VXLAN is a Layer 2 overlay scheme over a Layer 3 network. Overlays are called VXLAN segments and only VMs and physical machines (tenents) within the same segment have Layer 2 connectivity. VXLAN segments are uniquely identified using an identifier called the VXLAN Network Identifier (VNI). The VNI is a 24-bit identifier; therefore, an administrative domain can support up to 16 million overlay networks.
As the scope of the MACs originated by tenants is restricted by the VNI, overlapping MAC addresses across segments can be supported without traffic leaking between tenant segments. When a tenant frame traverses a VXLAN overlay network, it is encapsulated by a VXLAN header that contains the VNI. This frame is further encapsulated in a UDP header and L2/L3 headers.
VXLAN can add up to a 54-byte header to the tenant VM‘s frame. For VXLAN to work correctly, this requires that the IP MTU be set to at least 1554 bytes on the network-side interfaces. IP MTU of 1554 should also be set on all transit nodes which carry VxLAN traffic. The point at which a tenant frame is encapsulated (or decapsulated) is referred to as a VXLAN Tunnel Endpoint (or VTEP). VTEPs are typically located on hypervisors but may also be located on physical network switches. Network switches that act as a VTEP are referred to as VXLAN gateways.
The role to encapsulate/decapsulate a frame is performed by a VXLAN Tunnel Endpoint (VTEP), also referred to as a VXLAN gateway. A VXLAN gateway can be a Layer 2 gateway or Layer 3 gateway depending on its capacity. A Layer 2 gateway acts as a bridge connecting VXLAN segments to VLAN (Virtual LAN) segments. A Layer 3 gateway performs all that of Layer 2 gateway, and capable of routing traffic between tenant VLANs/VMANs.
At tunnel initiation, a gateway looks up the destination MAC address of the frame received from the tenant VM. If the MAC address to remote VTEP IP binding is known, the gateway adds the VXLAN header and the IP/UDP header to the frame and forwards toward the DC network. A gateway node that terminates a tunnel removes the encapsulation headers from the packet and determines the bridge domain of the inner frame by examining the VNID received in the VXLAN header. The gateway then looks up the inner MAC destination address (DA) in the tenant VLAN's/VMAN's filtering database and decides either to flood or forward the frame to tenant ports.
The VXLAN segments with the same virtual network ID form a virtual network with one Ethernet broadcast domain.
Note
ExtremeXOS implements only Layer 2 gateways.Note
ExtremeXOS VXLAN supports VMware's NSX® for Multi-Hypervisor™ controllers using OVSDB hardware_vtep schema (see Open vSwitch Database Management Protocol (OVSDB) Overview).VXLAN is supported on the Summit X770, X670-G2, and ExtremeSwitching X870, X690 series switches, and stacks with X770, X670-G2, X870, and X690 slots only.
The following capabilities are not supported in ExtremeXOS:
Feature/Capability | Tenant Network | Underlay Network | Rest of the Switch |
---|---|---|---|
VLAN with: Multiple C-Tags on the same port or different C-Tags on different ports | Future | Future | No new restrictions |
MAC-based and Protocol-based VLANs | Not supported | Not supported | No new restrictions |
VMANs | Supported | Not supported | No new restrictions |
CEP | Not supported | Not supported | No new restrictions |
Configuring LAG (Link Aggregation Group) on ports (static and LACP) | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later | No new restrictions |
Configuring MLAG (Multi-switch Link Aggregation Group) on ports | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later |
Limit learning and MAC locking | Not supported | Not supported | ExtremeXOS 21.1 or later |
Configuring IP (v4/v6) address on a VLAN | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later | No new restrictions |
Enabling IP and IPMC forwarding | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
Interface virtual router configuration | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
Spanning tree (802.1d, RSTP, MSTP (Multiple Spanning Tree Protocol), EMISTP, and PVST+) | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
Ring protocols (EAPS (Extreme Automatic Protection Switching) and ERPS) | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later | No new restrictions |
VRRP (Virtual Router Redundancy Protocol) | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
ESRP | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
IGMP (Internet Group Management Protocol) Snooping | Not supported. | ExtremeXOS 21.1 or later | No new restrictions |
Unicast routing protocols | Not supported. | ExtremeXOS 21.1 or later | No new restrictions |
PIM (SM, DM, SSM) | Not supported | ExtremeXOS 21.1 or later | No new restrictions |
PIM Bidir | Not supported | Future | No new restrictions |
MVR | Not supported | Future | No new restrictions |
MPLS (Multiprotocol Label Switching) | Not supported | Not supported | No new restrictions |
VPLS Service VLAN configuration | Not supported | Not supported | No new restrictions |
DCBX | Not supported | Not supported | No new restrictions |
ETS | ExtremeXOS 21.1 or later | ExtremeXOS 21.1 or later | No new restrictions |
Extreme Network Virtualization (XNV) | Not supported | Not supported | Restricted |
Private VLANs, VLAN aggregation, VLAN translation | Not supported | Not supported | No new restrictions |
Identity Management | Not supported | Not supported | Restricted |
IP security (DHCP (Dynamic Host Configuration Protocol) Snooping, ARP lockdown) | Not supported | Not supported | No new restrictions |
802.1ag CFM and Y.1731 performance monitoring | Not supported | No supported | No new restrictions |
BFD | Not supported | Not supported | No new restrictions |
AVB protocols (MVRP, gPTP, MSRP, FQTSS) | Not supported | Not supported | Restricted |
FIP Snooping | Not supported | Not supported | No new restrictions |
Layer 2 Protocol Tunneling | Not supported | Not supported | No new restrictions |
NetLogin | Not supported | No new restrictions. | No new restrictions |
Priority Flow Control | Not supported | No new restrictions. | No new restrictions |
Note