Hi, everyone! Today I’m going to introduce you here is an example of a VXLAN tunnel. The forwarding principles of other tunnel technologies are similar.
The first diagram outlines the principle of communication between the virtual machine and the outside. At present, the virtual machine VM is connected to the virtual switch vSwitch inside the server (this also means that the packets of the VM can pass the VLAN marked by vSiwtch). If the vSwitch supports VXLAN, the physical network becomes a pure Underlay network.
The second picture roughly describes the networking after CloudVPN created vCPE (CloudCPE) and vFW (CloudFW). VCPE and vFW are VNFs, not pure VMs. But the principle can refer to the principle of the first picture, vCPE and vFW are actually connected through vSwitch, and different links are distinguished by different VLANs.
And these VLANs will also be transparent to the physical switch, which means that vCPE and vFW can also be deployed on multiple different physical servers and interconnected by vSwitch + physical switch.
The third picture is the logical structure of the second picture. There is a logical direct connection between vCPE and vFW. VCPE and vFW). In the diagram here, ThinCPE is connected to vCPE through VXLAN, so VXLAN packets must be terminated on the BDIF of vCPE.
vCPE and vFW use policy routing to divert traffic. vCPE uses policy routing to force traffic to vFW for processing. vFW also uses policy routing to force traffic back to vCPE.
If you have any problems, please post them in our Community. We are happy to solve them for you!
