CCNA 200-301

CCNP Enterprise

CCNP Security

CCIE Enterprise Lab

CCIE Security Lab

CCNP Service Provider

CCNP Data Center

CCNP Collaboration

CCIE DC Lab

Today SPOTO will tell you about VLAN and VXLAN.

Traditional VLAN technology cannot support the strict requirements of cloud providers because it can only support a maximum of 4096 VLANs. This technology can effectively overcome the limitation of extension brought by VLAN.

  1. What is VLAN?

VLAN (Virtual Local Area Network) means a virtual local area network, which is a concept involved in the implementation of switches and is defined by the 802.1Q standard.

Since the switch is a network device that works at the link layer, the terminals connected to the same switch are in the same Layer 3 network and are also in the same broadcast domain. When a switch accesses a large number of terminals, when any terminal sends a broadcast message (for example, an ARP request), the message will be transmitted throughout the network.

VLAN is divided into static and dynamic. The static VLAN is fixed when the VLAN administrator first configures the correspondence between the switch port and the VLAN ID, that is, this port can only correspond to this VLAN ID, and cannot be changed afterward unless the administrator reconfigures it. A dynamic VLAN is a switch that automatically configures the port as the VLAN to which the host belongs. There are three categories: MAC-based, IP-based, and user-based.

For large-scale networking scenarios, the flood of broadcast packets will greatly affect network communications. VLAN technology provides a solution to this problem. A VLAN divides the same network into multiple logical virtual subnets and stipulates that when a broadcast packet is received, it only broadcasts in its VLAN to prevent the flood of broadcast packets. VLAN technology implements broadcast domain isolation at the link-layer level.

The development of virtualization technology has prompted big data and cloud computing technology companies to use a single physical device to virtualize multiple virtual machines for networking. Therefore, the number of supported VLANs is also increasing, and VLAN technology supports a maximum of 4,094 VLANs. As a result, demand can no longer be met.

2. What is VXLAN?

VXLAN (Virtual eXtensible Local Area Network) is one of the NVO3 (Network Virtualization over Layer 3) standard technologies defined by the IETF. Layer 3 packets are encapsulated with a layer 3 protocol, which can expand the layer 2 networks within the range of layer 3, and at the same time meet the needs of data center large layer 2 virtual migration and multi-tenancy.

VXLAN technology can build a layer 2 virtual network based on a layer 3 network structure. Through VLAN technology, network devices on different network segments can be integrated into the same logical link-layer network. To end-users, these network devices seem to be “really “Deployed in the same link-layer network.

NVO3 is a collective name for the technology of building a virtual network based on a three-layer IP overlay network. VXLAN is just one of the NVO3 technologies. In addition, the more representative ones are NVGRE and STT.

Compared with VLAN technology, VXLAN technology has the following advantages:

The 24-bit length VNI field value can support a larger number of virtual networks, which solves the limitation of the maximum number of VLANs of 4094.

VXLAN technology uses a tunneling technology to virtualize a Layer 2 network in a physical Layer 3 network. Terminals in the VXLAN network cannot detect the VXLAN communication process. This allows the logical network topology and the physical network topology to be decoupled to a certain extent. The configuration of the topology is less dependent on the configuration of the physical device, and the configuration is more flexible and convenient.

VLAN technology only solves the problem of splitting the broadcast domain of the Layer 2 network, and VXLAN technology also has the characteristics of multi-tenant support. With VXLAN segmentation, each tenant can independently network, communicate, address allocation, and address conflicts between multiple tenants. The problem was also resolved.

In order to ensure the correctness of the VXLAN mechanism communication process, the rfc7348 standard stipulates that IP packets related to VXLAN communication are not allowed to be fragmented. This requires that the link-layer implementation of the physical network must provide a sufficiently large MTU value to ensure VXLAN. The smooth transmission of messages can be understood as the limitation of current VXLAN technology.

Generally speaking, the default MTU of a virtual machine is 1500 Bytes, which means that the original Ethernet packet is a maximum of 1500 bytes. When this message passes the VTEP, a new 50-byte header (VXLAN header 8 bytes + UDP header 8 bytes + external IP header 20 bytes + external MAC header 14 bytes) is encapsulated. , The entire message length reached 1550 bytes. For existing VTEP devices, generally, when decapsulating VXLAN packets, VXLAN packets cannot be fragmented, otherwise, they cannot be decapsulated correctly. This requires that the MTU of all network devices between VTEPs be at least 1550 bytes.

If it is not convenient to change the MTU value of the intermediate device, then setting the MTU value of the virtual machine to 1450 can also temporarily solve this problem.

Please follow and like us:
Last modified: November 8, 2021

Author

Comments

Write a Reply or Comment

Your email address will not be published.