linux bridge l2 overlays e vpn
play

Linux Bridge, l2-overlays, E-VPN! Roopa Prabhu Cumulus Networks - PowerPoint PPT Presentation

Oct 01, 2023 •443 likes •1.35k views

Linux Bridge, l2-overlays, E-VPN! Roopa Prabhu Cumulus Networks This tutorial is about ... Linux bridge at the center of data center Layer-2 deployments Deploying Layer-2 network virtualization overlays with Linux Linux hardware

  1. Linux Bridge, l2-overlays, E-VPN! Roopa Prabhu Cumulus Networks

  2. This tutorial is about ... ● Linux bridge at the center of data center Layer-2 deployments ● Deploying Layer-2 network virtualization overlays with Linux ● Linux hardware vxlan tunnel end points ● Ethernet VPN’s: BGP as a control plane for Network virtualization overlays 2

  3. Tutorial Focus/Goals .. • Outline and document Layer-2 deployment models with Linux bridge • Focus is on Data center deployments ▪ All Examples are from a TOR (Top-of-the-rack) switch running Linux Bridge 3

  4. Tutorial flow ... Data Linux center bridge Layer-2 networks Linux Layer-2 bridge and overlay Vxlan networks Linux bridge E-VPN: BGP and E-VPN control plane for overlay networks 4

  5. Data Center Network Basics • Racks of servers grouped into PODs • Vlans, Subnets stretched across Racks or POD’s • Overview of data center network designs [1] ▪ Layer 2 ▪ Hybrid layer 2-3 ▪ Layer 3 • Modern Data center networks: ▪ Clos Topology [2] ▪ Layer 3 or Hybrid Layer 2-3 5

  6. Modern Data center network SPINE LEAF/TOR 6

  7. Hybrid layer-2 - layer-3 data center network SPINE Layer-2 gateway Layer2-3 boundary LEAF (TOR) 7

  8. Layer-3 only data center network SPINE Layer-3 gateway layer-3 boundary LEAF (TOR) 8

  9. Layer-2 Gateways with Linux Bridge 9

  10. Layer-2 Gateways with Linux Bridge • Connect layer-2 segments with bridge • Bridge within same vlans • TOR switch can be your L2 gateway bridging between vlans on the servers in the same rack 10

  11. What do you need ? • TOR switches running Linux Bridge • Switch ports are bridge ports • Bridge vlan filtering or non-vlan filtering mode: • Linux bridge supports two modes: • A more modern scalable vlan filtering mode • Or old traditional non-vlan filtering mode 11

  12. Layer-2 switching within a vlan Non-vlan filtering bridge vlan filtering bridge bridge bridge swp2 swp1 swp1.100 swp2.100 vlan: 100 vlan: 100, swp1 swp2 12

  13. Routing between vlans Non-vlan filtering bridge vlan filtering bridge Bridge.10 Bridge.20 Bridge20 Bridge10 10.0.1.20 10.0.3.20 10.0.3.20 10.0.1.20 bridge swp1.10 swp2.10 swp1.20 swp2.20 swp2 swp1 swp1 swp2 vlan: 10 vlan: 20 13

  14. Scaling with Linux bridge A vlan filtering bridge results in less number of overall net-devices Example: Deploying 2000 vlans 1-2000 on 32 ports: • non-Vlan filtering bridge: ▪ Ports + 2000 vlan devices per port + 2000 bridge devices ▪ 32 + 2000 * 32 + 2000 = 66032 • Vlan filtering bridge: ▪ 32 ports + 1 bridge device + 2000 vlan devices on bridge for routing ▪ 32 + 1 + 2000 = 2033 netdevices 14

  15. L2 gateway on the TOR with Linux bridge Spine - leaf* are l2 gateways - Bridge within the same vlan and rack and route between vlans - bridge.* vlan interfaces are used for routing bridge.10 Leaf2 bridge.30 Leaf1 bridge.20 Leaf3 bridge bridge bridge swp1 swp1 swp1 swp2 swp2 leaf2 swp2 leaf3 leaf1 Host/VM 1 Host/VM 3 Host/VM 2 Mac1, mac3, VLAN-30 mac2, VLAN-20 VLAN-10 Host/VM 11 Host/VM 22 Host/VM 33 Mac11, VLAN-10 mac22, VLAN-20 mac33, VLAN-30 Hosts Rack1 Hosts Rack2 Hosts Rack3 15

