SlideShare uma empresa Scribd logo

VyOS Users Meeting #2, VyOSのVXLANの話

Transferir como PPTX, PDF
upaa
upaa

VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.

Software
1 de 24
VyOS VXLAN and Linux Device Driver VyOSのVXLANとLinuxのデバドラの話 2014/11/2 VyOS users meeting #2 Ryo Nakamura upa@haeena.net
Virtual eXtensible LAN • An Ethernet over IP overlay. RFC7348. – Ethernet frame is encapsulated in IP + UDP + VXLAN headers. – VXLAN header contains 24bit Virtual Network Identifier (VNI) field. 2^24 L2 segments can be multiplexed in one VXLAN overlay network domain. – Unicast traffic is encapsulated in IP Unicast. – BUM traffic is encapsulated in IP Multicast. • Multicast based VTEP learning is described in RFC, Sec 4. – Many vendors propose and use their original control planes. – Of course, I know that Multicast is difficult in actual environments, but they don’t have INTEROPERBILITY :( 2
Multicast based VTEP learning OuterIP Src A OuterIP Dst M SrcMAC : 1 DstMAC : FF VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:3 Node:4 Node:2 Node 1 send arp request Node 4 3 Node 1 is in VTEP A !!
Multicast based VTEP learning VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:4 Node:2 OuterIP Src D OuterIP Dst A SrcMAC : 4 DstMAC : 1 Node 4 send arp reply to Node 1 4 Node:3 Node 4 is in VTEP D !! Node 1 is in VTEP A !!
VyOS VXLAN support • 2014/9/20, merged. 5
Linux kernel version issue • Linux VXLAN Driver is appeared in kernel 3.7 – 2012/9/24, first patch was contributed to netdev. – I was really looking forward to Vyatta Core with kernel 3.7 and later. • Kernel version of VyOS Helium is 3.13.11 !! – HooooooooOOOO!!! WrrrrryyyyyyYYYYYYYYYY !!!!!!!! – Hydrogen is kernel 3.3 6
VyOS VXLAN CLI • Under the interfaces section – set interfaces vxlan vxlan0 – set interfaces vxlan vxlan0 group 239.0.0.1 – set interfaces vxlan vxlan0 vni 0 – and basic interface operations • IPv4/v6 routing • bridge-group • policy interfaces { vxlan vxlan0 { group 239.0.0.1 vni 0 } } 7
Operation example interfaces { vxlan vxlan0 { address 172.16.0.1/24 group 239.0.0.10 ip { ospf { cost 10 } } vni 0 } } protocols { ospf { area 0 { network 172.16.0.0/24 } } } 8
Operation example vyos@vyos:~$ show interfaces vxlan vxlan0 vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether b2:74:c9:fa:1d:fd brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global vxlan0 valid_lft forever preferred_lft forever inet6 fe80::b074:c9ff:fefa:1dfd/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collisions 2446 25 0 0 0 0 9
Operation example vyos@vyos:~$ show ip ospf interface vxlan0 vxlan0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST> Internet Address 172.16.0.1/24, Broadcast 172.16.0.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.10.20.189, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.10.20.189, Interface Address 172.16.0.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 7.900s Neighbor Count is 0, Adjacent neighbor count is 0 10
node.def • VXLAN interface name – Different number from VNI can be used to an interface name. But, I think it is really confusing :( val_help: <vxlanN>; VXLAN interface name syntax:expression: pattern $VAR(@) "vxlan[0-9]+$" 11
node.def (cont’d) • REQUIRED – A vxlan overlay network is identified by VNI. – Multicast Group Address is required to encapsulate BUM Traffic in IP Multicast. Group Address can be reused for other VNI. commit:expression: $VAR(./group/) != ""; "Must configure vxlan group for $VAR(@)" commit:expression: $VAR(./vni/) != ""; "Must configure vxlan vni for $VAR(@)“ 12
node.def (cont’d) • create interface VXLAN_VNI="id $VAR(./vni/@)" VXLAN_GROUP="group $VAR(./group/@)" VXLAN_TTL="ttl 16" if [ ! $VAR(./link/) == "" ]; then VXLAN_DEV="dev $VAR(./link/@)" fi ip link add name $VAR(@) type vxlan $VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV ip link set $VAR(@) up touch /tmp/vxlan-$VAR(@)-create skimped work... underlay device And, execute iproute2 13
Change vni or group of existing vxlan interfaces • Sorry, it is not supported. • Changing group or vni requires delete and re-create the vxlan interface. 14
VXLAN in Linux • ip link add type vxlan – Pseudo ethernet interface : vxlanX – Interfaces are connected to each vxlan overlay network corresponding to a VNI (vxlan_dev and FDB / VNI) – Namespace is supported struct net_device Linux Kernel netif_rx(skb) vxlan1 FDB vxlan0 FDB kernel udp socket udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv iptunnel_xmit() 15
How to specify attributes • ip link add type vxlan id 0 group X – Netlink API : An API to communicate to Kernel – NETLINK_ROUTE, NETLINK_NETFILTER and more Linux Kernel Userland Application Netlink Socket socket(AF_NETLINK, SOCK_RAW, netlink_family) Inter face routing table Netfilter struct nlmsghdr and rtattr etc 16
How to specify attributes (cont’d) • ip link add type vxlan id 0 group X – RTNETLINK : routing socket • RTM_NEWLINK message is sent with attributes related to VXLAN (see man ip-link) int do_iplink(int argc, char **argv) { if (argc > 0) { if (iplink_have_newlink()) { if (matches(*argv, "add") == 0) return iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_EXCL, argc-1, argv+1); iproute2 package is a good text book of Netlink !! 17
Attributes of vlxan interface • id : Virtual Network Identifier • dev : Uunderlay device (in VyOS, link) • group : Multicast group address • remote : An unicast IP address of VTEP for BUM traffic • local : Source IP address of encapsulated packet • ttl : TTL of encapsulated packet • port : Source port range of encapsulated packet But, these attributes can be only specified when a pseudo interface is created !! 18
How to specify attributes (cont’d) • VXLAN driver kernel-source/drivers/net/vxlan.c – RTM messages are processed by rtnl_link_ops static struct rtnl_link_ops vxlan_link_ops __read_mostly = { .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, .priv_size = sizeof(struct vxlan_dev), .setup = vxlan_setup, .validate = vxlan_validate, .newlink = vxlan_newlink, .dellink = vxlan_dellink, .get_size = vxlan_get_size, .fill_info = vxlan_fill_info, }; vxlan_newlink () is called when RTM_NEWLINK is received 19
vxlan_newlink () • Codes can not be pasted... too long... 1. Parse attributes 2. Set up parsed parameters to vxlan_dev 3. register_netdeivce 20
And, you can see vxlan0 asano2:/home/upa % ifconfig vxlan0 vxlan0 Link encap:Ethernet HWaddr 02:0a:1e:ad:7f:31 inet6 addr: fe80::a:1eff:fead:7f31/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:690 (690.0 B) asano2:/home/upa % ip -d link show dev vxlan0 9: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 02:0a:1e:ad:7f:31 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 0 group 239.0.0.1 srcport 32768 61000 dstport 8472 ageing 300 asano2:/home/upa % bridge fdb show dev vxlan0 00:00:00:00:00:00 dst 239.0.0.1 self permanent 21
As a result • vxlan parameters can not be changed after pseudo interface is created. • Do you have good ideas ? – I have just only one idea. • Use Generic Netlink like l2tp driver • Generic Netlink is a mechanism to add user defined netlink family dynamically. • It requires patches to vxlan driver and iproute2... 22
Future work ? • Change destination port ? – Default is 8472 (OTV). 4789 is assigned for VXLAN by IANA – It can be changed through module_param. But it requires rmmod/insmod when port is changed. Of course, all pseudo interfaces are removed... • Support “remote” attribute – Easy. Is it needed for the community ? 23
Overlay is the Only Way!! Thanks! upa@haeena.net 24

