What are VTEPs and VNIs in VXLAN?

Hello guys!

Today, I would like to present an introduction to VTEPs and VNIs in VXLAN.

Objetive

The purpose of this article is to present an introduction to VTEPs and VNIs in VXLAN.

What are VTEPs and VNIs in VXLAN?

In Figure 1, a tunnel is established between two top-of-rack (TOR) switches to encapsulate the original data frames sent by the origin server into VXLAN packets so that the original data frames can be transmitted on the carrier network (as a IP network). When VXLAN packets arrive at the TOR switch connected to the destination server, the TOR switch de-encapsulates these packets into the original data frames and forwards them to the destination server.

In the VXLAN network, there are some new elements, such as VTEP and VNI, that are not included in traditional data center networks. The following describes these new elements.

Figure 1 - VXLAN network model

What is a VTEP?

In Figure 1 , a VTEP is an edge device in a VXLAN network. It is the starting or ending point of a VXLAN tunnel, which encapsulates and de-encapsulates the user's original data frames respectively.

A VTEP can be a standalone network device (such as a Huawei CloudEngine series switch) or a virtual switch deployed on a server. The source VTEP encapsulates the original data frames sent by the source server into VXLAN packets and transmits them to the destination VTEP on the IP network. The destination VTEP then de-encapsulates the VXLAN packets into the original data frames and forwards the frames to the destination server.

For details on how VTEPs establish a VXLAN tunnel and forward packets through the tunnel, see How is a VXLAN tunnel established?.

What is a VNI?

As the VLAN ID field in an Ethernet frame is only 12 bits long, the VLAN cannot meet the isolation requirements in data center networks. The emergence of VNI is specifically to solve this problem.

In Figure 1 , a VNI is a user identifier similar to a VLAN ID. A NIV identifies a tenant. VMs with different VNIs cannot communicate at Layer 2. During VXLAN packet encapsulation, a 24-bit VNI is added to a VXLAN packet, which allows the VXLAN to isolate a large number of tenants.

For details on how VNIs are used for VXLAN tunnel establishment and packet forwarding, see How is a VXLAN tunnel established?.

In distributed gateway deployment scenarios, VNIs can be classified into Layer 2 VNIs and Layer 3 VNIs, which have different functions:

Each Layer 2 VNI is mapped to a bridge domain (BD) for intra-subnet forwarding of VXLAN packets. For details, see What does "the same large tier 2 domain" mean? 

A Layer 3 VNI is associated with a VPN instance for inter-subnet routing of VXLAN packets. For details on Layer 3 VNIs, see the Ethernet VPN (EVPN) documentation.

Which VTEPs need to establish VXLAN tunnels?

A VXLAN tunnel is established between two VTEPs. A data center network has many VTEPs, as shown in Figure 2 .

Figure 2 - Establishing VXLAN tunnels (1)

As described earlier, a Layer 2 domain can breach physical boundaries through VXLAN tunnels, makingcommunication between VMs in the large Layer 2 network possible. Therefore, if there are large Layer 2 interconnection requirements between VMs connected to different VTEPs , there must be VXLAN tunnels established between these VTEPs. In other words, all VTEPs in the same large Layer 2 domain need to establish VXLAN tunnels between them.

For example, as shown in Figure 2 , suppose that each VMs connected to VTEP_1, VTEP_2 and VTEP_3, respectively, requires large Layer 2 interconnect. Each two of VTEP_1, VTEP_2 and VTEP_3 need to establish VXLAN tunnels between them, as shown in Figure 3 .

Figure 3 - Establishing VXLAN tunnels (2)

What does "the same large tier 2 domain" mean?

"The same large Layer 2 domain" mentioned above is similar to the VLAN in a traditional network. In a VXLAN network, however, it has another name, bridged domain (BD).

-END-