  16. Bridge features and flags • Learning • Igmp Snooping • Selective control of broadcast, multicast and unknown unicast traffic • Arp and ND proxying • STP 16

  17. Note: for the rest of this tutorial we will only use the vlan filtering bridge for simplicity. 17

  18. Layer-2 - Overlay Networks 18

  19. Overlay networks basics • Overlay networks are an approach for providing network virtualization services to a set of Tenant Systems (TSs) • Overlay networks achieve network virtualization by overlaying layer 2 networks over physical layer 3 networks 19

  20. Network Virtualization End-points • Network virtualization endpoints (NVE) provide a logical interconnect between Tenant Systems that belong to a specific Virtual network (VN) • NVE implements the overlay protocol (eg: vxlan) 20

  21. NVE Types • Layer-2 NVE ▪ Tenant Systems appear to be interconnected by a LAN environment over an L3 underlay • Layer-3 NVE ▪ An L3 NVE provides virtualized IP forwarding service, similar to IP VPN 21

  22. Overlay network L3 underlay network NVE NVE TS TS 22

  23. Why Overlay networks ? • Isolation between tenant systems • Stretch layer-2 networks across racks, POD’s, inter or intra data centers ▪ Layer-2 networks are stretched • To allow VM’s talking over same broadcast domain to continue after VM mobility without changing network configuration • In many cases this is also needed due to Software licensing tied to mac-addresses 23

  24. Why Overlay networks ? (Continued) • Leverage benefits of L3 networks while maintaining L2 reachability • Cloud computing demands: ▪ Multi tenancy ▪ Abstract physical resources to enable sharing 24

  25. NVE deployment options Overlay network end-points (NVE) can be deployed on • The host or hypervisor or container OS (System where Tenant systems are located) OR • On the Top-of-the-rack (TOR) switch 25

  26. VTEP on the servers or the TOR ? Vxlan tunnel endpoint on the Vxlan tunnel endpoint on the TOR: servers: • A TOR can act as a l2 • Hypervisor or container overlay gateway mapping orchestration systems tenants to VNI can directly map tenants • Vxlan encap and decap at to VNI line rate in hardware • Works very well in a • Tenants are mapped to pure layer-3 datacenter: vlans. Vlans are mapped terminate VNI on the to VNI at TOR servers 26

  27. Layer-2 Overlay network dataplane: vxlan • VNI - virtual network identifier (24 bit) • Vxlan tunnel endpoints (VTEPS) encap and decap vxlan packets • VTEP has a routable ip address • Linux vxlan driver • Tenant to vni mapping 27

  28. Vxlan tunnel end-point on the hypervisor SPINE Layer-3 gateway or overlay gateway layer-3 boundary LEAF (TOR) Vteps on hypervisor 28

  29. Vxlan tunnel end-point on the TOR switch SPINE Layer-2 overlay gateway: vxlan vteps Layer2-3 boundary LEAF (TOR) Vlans on the hypervisors 29

  30. Linux vxlan tunnel end point (layer-3) vxlan vxlan L3 gateway L3 underlay L3 gateway Vxlan driver Vxlan driver Tenant Tenant systems systems • Tenant systems directly mapped to VNI 30

  31. Linux Layer-2 overlay gateway: vxlan Vlans-to-vxlan Vlans-to-vxlan vxlan-to-vlans vxlan-to-vlans vxlan vxlan Linux bridge Vxlan Vxlan Linux bridge L3 overlay (gateway) driver driver (gateway) vlans vlans Tenant Tenant systems systems • Tenant systems mapped to vlans • Linux bridge on the TOR maps vlans to vni 31

  32. FDB Learning options • Flood and learn (default) • Control plane learning ▪ Control plane protocols disseminate end point address mappings to vteps ▪ Typically done via a controller • Static mac install via orchestration tools 32

  33. Layer-2 overlay gateway tunnel fdb tables Linux bridge Driver fdb table Local port remote tunnel port Vlan Vlan mapped to tunnel id Tunnel driver Local port Remote dst fdb table LInux bridge and tunnel endpoints maintain separate fdb tables ● Linux bridge fdb table contains all macs in the stretched L2 segment ● Tunnel end point fdb table contains remote dst reachability information ● 33

