Cisco VXLAN EVPN Overview

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

my name is Lukas creditor I'm a principal engineer working on the data center and enterprise switching set and I'm going to talk a little bit about fabrics and specifically do what we do in regards of evpn in in this now we can talk about evpn probably for hours we do that at various occasions and for today I used or I took one or two topics out of it let's see where we can go one is something we call IRB and who worked back in the times of the eight case buried back so yeah we had that back there right or the 29:48 go3 IRB was was there as well right so IRB and specifically is nothing else an integrated random bridge so we going again down the path or we actually going to path already for the last two years and for the last more than twelve months we are running it specifically in VX land can be run in the excellent evpn to be even more specific there's no slide so I try to use the whiteboard today let me know if you can read it my handwriting is a little bit cumbersome but I guess we were getting that going so when you look traditional networks what we did in regards of the routing instances what have you done we did some things like H SRP the RPG LBP you name it right that was normally the case what we did and we did that in a very centralized way we had some protocol talking here and then when we're going down into the what we called excess or more fancy today in fabric terminology leaf we stick with l2 down here right so whenever we want to do routing we crossed l2 across del to the crossed l2 and as you can see here depending on however my layer two hashing loss was an import channel was in be excellent wherever it was we didn't really know where it goes right you could go left correct now you see if we have another caller somewhere here black blue respectively return traffic if we now use two servers here as an example it's my serve on one and let's do serve it to in blue nope come on Briana Oh so let's do serve it to you in blue we even could have completely a symmetric traffic patterns and when we look at VX LAN and I use a little bit VLAN and vni respective irrespectively these this is basically in one way we use vni one and the other way we use V and I - and we're don't really know where the traffic actually was going whenever you write so black and blue - rather it's in addition to that all our states was pretty much centralized in one place so that's where my work table was and in order to get that even running all of these boxes had to have to say Mart table otherwise now routing right guy that default gateway in that case on top of that what was the normal amount of number of like these course switches or aggregation switches we had was - right - was active did he ever get went beyond - yeah we did with favorite path back in the time before but I never ended up right it's for done or then you started doing some VLAN balancing and some other crazy stuff operationally bleed pre difficult on the ends but that's what he had right now where we going today and where we are today is actually down here forget the l2 only up here forget the l2 l3 demarkation you're going to move that stuff down and that's why I said IRB or integrated random bridge we're going to have l2 as well as l3 at this layer so what we're actually doing here is nothing else and having some routers underneath which are creating my on the lake Network for the excellent so when we talk about towels might be taps are here does that make sense to everyone so far you can follow me sorry I don't do it leaving the routing in the to the edge I do the routing as close as possible to the host whereas in the old days we used to do it at the top of the at the root of the spanning tree I do my layer 3 in the chassis x' at the root of the spanning tree absolutely correct and move away from a centralized approach yep into what we call a distributed approach or disaggregated approach yeah as with this approach the art which was very centralized and created my large tables and required some table spaces up here move now also into this layer so what does this mean 100,000 our pantries or and I looked at the data sheets which which can do it skip that we go down here now what do I need down here in regard self-park tables 30,000 25 30 thousand and I guess with merchants silicon it's all the way all over the way right we have it stare out but we need else aisle three right so but we see a lot in this ASIC space out there in regards of merchants a lot of VX land bridging there what we're missing is the excellent routing piece so how do I get from my black guy over here my s1 server how do I get into my s2 server that needs additional logic right so that's where the Cisco Asics come into the play on the nexus 9000 as the merchants plus strategy where the 5600 with the Cisco ASIC are being present and a nexus 7000 df3 and also subsequent line cards coming out so we are we're able to move all that down here in a very very small form-factor if you need more ports we can give you more ports but the form factor can be reduced on that side now just routing is not enough sorry just to clarify something right the connectivity and the leaf spot in the spine between the spine and the leaves yes that's all Larry yes right yeah I see routing so it's tables IP routing tables Lea make it is is BGP you name it yep doesn't matter we don't care on this right the functionality what we call the V taps in V X LAN what we call where we start the encapsulation that's happens down here and this is just a transparent clouds to me so no we look at this and if we had bridging loops were limited to you know if we ought to have a bridging loop introduced from an external source say if some sort like whatever the the impact is not going to take down the entire spine it's only going to hit there what layer that's having the troubles for the spine itself it looks like traffic yep right so when we want to mitigate bridging loops we are acting down here mm-hmm so we still use things like V PC to prevent all these spanning tree kind of related things yep spending three southbound that South is still there so storm control you name it all these there and if there is an event we don't get a collapse of the root bridges because all the traffic has to cross the root bridge exactly we stay local we contained a failure domain down to the leaf switch or down to the axis which whatever you want to know is the blast radius is reduced yeah in spent in a three-tiered layer to design the old traditional spanning tree root of the bridge the blast radius is everything that's connected to the chest the core share sees this is our blast radius and we look in traditional worlds this is basically our blast radius when we go into the distributed gateway World War now with this distributed gateways I mean you want to keep state on like who is active who is