VXLAN: Unicast-only Transport Using Head-End Replication

VXLAN: Unicast-only Transport Using Head-End Replication Best Deals Toys     ⭐ Best Deals Health Best Deals Electronics  ⭐ Best Deals Video Games

Before we are going to discuss about the VXLAN unicast-only transport using the Head-End Replication, lets talk about 
VXLAN first

 What is VXLAN ?

Virtual Extensible LAN (VXLAN) is a network overlay technology that enables the creation of virtualized Layer 2 (L2) networks over a Layer 3 (L3) network infrastructure. 

VXLAN addresses the limitations of traditional VLAN-based L2 networks and provides several benefits that make it a popular choice for data center and cloud network virtualization.

 Why we need VXLAN ?

Are you looking for a way to unlock the power of scalability, segmentation, and network virtualization? Look no further than VXLANVXLAN is a powerful tool for creating large-scale networks, providing segmentation and security, and enabling multitenancy and network virtualization.

  • Scalability: Traditional VLAN-based networks are limited to 4,096 VLANs, which can be a major limitation in large-scale environments with many tenants or applications. With VXLAN, you can create up to 16 million logical networks, offering immense scalability potential. This makes it perfect for networks that need to expand quickly and reliably.
  • Segmentation: VXLAN enables you to segment your networks within a data center or cloud environment, allowing for secure and isolated connectivity between different tenant or application groups. This segmentation can even span multiple physical locations or data centers, providing even more flexibility.
  • Overlay Networking: VXLAN also allows for the creation of overlay networks over an L3 network, connecting virtualized workloads no matter where they are located. This is invaluable in cloud environments, where workloads can move frequently between physical hosts and data centers. With VXLAN, you can maintain reliable, secure connections at all times.
  • Multitenancy: VXLAN is ideal for multitenancy environments, allowing for the creation of virtual networks for different customers or applications without exposing the underlying infrastructure or other tenants. This is a great way to ensure that all users have the same level of security and privacy.
  • Network Virtualization: Finally, VXLAN provides a robust framework for network virtualization. With VXLAN, you can create virtual networks with their own virtual switches, routers, and other network services. This makes it easy to create secure, isolated networks that meet the specific needs of your applications.

 VXLAN Head-End Replication Unicast-only

This technique is also known as the Unicast-only mode. This means that it uses Head-end replication to dynamically discover and distribute the VXLAN, or VTEP information required to establish the overlay network architecture.

VXLAN: Unicast-only Transport Using Head-End Replication
Fig 1.1- VXLAN: Unicast-only Transport Using Head-End Replication

The Control Plane is distributed over two sites. To communicate with all of the Leafs, a preferred IGP protocol is employed. To facilitate the learning process, a redundant Route Reflector is begun on DC-1.

Step 1: All VTEPs advertise their VNI membership to the Control Plane. The target is the Route Reflector located in DC-1.

Step 2: The Control Plane consolidates the VTEP information and the Route Reflector propagates the VTEP list with their respective VNI to all VTEPs it knows.

Step 3: Each VTEP obtains a list of its VTEP neighbors for each VNI.

Now that each VTEP has exhaustive knowledge of all existing VTEP neighbors and their relevant VNI, in the VXLAN domain H1 establishes communication with H4.

Step 1: H1 ARP’s for H4. The source MAC is therefore H1, and the destination MAC is FF:FF:FF:FF:FF:FF

Step 2: H1 is attached to VLAN 100, which is mapped to VNI 10000. The local VTEP V1 does a lookup in its VTEP table and localizes all the VTEP neighbors responsible for the VNI 10000. In this example, VTEP 3 and VTEP 4 are both binding VNI 10000.

Step 3: As a result, VTEP V1 encapsulates the original broadcast ARP request from H1 with the VXLAN header using VNI 10000 and replicates this broadcast packet toward VTEP V3 and V4. VTEP 1 is the source IP address used to construct the overlay packet with VTEP 3 and VTEP 4 as the destination IP address.

Step 4: VTEP 3 and VTEP 4 both receive the VXLAN packet identified with VNI 10000, remove the VXLAN header and notify the Dot1Q tag (VLAN 100). As a result, NVE Leafs 23 and 25 forward, respectively, the ARP request to all the respective interfaces binding VLAN 100. H4 and H5 receive the ARP request. H5 ignores the request and H4 learns and caches the MAC address for H1.

Step 5: H4 can reply Unicast to H1 toward NVE Leaf 24. A LACP hashing algorithm is implemented across the vPC attachment and the reply will hit one of the two vPC peer-NVE. It doesn’t matter which Leaf receives the frame as both VTEP vPC peer-switches share the same VTEP table entries.

Step 6: VTEP 3 (NVE Leaf 24) notifies the response frame from H4 for a binding to VLAN 100 and consequently encapsulates the ARP reply with the identifier VNI 10000. Therefore, it sends it Unicast toward the VTEP 1 IP address as it now knows its IP identifiers.

Step 7: VTEP 1 receives the VXLAN packet with VNI 10000 from VTEP 3, strips off the VXLAN header and forwards the original ARP reply to H1.

As a result, we can see that, despite the transport being Unicast-only (Head-end replication), all BUM and UU ARP have begun to learn the destination. 

Furthermore, it is crucial to note that this implementation may employ a proprietary Control Plane technique, which may prevent each site from having its own Control Plane. ARP suppression cannot be implemented since the host reachability mechanism is based on Flood & Learn.

By default, VXLAN does not provide any L2 loop protection. As a result, the BPDU Guard must be manually configured across all network interfaces.