Configuring VXLANs and Tunnels

Note: VXLAN encapsulated packets are recirculated in using hardware features and not software.

In today’s virtualized environments, there is increasing demand on MAC address tables of switches that connect to servers. Instead of learning one MAC address per server link, the switch now has to learn the MAC addresses of individual VMs, and if the MAC address table overflows, the switch may stop learning new MAC addresses until idle entries age out.

Virtual Extensible LAN (VXLAN) is essentially a Layer 2 overlay scheme over a Layer 3 network, and each overlay is called a VXLAN segment. Only VMs within the same VXLAN segment can communicate with each other. Each VXLAN segment is identified by a 24 bit segment ID called the VXLAN Network Identifier (VNI).

VXLANs increase the scalability of your network up to 16 million logical networks and is used to contain broadcast, multicast, and unknown unicast traffic.

Because of this encapsulation, VXLAN could also be called a tunneling scheme to overlay Layer 2 networks over top of Layer 3 networks. However, the tunnel does not terminate on the switch, and the switch sits in the middle of the tunnel and sees packets as L3 tunneled packets. These packets are then forwarded using L2 or L3 forwarding.

Pluribus Networks supports two scenarios for VXLAN:

  1. The tunnel does not terminate on the switch and VTEP is not supported. Though the switch does not participate in the creation of a tunnel, Netvisor One still performs the following tasks.

    1. Analytics Collection — All TCP control packets are captured as well as ARP packets traversing the tunnel. These packets are used to build connection statistics and provide visibility as to which VXLAN nodes are on specific ports.

    1. ARP Optimization — An ARP request is captured and if a Layer 2 entry exists in the switch Layer 2 table, Netvisor One sends a response back to the sender of the ARP request over the tunnel. Otherwise, the ARP request is re-injected into the tunnel without any modification to continue crossing the tunnel.

  1. The tunnels are terminated at a switch and the switch performs the role of a VTEP. In this scenario, the switch is responsible for encapsulating packets that arrive from non-VXLAN nodes on a Layer 2 network and transmitting them over the tunnel. Similarly, the packets arriving through the tunnel are decapsulated and the inner packet is forwarded over the L2 network. The switch also collects statistics and optimizes ARP requests as in the first scenario.

Note: There is a one to one mapping of VXLAN to VLAN. Multicast traffic is not supported. VXLAN has the scope local on all switches, and must be in the same subnet.