not we won't have all of these active so what we use is something which is in the industry for a very long time which is anycast so we used to close this node which is they are we to give an IP address with a given MAC address now as we are only existing from a classic Ethernet perspective server to switch where's my ARP a lot going it's basically stopping here right we don't need to flood the whole network there so with this we're also reducing the overall Network noise which which is down there if you if you may so but it's really about this guy here gets the logic this guy here will do more than before and we need to have a couple of things in there that this little guy here can can operate in that way everyone okay I guess you heard that for the last 12 months every second day or something like that so sorry about that repeat there but I think it's it's an important thing that technology which we had for quite some time and I mean any cast is not here for two days it is like decades the concept of any cast reusing it on a Mac and on an IP layer to provide a gateway to a server in a given subnet in given VLAN to a local segment move that to the other side let's say I have here another black server server 3 again I provide the same IP address the same MAC address for the default gateway over here and as I said if the ARP request gets flooded here we're not hitting the fabric and then respectively coming in back on that switch we're staying here local answer it local same thing happens for s3 if he Arps he stays local at a local response what are we doing in the backup here we're using a control plane I'm using a BGP based control plan it's called a VPN Ethernet VPN with an eID Ethernet VPN we transport not only the IP information as a routing protocol normally what do we actually use it as a reachability protocol visitors reach ability protocol for Mac and IP and on top of that as a VPN itself is actually somebody working like VPN before VPN v6 just in addition to the MAC address we have all these multi-protocol bgp VPN features included so how many sessions to actually have from this leaf switch here to my let's say a route reflector spine up here it's exactly one session and all the different address families getting transported across so if I have five works here or if I have one worth here or ten it doesn't matter it's just a matter of local configuration but from a BGP control plane we're completely stable we're not going to increase the configuration part on top of it now as I unveiled a little bit the evpn space I have a little bit of another topic and I know some of you guys were here in 2012 I think it was when Victor Moreno was talking about a multi protocol gateway they were doing something like MPLS on one side something like bx9 on the other side are we doing the x9 on once and we list spotty our side but all of this in one single box now actually it's 2016 right we should have catched up on these vision he had back in the 2012 kind of network field day as I remember and actually that vision is here so today what we can do in such a the excellent EVP and fabric we we are able to take the EVP and address family and expose the IP portion into a layer 3 VPN regardless if ipv4 or ipv6 so this means if I have some smart board or node here and I draw it big because we want to sell bit a big boxes there we can actually hook in into the route reflectors if you're using ibgp we're using a V tab on top of this here and out in the wild worlds we can actually do a set MPLS l3 VPNs we can do Lisp or we just do something very simple which is we are red light so when you think of this and add a couple of nodes to the left hand side you can build quite nasty networks from one control plane information and the other control plan information while splitting the data plane at the border so now the BX line and when we stop it up here I know it's a little bit crazy step from talking about IRB going into a little bit of what we do in the border but I promised it in my abstract so I want to give you some glimpse into that any questions there so your edge to core over here I'm just gonna use a yes historical terms just to identify I guess layer your layer two layer three to your layer three specific devices ones up right here so you have basically a pretty broad ecmp so much in there yes I use a white spine I use ecmp equal cost multi path mm-hmm I use IP address space driving in there and I can use whatever flavor of routing protocol you like OSPF some advantages sia size some other advantages or if if you like be to be that much i bgp or ebgp can also play in that in add role itself on top of it we anyway use BGP for the transport of a VPN and to be very specific it's multi-protocol BGP and with this you can build your complete network virtualization abstraction on top of our physical switching gear with also some adjacent integration into our virtual servers so I don't comparisons are invidious I don't want to compare you to we've just come from Dell where they can just plug all the gear together and then add all the auto discovers and they have a software tool which then takes all the order discovered information and then automatically configures the fabric yes and does all that work for you are you into that as well and moving in that direction yes we we start that I think it's two years ago with certain projects in that direction we have power and auto provisioning on our boxes for a very long time we use power and all the provisioning which is kind of a pixie boot process in there yeah we're having software components on the Cisco side which we're providing this one of them is an open-source project which is called ignite another project which we're having internally as a product is data center network manager both of these products are covering certain pain points in network optimization as Jeff explained before puppet chef and Sybil are other ways of doing that configuration automation as well but for this this day 0 operation Bieber can basically give you a completely templated configuration today and you can ship that into the switches to make them ready and on top of that the day 1 configuration your verbs your VLANs whatever you want to map into this fabric itself can be automated as well and also there are various projects we are having in there and if you're tired of doing this all in this more of Lego box kind of approach there is another project within Cisco which is very very well known which is SDI yeah SEO is a step in this direction as well of course isn't there another tool to add you know you know overlay is more more easily in this topology VTS not only that people with this platform yes so I was discussing before we have the underlay management system or the day 1 management systems in ignite or or DCM and then on the top for specifically for service providers and NFV environments we have the virtual topology system the