Welcome to IE-LAB!

Generic filters
Generic filters

A brief look at vxlan technology (1)

VLAN means Virtual Local Area Network, which is the concept involved in the implementation of the switch, defined by the 802.1Q standard. Because the switch is a network device working at the link layer, the terminals connected to the same switch are in the same Layer 3 network and are also in the same broadcast domain. When a switch accesses a large number of terminals, any one of the terminals sends a broadcast packet (for example, an ARP request), and the packet is transmitted throughout the network. For large-scale networking scenarios, the flood of broadcast packets will have a greater impact on network communications. VLAN technology provides a solution to this problem. A VLAN divides the same network into multiple logical virtual subnets. It also stipulates that when a broadcast packet is received, it broadcasts only in its VLAN to prevent broadcast packets from flooding. VLAN technology implements broadcast domain isolation at the link layer level

VXLAN (Virtual eXtensible Local Area Network) is one of the NVO3 (Network Virtualization over Layer 3) standard technologies defined by the IETF. It uses L2 over L4 (MAC-in-UDP) packet encapsulation mode. The Layer 2 packet is encapsulated in a Layer 3 network. The Layer 2 network can be extended in the Layer 3 network and meet the requirements of the data center’s large Layer 2 virtual migration and multi-tenancy.

NVO3 is a general term for the technology of building virtual networks based on a three-layer IP overlay network. VXLAN is just one of the NVO3 technologies. In addition, NVGRE and STT are also representative.

Any technology has its own specific background and actual needs. VXLAN is a technology that solves a series of problems in the virtualization of the cloud computing era.

Cloud computing, with its advantages in high system utilization, low manpower/management cost, and flexibility/scalability, has become a new form of enterprise IT construction; in cloud computing, a large number of adoptions And deploying virtualization is a basic technology model.

The extensive deployment of the server virtualization technology greatly increases the computing density of the data center. At the same time, in order to achieve flexible service changes, the virtual machine VM (Virtual Machine) needs to be able to migrate without restriction in the network (as shown in Figure ). In fact, for data centers, virtual machine migration has become a normal business.

Virtual machine migration, as its name implies, is the migration of virtual machines from one physical machine to another,However, the business cannot be interrupted during the migration process. To do this, you need to ensure that the parameters such as the IP address and MAC address remain unchanged before and after the virtual machine is migrated. This determines that virtual machine migration must occur in a Layer 2 domain. The second-tier domain of the traditional data center network limits virtual machine migration to a smaller local area.


You can build a physical large Layer 2 network through stacking, SVF, TRILL, and other technologies.it can expand the scope of virtual machine migration. However, building a physical large layer 2 will inevitably require major changes to the original network, and the scope of the large layer 2 network will still be limited by various conditions. As a result, VXLAN emerged under the joint promotion of world-renowned manufacturers such as VMware and Cisco.

VXLAN is transmitted by encapsulating data frames communicated in a logical network in a physical network. The process of encapsulation and decapsulation is performed by a VTEP node. After VXLAN adds the data frame in the logical network to the VXLAN header, it is encapsulated in the UDP packet in the physical network.

  • Outer MAC Header: Encapsulates the outer Ethernet header, 14 bytes, or 18 bytes if there is a VLAN TAG. The source MAC address is the MAC address of the VTEP to which the source VM belongs, and the destination MAC address is the MAC address of the next hop device on the path to the destination VTEP. The type field is 0x0800, indicating that the inner layer encapsulates an IP packet.
  • Outer IP Header: Encapsulates the outer IP header, 20 bytes. The source IP address is the IP address of the VTEP to which the source VM belongs, and the destination IP address is the IP address of the VTEP to which the destination VM belongs. The protocol field is 0x11, indicating that the inner layer encapsulates UDP packets.
  • UDP Header: UDP header, 8 bytes. The UDP destination port number is fixed to 4789, indicating that the inner layer encapsulated packet is a VXLAN packet. The UDP source port number is a random arbitrary value and can be used for multipath load sharing between VTEPs.
  • VXLAN Header: VXLAN header newly defined by the VXLAN protocol, 8 bytes
  • Flags: 8 bits, RRRRIRRR. When the “I” bit is 1, it indicates that the VXLAN ID in the VXLAN header is valid; when it is 0, it indicates that the VXLAN ID is invalid. The “R” bit is left unused and is set to 0.
  • VXLAN ID (VNI): 24 bit, used to identify a separate VXLAN network.
  • Reserved: 24 bit and 8 bit, respectively. Reserved bit.
  • Original L2 Frame: Original Ethernet telegram.

As shown in the packet encapsulation, the VXLAN header and the original Layer 2 packet exist as payloads of UDP packets. The network device between the VTEPs needs to be forwarded according to the Outer MAC Header and the Outer IP Header. The UDP Source Port is used for load balancing. This process is identical to forwarding ordinary IP packets. In this way, in addition to the VTEP device, a large number of devices on the live network can support the VXLAN network without replacement or upgrade.

However, the newly added VXLAN message encapsulation also introduces a problem, that is, the setting of the MTU value.

Generally, the default MTU of a virtual machine is 1500 Bytes, which means that the original Ethernet packet is up to 1500 bytes. When this message passes VTEP, it will encapsulate a new 50-byte header (VXLAN header 8 bytes + UDP header 8 bytes + external IP header 20 bytes + external MAC header 14 bytes), thus the entire message length reached 1550 bytes. On the existing VTEP device, the VXLAN packet cannot be fragmented when the VXLAN packet is decapsulated. Otherwise, the packet cannot be decapsulated correctly. This requires that the MTU of all network devices between VTEPs be a minimum of 1550 bytes.

If the MTU value of the intermediate device is not convenient to change, then setting the virtual machine’s MTU value to 1450 can also solve this problem temporarily.

For more articles you can follow us on:

error: Content is protected !!
× How can I help you?