Scalable Cloud Network with Cisco Nexus 1000V Series Switches and VXLAN

Many customers are building private or public clouds. Intrinsic to cloud computing is having multiple tenants with numerous applications using the cloud infrastructure. Each of these tenants and applications needs to be logically isolated from each other, even at the networking level. For example, a three-tier application can have multiple virtual machines requiring logically isolated networks between the virtual machines. Traditional network isolation techniques such as IEEE 802.1Q VLAN provide 4096 LAN segments (via a 12-bit VLAN identifier) and may not provide enough segments for large cloud deployments. Cisco and a group of industry vendors are working together to address new requirements of scalable LAN segmentation as well as transporting virtual machines across a broader diameter. The underlying technology, referred to as virtual extended LAN (or VXLAN), defines a 24-bit LAN segment identifier to provide segmentation at cloud scale. In addition, VXLAN provides an architecture for customers to grow their cloud deployments with repeatable pods in different subnets. VXLAN can also enable virtual machines to be migrated between servers in different subnets. With Cisco Nexus® 1000V Series Switches supporting VXLAN, customers can quickly and confidently deploy their applications to the cloud.

Cloud Computing Demands More Logical Networks

Traditional servers have unique network addresses to help ensure proper communication. Network isolation techniques, such as VLANs, typically are used to isolate different logical parts of the network, such as a management VLAN, production VLAN, or DMZ VLAN.

In a cloud environment, each tenant requires a logical network isolated from all other tenants. Furthermore, each application from a tenant demands its own logical network, to isolate itself from other applications. To provide instant provisioning, cloud management tools, such as VMware vCloud Director, even duplicate the application’s virtual machines, including the virtual machines’ network addresses, with the result that a logical network is required for each instance of the application.

Challenges with Existing Network Isolation Techniques

The VLAN has been the traditional mechanism for providing logical network isolation. Because of the ubiquity of the IEEE 802.1Q standard, there are numerous switches and tools that provide robust network troubleshooting and monitoring capabilities, enabling mission-critical applications to depend on the network. Unfortunately, the IEEE 802.1Q standard specifies a 12-bit VLAN identifier, which hinders the scalability of cloud networks beyond 4K VLANs. Some in the industry have proposed incorporation of a longer logical network identifier in a MAC-in-MAC or MAC in Generic Route Encapsulation (MAC-in-GRE) encapsulation as a way to scale. Unfortunately, these techniques cannot make use of all the links in a port channel, which is often found in the data center network or in some cases do not behave well with Network Address Translation (NAT). In addition, because of the encapsulation, monitoring capabilities are lost, preventing troubleshooting and monitoring. Hence, customers are no longer confident in deploying Tier 1 applications or applications requiring regulatory compliance in the cloud.

VXLAN Solution

VXLAN solves these challenges with a MAC in User Datagram Protocol (MAC-in-UDP) encapsulation technique. VXLAN uses a 24-bit segment identifier to scale (Figure 1). In addition, the UDP encapsulation enables the logical network to be extended to different subnets and helps ensure high utilization of port channel links (Figure 2). Instead of broadcasting a frame as in a case of unknown unicast, the UDP packet is multicasted to the set of servers that have virtual machines on the same segment. Within each segment, traditional switching takes place and can therefore provide a much larger number of logical networks.
VXLAN Format

As shown in the Figures , the Cisco® VXLAN solution enables:

• Logical networks to be extended among virtual machines placed in different subnets

• Flexible, scalable cloud architecture in which new servers can be added in different subnets

• Migration of virtual machines between servers in different subnets

 Scalability with VXLAN

In conclusion, Cloud computing requires significantly more logical networks than traditional models. Traditional network isolation techniques such as the VLAN cannot scale adequately for the cloud. VXLAN resolves these challenges with a MAC-in-UDP approach and a 24-bit segment identifier. This solution enables a scalable cloud architecture with replicated server pods in different subnets. Because of the Layer 3 approach of UDP, virtual machine migration extends even to different subnets. Cisco Nexus 1000V Series switch with VXLAN support provides numerous advantages for customers, enabling customers to use LAN segments in a robust and customizable way without disrupting existing operational models. The unique capabilities of the Cisco Nexus 1000V Series with VXLAN help ensure that customers can deploy mission-critical applications in the cloud with confidence.
%d bloggers like this: