Applies To:

Show Versions Show Versions

Manual Chapter: Bridging VLAN and VXLAN Networks
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Bridging VLAN and VXLAN networks

Large data centers and cloud service providers are benefiting from the use of Layer 2 over Layer 3 overlay networks to support large scale network virtualization. You can configure Virtual eXtended LAN (VXLAN) on a BIG-IP system to enable a physical VLAN to communicate with virtual machines (VMs) in a virtual network. The BIG-IP system becomes a gateway to bridge the data center virtual network with the physical external network. Connecting these two networks allows for expansion, and provides a mechanism to streamline the transition of data centers into a virtualized model, while maintaining connectivity.

The VXLAN gateway The VXLAN gateway

When you configure a BIG-IP system as a VXLAN gateway, the system represents the VXLAN as a tunnel, which provides a Layer 2 interface on the virtual network. You can use the tunnel interface in both Layer 2 and Layer 3 configurations. After you configure the VXLAN tunnel, the BIG-IP system joins the configured multicast group, and can forward both unicast and multicast or broadcast frames on the virtual network. The BIG-IP system learns about MAC address and VTEP associations dynamically, thus avoiding unnecessary transmission of multicast traffic.

Multiple VXLAN tunnels Multiple VXLAN tunnels

About Virtual eXtended LAN (VXLAN)

Virtual eXtended LAN (VXLAN) is a network virtualization scheme that overlays Layer 2 over Layer 3. VXLAN uses Layer 3 multicast to support the transmission of multicast and broadcast traffic in the virtual network, while decoupling the virtual network from the physical infrastructure. VXLAN uses a UDP-based encapsulation to tunnel Ethernet frames. In a VMware environment, VXLAN can extend the virtual network across a set of VMware ESXi servers, providing Layer 2 connectivity among the hosted virtual machines (VMs). Each VMware ESXI server represents a VXLAN Tunnel Endpoint. In this environment, a VXLAN gateway device can be used to terminate the VXLAN tunnel and forward traffic to and from a physical network.

VXLAN Terminology

These definitions assist in understanding VXLAN.

VXLAN gateway
A VXLAN gateway bridges traffic between VXLAN and non-VXLAN environments. The BIG-IP system uses a VXLAN gateway to bridge a traditional VLAN and a VXLAN network, by becoming a virtual network endpoint.
VXLAN segment
A VXLAN segment is a Layer 2 overlay network over which VMs communicate. Only VMs within the same VXLAN segment can communicate with each other.
VNI
The Virtual Network Identifier (VNI) is also called the VXLAN segment ID. The system uses the VNI, along with the VLAN ID, to identify the appropriate tunnel.
VTEP
The VXLAN Tunnel Endpoint (VTEP) originates or terminates a VXLAN tunnel. The same local IP address can be used for multiple tunnels.
VXLAN header
In addition to the UDP header, encapsulated packets include a VXLAN header, which carries a 24-bit VNI to uniquely identify Layer 2 segments within the overlay.

Considerations for configuring VXLAN

As you configure VXLAN on a BIG-IP system, keep these considerations in mind.

  • If you configure the BIG-IP device as a bridge between physical VLANs and a VXLAN tunnel, the number of virtual network segments in the overlay is limited to the maximum number of physical VLANs (4094). This limitation does not apply to Layer 3 configurations.
  • You need to configure a separate tunnel for each VNI. The tunnels may have the same local and remote endpoint addresses.
  • For the Layer 2 network, you must ensure a loop-free topology.
  • Do not modify the configuration of a VXLAN tunnel after it is created. Instead, delete the existing tunnel and create a new one.

Task summary

Before you configure VXLAN, ensure that these conditions are met:

  • The BIG-IP system must be licensed for SDN Services.
  • Network connectivity exists between the BIG-IP system and the connected hosts and routers.
  • A VLAN exists that connects to the non-VXLAN Layer-2 network.
  • A self IP address is assigned to the VLAN.
  • If you have over 2000 connections, the Management (MGMT) setting on the Resource Provisioning screen is set to Large (System > Resource Provisioning).

Enabling VXLAN

Two db variables are required for VXLAN. These values are disabled by default. You can verify whether they are enabled, before you proceed.
  1. Log in to the command line for the BIG-IP system.
  2. To determine whether the first variable is already enabled, type this command. tmsh list sys db tm.acceptipoptions
  3. Proceed with one of these actions, depending on the system response:
    • If the value is enable, you are finished with this variable, and you can go to the next step.
    • If the value is disable, at the prompt, type this command.

      tmsh modify sys db tm.acceptipoptions value enable

  4. To determine whether the second variable is already enabled, type this command. tmsh list sys db tm.allowmulticastl2destinationtraffic
  5. Proceed with one of these actions, depending on the system response:
    • If the value is enable, you are finished with this task.
    • If the value is disable, at the prompt, type this command.

      tmsh modify sys db tm.allowmulticastl2destinationtraffic value enable

Creating a VXLAN tunnel

Creating a VXLAN tunnel on a BIG-IP system provides a VXLAN gateway to connect the physical network with a virtual network.
  1. On the Main tab, click Network > Tunnels > Tunnel List > Create. The New Tunnel screen opens.
  2. In the Name field, type a unique name for the tunnel.
  3. From the Encapsulation Type list, select vxlan. This setting tells the system which tunnel profile to use. The system-supplied VXLAN profile specifies port 8472. To change the port number, you can create a new VXLAN profile, which then appears in this list.
  4. In the Local Address field, type the self IP address of the VLAN through which the remote VMware host is reachable.
  5. From the Remote Address list, select Specify, and type the multicast group address associated with the VXLAN segment.
  6. In the Key field, type the VNI (Virtual Network Identifier) to use for the VXLAN tunnel.
  7. Click Finished.

Creating a bridge between VXLAN and non-VXLAN networks

Before you begin this task, verify that a VXLAN tunnel exists on the BIG-IP system.
You can create a VLAN group to bridge the traffic between a VXLAN overlay network (Layer 3) and a non-VXLAN (Layer 2) network.
  1. On the Main tab, click Network > VLANs > VLAN Groups. The VLAN Groups list screen opens.
  2. Click Create. The New VLAN Group screen opens.
  3. In then Name field, type a unique name for the VLAN group.
  4. For the VLANs setting, select the VLAN that connects to the non-VXLAN Layer-2 network and the VXLAN tunnel you created, and using the Move button, move your selections from the Available list to the Members list.
  5. Click Finished.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)