Understanding Dynamically Configured VXLANs in an OVSDB Environment
This topic applies only to QFX Series switches, which support the dynamic configuration of Open vSwitch Database (OVSDB)-managed Virtual Extensible LANs (VXLANs). Although the configuration of OVSDB-managed VXLANs is automated on these switches, there are tasks that you must perform before and after the dynamic configuration.
On all other Juniper Networks devices that support OVSDB and VXLAN, you must manually configure OVSDB-managed VXLANs using the Junos OS CLI. For more information about manually configuring OVSDB-managed VXLANs, see Configuring OVSDB-Managed VXLANs.
The Juniper Networks Junos OS implementation of the OVSDB management protocol provides a means through which Juniper Networks devices that support OVSDB can communicate with software-defined networking (SDN) controllers. Support for OVSDB enables the devices in a physical network to be integrated into a virtualized network.
In a Junos OS environment, the concept of an OVSDB-managed Layer 2 broadcast domain in which data flows are limited to that domain is known as a VXLAN. The term used for the same concept in other OVSDB environments depends on the environment:
In an NSX environment, the same concept is known as a logical switch.
In a Contrail environment, the same concept is known as a virtual network.
Understanding the terminology used in the different environments will help you to better understand the workflow associated with the dynamic configuration of OVSDB-managed VXLANs, including tasks that you must perform before and after the dynamic configuration.
The following sections describe the dynamic configuration of OVSDB-managed VXLANs:
Performing Tasks Before and After the Dynamic Configuration of OVSDB-Managed VXLANs
Although the configuration of OVSDB-managed VXLANs is automated, there are some tasks that you must perform before and after the dynamic configuration. Table 1 includes a sequentially ordered workflow of tasks and events for the dynamic configuration of OVSDB-managed VXLANs in an NSX environment, while Table 2 includes the equivalent information for a Contrail environment. Your familiarity with these workflows will ensure that the dynamic configuration of OVSDB-managed VXLANs is properly implemented.
In Table 1, the NSX controller and Juniper Networks switch handle the events described in workflow numbers 4, 6, and 7. You must perform the tasks described in workflow numbers 1, 2, 3, 5, and 8. If you perform a task in a different order than that outlined in Table 1, the dynamic configuration might not work or the dynamically configured OVSDB-managed VXLAN might not become functional.
Workflow Number |
Task or Event |
How Task or Event Is Handled |
More Information About Task or Event |
|---|---|---|---|
1 |
Enable the Juniper Networks switch to dynamically configure an OVSDB-managed VXLAN. |
You must manually enable this capability by entering the |
– |
2 |
On the Juniper Networks switch, configure each physical interface that is connected to a physical server so that the interface is managed by OVSDB. |
For each physical interface, you must manually enter the |
When entering the interface name, you do not need to include a logical unit number. |
3 |
For each OVSDB-managed VXLAN that you want to implement, configure a logical switch. |
You must manually configure the logical switch by using NSX Manager or the NSX API. See the documentation that accompanies NSX Manager or the NSX API. |
A universally unique identifier (UUID) for the logical switch is dynamically generated. |
4 |
Relevant information about the logical switch is pushed to the Juniper Networks switch. |
The NSX controller pushes relevant information to the logical switch table in the OVSDB schema for physical devices. This schema resides in the Juniper Networks switch. |
– |
5 |
Create the following entities:
|
You must manually configure these entities by using NSX Manager or the NSX API. See the documentation that accompanies NSX Manager or the NSX API. Also see VMware NSX Configuration for Juniper Networks Devices Functioning as Virtual Tunnel Endpoints. |
– |
6 |
Relevant information about the gateway service and logical switch port are pushed to the Juniper Networks switch. |
The NSX controller pushes this information to the Juniper Networks switch. |
– |
7 |
A corresponding VXLAN is dynamically created. Based on the gateway service and logical switch port configured in NSX Manager or the NSX API, one or more interfaces are also created and associated with the VXLAN. |
The Juniper Networks switch dynamically creates the VXLAN and interface configuration. |
For the name of the VXLAN, the Juniper Networks switch uses the UUID of the logical switch. |
8 |
(Recommended) Verify that the logical switch, corresponding VXLAN, and associated interfaces are configured properly and are operational. |
You can enter the |
If the output of the |
In Table 2, the Contrail controller and Juniper Networks switch handle the events described in workflow numbers 5, 8, and 9. You must perform all other tasks described in the table. If you perform a task in a different order than that outlined in Table 2, the dynamic configuration might not work or the dynamically configured OVSDB-managed VXLAN might not become functional.