Recomendados

Docker network
Docker networkDocker network
Docker network
Mohammadreza Amini
 
Designing scalable Docker networks
Designing scalable Docker networksDesigning scalable Docker networks
Designing scalable Docker networks
Murat Mukhtarov
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNS
bacongobbler
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Tutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networkingTutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networking
LorisPack Project
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
Laurent Bernaille
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 

Recomendados

Docker network
Docker networkDocker network
Docker network
Mohammadreza Amini
 
Designing scalable Docker networks
Designing scalable Docker networksDesigning scalable Docker networks
Designing scalable Docker networks
Murat Mukhtarov
 
Docker with BGP - OpenDNS
Docker with BGP - OpenDNSDocker with BGP - OpenDNS
Docker with BGP - OpenDNS
bacongobbler
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Tutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networkingTutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networking
LorisPack Project
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
Laurent Bernaille
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
Docker networking
Docker networkingDocker networking
Docker networking
Alvaro Saurin
 
Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"
Avash Mulmi
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
Laurent Bernaille
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
syed1
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
Jérôme Petazzoni
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
Laurent Bernaille
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvr
Sim Janghoon
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
Hervé Leclerc
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
snrism
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
Nicola Kabar
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
HungWei Chiu
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
Mike Wilson
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
Van Phuc
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
LorisPack Project
 
2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎
SachieMiyazaki
 
DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴
Sugawara Genki
 

Mais conteúdo relacionado

Mais procurados

Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
Van Phuc
 

Mais procurados (20)

The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Docker networking
Docker networkingDocker networking
Docker networking
 
Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and DockerPipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvr
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
 
Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
 

Destaque

What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014
Emma Haruka Iwao
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例
Kazuhito Ohkawa
 

Destaque (6)

2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎2014 jaws days-最強のawsに_rtc宮崎
2014 jaws days-最強のawsに_rtc宮崎
 
DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴DynamoDBのまえにキャッシュおく奴
DynamoDBのまえにキャッシュおく奴
 
What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible? from JAWS Days 2014
 
Measurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packetsMeasurement of Maximum new NAT-sessions per second / How to send packets
Measurement of Maximum new NAT-sessions per second / How to send packets
 
VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御VPC by Default時代のアクセス制御
VPC by Default時代のアクセス制御
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例
 

Semelhante a VyOS Users Meeting #2, VyOSのVXLANの話

Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
OCTO Technology
 

Semelhante a VyOS Users Meeting #2, VyOSのVXLANの話 (20)

NSX-MH
NSX-MHNSX-MH
NSX-MH
 
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rubén S....
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_dive
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
 

Último

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Último (20)

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 

VyOS Users Meeting #2, VyOSのVXLANの話

  • 1. VyOS VXLAN and Linux Device Driver VyOSのVXLANとLinuxのデバドラの話 2014/11/2 VyOS users meeting #2 Ryo Nakamura upa@haeena.net
  • 2. Virtual eXtensible LAN • An Ethernet over IP overlay. RFC7348. – Ethernet frame is encapsulated in IP + UDP + VXLAN headers. – VXLAN header contains 24bit Virtual Network Identifier (VNI) field. 2^24 L2 segments can be multiplexed in one VXLAN overlay network domain. – Unicast traffic is encapsulated in IP Unicast. – BUM traffic is encapsulated in IP Multicast. • Multicast based VTEP learning is described in RFC, Sec 4. – Many vendors propose and use their original control planes. – Of course, I know that Multicast is difficult in actual environments, but they don’t have INTEROPERBILITY :( 2
  • 3. Multicast based VTEP learning OuterIP Src A OuterIP Dst M SrcMAC : 1 DstMAC : FF VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:3 Node:4 Node:2 Node 1 send arp request Node 4 3 Node 1 is in VTEP A !!
  • 4. Multicast based VTEP learning VTEP:A VTEP:B Node:1 VTEP:D VTEP:C Node:4 Node:2 OuterIP Src D OuterIP Dst A SrcMAC : 4 DstMAC : 1 Node 4 send arp reply to Node 1 4 Node:3 Node 4 is in VTEP D !! Node 1 is in VTEP A !!
  • 5. VyOS VXLAN support • 2014/9/20, merged. 5
  • 6. Linux kernel version issue • Linux VXLAN Driver is appeared in kernel 3.7 – 2012/9/24, first patch was contributed to netdev. – I was really looking forward to Vyatta Core with kernel 3.7 and later. • Kernel version of VyOS Helium is 3.13.11 !! – HooooooooOOOO!!! WrrrrryyyyyyYYYYYYYYYY !!!!!!!! – Hydrogen is kernel 3.3 6
  • 7. VyOS VXLAN CLI • Under the interfaces section – set interfaces vxlan vxlan0 – set interfaces vxlan vxlan0 group 239.0.0.1 – set interfaces vxlan vxlan0 vni 0 – and basic interface operations • IPv4/v6 routing • bridge-group • policy interfaces { vxlan vxlan0 { group 239.0.0.1 vni 0 } } 7
  • 8. Operation example interfaces { vxlan vxlan0 { address 172.16.0.1/24 group 239.0.0.10 ip { ospf { cost 10 } } vni 0 } } protocols { ospf { area 0 { network 172.16.0.0/24 } } } 8
  • 9. Operation example vyos@vyos:~$ show interfaces vxlan vxlan0 vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether b2:74:c9:fa:1d:fd brd ff:ff:ff:ff:ff:ff inet 172.16.0.1/24 brd 172.16.0.255 scope global vxlan0 valid_lft forever preferred_lft forever inet6 fe80::b074:c9ff:fefa:1dfd/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collisions 2446 25 0 0 0 0 9
  • 10. Operation example vyos@vyos:~$ show ip ospf interface vxlan0 vxlan0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST> Internet Address 172.16.0.1/24, Broadcast 172.16.0.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.10.20.189, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.10.20.189, Interface Address 172.16.0.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 7.900s Neighbor Count is 0, Adjacent neighbor count is 0 10
