VXLAN overlay networks with Open vSwitch.

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video I'll manually set up an overlay between open V switch virtual switches using VX land as the tunneling protocol if you're brand new to overlay networks in the cloud I suggest first watching my introduction to cloud overlay networks video also if you are new to open V switch and open flow I recommend watching my introductory videos on those topics as I won't cover those basics here here I'll show the configuration of VX line tunnel ports into vs then I'll manually add open flow flow entries to make use of the VX LAN tunnel I'll demonstrate the tunnel in action showing connectivity for two tenants over the tunnel overview let's jump right in for this lab I have everything emulated on a single desktop there are two VMs running mini net which will represent physical servers and a third VM routing between the mini net VMs I don't want to focus on the emulation though so we can focus on the OVS tunneling this is the network topology being emulated there are two physical servers in two different subnets server one has IP address 192 dot 168 110 server 2 has IP address 192 dot 168 220 since they are in different subnets there was a router in between them for IP reach ability server 1 and server 2 are both using open V switch for networking between VMs server 1 and server 2 are hosting to tenants there is a red tenant in a blue tenant the red tenant has VMs red 1 and red to red one is using IP 1000 1 red 2 is using 1000 2 then we have the blue tenant with VMs blue 1 and blue two this tenant is also using IP addresses 10.0.0.0 overlapping MAC addresses between them I'll set up a VX line tunnel and use tunnel ideas to logically separate tunnel traffic between red and blue the VX Lantana will also provide layer 2 connectivity despite there being a router between server 1 and server 2 finally the tunnel will provide a logical separation from the physical underlay network which has no knowledge of the tenant IP addressing in use so let's make this work as I said earlier this is all emulated on my desktop so I'm using mini net to represent the physical servers this mini net VM represents server 1 I'll launch a custom typology I built previously with the dump command I can see in OVS instance s1 as well as the two tenets VM is red one and blue one with the red one IP ad we can see red one's IP is 10.0.0.0 s blue one IP ad shows that this VM is also using IP address 1000 ton and even the same Mac as red one over here is another mini that VM representing server - I got launched my custom topology here as well and will see that red 2 has VMs red 2 and blue 2 setting up the tunnel back on server 1 here first we'll turn up the tunnel between the two V switches so here on server 1 I'll paste in a command and then I'll explain it so this is an OVS vs CTL command which means I'm making a change to the OVS DB the configuration database for open V switch it's the add port command this is adding a port named V tab v type is just a name here it can be any name you want this part of e cap is being added to V switch s1 - - set interface V tab type equals V excellent this is saying the tunneling type will be V excellent if you wanted this to be a GRE tunnel it would simply change this to type equals GRE option : remote IP equals 192 168 220 this is the IP address of the other end of the tunnel which is over on server 2 option : key equals flow the VX LAN we want to use VN is or VX LAN network identifiers to identify and logically separate tenant traffic with this key equals flow no particular VN ID number is being specified yet you could specify an actual vm i here then you'd have to add a tunnel part for every single unique VI you need key equals flow provides a kind of overloading or the tunnel command so we don't have to do that we will see this in a moment finally there is oh f / tour request equals 10 this is a really helpful option where we are specifying that we want to use open flow port 10 for this port and into V 10 if we don't do this we don't know exactly what open flow port number we will end up with which would be bad for our open flow flow entries later OVS vs CTL show displays the tunnel port and interface V tab that it's VX LAN and the options set just as we requested OVS ofc TL show s1 confirms that the port named v temp is mapped to open flow port 10 as requested now pasted in almost the same command on the other side on server - the only difference actually is the remote IP part now it's one ninety two dot one sixty eight dot one dot ten to point back to server one flow entries so the tunnel is configured now let's add flow entries to direct traffic for the red and blue tenants I have a file ready to go called flows text with all the flow entries that are needed so I'll load that up and then explain what I have and why back to server one OVS ofc TL add flows s1 flows text that loads up these flows here is server two in