Saturday, September 5, 2015

Understanding OSPF Routing

OSPF is a fast-converging, link-state IGP used by millions.

OSPF forms adjacencies with neighbors and shares information via the DR and BDR using Link State Advertisements.

Areas in OSPF are used to limit LSAs and summarize routes. Everyone connects to area zero, the backbone.
------------------------------------------------------------------------------------------------------------------------

Open Shortest Path First is a robust link-state interior gateway protocol (IGP). People use OSPF when they discover that RIP just isn’t going to work for their larger network, or when they need very fast convergence

OSPF is the most widely used IGP. When we discuss IGPs, we’re talking about one routing domain, or Autonomous System (AS). Imagine a medium-sized company with multiple buildings and departments, all connected together and sharing two redundant Internet links. All of the buildings on-site are part of the same AS. But with OSPF we also have the concept of an Area, which allows further segmentation, perhaps by department in each building.

To understand the design needs for areas in OSPF, let’s start by discussing how OSPF works. There’s some terminology you may not have encountered before, including:

Router ID: In OSPF this is a unique 32-bit number assigned to each router. This is chosen as the highest IP address on a router, and can be set large by configuring an address on a loopback interface of the chosen router.

Neighbor Routers: two routers with a common link that can talk to each other.
Adjacency: a two-way relationship between two neighbor routers. Neighbors don’t always form adjacencies.

LSA: Link State Advertisements are flooded; they describe routes within a given link.

Hello Protocol: this is how routers on a network determine their neighbors and form LSAs.

Area: a hierarchy. A set of routers that exchange LSAs, with others in the same area. Areas limit LSAs and encourage aggregate routes.
---------------------------------------------------------------------------------------------------------------------

ABR:- An Area Border Router is a router that is in area zero, and one or more other areas.

DR, BDR:- A Designated Router, as we said, is the router that keeps the database for the subnet. It sends and receives updates (via multicast) from the other routers in the same network.

ASBR:- The Autonomous System Boundary Router is very special, but confusing. The ASBR connects one or more AS, and exchanges routes between them. The ASBR’s purpose is to redistribute routes from another AS into its own AS.
--------------------------------------------------------------------------------------------------------------------------

VXLAN (Virtual eXtensible Local Area Network)

VXLAN is an overlay network technology. Overlay network can be defined as any logical network that is created on top of the existing physical networks. VXLAN creates Layer 2 logical networks on top of the IP network. The following two are key traits of an overlay technology:
–       It encapsulates original packets into a new header. For example, IPSec VPN, an overlay technology, encapsulates original IP frame in another IP header.
–       Communication is typically established between two tunnel end points. For example, in an IPSec based VPN, which runs on the public internet, the tunnels are established between two sites.


Different components of the VMware’s VXLAN implementation

When you apply those overlay technology traits to VXLAN, you will see that VXLAN encapsulates original MAC frames in to a UDP header (shown below), and all vSphere hosts participating in VXLAN acts as tunnel end points. They are called Virtual Tunnel Endpoints (VTEPs).





VTEPs are the nodes that provide the encapsulation and de-encapsulation function. When we will go through the detail packet flows it will be clear how these VTEPs encapsulate and de-encapsulate traffic from any virtual machine connected to a VXLAN based Layer 2 logical network or virtual wire. The virtual tunnel endpoint (VTEP) configured on every vSphere host consists of the following three modules:
1) VMware Installation Bundle (VIB) or vmkernel module – VTEP functionality is part of the VDS and is installed as a VMware Installation Bundle (VIB). This module is responsible for VXLAN data path processing, which includes maintenance of forwarding tables and encapsulation and de-encapsulation of packets.
2) vmknic virtual adapter – This adapter is used to carry control traffic, which includes response to multicast join, DHCP, and ARP requests. As with any vmknic, a unique IP address is assigned per host. The IP address is used as the VTEP IP while establishing host-to-host tunnels to carry VXLAN traffic.
3) VXLAN port group – This is configured during the initial VXLAN configuration process. It includes physical NICs, VLAN information, teaming policy, and so on. These port group parameters dictate how VXLAN traffic is carried in and out of the host VTEP through the physical NICs.



Friday, September 4, 2015

NSX (Network Virtualization Platform)

NSX is a network virtualization platform that you can use to build a rich set of logical networking services.

Logical Switching: Layer 2 over Layer 3, decoupled from the physical network
Logical Routing: Routing between virtual networks without exiting the software container
Logical Firewall: Distributed Firewall, kernel integrated, high performance
Logical Load Balancer: Application load balancing in software
Logical VPN: Site-to-site and remote access VPN in software
NSX API: REST API for integration into any cloud management platform
Robust Partner Ecosystem: Additional features and use cases supported