Home > Blogs > VMware vSphere Blog > Tag Archives: VXLAN

Tag Archives: VXLAN

VXLAN Series – Multiple logical networks mapped to one Multicast group address – Part 4

Posted on by
2

In this post I am going to address a common question about the security and performance impact when multiple logical Layer 2 networks are mapped to one multicast group address.

As mentioned in earlier post here, vCloud Networking and Security (vCNS) Manager is responsible for mapping the logical Layer 2 networks to multicast group addresses. If you provide less number of multicast group addresses than the logical layer 2 networks, vCNS manager will assign the logical layer 2 networks to multicast addresses in a round robin fashion. For example, if there are 4 logical L2 networks (A1,A2,A3,A4) and 2 multicast group addresses (M1, M2), Logical networks A1 and A3 will be mapped to multicast group address M1 while A2 and A4 are mapped to M2.

Continue reading

VXLAN Series – Multicast usage in VXLAN – Part 3

Posted on by
3

I covered some basics on Multicast in the last blog entry here. Let’s now take a look how multicast is utilized in VXLAN deployments. During the configuration of VXLAN, it is required to allocate a multicast address range and also define the number of logical Layer 2 networks that will be created. For more details on the configuration steps please refer to the VXLAN Deployment Guide.

Ideally, one logical Layer 2 network is associated with one multicast group address. Sixteen million logical Layer 2 networks can be identified in VXLAN, using 24 bit field in the encapsulation header, but the multicast group addresses are limited (224.0.0.0 to 239.255.255.255). In some scenarios it might not be possible to have one to one mapping of a logical Layer 2 network to multicast group address. In such scenarios the vCloud Networking and Security Manager maps multiple logical networks to a multicast group address. After the discussion on the association of multicast group to logical network, let’s take a look at some details on the logical network properties.

Continue reading

Using App Firewall with VXLAN Networks

Posted on by
1

VMware vCloud Networking and Security App Firewall is a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. In this blog, let’s look at how to micro-segment a VXLAN network to deploy a 3-tier application using vCloud Networking and Security 5.1 App Firewall.

Use Case

Each application is deployed using a separate VXLAN network as shown below.  To keep the diagram simple, only one application is shown below.  The application has three tiers – web, app and db.

Continue reading

VXLAN Series – Multicast Basics – Part 2

Posted on by
2

In the last post here, I provided some details on vSphere hosts configured as VTEPs in a VXLAN deployment. Also, I briefly mentioned that Multicast protocol support is required in the physical network for VXLAN to work. Before I discuss how Multicast is utilized in VXLAN deployment, I want to briefly talk about some of basics on Multicast.

In the diagram below you see three main types of communication modes that are common in a network – Unicast, Broadcast and Multicast.

Figure 1

Continue reading

VXLAN Series – Different Components – Part 1

Posted on by
4

In the last six months, I have talked to many customers and partners on Virtual eXtensible Local Area Network (VXLAN). One of the things I felt was challenging was how to explain the technology to two different type of audience. On one hand, there are Virtual Infrastructure administrators who want to know what problems this new technology is going to solve for them and what are the use cases. While on the other hand, there are Networking folks who want to dig into packet flows and all the innate protocol level details, how this technology compares with others, and what is the impact of this on the physical devices in the network etc.

The papers that we have made available “Network virtualization Design Guide” and “VXLAN Deployment Guide”, provides some basic knowledge about the technology, Use cases, and step-by-step deployment instructions. However, some of the detailed packet flow scenarios are not explained in these papers. So I thought it would be a good idea to put together a series of post discussing the packet flows in a VXLAN environment. Also, there are many common questions that I would like to address as part of this series.

To start this series, I will first describe the different components of the VMware’s VXLAN implementation.

Continue reading

New Hands-on Lab – An In-depth Exploration of vCloud Networking and Security

Posted on by
3

Over the last few months, you have seen my blog articles on the vCloud Networking and Security solution.  Some of you may have even been inspired to try it, but were not able to set aside or configure infrastructure to do any testing.  Well, here’s your chance to get hands-on experience on everything that I wrote, without committing any equipment in your lab.

HOL-SDC-1303 – An In-depth Exploration of vCloud Networking and Security is a brand-new hands-on lab that walks you through vCloud Networking and Security with a use-case based approach.  You can explore all of the following areas using this lab.