the same command OVS ofc TL add flows s2 flows text let's look at this file flows that text on server one to see what was just added I wanted to make this relatively simple so there are really just two functions happening here table zero is used to tag flows with the V X line of view at night table one is used to forward packets first the table 0 flow entries the first flow entry says for any traffic coming in open flow part 1 that traffic will get a tunnel ID of 100 open flow port 1 is where the VM red one is connected tun underscore ID matched to the V and I that will be used over the tunnel then this flow entry says to move on to flow table one in other words all traffic from VM read one assignment ten ID 100 and move on the next line is similar it says any traffic in port 2 which is blue one assign time ID 200 that will correspond to VMI 200 finally there is a default action to go to table 1 table 1 is used for forwarding packets so if the 10 ID is 100 which was reserved for the red tenant and the destination MAC is this that's traffic for VM red one so send it out open flow part 1 the next row looks almost exactly the same but is matching on 10 ID 200 which is the vni for the blue tenant so send traffic to this Mac to open flow report - even though VMs red one and blue one have the same Mac those are distinguished by the VX land tag the next two lines are for traffic destined to read - in Bluetooth which sit over on the other physical server server - those packets are sent out open flow port 10 part 10 is the tunnel part we requested earlier next there are rules to handle ARP these are directing where to send ARP requests 1000 dot one IPS our local videos and depending on the 10 ID tag our perk west's are sent to either red 1 or blue 1 and again there are rules for red 2 in blue 2 ARP requests for those system go over the tunnel port 10 finally there is an explicit default drop rule these are the flows over on server 2 they have the same strategy as what was just shown for server one except traffic for red 2 and blue 2 is local traffic and red one and blue one goes back through the tunnel to server 1 verifying the results back to server one here I'm testing from the mini net prompt again red one paying 1000 - this works so red one can pain that IP which expect to be read - let's try for the blue tenant so blue one ping 10.0 to 0.2 that works but in this case even though the destination IP is the same 1000 - it's blue - that's being pinged let's verify that pings are going to the VMS we expect and we are not being deceived by the same destination IP address of 10.0.0.0 - I'll disable blue twos easy ro interface so blue - IP link set device glue - - it's here so actually the name of the interface is blue 2 - 8 0 down so blue 2 has no network connectivity now and back to server 1 one last time red 1 ping 10.0.0.0 works as expected because we didn't do anything - red - and we'll try the blue tenants will do blue 1 ping 10.0 at 0.2 and it looks like this is not going to work yeah we're getting a destination host unreachable so this is the result we expected this is failing now because blue 2 was disconnected that's it for this video on VX land overlay networks with open V switch I hope you found this video helpful if you'd like to see more please subscribe to this channel as always you can find me on LinkedIn at linkedin.com /i n slash David Muller thanks so much for those who already added me there and said hello in the video description I included key reference links that were used for this video of course open V switch org and the open V switch org mailing list brent Salisbury's excellent Network static blogs specifically the post setting up overlays on open V switch the random security icon by Derrick tomorrow specifically the VX lamppost the IETF VX LAN draft and the IETF network virtualization overlays working group or in VO 3
Info
Channel: David Mahler
Views: 81,576
Rating: 4.9633026 out of 5
Keywords: VXLAN, Open vSwitch, openvswitch, Open Flow, openflow, overlay networks, Cloud Computing (Industry), public cloud, private cloud, tunneling, Virtual Extensible LAN, mininet, ovs, tunnel, David Mahler, overlay network
Id: tnSkHhsLqpM
Channel Id: undefined
Length: 10min 32sec (632 seconds)
Published: Mon Jun 02 2014
Related Videos
Introduction to Open vSwitch (OVS)
David Mahler
309K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Cisco VXLAN EVPN Overview
Tech Field Day
42K
Introduction to Linux Network Namespaces
David Mahler
89K
But how does bitcoin actually work?
3Blue1Brown
10M
Introduction to OpenStack Neutron
David Mahler
164K
VXLAN in GNS3!
Jon Major
40K
Ethernet VPN (EVPN) - Overlay Networks for Ethernet Services
NANOG
33K
esperanza spalding quartet "jazz sous les pommiers 2008"
I See The Land
243K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
1.3M
Data Center:Network:Cisco:Nexus: Overlay Transport Virtualization (OTV)
IT-TALK IT-TALK
8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.