Latest

Home / NSX-T / Security / VMware / Generic Network Virtualization Encapsulation (Geneve) encapsulation in VMware NSX-T

Generic Network Virtualization Encapsulation (Geneve) encapsulation in VMware NSX-T

September 04, 2020 , ,

Today we are going to talk about the Generic Network Virtualization Encapsulation (Geneve) which is network virtualization overlay encapsulation protocol designed to establish tunnels between network virtualization end points.

Generic Network Virtualization Encapsulation (Geneve)
The packet encapsulated in the GENEVE format comprises of a compact tunnel header encapsulated in UDP over IP. A small fixed tunnel header provides control information plus a base level of functionality and interoperability with a focus on simplicity. 

This header is then trailed by a bunch of variable alternatives to take into consideration future development. At last, the payload comprises of a protocol data unit of the indicated type, such as an Ethernet frame.

Generic Network Virtualization Encapsulation (Geneve) prevent IP fragmentation and maximize performance, best practices when using Genève is to make sure that the MTU of the physical network Greater than or equal to the MTU of the coated mesh plus Tunnel headers. 

Fig 1.1- Geneve Header

The Genève tunnels broadcast either a single broadcast from point to point between two Endpoints or may use broadcast or multicast addressing. It’s the internal and external address is not required in this regard.

Generic Network Virtualization Encapsulation (Geneve) in NSX-T
As we are discussing on NSX-T, NSX-T uses Generic Network Virtualization Encapsulation (Geneve) for its overlay model. 

Geneve is currently an IETF Internet Draft standard that builds on the top of VXLAN/STT/NVGRE concepts to provide  enhanced flexibility in term of data plane extensibility.

Geneve allows any vendor to add its own  metadata in the tunnel header with a simple Type-Length-Value (TLV) model. NSX-T defines a  single TLV, with fields for:

  • Identifying the TEP that sourced a tunnel packet
  • A version bit used during the intermediate state of an upgrade
  • A bit indicating whether the encapsulated frame is to be traced
  • A bit for implementing the two-tier hierarchical flooding mechanism. When a transport  node receives a tunneled frame with this bit set, it knows that it must perform local  replication to its peers
  • Two bits identifying the type of the source TEP