VxLAN – Extending Abstract:

VLAN into the Cloud VLAN technology has been around for
many years. But now, need of the hour is
A whitepaper to see how VLAN principles can be
By applied to a larger environment like Data
Center Network for Cloud Computing.
VLAN has some limitations with respect
Ankur Rawat to scaling & performance, which makes
them less preferred choice for Cloud
&
Computing Data Center Networks. Such
Sasindran M Prabhu limitations are addressed by a new
technology called VxLAN – Virtual
Extensible Local Area Networks.

This paper provides an overview of

29th Sep, 2011 VxLAN, its features, frame format and
limitations of current network isolation
techniques.

© Tech Mahindra Limited 2010 © Tech Mahindra Limited 2011

 Table of Contents

Overview of Traditional VLAN Technology……………………………………………….3

Basics of Spanning Tree Protocol (STP)...……………………………………………..…4
Cloud Computing is facing Challenges with current Network isolation
Techniques…..................................................................................................5
VxLAN is the Solution ……………………………………………………………………….5
VxLAN frame Format………………………………………………………………………....6
Conclusion………………………………………………………………………………………8
Tech Mahindra’s Plan………………………………………........................................8
List of tables……………………………………........................................................9
References......................................................................................................9

© Tech Mahindra Limited 2011

 Acronyms & Abbreviations
IaaS Infrastructure as a Service
STP Spanning Tree Protocol
VID VLAN Identifier
VTEP VxLAN Tunnel End Point
VLAN Virtual Local Area Network
VM Virtual Machines
VxLAN Virtual Extensible Local Area Network

© Tech Mahindra Limited 2011

Overview of Traditional VLAN technology

Network traffic increases drastically with increase in network size. This has lead to
the need for a network segmenting solution in the form of Virtual Local Area
Networks. VLAN is a group of LANs that have different physical connections, but
communicates as if they are connected on a single network segment. Basically,
VLAN provides a method of dividing one physical network into multiple broadcast
domains. This means that the use of broadcast data transmission is limited, and
traffic is reduced.

IEEE standard 802.1Q defines the method for identifying the traffic belonging to
same VLAN. The standard introduces the concept of VLAN tagging, incorporated in
the form of a 12 bit “VLAN ID” that identifies the frame’s VLAN membership
details. Figure 1 a & b shows 1522 Byte Ethernet Header and 4 Byte VLAN Header
which is inserted into the basic Ethernet frame between the source address and
length/type fields.

DA SA VLAN Tag Type/Length Data FCS

6 Byte 6 Byte 4 Byte 2 Byte 1500 Byte 4 Byte

Figure 1(a) – Ethernet Header

TPID Priority CFI VID

16 Bit 3 Bit 1 Bit 12 Bit

Figure 1(b) – VLAN Header

Destination Address (DA) – Destination MAC Address

Source Address (SA) – Source MAC Address
VLAN Tag – VLAN Header
Type/Length – Type of Ethernet Frame
Data – Payload
Forward Correction Sequence (FCS) – Cyclic redundancy check which
enables detection of corrupted data within the entire frame.
Tag Protocol Identifier (TPID) – Used to identify the frame as an IEEE
802.1Q-tagged frame
Priority – Used to prioritize different classes of traffic (voice, video, data, etc).
Canonical Frame Identifier (CFI) – Used for compatibility between Ethernet
and Token Ring networks.
VLAN Identifier (VID) – Used to indicate the VLAN to which the frame
belongs.

© Tech Mahindra Limited 2011

Basics of Spanning Tree Protocol (STP)

The Spanning Tree protocol, defined in IEEE 802.1d standard, is a protocol used
to prevent loops in the LAN. It selects the fastest network link, if there are
redundant links in the network. When an active link in the network goes down,
Spanning Tree will failover to the alternate link (if one exists).

There are some similarities in working of STP and Layer 3 Routing Protocols.
Routing protocols help devices to route between WAN networks (prevent loops, use
alternate paths etc.) at Layer 3. Spanning Tree could be termed as Layer 2
routing protocol for a LAN because it performs the same Layer2 functions for an
Ethernet network, regardless of IP addresses. So, Spanning Tree is not an IP
routing protocol but has some similar functions for the data-link layer (Layer 2).

