• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Yellow Bricks

by Duncan Epping

  • Home
  • ESXTOP
  • Stickers/Shirts
  • Privacy Policy
  • About
  • Show Search
Hide Search

back 2 basics

VXLAN basics and use cases (when / when not to use it)

Duncan Epping · Nov 2, 2012 ·

I have been getting so many hits on my blog for VXLAN I figured it was time to expand a bit on what I have written about so far. My first blog post was about Configuring VXLAN, the steps required to set it up in your vSphere environment. As I had many questions about the physical requirements I followed up with an article about exactly that, VXLAN Requirements. Now I am seeing more and more questions around where and when VXLAN would be a great fit, so lets start with some VXLAN basics.

The first question that I would like to answer is what does VXLAN enable you to do?

In short, and I am trying to make it as simple as I possibly can here… VXLAN allows you to create a logical network for your virtual machines across different networks. More technically speaking, you can create a layer 2 network on top of layer 3. VXLAN does this through encapsulation. Kamau Wanguhu wrote some excellent articles about how this works, and I suggest you read that if you are interested. (VXLAN Primer Part 1, VXLAN Primer Part 2) On top of that I would also highly recommend Massimo’s Use Case article, some real useful info in there! Before we continue, I want to emphasize that you could potentially create 16 million networks using VXLAN, compare this to the ~4000 VLANs and you understand by this technology is important for the software defined datacenter.

Where does VXLAN fit in and where doesn’t it (yet)?

First of all, lets start with a diagram.

vxlan basics - 01

In order for the VM in Cluster A which has “VLAN 1” for the virtual machine network to talk to the VM in Cluster B (using VLAN 2) a router is required. This by itself is not overly exciting and typically everyone will be able to implement it by the use of a router or layer 3 switching device. In my example, I have 2 hosts in a cluster just to simplify the picture but imagine this being a huge environment and hence the reason many VLANs are created to restrict the failure domain / broadcast domain. But what if I want VMs in Cluster A to be in the same domain as the VMs in Cluster B? Would I go around and start plumbing all my VLANs to all my hosts? Just imagine how complex that will get fairly quickly. So how would VXLAN solve this?

Again, diagram first…

vxlan basics - 02

Now you can see a new component in there, in this case it is labeled as “vtep”. This stand for VXLAN Tunnel End point. As Kamau explained in his post, and I am going to quote him here as it is spot on…

The VTEPs are responsible for encapsulating the virtual machine traffic in a VXLAN header as well as stripping it off and presenting the destination virtual machine with the original L2 packet.

This allows you to create a new network segment, a layer 2 over layer 3. But what if you have multiple VXLAN wires? How does a VM in VXLAN Wire A communicate to a VM in VXLAN Wire B? Traffic will flow through an Edge device, vShield Edge in this case as you can see in the diagram below.

vxlan basics - 03

So how about applying this cool new VXLAN technology to an SRM infrastructure or a Stretched Cluster infrastructure? Well there are some caveats and constraints (right now) that you will need to know about, some of you might have already spotted one in the previous diagram. I have had these questions come up multiple times, so hence the reason I want to get this out in the open.

  1. In the current version you cannot “stitch” VXLAN wires together across multiple vCenter Servers, or at least this is not supported.
  2. In a stretched cluster environment a VXLAN implementation could lead to traffic tromboning.

So what do I mean with traffic tromboning? (Also explained in this article by Omar Sultan.) Traffic tromboning means that potentially you could have traffic flowing between sites because of the placement of a vShield Edge device. Lets depict it to make it clear, I stripped this to the bare minimum leaving VTEPs, VLANs etc out of the picture as it is complicated enough.

In this scenario we have two VMs both sitting in Site A, and cluster A to be more specific… even the same host! Now when these VMs want to communicate with each other they will need to go through their Edge device as they are on a different wire, represented by a different color in this diagram. However, the Edge device sits in Site B. So this means that for these VMs to talk to each other traffic will flow through the Edge device in Site B and then come back to Site A to the exact same host. Yes indeed, there could be an overhead associated with that. And with two VMs that probably is minor, with 1000s of VMs that could be substantial. Hence the reason I wouldn’t recommend it in a Stretched environment.

vxlan basics - 04

Before anyone asks though, yes VMware is fully aware of these constraints and caveats and are working very hard towards solving these, but for now… I personally would not recommend using VXLAN for SRM or Stretched Infrastructures. So where does it fit?

