protocol_vxlan_nvgre_geneve

Posted on Edited on In ,

Overview

Tunneling is a mechanism that makes transfer of payloads feasible over an incompatible delivery network. It allows the network user to gain access to denied or insecure networks. Data encryption may be employed to transport the payload, ensuring that the encapsulated user network data appears as public even though it is private and can easily pass the conflicting network.

An information center hosting hundreds of thousands of customers located across many locations with virtualized customer workloads will most likely need many VLANs and at the same time the ability to share assets on each other networks. VXLAN/ NVGRE SUPPORT Software Defined Networking (SDN) was created partly to solve problems associated with multi-tenant environments. This wide resource sharing enables Microsoft to create NVGRE for Hyper-V, a native hypervisor that can create virtual machines on x86-64 systems starting with Windows 8 and VMware to create Virtual Extensible LAN (VXLAN), a tunneling protocol that recognizes network users to access or provide networking services to networks that does not support or provide directly.

NVGRE standard is proposed by Microsoft, Intel, HP and Dell.
VXLAN specification was originally created by Cisco, VMware, and Arista Networks

NVGRE

NVGRE is a networking virtualization process that primarily seeks to ease the scalability problems related to large cloud computing deployments. The network virtualization process uses encapsulation to tunnel the data link layer (layer 2) packets over the network layer (layer 3) networks. The aim is to permit multi-tenant and load-level networks that could be shared across on-site and cloud-based environments.

In NVGRE, the packets of the virtual machine are encapsulated inside another packet resulting to this new NVGRE-formatted packet possessing the appropriate source and destination provider area (PA) IP addresses.

NVGRE uses the lower 24 bits of the GRE header as the TNI (tenant network identifier), which, like the VXLAN, can support 16 million virtual networks. In order to provide a flow-level granularity describing the bandwidth utilization, the transmission network needs to use the GRE header. But this results in NVGRE not being compatible with traditional load balancing, which is the main shortcoming of NVGRE and the biggest difference from NVGRE.

  • OUTER IP + GRE HEADER + (Inner Layer2 + Inner Layer3 + TCP/UDP + payload) as IP payload
  • no extra UDP header as GRE is at same level as TCP or UDP.

VXLAN(Virtual extensible local area network)

The purpose of VXLAN is to provide scalable network isolation. VXLAN is a Layer 2 overlay scheme on a Layer 3 network. It allows an overlay layer-2 network to spread across multiple underlay layer-3 network domains. Each overlay is termed a VXLAN segment. Only VMs within the same VXLAN segment can communicate.

The VXLAN packet header includes a 24-bit ID segment, which stands for 16 million unique virtual segments. This ID is usually generated by pseudo-random algorithm on UDP ports. This helps to keep load balancing based on 5-tuple and preserve the order of packets between VMs by mapping the MAC group within packets to a unique UDP port group. VXLAN encapsulation expands the packet size to 50 bytes, which is shown as below.

  • OUTER IP + UDP + (VXLAN HEADER + Inner Layer2 + Inner Layer3 + TCP/UDP + payload)as UDP payload

GENEVE(Generic Network Virtualization Encapsulation)

VXLAN (Virtual Extensible LAN), NVGRE (Network Virtualization using Generic Routing Encapsulation) and STT (Stateless Transport Tunneling). All three encapsulate application data in a new larger fixed header field. That header size is 24-bit for VXLAN and NVGRE, the latter being used mostly by Microsoft, while STT has a 64-bit header size. None of these encapsulation tunnelling methods require any change to hardware networking infrastructure, though some vendors offer hardware that can help assist in accelerating the efficiency of the solution. However, none of the solutions are compatible with each other.

Geneve is designed to recognize and accommodate changing capabilities and needs of different devices in network virtualization. It provides a framework for tunneling rather than being prescriptive about the entire system. Geneve defines the content of the metadata flexibly that is added during encapsulation and tries to adapt to various virtualization scenarios. It uses UDP as its transport protocol and is dynamic in size using extensible option headers. Geneve supports unicast, multicast, and broadcast.

GENEVE encapsulated packets are designed to be transmitted via standard networking equipment. Packets are sent from one tunnel endpoint to one or more tunnel endpoints using either unicast or multicast addressing.

GENEVE is being adopted as the default tunnelling protocol for OVN (Open Virtual Network) which in turn is being promoted as an implementation of OVS (OpenvSwitch) in future OpenStack releases