2

Learning about VXLAN I found in a document:

...VTEP1 then adds a VXLAN header that contains the VNI to the Ethernet frame, encapsulates the frame in a Layer 3 UDP packet, and routes the packet to VTEP2 over the Layer 3 network.

And then, about the encapsulated headers:

Outer MAC header – Contains the MAC address of the source VTEP and the MAC address of the next-hop router. Each router along the packet’s path rewrites this header so that the source address is the router’s MAC address and the destination address is the next-hop router’s MAC address.

If packet is routed over the layer 3, why is required the outer MAC address for the next hop, instead of the tipical layer 3 IP?
And about VXLAN tunnel nodes(non-VTEP), are they switch/virtual switch(L2), router(L3) or could be both?

[edit]

VXLAN packet headerss

glc78
  • 133
  • 6

1 Answers1

2

VXLAN is a layer 2 framework so when one VTEP wants to send data to another VTEP, it will create a layer 2 VXLAN frame (basically an Ethernet frame). This frame then needs to be delivered to the IP address of the destination VTEP.

When they talk about "Outer MAC header" it seems they are talking about the frame that gets sent over the physical network . Imagine the following configuration -

VTEP Host A: 1.1.1.1 MAC AA (not going to bother with full MAC addresses)
Local Router Interface 1: 1.1.1.254 MAC BB
Local Router Interface 2: 2.2.2.254 MAC CC
VTEP Host B: 2.2.2.2 MAC DD

(The IP addresses above are the actual host addresses (VTEP endpoints), not the addresses of the virtual VXLAN interfaces themselves).

  1. VTEP Host A puts the VXLAN frame inside a UDP packet and addresses it to 2.2.2.2. [UDP PACKET 1.1.1.1->2.2.2.2[VXLAN FRAME]]
  2. This packet gets passed to the OS which wants to deliver it to 2.2.2.2. This is not on the local network so the packet gets placed in an Ethernet frame with a source of AA, and destination of the local router BB. [ETH FRAME AA->BB[UDP PACKET[VXLAN FRAME]]]
  3. Local router receives the frame and extracts the UDP packet. It sees that the packet is destined for 2.2.2.2, which it can access directly. It puts the packet in a new Ethernet frame destined for DD. [ETH FRAME CC->DD[UDP PACKET[VXLAN FRAME]]]. **
  4. Host B receives the Ethernet frame addressed to it, extracts the UDP packet, then passes it to whatever part of the system handles VXLAN data.

** If there were additional routers between the VTEPs, then this process would continue. Each router would extract the packet and place it in a new frame, with a src MAC of itself and a dst MAC of the next hop until it got to the destination.

USD Matt
  • 5,381
  • 15
  • 23
  • So, using MAC address instead IP for routing is not a particolar choose, but the only way host-A / VTEP-A can forward packet, because of its layer 2 interface? – glc78 Oct 18 '17 at 16:56
  • MAC addresses are not used for routing, IP addresses are. However MAC addresses are needed to pass the VXLAN UDP packets from one device to another. – USD Matt Oct 18 '17 at 20:17
  • Edited question: added an image of the packet headers. Do intermediate switches/routers read only the first two headers starting from the left, until to destination VTEP decapsulates the entire VXLAN packet? – glc78 Oct 18 '17 at 21:49
  • Yes intermediate devices will only be interested in the outer MAC/IP headers. They will use the IP address in 'Outer IP Header' to route the packet to the destination VTEP. – USD Matt Oct 19 '17 at 09:17
  • I've tried to update my answer to give a more detailed example. This isn't really specific to VXLAN though, it's just the basic process of how IP packets are delivered across Ethernet networks. – USD Matt Oct 19 '17 at 09:33
  • Thanks. Does OS run in the host/VM? May a possible environment for your configuration be two racks A and B, with their tor switches in which are allocated VTEPs and relative Hypervisor, VMs running in host A and host B and zero or more intermediate routers through the data center? – glc78 Oct 19 '17 at 14:24
  • And VXLAN frame created by VTEP, encapsulates the original Ethernet frame created by the host/VM... [vxlan frame[original ethernet frame]], right? – glc78 Oct 19 '17 at 14:34