  34. Bridge and vxlan driver fdb Bridge fdb <local_mac>, <vlan>, <local_port> <remote_mac>, <vlan>, <vxlan port> Vlan is mapped to vni Vxlan fdb <remote_mac>, <vni>, <remote vtep dst> Local port Vxlan fdb is an extension of bridge fdb table with additional remote dst ● entry info per fdb entry Vlan entry in bridge fdb entry maps to vni in vxlan fdb ● 34

  35. Broadcast, unknown unicast and multicast traffic (BUM) • An l2 network by default floods unknown traffic • Unnecessary traffic leads to wasted bw and cpu cycles • This is aggravated when l2 networks are stretched to larger areas: across racks, POD’s or data centers • Various optimizations can be considered in such l2 stretched overlay networks 35

  36. Bridge driver handling of BUM traffic Bridge driver has separate controls • To drop broadcast, unknown unicast and multicast traffic 36

  37. Vxlan driver handling of BUM traffic • Multicast: Use a multicast group to forward BUM traffic to registered vteps ▪ • Multicast group can be specified during creation of the vxlan device • Head end replication: • Default remote vtep list to replicate a BUM traffic to • Can be specified by a vxlan all-zero fdb entry pointing to a remote vtep list • Flood: simply flood to all remote ports Control plane can minimize flood by making sure every vtep knows ▪ remote end-points it cares about • 37

  38. Vxlan netdev types • A traditional vxlan netdev ▪ Deployed with one netdev per vni ▪ Each vxlan netdev maintains forwarding database (fdb) for its vni • Fdb entries hashed by mac • Recent kernels support ability to deploy a single vxlan netdev for all VNI’s ▪ Such a mode is called collect_metadata or LWT mode ▪ A single forwarding database (fdb) for all VNI’s ▪ Fdb entries are hashed by <mac, VNI> 38

  39. Linux L2 vxlan overlay gateway example 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RITlug Week 2: Intro to Desktop Environments What exactly is Linux anyway? Generally when

RITlug Week 2: Intro to Desktop Environments What exactly is Linux anyway? Generally when

RITlug Week 2: Intro to Desktop Environments What exactly is Linux anyway? Generally when someone refers to Linux - they are really referring to a specific Linux distribution Linux itself is only an operating system kernel. A bridge between

775 views • 19 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Structured Overlays: Attacks, Defenses, and all things Proximity April 27th, 2006 Wyman Park 4 th

Structured Overlays: Attacks, Defenses, and all things Proximity April 27th, 2006 Wyman Park 4 th

Structured Overlays: Attacks, Defenses, and all things Proximity April 27th, 2006 Wyman Park 4 th Floor Conference Room Presentation by: Jay Zarfoss Our roadmap General overview of Overlays / DHTs Chord [13] Pastry [7]

1.28k views • 68 slides
Providing Administrative Control and Autonomy in Structured Peer-to-Peer Overlays Alan Mislove

Providing Administrative Control and Autonomy in Structured Peer-to-Peer Overlays Alan Mislove

Providing Administrative Control and Autonomy in Structured Peer-to-Peer Overlays Alan Mislove and Peter Druschel Rice University 1 Problem Structured p2p overlays designed so that Participating organizations contribute resources Use the

268 views • 22 slides
5 th Street SE Bridge Overview Bridge is functionally obsolete New bridge funded with

5 th Street SE Bridge Overview Bridge is functionally obsolete New bridge funded with

5 th Street SE Bridge Overview Bridge is functionally obsolete New bridge funded with federal money Layout was approved 2017 MnDOT hosted several visual quality workshops where community members were able to select bridge

530 views • 13 slides
Thin Asphalt Overlays for Pavement Preservation Mid-Year Asphalt Pavement Technical Seminar

Thin Asphalt Overlays for Pavement Preservation Mid-Year Asphalt Pavement Technical Seminar

Thin Asphalt Overlays for Pavement Preservation Mid-Year Asphalt Pavement Technical Seminar Sponsored by Flexible Pavements of Ohio Defining a Thin Asphalt Overlay? Thin overlays are typically 1 inch thick (ODOT defines as any

697 views • 43 slides
S T R ATA L O G I C A O V E R V I E W Stratalogica is a web-based program that overlays Nystrom

S T R ATA L O G I C A O V E R V I E W Stratalogica is a web-based program that overlays Nystrom

S T R ATA L O G I C A O V E R V I E W Stratalogica is a web-based program that overlays Nystrom thematic and historical maps on top of google earth [providing an absolutely amazing way to teach and learn geography]. T H R E E U S E S 1) Tier