Spanning Tree uses an algorithm to find redundant links in the LAN and selecting
the best paths. The initial goal is to put all links in either Forwarding or Blocking
state. In the end, the links without a redundant link and the best links with a
redundant link would be in forwarding state. The redundant links that weren’t as
good as the selected links would be in blocking state.

Spanning Tree cannot use multiple links to the same destination. There is no
load-sharing feature with Spanning Tree. Any redundant link that is not as
preferred is blocked (essentially shut down) until the primary link goes down.
Spanning Tree being a complex protocol, this section won’t cover every possible
feature.

Spanning Tree Protocol follow the below mentioned criteria to decide if an interface
should be in forwarding state or blocking state:

All interfaces on the root bridge are put in forwarding state.

For other bridges that are not the root bridge, the port that is closest to the
root bridge is put in forwarding state.
The bridge with the lowest administrative distance to the root bridge is called
the designated bridge. The Ethernet interface on the designated bridge is
called the designated port. That port is put into forwarding state.

The root bridge is elected based on bridge ID (usually the MAC address) and a
priority. By default, all priorities are the same and hence the switch with the
lowest MAC address will become the root bridge.

© Tech Mahindra Limited 2011

Cloud Computing is facing challenges with current network
isolation technique

The basis of Cloud Computing - Server Virtualization, has placed an augmented

demand on the physical network infrastructure in the form of more MAC
addresses, corresponding to hundreds of thousands of Virtual Machines. The
current VLAN, Layer 2 Switching/Bridging, Spanning Tree Protocol may not be
efficient enough to handle the increasing demands & expectations of Data Centers
because of Scaling and performance challenges.

1. Scaling - VLAN space limitations

In a data center, VLANs are used to partition the traffic according to the specific
group that the VM may belong to. Such groups would be identified by their unique
VLAN ID. As shown in fig 1(b), the VLAN ID is a 12 Bit number. This has served
the requirements of Data Centers which have maximum requirements of
4094(2^12 -2) VLANs. 4094 as the upper limit may not provide enough segments
for large cloud deployments.

2. Performance - Limitations of Spanning Tree Protocol (STP)

Layer 2 networks make use of Spanning Tree Protocol (STP) to avoid loops &
duplication of frames. STP turns off the redundant links in the Layer 2 network
and thus there is only one route for a Layer 2 frame to reach from one point to
other. Data Center operators have options of multiple links but STP mode of
operations is not allowing them to use all the links. Redundancy concept between
links is also ruled in STP mode of operation.

VxLAN can be a solution

As a major step towards addressing the challenges of current network isolation

techniques, VxLAN (Virtual eXtensible Local Area Network) was introduced. An
IETF (Internet Engineering Task Force) draft showcasing the framework for
overlaying virtualized layer 2 networks over layer 3 networks in the form of VxLAN
was released on 26th August. This draft is co-authored by engineers from Cisco,
VMware, Arista Networks, Broadcom, Citrix and Red Hat.

The important features of VxLAN, which address the challenges of current

network isolation techniques, are:

Introduction of VxLAN segment, which is identified by a 24 bit segment ID,

termed as the VxLAN Network Identifier (VNI). This allows up to 16M VxLAN
segments to coexist within the same administrative domain. VxLAN will scale
to meet the millions of logical networks required to run applications in the
cloud with efficient utilization of network resources.

© Tech Mahindra Limited 2011

 The encapsulation techniques involved enables the logical network to be
extended to different subnets and help ensure high utilization of port channel
links. The case of unknown unicast frame is handled by multicast instead of
broadcast, thus decreasing the amount of unwanted traffic.
Support for applications running in hybrid clouds where compute capacity is
delivered from pools of resources that may span across private and public
clouds. VxLAN offers a network encapsulation technique with segment
identifiers for creating millions of logical networks and for enabling workloads
to seamlessly move across datacenters and cloud infrastructures.
VxLAN Segments will support cloud infrastructures that support multi-tenants
that require segmentation for added security and compliance.
VxLAN runs over IP, IaaS services can be offered without disturbing the
existing L3 data center network.

