目标：

1. 解决4k vlan资源不足的问题；
2. 解决二层overlay的问题，跨区域大二层；
3. 解决接入switch mac地址数量问题；

限制：

需要三层组播支持，通常运营商不会对小客户开放广域网上的三层组播服务；
但是园区网、企业网中，可以使用三层组播；
相关技术，vmware 和cisco 联手提出 vxlan：
1 cisco OTV；
2 microsoft NVGRE；
3 H3C EVI；
4 nicira STT;
5 IBM Dove,数据平面同VxLAN；
6 Draft: Geneve

实现架构：

MAC in UDP, UDP port4789;
/* UDP port for VXLAN traffic.
* The IANA assigned port is 4789, but the Linux default is 8472
* for compatibility with early adopters.
*/

static unsigned short vxlan_port __read_mostly = 8472;

把二层报文（可以带vlan）封装在UDP报文中，通过三层单播/组播发送；

switch上要支持IGMP snooping；

VXLAN header: 8 Bytes

image

linux 配置vxlan：（组播模式）

1. Create vxlan device

ip li add vxlan0 type vxlan id 42 group 239.1.1.1 dev eth1

This creates a new device (vxlan0). The device uses the the multicast group 239.1.1.1 over eth1 to handle packets where no entry is in the forwarding table.

2. Delete vxlan device

ip link delete vxlan0

3. Show vxlan info

ip -d link show vxlan0

It is possible to create, destroy and display the vxlan

forwarding table using the new bridge command.

1. Create forwarding table entry

bridge fdb add to 00:17:42:8a:b4:05 dst 192.19.0.2 dev vxlan0

2. Delete forwarding table entry

bridge fdb delete 00:17:42:8a:b4:05 dev vxlan0

3. Show forwarding table

bridge fdb show dev vxlan0

三、 配置命令p2p mode vxlan:

VM1：

创建网桥br-vx并使其up

brctl addbr br-vx
ip link set br-vx up

增加一个类型为vxlan,vni-id为100的，名字为vxlan10的虚拟网卡，指明对端地址为192.168.233.190, （此地址为VM2的eth2的地址）出接口为本端的eth2

ip link add vxlan10 type vxlan id 100 remote 192.168.233.190 dstport 4789 dev eth2
ip link set vxlan10 up

把vxlan10加入到网桥中

brctl addif br-vx vxlan10

创建一对虚拟网卡，设置其中的veth0的地址为192.167.1.6，并把veth1绑到网桥br-vx中。从veth0发出的报文将会发给veth1，由于veth1在网桥中，会被进入到vxlan10中通过vxlan隧道发送给对端

ip link add type veth
ifconfig veth0 192.167.1.6/24 up
ifconfig veth0 mtu 1450
ifconfig veth1 up
ifconfig veth1 mtu 1450
brctl addif br-vx veth1

VM2：

创建网桥br-vx并使其up

brctl addbr br-vx
ip link set br-vx up

增加一个类型为vxlan,vni-id为100的，名字为vxlan10的虚拟网卡，指明对端地址为192.168.233.180, （此地址为VM2的eth2的地址）出接口为本端的eth2

ip link add vxlan10 type vxlan id 100 remote 192.168.233.180 dstport 4789 dev eth2
ip link set vxlan10 up

把vxlan10加入到网桥中

brctl addif br-vx vxlan10

创建一对虚拟网卡，设置其中的veth0的地址为192.167.1.7，并把veth1绑到网桥br-vx中。从veth0发出的报文将会发给veth1，由于veth1在网桥中，会被进入到vxlan10中通过vxlan隧道发送给对端

ip link add type veth
ifconfig veth0 192.167.1.7/24 up
ifconfig veth0 mtu 1450
ifconfig veth1 up
ifconfig veth1 mtu 1450
brctl addif br-vx veth1

vxlan协议：draft-mahalingam-dutt-dcops-vxlan-09.txt

4.2. Broadcast Communication and Mapping to Multicast

Consider the VM on the source host attempting to communicate with the destination VM using IP. Assuming that they are both on the same subnet, the VM sends out an ARP broadcast frame. In the non-VXLAN environment, this frame would be sent out using MAC broadcast across all switches carrying that VLAN.

With VXLAN, a header including the VXLAN VNI is inserted at the beginning of the packet along with the IP header and UDP header.

However, this broadcast packet is sent out to the IP multicast group on which that VXLAN overlay network is realized.

To effect this, we need to have a mapping between the VXLAN VNI and the IP multicast group that it will use. This mapping is done at the management layer and provided to the individual VTEPs through a management channel. Using this mapping, the VTEP can provide IGMP membership reports to the upstream switch/router to join/leave the VXLAN related IP multicast groups as needed. This will enable pruning of the leaf nodes for specific multicast traffic addresses based on whether a member is available on this host using the specific multicast address (see [RFC4541]). In addition, use of multicast routing protocols like Protocol Independent Multicast - Sparse Mode (PIM-SM see [RFC4601]) will provide efficient multicast trees within the Layer 3 network.

6.1. Inner VLAN Tag Handling

Inner VLAN Tag Handling in VTEP and VXLAN Gateway should conform to the following:

Decapsulated VXLAN frames with the inner VLAN tag SHOULD be discarded unless configured otherwise. On the encapsulation side, a VTEP SHOULD NOT include an inner VLAN tag on tunnel packets unless configured otherwise. When a VLAN-tagged packet is a candidate for VXLAN tunneling, the encapsulating VTEP SHOULD strip the VLAN tag unless configured otherwise.