virtual topology system itself also provides virtual for border it's kind of a V tap which which points into the VPN story which can also do l2 l3 forwarding there yes we also have that piece presently in our portfolio yes I wanted to ask about you made a statement early on that you need to get the custom silicon the Nexus 9000 with the extra silicon and the f3 modules in the 7000 yes is that because the chips that are in there can't do the excellent tagging or is it something some other magic okay so the Nexus 7000 today has a series of line cards started with m1 went into m2 we also had the more fabric facing ones with f1 f2 f3 is the latest silicon behalf they're currently available and subsequent silicon will be available as well the f3 line card at the time where that ASIC was being developed basically cutting a chore leading edge to be better in in regards of encapsulations and is able to do that Multi encapsulation gateway as well as VX land when we're looking at then VX land finally got finished from the header definitions and everything we see that there is that aligns about when we when we developed a AIESEC for and the Nexus 7,000 because it's nine thousand because it's got broad comms that do V explanation why would I need the custom silicon to do this okay that's that's a very good question so today Road comes right into is is very common in the industry and it's a it's an awesome be excellent eight way chip for layer two today when I want to go into the layer three operation meaning having from one VLAN to the other and interview excellent routing if you want to call it this way I have to either do some recirculation or do some additional magic in there to make this possible yeah we in the Nexus 9000 use a Cisco ASIC in in addition to the merchants Asics in there to accommodate this specific operation yeah and we just decided to do this also to leverage the same hardware on the other project which is yet yes steady pipeline in the Trident only strip of tag once if your stripping the tag then you gonna put the tag back on you're out of luck yes there's only so many actions it can take before the chip runs out at that that's correct that's correct I mean still even with using merchants silicon I mean Cisco embarked that project quite some time at the Nexus 3000 where we started with in the meantime we have 3100 which is a t2 pace platform we're going further with merchants only platforms we will have them but on the other side we will still work on Cisco silicon on our own there there are gaps between what a merchant and was what a specific or a custom silicon does and we still have a lot of knowledge in there so we we use it and and bring new things out into the industry also new innovation into the industry with this silicon I've only looked at the excellent evpn on the 9 K but I'm assuming the configuration is pretty similar are there any efforts to simplify you know like when you look at the BGP table for like the slash 32s you don't actually see a v4 prefix you see some MAC address and ops guys not gonna know what to do with can I get that in Britain yeah yes we are doing efforts to simplify a configuration the outputs troubleshooting operation related things when you look at what evpn is it's it's an address family out of this whole ITF construct and i don't think we will change what has standard bgp output will will show but we will provide respective CLI or in structures to make operation much more simpler and also configuration much more simpler well it brings up another good point is there any conflict between running MP BGP for ver flight or MPLS on the 7k and then laying this on top is a different address family it's a very good question no it's not so neither on the Nexus 7,000 nor on the Nexus 9 thousand or five thousand or 5,600 to be very specific we can run were flight we can run evpn at the same time when you when you want to have such a switch and be the border of your fabric you want to fade it out somewhere to the rest of the world so were flight is probably the predominant way of doing this in a routing handoff manner so yes you can run that on top of that 7k as set before VPN v4 for MPLS or VPN v6 for MPLS will be there as well as well as subsequent works which we are which we're going to do can you comment more on ignite what that tools all about ignite is generally power an auto provisioning engine it's an open source project I think it is on our github repository yeah and it's focusing on day 0 operation you bring your switch in you basically discover it based on link role where it exactly is and then you can bring up the fabric with the respective configuration you you want to have on top I sent out a link on Twitter earlier about this open nx-os and programmability book oklets or whatever you want to call it we wrote ignite is there also explained in enough chapter in the in the optimization in the automation piece there all right we we meant a little bit from the excellent VPN to automation and management tools and a six and left and right sorry no worries it's it's good discussion thanks a lot and any more questions yeah Greg you're out of tickets sorry yeah the question here is it always strikes me you know these overlays and things a lot of customers have been doing the spanning tree thing which is often very simple very direct yeah but with problems right the blast radius the weakness the brittleness and so forth our customers reacting well to the VX Lanny via I mean I like the VX Lanny VPN story I've been deploying it for two years now I've seen different vendors implementations and I understand the weaknesses and the strengths to some extent between them our customers really getting on board with this now are we seeing momentum or is it still no it's it's a good question so it's it's very very interesting how much momentum we see on the VX land side general and then on top when you have initial conversations about flood and learn which is the RFC implementation of the encapsulation of VX LAN itself and and you point them in a direction of e VPN just because of the I mean layer 2 networks is not everything you you sometimes want to have an l3 hop somewhere and multi-tenancy is not everywhere but people are asking slowly in that direction what can I do or can I make my network ready so it's it's a lot of discussions we're having there are a lot of implementations already running so we see I would say it's 75% evpn versus 25% the excellent landlord ok and the flood and learned ones are normally the early starters which already did some classic implementation in a multi man

Info

Channel: Tech Field Day

Views: 42,984

Rating: undefined out of 5

Keywords: Cisco, TFD, BGP, Tech Field Day, NFD11, Catalyst, Networking Field Day 11, Configuration, EVPN, Nexus, Networking Field Day, Puppet, VXLAN, ToR

Id: O8wU1qNlsyI

Channel Id: undefined

Length: 24min 20sec (1460 seconds)

Published: Fri Jan 22 2016