VMware NSX Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

VMware NSX Logical Switch and VXLAN

The VMware NSX logical switch is a layer 2 broadcast domain that is implemented using VXLAN (Virtual eXtensible LAN) overlay network. VXLAN is standardized in IETF RFC 7348 (https://tools.ietf.org/html/rfc7348). VXLAN adds 50 bytes on top of the original Ethernet frame (with a standard of 1,500 bytes) and encapsulates the source Ethernet frame in a new UDP packet. The 50 bytes consist of:

  • 8 bytes VXLAN header added on top of the original inner Ethernet frame
  • 8 bytes outer UDP header
  • 20 bytes outer IP header
  • 14 bytes outer Ethernet header

The following figure shows the VXLAN packet format:

The minimum MTU required for VXLAN is 1,550 bytes. In IPv6 deployments, an extra of 16-32 bytes is required and this rounds up to 1,600 bytes. When configuring VXLAN, the Virtual Distributed Switch will be set MTU to 1,600 bytes by default. Each VXLAN (logical switch) is assigned a unique 24-bit VXLAN Network Identifier (VNI) or VXLAN segment ID to support up to 16 million network segments.

The VXLAN frame encapsulation and decapsulation is performed by an entity called VXLAN Tunnel Endpoint (VTEP). In ESXi, the VTEP function is implemented through VMKernel interfaces. End-to-end layer 2 connectivity is not mandatory for VTEP connectivity; it can be in a different network, as long as it is routable. This eliminates the need to span layer 2 connectivity across physical racks or physical data centers and will mitigate the issues created by large layer 2 broadcast domains.

While many documentations state that VTEP is performing the VXLAN encap/decap process, the actual encap/decap process is performed by a VXLAN shim in the IOChain of VXLAN-enabled dvUplink(s). This shim uses layer 2 and layer 3 information of an associated VTEP VMkernel interface(s) to create layer 2 and layer 3 heads for egress VXLAN packets and to decide if it should be decapsulating an ingressing VXLAN packet. The actual VXLAN traffic is never created or terminated on the VTEP VMkernel interface(s).

In the following example diagram, there are ESXi hosts with VTEPs in the 192.168.130.0 network and VTEPs in the 192.168.230.0 network. However, the logical switch on VXLAN 10,000 is on the same layer 2 overlay network, 172.16.10.0/24, spanning across those four ESXi hosts:

On the ESXi host, the VXLAN feature comes in the form of a VXLAN kernel module, vld2, which is supplied by the VXLAN VIB (vSphere Installation Bundle). The VXLAN VIB is installed as part of the NSX host preparation. Check out Chapter 1, Getting Started with VMware NSX for vSphere, to understand how the NSX host preparation works.

上一章目录下一章