VxLAN Frame Format

The VxLAN frame format is shown in Fig 2. The frame format shows tunneling of
Ethernet frames using IPv4 for transport. VxLAN usage with IPv6 is still not
addressed. The inner MAC frame is encapsulated with the following three headers.

1. Outer Ethernet Header

Figure 2 shows an example of a common encapsulation of the entire IP packet
with the VxLAN encapsulation inside an outer Ethernet header.
Destination MAC Address – MAC Address of the target VTEP or an
intermediate Layer 3 router.
Outer VLAN Tag – Optional field, if present may be used for delineating VxLAN
traffic on the LAN.

2. Outer IP Header
Outer IP header basically contains the source IP address & Destination IP
Address.
Source IP Address – IP address of the VTEP over which the communicating VM
(as depicted by the inner source MAC address) is running.
Destination IP Address – IP Address of the VTEP connecting the
communicating VM as depicted by the inner destination MAC.

3. Outer UDP Header

Outer UDP basically contains the Source port, Destination port & Checksum.
Source Port – Provided by the VTEP. It is recommended that the source port be
a hash of the inner Ethernet frame's headers to obtain a level of entropy for
ECMP/load balancing of the VM to VM traffic across the VxLAN overlay.
Destination Port – Being a well known UDP port to be obtained by the IANA

© Tech Mahindra Limited 2011

 Assignment.
UDP checksum – This field should be transmitted as zero.
When a packet is received with a UDP checksum of zero, it must be considered
for decapsulation. Optionally, if the encapsulating endpoint chooses to include
a non-zero UDP checksum, it must be calculated over the entire packet
including the IP header, UDP header, VxLAN header and encapsulated MAC
frame. When a decapsulating endpoint receives a packet with a non-zero
checksum, it may opt to verify the checksum value. If it chooses to perform
such verification, and the verification fails, the packet must be dropped. If
the decapsulating destination chooses not to perform the verification, or
performs it successfully, the packet must be accepted for decapsulation.

4. VxLAN Header
8 Byte field comprising of Flags, Reserved Bits & VxLAN Network Identifier.
Flags (8 Bits) – I flag is set to 1 for a valid VxLAN Network ID (VNI).
The remaining 7 bits (designated "R") are reserved fields and set to zero.
VxLAN Network Identifier (VNI) (24 Bits) – Used for identification of the
individual VxLAN overlay network on which the communicating VMs are
situated. VMs in different VxLAN overlay networks cannot communicate.
Reserved (24 & 8 Bits) – Always set to zero.

Figure 2 – VxLAN Header

© Tech Mahindra Limited 2011

Conclusion

VxLAN looks like a perfect solution for scaling and performance issues being faced
by Data Centers. VxLAN addresses the limitations of traditional network isolation
techniques by using encapsulation and 24 Bit VxLAN identifier field. This unique
feature help ensure that customers can deploy mission critical application in the
cloud with confidence. As the standard is still in draft stage, it will take some time
for vendors to implement it and deploy the VxLAN ready products in the field.

Tech Mahindra’s Plan

Tech Mahindra has vast experience in Optical, Ethernet & Wireless technologies.
Leveraging these skills, Tech Mahindra will be able to contribute in the following
VxLAN areas.

VxLAN protocol stack development

System testing
Performance testing
Interoperability testing
EMS/NMS module

Based on the opportunity from the vendors, we will be able to select among these
activities:

Requirement Analysis
Product Design & Development
Testing & Validation
Interoperability Testing
Network Design, Deployment & Maintenance for Telecom Service Providers.

© Tech Mahindra Limited 2011

List of Figures

Figure 1(a): Ethernet Header

Figure 1(b): VLAN Header
Figure 2: VxLAN Header

References

VxLAN draft “draft-mahalingam-dutt-dcops-vxlan-00”

WebPages on VLAN & STP details on www.wikipedia.org

_______________

© Tech Mahindra Limited 2011