I think in this post there are already a few mentioned but lets recap. First and foremost, the software defined datacenter. Being able to create new networks on the fly (for instance through vCloud Director, or vCenter Server) adds a level of flexibility which is unheard of. Also those environments which are closing in on the 4000 VLAN limitation. (And in some platforms this is even less.) Other options are sites where each cluster has a given set of VLANs assigned but these are not shared across cluster and do have the requirement to place VMs across clusters in the same segment.

I hope this helps…

Back to Basics: Install, configure and use vSphere Data Protection

Duncan Epping · Sep 18, 2012 ·

Installing vSphere Data Protection is just a couple of steps. I downloaded the vSphere Replication virtual appliance. Note there are three different versions available and depending on how large your environment is you will need to select a version. I selected the 0.5TB version as I have a limited amount of virtual machines. This is how you import it and configure it, but before you begin I recommend ensuring DNS records are created before deploying the appliance!

  • Open the Web Client
  • Go to your cluster under “vCenter” —> “Hosts and Clusters”.
  • Right click the cluster object and click “All vCenter Actions” —> “Deploy OVF Template”
  • As a source I select the ova file I downloaded, now click “Next”
  • Validate the details and click “Next”
  • If you agree “Accept” the EULA and click “Next”
  • Enter the “Name” of the virtual machine and select the “Folder” this virtual machine will needs to be placed in and click “Next”
  • Select the “Datastore” it needs to be provisioned to and click “Next”
  • Select the “Network” it needs to be connected to and click “Next”
  • [Read more…] about Back to Basics: Install, configure and use vSphere Data Protection

Back to Basics: Install, configure and use vSphere Replication

Duncan Epping · Sep 17, 2012 ·

One of the coolest features that has been included with vSphere 5.1 in my opinion is vSphere Replication. (Make sure to read the what’s new paper) The reason for it being is that it now brings “advanced” technology to everyone (Essentials Plus and upwards). I have used vSphere Replication in 5.0 and it was nice, but with 5.1 the installation and configuration process has been improved. For instance the database is now included in the appliance and it isn’t as DNS sensitive as it was with 5.0. This makes installing and configuring it a matter of minutes.

I am going to assume you have “vSphere Replication” traffic enabled on a VMkernel NIC, if you do not know how to create a VMkernel NIC check this article

Lets get started. I downloaded the vSphere Replication virtual appliance and imported and configured it in just a couple of steps using the vSphere 5.1 Web Client: [Read more…] about Back to Basics: Install, configure and use vSphere Replication

Back to Basics: Using the vSphere 5.1 Web Client to configure iSCSI

Duncan Epping · Sep 14, 2012 ·

In this article I will take you through the steps required to setup iSCSI using the vSphere 5.1 Web Client. In most iSCSI environment the VMware software iSCSI adapter is used, so that is what I will use. I had already setup a storage VMkernel NIC in one of my previous post, read that if you haven’t yet. Adding a software adapter can be done in a couple of simple steps:

  • On the “Manage” section of your host click on “Storage”
  • Click the green “plus” and select “Software iSCSI adapter”
  • Click “OK”
  • Now a new adapter will be added to the “Storage Adapters” list

[Read more…] about Back to Basics: Using the vSphere 5.1 Web Client to configure iSCSI

Back to Basics: Using the vSphere 5.1 Web Client to add an NFS share to all hosts

Duncan Epping · Sep 13, 2012 ·

If you look at the following workflow you know why I am starting to love NFS more and more… Adding an NFS datastore was easy with 5.0 (and prior) but with 5.1 it is even easier. Just a couple of steps to add an NFS datastore to your cluster:

  • Open the Web Client
  • Go to your host under “vCenter” —> “Hosts and Clusters”.
  • Click “New Datastore”.
  • Provide a name for the datastore and click “Next”.
  • Select “NFS” and click “Next”. Fill out the NFS “Server” and “Folder” details and click “Next”.
  • [Read more…] about Back to Basics: Using the vSphere 5.1 Web Client to add an NFS share to all hosts
  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

About the author

Duncan Epping is a Chief Technologist in the Office of CTO of the Cloud Platform BU at VMware. He is a VCDX (# 007) and the author of the "vSAN Deep Dive" and the “vSphere Clustering Technical Deep Dive” series.

Upcoming Events

14-Apr-21 | VMUG Italy – Roadshow
26-May-21 | VMUG Egypt – Roadshow
May-21 | Australian VMUG – Roadshow

Recommended reads

Sponsors

Want to support us? Buy an advert!

Advertisements

Copyright Yellow-Bricks.com © 2021 · Log in