SDA – Data Plane (VXLAN)

Terminology:

  • VXLAN – Virtual Extensible LAN

VXLAN can be used as a tunneling mechanism.

Traditionally, when a packet is encapsulated for tunneling, the original IP source/destination, TCP information and data are all wrapped up and treated as payload.

The original ethernet information is not encapsulated and lost as it is replaced with a new IP header containing source/destination and of course, a new ethernet header.

This is why the data plane component of LISP cannot be used because the original ethernet header is required.

VXLAN as an alternate tunneling protocol has the ability to traverse layer 3 traffic but maintaining the original L2 packet. Think of this as the need to present the same L2 VLAN between two different physical data centres with only L3 links inbetween. Broadcasts between clients at DC-A need to be seen at DC-B and vice versa. VXLAN can be used in this situation and is the tunnel of choice for SDA.

When it comes to tunnel encapsulation, VXLAN takes the entire frame – eth header/IP information/TCP information and data as the payload instead. It then adds a VXLAN header, UDP header, an IP header and finally a new ethernet header.

The VXLAN header contains such information such as:

  • VNID or VNI – Virtual Network Identifer. This is the VXLAN equivalent of the VLAN tag but uses 24 bits permitting over 16 million distinct VNIDS
  • VXLAN-GPO – a 16 bit Cisco extention to the VXLAN standard that contains SGT Tags (Scalable Group Tags) which is used to identify and enforce policy against traffic.

In VXLAN terminology, the tunnel endpoints (RLOCs in SDA parlance) are referred to as VTEPs or Virtual Tunnel Endpoints. They are the same things but the different terms are used depending on the context being discussed.

VXLAN tunnels are established between VTEPS and this permits both L3 and critically, L2 tunneling! This allows the same subnets AND broadcast domains to exist in multiple locations.

So although the dataplane of LISP is not used having been replaced by VXLAN, the LISP control plane functionality is fundamental to SDA.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.