparisonEVPN-Ethernet VPN(RFC8365)A Better Ethernet over IPNo Spanning-Tree(terminates at NVE)Endpoint Learning is based on BGP exchange(EVPN uses BGP)Provides Integrated Routing&Bridging(IRB)Distributed Anycast Gateway
86、for Default GatewayUses a Layer-3 VPN approach like MPLS L3VPNAnd there is much more in EVPN!BRKDCN-162168Configuring theEVPN VXLAN Fabric 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN BGP EVPNNetwork Underlay70BRKDCN-1621RRRRRPRPRRRPRendezvous PointRoute Reflector
87、LeafLeafLeafLeafSpineSpineSpineSpineVVVVip pim rp-address 10.254.254.1 group-list 239.1.1.0/25ip pim anycast-rp 10.254.254.1 10.2.0.1ip pim anycast-rp 10.254.254.1 10.2.0.2AnyCast RPPhysical HostContainerVirtualizedVirtualizedip pim rp-address 10.254.254.1 group-list 239.1.1.0/25ContainerContainerVR
88、F-GREENVRF-RED 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN BGP EVPNNetwork Underlay71BRKDCN-1621ContainerContainerRRRRRPRPLeafLeafLeafLeafSpineSpineSpineSpineVVVVPhysical HostContainerVirtualizedVirtualizedVRF-GREENVRF-REDinterface Ethernet1/2description connecte
89、d-to-leaf-1-Ethernet1/1no switchportmtu 9216ip address 10.4.0.5/30ip ospf network point-to-pointip router ospf UNDERLAY area 0.0.0.0ip pim sparse-modeno shutdowninterface loopback0description Routing loopback interfaceip address 10.2.0.7/32ip router ospf UNDERLAY area 0.0.0.0ip pim sparse-modeinterf
90、ace Ethernet1/2description connected-to-spine-1-Ethernet1/1no switchportmtu 9216ip address 10.4.0.6/30ip ospf network point-to-pointip router ospf UNDERLAY area 0.0.0.0ip pim sparse-modeno shutdownrouter ospf UNDERLAYrouter-id 10.2.0.7RRRPRendezvous PointRoute Reflector 2023 Cisco and/or its affilia
91、tes.All rights reserved.Cisco Public#CiscoLiveVXLAN BGP EVPNVirtual Networks and Overlay Interface72BRKDCN-1621ContainerContainerRRRRRPRPLeafLeafLeafLeafSpineSpineSpineSpineVVVVPhysical HostContainerVirtualizedVirtualizedVRF-GREENVRF-REDvlan 10vn-segment 5010vlan 20vn-segment 5020vlan 1000vn-segment
92、 9999vlan 2000vn-segment 9998interface Vlan10no shutdownvrf member VRF-REDno ip redirectsip address 10.0.0.1/24 tag 12345no ipv6 redirectsfabric forwarding mode anycast-gatewayinterface Vlan20no shutdownvrf member VRF-GREENno ip redirectsip address 20.0.0.1/24 tag 12345no ipv6 redirectsfabric forwar
93、ding mode anycast-gatewayinterface nve1no shutdownhost-reachability protocol bgpadvertise virtual-rmacsource-interface loopback1member vni 5010 mcast-group 239.1.1.1 member vni 5020 mcast-group 239.1.1.1 member vni 9999 associate-vrf member vni 9998 associate-vrfvrf context VRF-REDvni 9999rd autoadd
94、ress-family ipv4 unicastroute-target both autoroute-target both auto evpnevpn vni 5010 l2 rd auto route-target both autovrf context VRF-GREENvni 9998rd autoaddress-family ipv4 unicastroute-target both autoroute-target both auto evpnevpn vni 5020 l2 rd auto route-target both autoL2 VNIL3 VNIIP VRFMAC
95、 VRFIP VRFMAC VRFMap L2VNI to NVEAssociate L3VNI to NVERRRPRendezvous PointRoute Reflector 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN BGP EVPNBGP on Leaf and Spine73BRKDCN-1621RRRRRPRPLeafLeafLeafLeafSpineSpineSpineSpineVVVVPhysical HostContainerVirtualizedVirtu
96、alizedVRF-GREENVRF-REDrouter bgp 65010router-id 10.2.0.2neighbor 10.2.0.3remote-as 65010update-source loopback0address-family l2vpn evpnsend-communitysend-community extendedroute-reflector-clientneighbor 10.2.0.4remote-as 65010update-source loopback0address-family l2vpn evpnsend-communitysend-commun
97、ity extendedroute-reflector-clientneighbor 10.2.0.5remote-as 65010update-source loopback0address-family l2vpn evpnsend-communitysend-community extendedroute-reflector-clientrouter bgp 65010router-id 10.2.0.7address-family l2vpn evpnadvertise-pipneighbor 10.2.0.1remote-as 65010update-source loopback0
98、address-family l2vpn evpnsend-communitysend-community extendedneighbor 10.2.0.2remote-as 65010update-source loopback0address-family l2vpn evpnsend-communitysend-community extendedvrf VRF-REDaddress-family ipv4 unicastadvertise l2vpn evpnredistribute direct route-map fabric-rmap-redist-subnetmaximum-
99、paths ibgp 2address-family ipv6 unicastadvertise l2vpn evpnredistribute direct route-map fabric-rmap-redist-subnetmaximum-paths ibgp 2vrf VRF-GREENaddress-family ipv4 unicastadvertise l2vpn evpnredistribute direct route-map fabric-rmap-redist-subnetmaximum-paths ibgp 2address-family ipv6 unicastadve
100、rtise l2vpn evpnredistribute direct route-map fabric-rmap-redist-subnetLeaf BGP ConfigSpine BGP ConfigRRRPRendezvous PointRoute Reflector 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN BGP EVPNDistributed Anycast Gateway74BRKDCN-1621RRRPRendezvous PointRoute Reflect
101、orRRRRRPRPLeafLeafLeafLeafSpineSpineSpineSpineVVVVVRF-GREENVRF-REDPhysical HostContainerVirtualizedVirtualizedThe same anycast gateway Virtual IP Address and MAC address are configured on all VTEPs in the VNISVIGW IPGW MACSVIGW IPGW MACSVIGW IPGW MACSVIGW IPGW MACVLAN to VNI MappingVLAN to VNI Mappi
102、ngvlan 20vn-segment 5020Anycast Gateway MAC AddressAnycast Gateway MAC Address-Identically configured on all VTEPsIdentically configured on all VTEPsfabric forwarding anycast-gateway-mac 0002.0002.0002Distributed IP Anycast Gateway(SVI)Distributed IP Anycast Gateway(SVI)-Identically configured on al
103、l VTEPsIdentically configured on all VTEPsinterface Vlan20no shutdownvrf member VRF-GREENno ip redirectsip address 20.0.0.1/24 tag 12345no ipv6 redirectsfabric forwarding mode anycast-gatewayConclusion 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConclusionData Center N
104、etwork Challenges and EvolutionVirtual Private Networks and Overlay TaxonomyVXLAN enables scalable Data Center NetworksBGP EVPN as a better Control-PlaneProvides a robust control plane enabling multi-tenancy,VM mobility,and optimizes forwardingBRKDCN-162176 2023 Cisco and/or its affiliates.All right
105、s reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and gran
106、d prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKDCN-162177 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the i
107、nteractive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive81Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123481 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKDCN-1621