  • Prepare vSphere clusters for VXLAN logical network deployment
  • Logical network (VXLAN) provisioning
  • Connect the three-tier application virtual machines to logical networks and test connectivity between virtual machines on the same logical network
  • Deploy Edge Gateway and connect logical networks. Verify connectivity between virtual machines connected to different logical networks by using Edge Gateway
  • Define SNAT rule for accessing external (VLAN) network from virtual machines connected to VXLAN networks
  • Publish three-tier application web service using Edge load balancing
  • Configure Edge firewall rules to only open required ports and protocols between tiers of the application
  • Configure Edge High Availability
  • Micro-segmentation using App Firewall
  • Flow monitoring using App Firewall

This lab is now available in the VMware Hands-on Lab portal.  This online environment lets you run a wide variety of labs from any web browser, and is free to anyone.  You can register for access by visiting http://hol.vmware.com, where you can also find documentation, community discussions, and the HOL blog. Search for HOL-SDC-1303 in the catalog after logging to Hands-on Lab portal.

I would like to thank Ray Budavari, Bill Call, Charu Chaubal, Joseph Dieckhans, Andrew Hald and Pablo Roesch for all their help in making this hands-on-lab available.

Get notification of these blogs and more vCloud Networking and Security information by following me on Twitter @vCloudNetSec.

VMware VXLAN Deployment Guide available for Download

Posted on by
1

Recently I posted the Network Virtualization Design Guide that provides details on the different components of VMware’s VXLAN based network virtualization solution. The guide also discusses the packet flow and design considerations while deploying VXLAN in an existing and a green field environment.

To accompany this design guide we have put together a VXLAN deployment guide that provides more detail on how to prepare your clusters and existing networks and how to consume logical networks. The consumption of logical networks is shown through the vCloud Networking and Security Manager and vCenter Server UI. Those who are using vCloud Director in their environment the consumption of VXLAN network pool is similar to the consumption of any other type of network pool. The VXLAN preparation process in vCloud Director deployment is same as described in this paper.

Please download the guide from here.

Get notification of these blogs postings and more VMware Networking information by following me on Twitter:  @VMWNetworking

Download VMware Network Virtualization Design Guide

Posted on by
1

I am happy to announce the availability of the VMware Network Virtualization Design Guide. This guide provides an overview of the key attributes of network virtualization technology. Then the paper discusses different components of VMware’s Network virtualization solution and explains VXLAN in detail. Finally, the design considerations section discusses couple of real life deployments and provides guidelines on how to prepare VXLAN fabric. On top of this VXLAN fabric, customers can now create and delete logical Layer 2 networks through few clicks, providing them the software defined network capability.

Please download this paper from here.

I will be happy to address any of your questions or comments.

Get notification of these blogs postings and more VMware Networking information by following me on Twitter:  @VMWNetworking

PEX 2013 – vCloud Networking and Security Sessions

Posted on by
Reply

This year’s VMware Partner Exchange 2013 conference is going to be in Las Vegas from Feb 25th to Feb 28th. You can get more details about the conference here.

If you are already registered and attending the event, I would like to bring to your attention some of the vCloud Networking and Security sessions.

There are couple of workshops that will provide more technical deep dive content, practical use case details and demonstrations. Please register for these workshops early because seats are limited :

1) CI1282 – Delivering PCI compliance on vCloud Suite Workshop

2) CI1440 – vCloud Networking and Security Workshop

Apart from these workshops there are the following break out sessions:

1) CI1225 – vSphere Distributed Switch – What’s New

2) CI1478 – vCloud Networking and Security – What’s New

3) CI1510 - Security in Software-defined Datacenter – What’s New

4) CI1530 - vCloud Network and Security – Deployment Examples

5) CI1387 - vCloud Networking and Security – Ecosystem

I will be there speaking in a workshop and break out session. So hope to see you there.

Get notification of these blogs postings and more VMware Networking information by following me on Twitter:  @VMWNetworking

Useful VXLAN commands in ESXCLI 5.1

Posted on by
6

Recently I have been doing some work with VXLAN with my colleagues Venky Deshpande who is responsible for vCloud Networking and Ranga Maddipudi who is responsible for vCloud Security within our technical marketing team (I call them the vCloud Networking & Security Duo). While working in our lab, I came across several VXLAN commands in ESXCLI that I thought might come in handy when configuring or troubleshooting a VMware VXLAN environment. The new VXLAN namespace in ESXCLI 5.1 provides both VXLAN configuration details as well network statistics for an individual ESXi host.

Continue reading