  • 11. node.def • VXLAN interface name – Different number from VNI can be used to an interface name. But, I think it is really confusing :( val_help: <vxlanN>; VXLAN interface name syntax:expression: pattern $VAR(@) "vxlan[0-9]+$" 11
  • 12. node.def (cont’d) • REQUIRED – A vxlan overlay network is identified by VNI. – Multicast Group Address is required to encapsulate BUM Traffic in IP Multicast. Group Address can be reused for other VNI. commit:expression: $VAR(./group/) != ""; "Must configure vxlan group for $VAR(@)" commit:expression: $VAR(./vni/) != ""; "Must configure vxlan vni for $VAR(@)“ 12
  • 13. node.def (cont’d) • create interface VXLAN_VNI="id $VAR(./vni/@)" VXLAN_GROUP="group $VAR(./group/@)" VXLAN_TTL="ttl 16" if [ ! $VAR(./link/) == "" ]; then VXLAN_DEV="dev $VAR(./link/@)" fi ip link add name $VAR(@) type vxlan $VXLAN_VNI $VXLAN_GROUP $VXLAN_TTL $VXLAN_DEV ip link set $VAR(@) up touch /tmp/vxlan-$VAR(@)-create skimped work... underlay device And, execute iproute2 13
  • 14. Change vni or group of existing vxlan interfaces • Sorry, it is not supported. • Changing group or vni requires delete and re-create the vxlan interface. 14
  • 15. VXLAN in Linux • ip link add type vxlan – Pseudo ethernet interface : vxlanX – Interfaces are connected to each vxlan overlay network corresponding to a VNI (vxlan_dev and FDB / VNI) – Namespace is supported struct net_device Linux Kernel netif_rx(skb) vxlan1 FDB vxlan0 FDB kernel udp socket udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv iptunnel_xmit() 15
  • 16. How to specify attributes • ip link add type vxlan id 0 group X – Netlink API : An API to communicate to Kernel – NETLINK_ROUTE, NETLINK_NETFILTER and more Linux Kernel Userland Application Netlink Socket socket(AF_NETLINK, SOCK_RAW, netlink_family) Inter face routing table Netfilter struct nlmsghdr and rtattr etc 16
  • 17. How to specify attributes (cont’d) • ip link add type vxlan id 0 group X – RTNETLINK : routing socket • RTM_NEWLINK message is sent with attributes related to VXLAN (see man ip-link) int do_iplink(int argc, char **argv) { if (argc > 0) { if (iplink_have_newlink()) { if (matches(*argv, "add") == 0) return iplink_modify(RTM_NEWLINK, NLM_F_CREATE|NLM_F_EXCL, argc-1, argv+1); iproute2 package is a good text book of Netlink !! 17
  • 18. Attributes of vlxan interface • id : Virtual Network Identifier • dev : Uunderlay device (in VyOS, link) • group : Multicast group address • remote : An unicast IP address of VTEP for BUM traffic • local : Source IP address of encapsulated packet • ttl : TTL of encapsulated packet • port : Source port range of encapsulated packet But, these attributes can be only specified when a pseudo interface is created !! 18
  • 19. How to specify attributes (cont’d) • VXLAN driver kernel-source/drivers/net/vxlan.c – RTM messages are processed by rtnl_link_ops static struct rtnl_link_ops vxlan_link_ops __read_mostly = { .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, .priv_size = sizeof(struct vxlan_dev), .setup = vxlan_setup, .validate = vxlan_validate, .newlink = vxlan_newlink, .dellink = vxlan_dellink, .get_size = vxlan_get_size, .fill_info = vxlan_fill_info, }; vxlan_newlink () is called when RTM_NEWLINK is received 19
  • 20. vxlan_newlink () • Codes can not be pasted... too long... 1. Parse attributes 2. Set up parsed parameters to vxlan_dev 3. register_netdeivce 20
  • 21. And, you can see vxlan0 asano2:/home/upa % ifconfig vxlan0 vxlan0 Link encap:Ethernet HWaddr 02:0a:1e:ad:7f:31 inet6 addr: fe80::a:1eff:fead:7f31/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:690 (690.0 B) asano2:/home/upa % ip -d link show dev vxlan0 9: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 02:0a:1e:ad:7f:31 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 0 group 239.0.0.1 srcport 32768 61000 dstport 8472 ageing 300 asano2:/home/upa % bridge fdb show dev vxlan0 00:00:00:00:00:00 dst 239.0.0.1 self permanent 21
  • 22. As a result • vxlan parameters can not be changed after pseudo interface is created. • Do you have good ideas ? – I have just only one idea. • Use Generic Netlink like l2tp driver • Generic Netlink is a mechanism to add user defined netlink family dynamically. • It requires patches to vxlan driver and iproute2... 22
  • 23. Future work ? • Change destination port ? – Default is 8472 (OTV). 4789 is assigned for VXLAN by IANA – It can be changed through module_param. But it requires rmmod/insmod when port is changed. Of course, all pseudo interfaces are removed... • Support “remote” attribute – Easy. Is it needed for the community ? 23
  • 24. Overlay is the Only Way!! Thanks! upa@haeena.net 24