522 views • 12 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Linux, whats that? The pieces of a Linux system Linux Concepts Distributions Desktop environments Switching to Linux Epilogue Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux system Linux

766 views • 57 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux FoundaGon

721 views • 55 slides
Bridge How Bridge Can Benefit Your School and Your Students Benefits of Playing Bridge Benefit

Bridge How Bridge Can Benefit Your School and Your Students Benefits of Playing Bridge Benefit

Bridge How Bridge Can Benefit Your School and Your Students Benefits of Playing Bridge Benefit to Administrators Improvement in Standardized Test Scores Promote STEM Education Goals Students Learn Cooperation and Communication

531 views • 14 slides
Network Coding for the Internet and Wireless Networks Philip A. Chou with thanks to Yunnan Wu,

Network Coding for the Internet and Wireless Networks Philip A. Chou with thanks to Yunnan Wu,

Network Coding for the Internet and Wireless Networks Philip A. Chou with thanks to Yunnan Wu, Kamal Jain, and Pablo Rodruiguez Microsoft Research Banff International Research Station July 23-28, 2005 Outline Introduction to Network

840 views • 41 slides
Goals of New Project Engage students with hot topics Expose students to family physician

Goals of New Project Engage students with hot topics Expose students to family physician

Google Hangouts Captivate Audiences: An Innovative Experiment by the AAFP FMIG Network Sam Carlson Ashley Bentley AAFP Medical Education Division Goals of New Project Engage students with hot topics Expose students to family

341 views • 5 slides
Low-power Internet of Things with NDN &amp; Cooperative Caching Oliver Hahm INRIA/Zhlke

Low-power Internet of Things with NDN &amp; Cooperative Caching Oliver Hahm INRIA/Zhlke

Low-power Internet of Things with NDN &amp; Cooperative Caching Oliver Hahm INRIA/Zhlke Emmanuel Baccelli, Cdric Adjih, Laurent Massouli INRIA Thomas C. Schmidt HAW Hamburg Matthias Whlisch Freie Universitt Berlin Low-power

644 views • 33 slides
1 Testing the Impact of Radio Testing the Impact of Radio Impact of Radio Irregularity Impact

1 Testing the Impact of Radio Testing the Impact of Radio Impact of Radio Irregularity Impact

GOAL GOAL Impact of Radio Irregularity Impact of Radio Irregularity Modify the current isotropic radio models Modify the current isotropic radio models assumed in simulation to account for the assumed in simulation to account for the

324 views • 4 slides
The Future of All-IP Broadband Wireless Mobile Networks ASWN 2004 Presentation August 11, 2004

The Future of All-IP Broadband Wireless Mobile Networks ASWN 2004 Presentation August 11, 2004

The Future of All-IP Broadband Wireless Mobile Networks ASWN 2004 Presentation August 11, 2004 Airvana Proprietary &amp; Confidential ASWN 2004 Presentation Page 1 Outline Market Trends Technology Evolution Emerging Services and

824 views • 36 slides
Prestige Lecture Series on Science of Information Information Theory Today Sergio Verd u

Prestige Lecture Series on Science of Information Information Theory Today Sergio Verd u

Prestige Lecture Series on Science of Information Information Theory Today Sergio Verd u Princeton University . Department of Computer Science Purdue University October 2, 2006 699 months ago... 1 Information Theory as a Design Driver

1.08k views • 62 slides
Outline Background 15-441/641: Computer Networks Technologies: Internet Video Delivery

Outline Background 15-441/641: Computer Networks Technologies: Internet Video Delivery

10/22/2019 Outline Background 15-441/641: Computer Networks Technologies: Internet Video Delivery HTTP download Real-time streaming 15-441 Fall 2019 HTTP streaming Profs Peter Steenkiste &amp; Justine Sherry Runtime

417 views • 10 slides
MULTI-LAYER VIDEO STREAMING WITH HELPER NODES USING NETWORK CODING Pouya Ostovari, Abdallah

MULTI-LAYER VIDEO STREAMING WITH HELPER NODES USING NETWORK CODING Pouya Ostovari, Abdallah

MULTI-LAYER VIDEO STREAMING WITH HELPER NODES USING NETWORK CODING Pouya Ostovari, Abdallah Khreishah, and Jie Wu Computer and Information Sciences Temple University IEEE MASS 2013 Center for Networked Computing http://www.cnc.temple.edu

314 views • 29 slides

More recommend