|Place of Origin:||China|
|Certification:||CCC, CE, RoHS|
|Minimum Order Quantity:||1 SET|
|Packaging Details:||Outer Carton plus Inner Foam|
|Delivery Time:||1-3 Working Days|
|Payment Terms:||L/C, D/A, D/P, T/T, Western Union, MoneyGram|
|Supply Ability:||100 sets per month|
|VLAN Identifier:||12 Bits||VTEP:||Vlan Tunnel EndPoint|
|VTEP Usage:||For Packaging And Unpacking VXLAN||Packet Header Stripping:||VxLAN, VLAN, And MPLS Headers|
|Applications:||Data Center Of Telecom, Broadcasting, Government, Finance, Energy, Power, Petroleum, Hospital, School, Enterprise And Other Industries||Related Solutions:||Network Visibility, Network Monitor, Network Security, Network Analytics, Data Center, Traffic Management, Traffic Optimize|
vxlan header stipping
Network Packet Broker VXLAN Header Stripping of Underlay Overlay, VTEP, Flood and Learn Mechanism
What is a VXLAN?
The traditional 802.1q VLAN identifier has only 12 Bits, which means that there can be a maximum of 4096 unique two-layer network segments.VXLAN expanded to 24 Bits, which means up to 16 million unique two-layer network segments.
In today's world of virtualization, if you still use an 802.1q VLAN, VM mobility is limited to the local VLAN.With VXLAN encapsulation, the raw data frames are encapsulated as MAC in UDP, allowing a two-layer network connection to be routed across a three-layer network.
At the same time, ensure that the IP address before and after the migration of the VM, MAC address unchanged.
VXLAN Frame Format and MAC-in-IP Package
According to the figure above,
1. In addition to the original data frame, the outer header needs to consume additional Bytes (the sum of several headers in the figure above is enough).PS: if necessary, we need to modify the switch interface MTU to accommodate VXLAN packets, depending on the business packet size.
2. UDP source port: VTEP device is allocated dynamically.The L2/L3/L4 information of the inner head is Hash calculated.
3. UDP destination port: fixed 4789.
4. Outer IP: the source IP address at the head of the IP is the IP address of the source VTEP, and the destination IP address is the IP address of the destination VTEP.
5. Outer MAC: the source MAC address at the top of the Ethernet frame is the MAC address of the source VTEP, and the destination MAC address is the MAC address of the next-hop device arriving at the destination VTEP.
Here's a example real VXLAN-encapsulated Ping Packet:
Underlay and Overlay
Underlay as following:
Underlay: a routable IP network; Flexible topology; It is recommended to use a network with redundant paths and use ECMP to achieve load balancing. Support any routing protocol -OSFP, EIGRP, is-is, BGP, etc.
Overlay as following:
What is the VTEP?
As the name implies, VTEP (Vlan Tunnel EndPoint) is the Vlan Tunnel EndPoint.VTEP is used for packaging and unpacking VXLAN.At the same time, each VTEP USES two interfaces, one for local Lan network bridging and forwarding;The other is an IP interface for connecting to the transit network.
For example, when a VLAN100 packet is sent to VTEP via a local Lan interface, the VXLAN ID 1001 is first mapped.After that, VTEP looks for the corresponding Remote VTEP in the VTEP L2 Table based on the destination MAC address of the original packet and the VXLAN ID just converted. If it can find it, the original Ethernet Frame is encapsulated as a VXLAN packet and then sent out through the IP interface.The IP interface of the VTEP receives the VXLAN packet, unpacks it to obtain the original Ethernet Frame, maps the VXLAN ID to the VLAN ID, adds the information of VLAN 100, and finally sends the packet through the local Lan.In this way, two VTEP VLAN 100 network is equivalent to connected.(note: although there are a VLAN 100, but in fact the same under the two VTEP VXLAN ID corresponding VLAN ID can be different) the original Ethernet Frame is encapsulated into a MAC in the UDP packet, the data transmission between became VTEP transmission, can be between VTEP layer network, three layer network, and even more complicated, but it is transparent for the VLAN 100.
Flood and Learn Mechanism
1. Terminal A shall request ARP of terminal B
2. The ARP packet arrives at vtep-1, and vtep-1 encapsulates it: VXLAN header, UDP header, outer IP header (source IP is vtep-1, destination IP is Underlay multicast group IP), outer MAC header (source MAC is vtep-1, destination MAC is multicast group MAC).
3. The packet is sent to all other VTEP nodes, and these VTEP nodes are unsealed upon receipt, so as to obtain the original ARP request package.
4. Next, these vteps send ARP requests to the local Lan network.If the requested terminal B is not on the local Lan network, the packet is discarded by the local terminal device (such as the terminal device connected by vtep-3).If the requested terminal B is on the local Lan network, terminal B receives the ARP request and responds ARP reply to the local vtep-2 node.
5. After receiving the ARP reply, the vtep-2 node connecting terminal B will encapsulate: VXLAN header, UDP header, outer IP header (source IP is vtep-2, destination IP is vtep-1), outer MAC header (source MAC is vtep-2, destination MAC is vtep-1).
6. After receiving the package, vtep-1 will unpack it and get the original ARP reply, which will be sent to terminal A;At the same time, through the outer header information, vtep-1 also learned the IP of vtep-2 and the MAC of terminal B, thus constructing the mapping table of VXLAN ID+Remote VTEP IP+Remote MAC.
7. Realize the subsequent unicast forwarding of terminals A and B based on the mapping information on vtep-1 and vtep-2 and the use of VXLAN tunnel.
8. Vtep-1 can selectively execute agent ARP for subsequent ARP requests of ip-b to reduce flooding on the transmission network.
Recommend Network Packet Broker for VXLAN Header Stripping in Original Packet and Metadata
|NT-FTAP-32QCX NetTAP® TAP/NPB Functional Parameters|
|Network Interface||100G(compatible with 40G)||32*QSFP28 slots|
|Out band interface||1*10/100/1000M cooper|
|Deploy mode||Fiber Tap||Support|
|System function||Traffic processing||Traffic replicating/aggregating/splitting||Support|
|Filter based on IP/protocol/port quintuple traffic identification||Support|
|Packet Header Stripping||VxLAN, VLAN, MPLS, GRE, GTP, etc.|
|Tunnel protocol identification||Support|
|Single fiber transmission||Support|
|Ethernet package independence||Support|
|RADIUS or AAA Centralized authorization||Support|
|User authentication||Authentication based on username and password|
(1+1 Redundant Power System-RPS)
|Rated power supply voltage||AC110~240V/DC-48V[Optional]|
|Rated power frequency||AC-50HZ|
|Rated input current||AC-3A / DC-10A|
|Rated function power||Max 450W|
|Working humidity||10%-95%, No condensation|
|User Configuration||Console Configuration||RS232 interface,115200,8,N,1|
|Chassis Height||Rack Space (U)||1U 445mm*44mm*505mm|
Contact Person: Jerry
Data Processing Ability: 480Gbps intelligent network data processing
Tunneling Protocol Identify: Identify the tunneling protocols such as GTP / GRE / PPTP / L2TP / PPPOE
UDF Match: Customized the Offset Value and Key Field Length and Content
Data Packets De-duplication: Save the APM and NPM analysis of system performance