Network Packet Broker VXLAN Header Stripping Of Underlay Overlay And VTEP Ethernet Tap Device

Network Packet Broker VXLAN Header Stripping of Underlay Overlay, VTEP, Flood and Learn Mechanism

What is a VXLAN?

The traditional 802.1q VLAN identifier has only 12 Bits, which means that there can be a maximum of 4096 unique two-layer network segments.VXLAN expanded to 24 Bits, which means up to 16 million unique two-layer network segments.

In today's world of virtualization, if you still use an 802.1q VLAN, VM mobility is limited to the local VLAN.With VXLAN encapsulation, the raw data frames are encapsulated as MAC in UDP, allowing a two-layer network connection to be routed across a three-layer network.

At the same time, ensure that the IP address before and after the migration of the VM, MAC address unchanged.

VXLAN Frame Format and MAC-in-IP Package

According to the figure above,

1. In addition to the original data frame, the outer header needs to consume additional Bytes (the sum of several headers in the figure above is enough).PS: if necessary, we need to modify the switch interface MTU to accommodate VXLAN packets, depending on the business packet size.

2. UDP source port: VTEP device is allocated dynamically.The L2/L3/L4 information of the inner head is Hash calculated.

3. UDP destination port: fixed 4789.

4. Outer IP: the source IP address at the head of the IP is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP.

5. Outer MAC: the source MAC address at the top of the Ethernet frame is the MAC address of the source VTEP, and the destination MAC address is the MAC address of the next-hop device arriving at the destination VTEP.

Here's a example real VXLAN-encapsulated Ping Packet:

Underlay and Overlay

Underlay as following:

Underlay: a routable IP network; Flexible topology; It is recommended to use a network with redundant paths and use ECMP to achieve load balancing. Support any routing protocol -OSFP, EIGRP, is-is, BGP, etc.

Overlay as following:

What is the VTEP?

As the name implies, VTEP (Vlan Tunnel EndPoint) is the Vlan Tunnel EndPoint.VTEP is used for packaging and unpacking VXLAN.At the same time, each VTEP USES two interfaces, one for local Lan network bridging and forwarding;The other is an IP interface for connecting to the transit network.

For example, when a VLAN100 packet is sent to VTEP via a local Lan interface, the VXLAN ID 1001 is first mapped.After that, VTEP looks for the corresponding Remote VTEP in the VTEP L2 Table based on the destination MAC address of the original packet and the VXLAN ID just converted. If it can find it, the original Ethernet Frame is encapsulated as a VXLAN packet and then sent out through the IP interface.The IP interface of the VTEP receives the VXLAN packet, unpacks it to obtain the original Ethernet Frame, maps the VXLAN ID to the VLAN ID, adds the information of VLAN 100, and finally sends the packet through the local Lan.In this way, two VTEP VLAN 100 network is equivalent to connected.(note: although there are a VLAN 100, but in fact the same under the two VTEP VXLAN ID corresponding VLAN ID can be different) the original Ethernet Frame is encapsulated into a MAC in the UDP packet, the data transmission between became VTEP transmission, can be between VTEP layer network, three layer network, and even more complicated, but it is transparent for the VLAN 100.

Flood and Learn Mechanism

1. Terminal A shall request ARP of terminal B

2. The ARP packet arrives at vtep-1, and vtep-1 encapsulates it: VXLAN header, UDP header, outer IP header (source IP is vtep-1, destination IP is Underlay multicast group IP), outer MAC header (source MAC is vtep-1, destination MAC is multicast group MAC).

3. The packet is sent to all other VTEP nodes, and these VTEP nodes are unsealed upon receipt, so as to obtain the original ARP request package.

4. Next, these vteps send ARP requests to the local Lan network.If the requested terminal B is not on the local Lan network, the packet is discarded by the local terminal device (such as the terminal device connected by vtep-3).If the requested terminal B is on the local Lan network, terminal B receives the ARP request and responds ARP reply to the local vtep-2 node.

5. After receiving the ARP reply, the vtep-2 node connecting terminal B will encapsulate: VXLAN header, UDP header, outer IP header (source IP is vtep-2, destination IP is vtep-1), outer MAC header (source MAC is vtep-2, destination MAC is vtep-1).

6. After receiving the package, vtep-1 will unpack it and get the original ARP reply, which will be sent to terminal A;At the same time, through the outer header information, vtep-1 also learned the IP of vtep-2 and the MAC of terminal B, thus constructing the mapping table of VXLAN ID+Remote VTEP IP+Remote MAC.

7. Realize the subsequent unicast forwarding of terminals A and B based on the mapping information on vtep-1 and vtep-2 and the use of VXLAN tunnel.

8. Vtep-1 can selectively execute agent ARP for subsequent ARP requests of ip-b to reduce flooding on the transmission network.

Recommend Network Packet Broker for VXLAN Header Stripping in Original Packet and Metadata

NT-FTAP-32QCX Network TAP NPB.pdf

NetTAP® (Full named Chengdu Shuwei Communication Technology Co., Ltd.)was established in 2007. Focusing on the Research and Development of Network TAPs/NPBs Communication Equipment, Data Security Analysis Equipment, which provides products and solutions in Big Data Acquisition, Data Storage, Data Monitoring, Data Processing and Data Analysis for Telecom, TV Broadcasting, Government, Education, IT, Finance, Bank, Hospital, Transportation, Energy, Power, Petroleum, Enterprise and other industries.

NetTAP® has launched various types of high-density devices such as: Fast Gigabit, 10 Gigabit Ethernet Network Traffic Replication, Aggregation, Distribution Network TAPs/NPBs (Network Packet Broker), intelligent Hybrid Traffic Network TAPs, 25G, 40G, 100G, etc. high density and Performance Network TAPs/NPBs(Network Packet Broker).

NetTAP® has a hardware production plant, all the communication products have complete Software and Hardware Independent Intellectual Property Rights, with complete Copyright Registration and Product Certification.

MATRIX NetInsight™ - A Fully Function Network Visibility Control Platform

MATRIX NetInsight™ Network System Value

1- Data Acquisition with centralized planning, eliminate monitoring blind spot

2- Free distribution of data, saving analysis of the overall investment

3- Data Security Control, Reduce the risk of disclosure

4- Overall Traffic visible, Abnormal Located more accurate, Fault analysis more useful

MATRIX NetInsight™ Function Architecture

1- User Interaction Layer

2- Big Data Analysis Layer

3- Data Storage Layer

4- Analysis Visibility Layer

5- Data Acquisition Layer

Zain Cloud Project of Saudi Arabia Telecom