When I was writing my “Configuring VXLAN” post I was trying to dig up some details around VXLAN requirements and recommendations to run a full “VMware” implementation. Unfortunately I couldn’t find much, or at least not a single place with all the details. I figured I would gather all I can find and throw it in to a single post to make it easier for everyone.
Virtual:
- vSphere 5.1
- vShield Manager 5.1
- vSphere Distributed Switch 5.1.0
- Portgroups will be configured by vShield Manager, recommend to use either “LACP Active Mode”, “LACP Passive Mode” or “Static Etherchannel”
- When “LACP” or “Static Etherchannel” (Cisco only) is configured note that a port/ether channel will need to be created on the physical side
- “Fail Over” is supported, but not recommended
- You cannot configure the portgroup with “Virtual Port ID” or “Load Based Teaming”, these are not supported
- Requirement for MTU size of 1600 (Kamau explains why here)
Physical:
- Recommend to have DHCP available on VXLAN transport VLANs, fixed IP also works though!
- VXLAN port (UDP 8472) is opened on firewalls (if applicable)
- Port 80 is opened from vShield Manager to the Hosts (used to download the “vib / agent”)
- For Link Aggregation Control Protocol (LACP), 5- tuple hash distribution is highly recommended but not a hard requirement
- MTU size requirement is 1600
- Strongly recommended to have IGMP snooping enabled on L2 switches to which VXLAN participating hosts are attached. IGMP Querier must be enabled on router or L3 switch with connectivity to the multicast enabled networks when IGMP snooping is enabled.
- If VXLAN traffic is traversing routers –> multicast routing must be enabled
-
The recommended Multicast protocol to deploy for this scenario is Bidirectional Protocol Independent Multicast (PIM-BIDIR), since the Hosts act as both multicast speakers and receivers at the same time.
-
That should capture most requirements and recommendations. If anyone has any additions please leave a comment and I will add it.
** Please note, proxy arp is not a requirement for a VXLAN / VDS implementation, only when Cisco Nexus 1000v is used this is a requirement **
References:
VXLAN Primer by Kamau
vShield Administration Guide
Internal training ppt
KB 2050697 (note my article was used as the basis for this KB)