Virtual eXtensible LANs - VXLANs

The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium.

VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within a host, each VLAN whose network is extended to other hosts is associated with a VNI. In our topology they are three l2 bridged domains (Picture 1). They are interconnected by Layer 3 network. Each L2 domain has VLAN 10 and VLAN 20 configured. The VNI 1010 is associated with VLAN10 and VNI 2020 is associated with VLAN20.

Picture 1 - Block Diagram of Network Topology

VXLAN Tunnel End Point (VTEP) is a host with at least one VXLAN Tunnel Interface (VTI). VTEPs are intended to be at the edge of the network, typically connecting an access switch (virtual or physical) to an IP transport network. Switches vEOS-1, vEOS-2 and Openswitch-1 represent VTEPs. (Picture 2). Each VTEP has two interfaces. One is a bridge domain trunk port to the access switch (vIOS-L2-1, vIOS-L2-2), and the other is an IP interface to the IP network. The Openvswitch VM has no trunk configured. Instead, the hosts Core-5 and Core-6 are directly connected to VTEP.

Picture 2 - Network Topology

VXLAN Tunnel Interface (VTI) is a switchport linked to a UDP socket that is shared with VLANs on various hosts. Packets bridged from a VLAN to the VTI are sent out the UDP socket with a VXLAN header. Packets arriving on the VTI through the UDP socket are demuxed to VLANs for bridging.

Virtual Network Identifier (VNI) is a 24-bit number that distinguishes between the VLANs carried on a VTI. It facilitates the multiplexing of several VLANs over a single VTI.

Used Software
- Host OS: Kubuntu 18.04.1 LTS
-- QEMU emulator version 3.0.0
- GNS3 2.1.11 with the following QEMU network nodes:
--- - Ubuntu 18.04.1 LTS: Openvswitch 2.9.0 and FRRouting 6.0
--- - vIOS-L2: Cisco IOS, vios_l2 Software, version 15.2
--- - vIOS-L3: Cisco IOS , IOSv Software, version 15.6(2)T
--- - vEOS: Arista vEOS 4.20.1F
--- - Core: Linux Core 6.3 (kernel 3.16.6-tinycore64)

Hardware Requirements: number x RAM / HDD
- Ubuntu 18.04.1 LTS: 1x 2048MB / 2,9GB
- vIOS-L2: 2x 768 MB / 95,0MB
- vIOS-L3: 1x 512MB / 128.5MB
- vEOS: 2x 2048MB / 993.7MB
- Linux Core: 6x 128MB / 102,8MB

Total RAM Requirements used for virtualization  = 8960MB

1. Cisco vIOS-L3-1

hostname vIOS-L3-1

ip multicast-routing

interface Loopback0
ip address 172.16.1.3 255.255.255.255

interface GigabitEthernet0/0
description Link to vEOS2
ip address 10.0.0.6 255.255.255.252

interface GigabitEthernet0/1
description Link to VEOS-1
ip address 10.0.0.2 255.255.255.252

interface GigabitEthernet0/2
description Link to Openswitch-1
ip address 10.0.0.10 255.255.255.252

router ospf 1
network 10.0.0.0 0.0.0.3 area 0
network 10.0.0.4 0.0.0.3 area 0
network 10.0.0.8 0.0.0.3 area 0
network 172.16.1.3 0.0.0.0 area 0

2. Arista vEOS1

hostname vEOS1

vlan 10,20

interface Ethernet1
 description Link to vIOS-L2-1
 switchport trunk allowed vlan 10,20
 switchport mode trunk

interface Ethernet2
 description Link to vIOS-L3-I
 no switchport
 ip address 10.0.0.1/30

interface Loopback0
 ip address 172.16.1.1/32

interface Vlan10
 ip address 192.168.1.254/24

interface Vlan20
 ip address 192.168.2.254/24

interface Vxlan1
 vxlan source-interface Loopback0
 vxlan udp-port 4789
 vxlan vlan 10 vni 1010
 vxlan vlan 20 vni 2020
 vxlan vlan 10 flood vtep 172.16.1.2 172.16.1.4
 vxlan vlan 20 flood vtep 172.16.1.2 172.16.1.4

ip routing

router ospf 1
 network 10.0.0.0/30 area 0.0.0.0
 network 172.16.1.1/32 area 0.0.0.0

3. Arista vEOS2

hostname vEOS2

vlan 10,20

interface Ethernet1
description Link to vIOS-L2-2
switchport trunk allowed vlan 10,20
switchport mode trunk

interface Ethernet2
description Link to vIOS-L3-1
no switchport
ip address 10.0.0.5/30

interface Loopback0
ip address 172.16.1.2/32

interface Vlan10
ip address 192.168.1.253/24

interface Vlan20
ip address 192.168.2.253/24

interface Vxlan1
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vlan 10 vni 1010
vxlan vlan 20 vni 2020
vxlan vlan 10 flood vtep 172.16.1.1 172.16.1.4
vxlan vlan 20 flood vtep 172.16.1.1 172.16.1.4

ip routing

router ospf 1
network 10.0.0.4/30 area 0.0.0.0
network 172.16.1.2/32 area 0.0.0.0

4. Cisco vIOS-L2-1

hostname vIOS-L2-1

interface GigabitEthernet0/0
description Link to vEOS-1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk

interface GigabitEthernet0/1
description Link to Core-1
switchport access vlan 10
switchport mode access

interface GigabitEthernet0/2
description Link to Core-2
switchport access vlan 20
switchport mode access

