Welcome!

Containers Expo Blog Authors: Pat Romanski, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Yeshim Deniz

Related Topics: Containers Expo Blog, Microservices Expo, @CloudExpo, Cloud Security, @DXWorldExpo, SDN Journal

Containers Expo Blog: Blog Post

Red Sox, Pumpkins and Packet Encapsulation

Network virtualization allows the amount of attached VLANs & networks to scale beyond what a single physical switch can handle

[This is not really about the Red Sox or pumpkins this Halloween, but how could I not use those in the title? Go Red Sox]

I left an awful teaser at the end of my article last week. In Brent Salisbury's original article that triggered some of these additional virtualization thoughts, he articulated two very clear differences between native network based L2 virtualization mechanisms and the mechanisms that are being provided by overlay solutions based mostly in server vSwitch infrastructure. These two fundamental functions are MAC learning and tunnel encapsulation. In today's post I will spend a little more time looking at encapsulation differences.

redsox pumpkinOutside of logical separation of multiple virtual networks or tenants, network virtualization allows the amount of attached VLANs, networks and devices to scale well beyond what a single physical switch can handle. In a traditional network, an edge switch will only maintain tables for its local VLANs, ports and learned MAC addresses, but core switches that connect these edge switches together will have to maintain the union of all these edge tables, limiting the size of the network, or forcing extremely large (read expensive) core switches that can cope.  In a virtualized network, a VLAN is no longer a unique identifier. The same VLAN can appear many times on different ports in the network, all mapped to different virtual networks or tenants.

To achieve this scaling and re-use of VLAN space, original user traffic has a new header added to it, effectively hiding the original VLAN, source and destination MAC address. Traffic is exchanged between edge switches that serve the specific members of this virtual network, passing through the core of the network based on the new header alone. Using this re-encapsulation creates a tunnel and intermediate switches are oblivious to the original packet, allowing them to scale by having to know only how to locate the edge switches.

Traditional L2 virtualization mechanisms use an extra L2 header for the tunnel, most commonly a MAC-in-MAC encapsulation. This encapsulation adds a new ethernet header onto the original packet, with the source edge switch as the source MAC, the destination edge switch as the destination MAC, and some other fields including an identifier for the virtual network. Switches in the core must only provide end to end ethernet service to the edge switches, since all they see are these newly ethernet encapsulated packets. Their tables stay sparsely populated, since the edge switch MAC addresses and the VLANs used for transport are the only bits needed for packet forwarding.

And this is where overlay solutions have taken a step forward. Whether its VXLAN, NVGRE or STT, all proposed/used overlay encapsulation mechanisms wrap the original packet into an IP packet. The tunnel between the edge switches is an IP/UDP connection (except for STT which "uses" TCP, but really doesn't), and transport requires regular IP connectivity between them. Now, this certainly increases the size of an original packet by quite a bit, the edge switch adds a UDP header, an IP header and then (assuming its still transported across an ethernet network) an ethernet header, but it creates an abstraction and a degree of freedom between the edge devices, and the transport network that connects them.

There is nothing wrong with ethernet based encapsulations for a virtualized network. I have seen them work, I have seen them work well. But when the virtualization edge becomes the vSwitch in a server, the sheer amount of edge switches (vSwitch in this case) that need to be connected together using a single or small number of transport VLANs in an ethernet core may start to run into the scaling concerns for a single broadcast domain discussed last week. When it is hundreds of edge devices some of the SPB or TRILL based solutions may become challenged, I bet you almost all of them will when you start talking thousands of edge devices.

Besides the obvious ability to create tunnels between remote but IP connected virtual network islands, having tunnels based on IP is actually an added convenience, even if the network based virtualization solution can be created on top of a single VLAN ethernet network. An extra set of headers provide additional tables, additional lookup opportunities in hardware to send traffic where you want it to be sent. Not the ECMP way, but in a controlled and carefully calculated way in order to satisfy the needs of the virtual network. And that makes VXLAN equally suited as a pure physical network based virtualization transport mechanism even if there is no overlay.

Rather than leaving a poor hint of what to expect, next week I will discuss the second major difference from Bren't original article: MAC learning in a virtualized network and the role of a controller in determining virtual network membership and location.

Happy Halloween!

[Today's fun fact: Lego produces more rubber tires than any other tire company in the world (381 million in 2011)]

The post Red Sox, Pumpkins and Packet Encapsulation appeared first on Plexxi.

Read the original blog entry...

More Stories By Marten Terpstra

Marten Terpstra is a Product Management Director at Plexxi Inc. Marten has extensive knowledge of the architecture, design, deployment and management of enterprise and carrier networks.

IoT & Smart Cities Stories
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...