vxlan(Virtual Extensible LAN)虚拟可扩展局域网,是一种overlay的网络技术,使用MAC in UDP的方法进行封装。Vxlan 最多支持16777216(24 bits)个网络,使用4789作为VXLAN的目的UDP端口。
产生原因
- 4096 个 vlan 不能满足云计算和数据中心需求
- 解决 ToR (Top of Rack) 交换机 MAC表耗尽问题
- 云计算/虚拟化东西向流量导致更多的MAC表项
- 云计算多租户需要 IP 地址重叠
报文
vxlan 报文头:
- 20-byte
outer IP header: Valid addresses of VTEPs or VXLAN multicast groups on the transport network. Devices in the transport network forward VXLAN packets based on the outer IP header. - 8-byte
outer UDP headerfor VXLAN: The default VXLAN destination UDP port number is4789. - 8-byte
VXLAN header: VXLAN information for the frame.- Flags: If the I bit is 1, the VXLAN ID is valid. If the I bit is 0, the VXLAN ID is invalid. All other bits are reserved and set to 0.
- 24-bit VXLAN ID: Identifies the VXLAN of the frame. It is also called the virtual network identifier (VNI).
其中,
VTEP(VXLAN Tunnel Endpoints,VXLAN 隧道端点)是 VXLAN 网络的边缘设备,也是 VXLAN 隧道的起点和终点,VXLAN 对用户原始数据帧的封装和解封装均在 VTEP 上进行VNI(VXLAN Network Identifier,VXLAN 网络标识符)是一种类似于VLAN ID的用户标识,一个 VNI 代表了一个网络,属于不同 VNI 的虚拟机之间不能直接进行二层通信
参考:https://techhub.hpe.com/eginfolib/networking/docs/switches/5710/5200-5004_vxlan_cg/content/517705090.htm
Vxlan 实验
实现两个虚拟机配置 vxlan 网络通信。架构如下:
- vm1 配置
ip link add name vxlan100 type vxlan id 100 dstport 4789 local 172.20.0.132 remote 172.20.0.133
ip link set vxlan100 up
ip addr add 192.168.0.132/32 dev vxlan100
ip route add 192.168.0.0/24 dev vxlan100- vm2 配置
ip link add name vxlan100 type vxlan id 100 dstport 4789 local 172.20.0.133 remote 172.20.0.132
ip link set vxlan100 up
ip addr add 192.168.0.133/32 dev vxlan100
ip route add 192.168.0.0/24 dev vxlan100- vm1 ping vm2 验证
$ ping -c 1 192.168.0.133
PING 192.168.0.133 (192.168.0.133) 56(84) bytes of data.
64 bytes from 192.168.0.133: icmp_seq=1 ttl=64 time=0.676 ms
--- 192.168.0.133 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.676/0.676/0.676/0.000 ms此时,vm2 抓包如下:
$ tcpdump -i vxlan100 -nnt -vvv
tcpdump: listening on vxlan100, link-type EN10MB (Ethernet), capture size 262144 bytes
IP (tos 0x0, ttl 64, id 65217, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.0.132 > 192.168.0.133: ICMP echo request, id 8, seq 1, length 64
IP (tos 0x0, ttl 64, id 7153, offset 0, flags [none], proto ICMP (1), length 84)
192.168.0.133 > 192.168.0.132: ICMP echo reply, id 8, seq 1, length 64
...
$ tcpdump udp -i ens33 -nnt -vvv
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
IP (tos 0x0, ttl 64, id 9254, offset 0, flags [none], proto UDP (17), length 134)
172.20.0.132.44131 > 172.20.0.133.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 100
IP (tos 0x0, ttl 64, id 65217, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.0.132 > 192.168.0.133: ICMP echo request, id 8, seq 1, length 64
IP (tos 0x0, ttl 64, id 18629, offset 0, flags [none], proto UDP (17), length 134)
172.20.0.133.56771 > 172.20.0.132.4789: [bad udp cksum 0x59b5 -> 0x124d!] VXLAN, flags [I] (0x08), vni 100
IP (tos 0x0, ttl 64, id 7153, offset 0, flags [none], proto ICMP (1), length 84)
192.168.0.133 > 192.168.0.132: ICMP echo reply, id 8, seq 1, length 64
...其他使用:
最近更新
最新评论