5. Cisco vIOS-L2-2

hostname vIOS-L2-2

interface GigabitEthernet0/0
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk

interface GigabitEthernet0/1
description Link to Core-3
switchport access vlan 10
switchport mode access

interface GigabitEthernet0/2
description Link to Core4
switchport access vlan 20
switchport mode access

6. Linux 18.04.1 Server - Openvswitch-1

We will use QEMu VM with installed Linux Ubuntu Server 18.04.1 LTS. The VM contains FRRrouting 6.0 and Openvswitch 2.9.0 that have been installed by the script install_router.sh. The script also enables both IPv4 forwarding and output to a serial console, reduces timeout for network interfaces to 15sec during boot and stops renaming network interfaces.

6.1. Linux Configuration

Change Linux hostname.

$ sudo su
# hostname Openvswitch-1
# echo "Openvswitch-1" > /etc/hostname

6.2 Create Interfaces

Create loopback (dummy) interface lo0 using iproute utility and make it persistent.

$ sudo su
# ip link add dev lo0 type dummy user $(whoami)
# echo "ip link add dev lo0 type dummy" >> /etc/rc.local

# chmod +x /etc/rc.local

Bring interfaces up after boot.

# echo 'for interface in eth0 eth1 eth2 bridge10 bridge 20; do' >> /etc/rc.local
# echo ' ip link set dev "$interface" up' >> /etc/rc.local
# echo 'done' >> /etc/rc.local

6.3 Openvswitch Configuration

Create bridges bridge0 and bridge20.

$ sudo su
# ovs-vsctl add-br bridge10
# ovs-vsctl add-br bridge20

# ovs-vsctl add-port bridge10 vxlan10-rip1 \
-- set interface vxlan10-rip1 type=vxlan  options:key=1010 options:remote_ip=172.16.1.1 options:local_ip=172.16.1.4

# ovs-vsctl add-port bridge10 vxlan10-rip2 \
-- set interface vxlan10-rip2 type=vxlan  options:key=1010 options:remote_ip=172.16.1.2 options:local_ip=172.16.1.4

# ovs-vsctl add-port bridge20 vxlan20-rip1 \
-- set interface vxlan20-rip1 type=vxlan  options:key=2020 options:remote_ip=172.16.1.1 options:local_ip=172.16.1.4

# ovs-vsctl add-port bridge20 vxlan20-rip2 \
-- set interface vxlan20-rip2 type=vxlan  options:key=2020 options:remote_ip=172.16.1.2 options:local_ip=172.16.1.4

Add access interfaces to bridges.

# ovs-vsctl add-port bridge10 eth1
# ovs-vsctl add-port bridge20 eth2

Check Openvswitch configuration with the command below.

# ovs-vsctl show

6.4 FRRouting Coniguration

Configure L3 interfaces and OSPF.

ubuntu@server:~$ vtysh

interface bridge10
ip address 192.168.1.252/24

interface bridge20
ip address 192.168.2.252/24

interface eth0
description Link to vIOS-L3-1
ip address 10.0.0.9/30

interface lo0
ip address 172.16.1.4/32

router ospf
network 10.0.0.8/30 area 0
network 172.16.1.4/32 area 0

7. Testing

The show interface vxlan 1 displays the configuration and connection status of the VXLAN on vEOS-1 (Picture 3).

vEOS1# show interfaces vxlan 1

Picture 3 - Checking VXLAN1 Configuration and Status

To check if remote VTEPs are available, issue the command (Picture 4).

vEOS1# show vxlan vtep

Picture 4 - Checking Remote VTEPs

If we shutdown the interface eth0 on the VTEP 172.16.1.4 (Openswitch-1), the VTEP is removed from the list on vEOS-1 (Picture 5).

vEOS1# show vxlan vtep

Picture 5 - Checking Remote VTEPs

To check VXLAN address table issue the command below (Picture 6). The address table contains four records:

Vlan10 0cf8.e124.a500 (Core-3) 172.16.1.2
Vlan10 0cf8.e185.2b00 (Core-5) 172.16.1.4
Vlan20 0cf8.e120.1000 (Core-6) 172.16.1.4
Vlan20 0cf8.e1b4.5700 (Core-4) 172.16.1.2

vEOS1# show vxlan address-table

Picture 6 - VXLAN Address Table

As the last step, we are going to test connectivity within VLAN10. Firstly, issue the ping command from Core-1 to Core-3 and Core-5 (Picture 7).

Core-1$ for host in 192.168.1.2 192.168.1.3; do ping -c 1 "$host"; done

Picture 7 - Testing Connectivity Within VLAN10

Afterwards, test connectivity within VLAN20 issuing the ping command from Core-2 to Core-4 and Core-6 (Picture 8).

Core-2$ for host in 192.168.2.2 192.168.2.3; do ping -c 1 "$host"; done

Picture 8 - Testing Connectivity Within VLAN20

VXLAN packet format is shown on the Picture 9.

Picture 9 - VXLAN Packet Format

The original Layer 2 frame has a VXLAN header added and is then placed in a UDP-IP packet. With this MAC-in-UDP encapsulation, VXLAN tunnels Layer 2 network over Layer 3 network.