Netgear CSM4532 Software Administration Manual - Page 239
Functional Description
View all Netgear CSM4532 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 239 highlights
arbitrary access routers are attached to a common layer-2 networks. The VXLAN encapsulation includes a 24bit virtual network ID (VNID). Hosts can be associated to a VNID and restricted to communicate only with hosts associated to the same VNID. This association segregates communities of interest, or tenants, into different virtual networks. VXLAN allows a public or private data center operator to use a common network infrastructure to provide virtual private network service to multiple tenants while distributing any given tenant's compute and storage resources anywhere in the network infrastructure. In a data center, VXLAN encapsulation and decapsulation of tenant packets is normally done by a virtual switch within a virtualized server; however, not all tenant systems are virtualized. Non-virtualized tenant systems can participate in a VXLAN by using a VXLAN gateway. A VXLAN gateway is a networking device that does VXLAN encapsulation and decapsulation. A server's first-hop router, often referred to as a top-of-rack (ToR) device, can be a VXLAN gateway. With VXLAN, the inner Ethernet header can optionally include an incoming VLAN tag. The VXLAN application always strips the inner VLAN information from the incoming Ethernet packet during encapsulation. The inner payload in the VXLAN encapsulated packet does not contain the incoming VLAN tag information in it, which enables flexibility in mapping available VLANs to VNIDs. The allowed range of VNID values is 1-16777214. VNID 16777215 is reserved for internal purposes. 9.6.2. Functional Description 9.6.2.1. VTEP to VN Association The operator must configure switches that are to serve as VXLAN gateways. A gateway may serve one or more VPNs. For VXLAN, the operator specifies the virtual network ID (VNID), the type of network (VXLAN), and a method for identifying which incoming native packets belong to the VPN. The ingress VLAN ID can be used as this classifier. Only one VLAN ID can be associated with a specific VNID on a given router. However, the VLAN ID used has no significance beyond that router, and so the same ID can be used on other routers. In this case the number of tenant networks is not limited to VLAN ID space (i.e., 4096). All ingress ports that are members of specified VLAN ID are treated as access ports for the VPN identified by VNID. This defines the access port set for the specified VPN. The access port set for the VXLAN can be altered by updating the VLAN membership configuration. All incoming VLAN traffic is translated to virtual network traffic identified by VNID. A VLAN ID that is already used or configured for routing is not allowed to be configured as an access VLAN for VXLAN. A source IP address (local VTEP) must be specified for configured VXLAN. The valid source IP interface is either a loopback interface or a routing interface (port-based or VLAN-based) on the router. It is recommended that a loopback interface be dedicated for VXLAN gateway purposes and configured with the intended source IP configuration before associating it with VXLAN. If the configured source IP interface is down or has no IP address, all remote VTEPs in the VPN are considered unreachable. No traffic flows to the remote VTEPs. Note that the configured source IP address must correspond to an IP address configured on each remote VTEP. Otherwise, the remote VTEPs will discard the gateway's packets. NETGEAR M4500 Series Switches Software Administration Manual 239