Workflow Number |
Task or Event |
How Task or Event Is Handled |
More Information About Task or Event |
|---|---|---|---|
1 |
On the Juniper Networks switch, configure a unique hostname for the switch. |
You must manually enter the |
If implementing a virtual chassis, be aware that all members of the virtual chassis must have the same hostname. |
2 |
Enable the Juniper Networks switch to dynamically configure an OVSDB-managed VXLAN. |
You must manually enable this capability by entering the |
– |
3 |
On the Juniper Networks switch, configure each physical interface that is connected to a physical server so that the interface is managed by OVSDB. |
For each physical interface, you must manually enter the |
When entering the interface name, you do not need to include a logical unit number. |
4 |
For each OVSDB-managed VXLAN that you want to implement, configure a virtual network in the Contrail Web user interface. |
You must manually configure the virtual network by navigating to Configure > Networking > Networks. |
See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs. |
5 |
Relevant information about the virtual network is pushed to the Juniper Networks switch. |
The Contrail controller pushes relevant information to the logical switch table in the OVSDB schema for physical devices. This schema resides in the Juniper Networks switch. |
– |
6 |
For each interface that you plan to implement for a VXLAN, configure a logical interface. |
In the Contrail Web user interface, you must manually configure the logical interface by navigating to Configure > Physical Devices > Interfaces. For information about configuring a logical interface, see Using TOR Switches and OVSDB to Extend the Contrail Cluster to Other Instances. |
See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs. |
7 |
For each Juniper Networks switch that you deploy as a hardware VTEP, you create a physical router. |
In the Contrail Web user interface, you must manually configure the physical router by navigating to Configure > Physical Devices > Physical Routers. For information about configuring a physical router, see Using TOR Switches and OVSDB to Extend the Contrail Cluster to Other Instances. |
See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs. |
8 |
Relevant information about the logical interfaces is pushed to the Juniper Networks switch. |
The Contrail controller pushes this information to the Juniper Networks switch. |
– |
9 |
A corresponding VXLAN is dynamically created. Based on the logical interface configured in the Contrail Web user interface, one or more interfaces are also created and associated with the VXLAN. |
The Juniper Networks switch dynamically creates the VXLAN and interface configurations. |
For the name of the VXLAN, the Juniper Networks switch uses the prefix “Contrail-” and the UUID of the virtual network. |
10 |
(Recommended) Verify that the virtual network, corresponding VXLAN, and interfaces are configured properly and are operational. |
You can enter the |
If the output of the |
What the Juniper Networks Switch Actually Creates Dynamically
When a Juniper Networks switch creates a VXLAN, it sets up a configuration similar to the following sample:
set vlans 28805c1d-0122-495d-85df-19abd647d772 vxlan vni 100
Note the following meanings for this sample configuration:
The name of the VXLAN is 28805c1d-0122-495d-85df-19abd647d772. The UUID of the logical switch, which was configured in NSX Manager or in the NSX API, is 28805c1d-0122-495d-85df-19abd647d772. For a VXLAN created in a Contrail environment, the name would be preceded by “Contrail-”.
For the virtual network identifier (VNI), the Juniper Networks switch uses either the VNI specified in the logical switch configuration (NSX) or the VXLAN identifier specified in the virtual network configuration (Contrail). In this example, VNI 100 is used. If the Juniper Networks switch detects that VNI 100 is a duplicate of a VNI from a VXLAN configured by manually using the
set vlans vlan-name vxlan vni (1 – 16777214)command in the Junos OS CLI, the switch deletes the manually configured VXLAN. Or, if the Juniper Networks switch detects that VNI 100 is specified in the dynamically configured VXLAN, but for some reason, the VNI is no longer in the equivalent logical switch or virtual network configuration, the Juniper Networks switch deletes VNI 100 from the VXLAN.
If you need to modify or delete an OVSDB-managed VXLAN that was dynamically configured by the Juniper Networks switch, you must modify or delete either the corresponding logical switch configuration (NSX), or the corresponding virtual network configuration (Contrail). After you modify or delete the configuration, the SDN controller pushes the update to the Juniper Networks switch, and the switch modifies or deletes its configuration accordingly.
Depending on either the gateway service and logical switch ports configuration (NSX), or the logical interface configuration (Contrail), the Juniper Networks switch dynamically creates and associates one or more interfaces with the VXLAN. The configuration generated by the switch depends on whether an interface must support untagged or tagged packets. The following sections provide information about the configuration that the switch dynamically generates for each interface:
Dynamic Association of a Trunk Interface Supporting Untagged Packets to a Dynamically Created VXLAN
Dynamic Association of a Trunk Interface Supporting Tagged Packets to a Dynamically Created VXLAN
- Dynamic Association of a Trunk Interface Supporting Untagged Packets to a Dynamically Created VXLAN
- Dynamic Association of a Trunk Interface Supporting Tagged Packets to a Dynamically Created VXLAN
Dynamic Association of a Trunk Interface Supporting Untagged Packets to a Dynamically Created VXLAN
To determine the type of interface to create and associate with an OVSDB-managed VXLAN, the Juniper Networks switch uses the VLAN ID that you specified when configuring either the logical switch port (NSX), or the logical interface (Contrail). If you specified 0 as the VLAN ID, the switch dynamically configures a trunk interface that can handle untagged packets. (If you specified a valid non-zero VLAN ID, the switch creates a trunk interface that handles tagged packets.)
After the SDN controller pushes either the NSX or Contrail configurations to the Juniper Networks switch, the switch dynamically creates a configuration similar to the following:
set interfaces ge-1/0/0 flexible-vlan-tagging set interfaces ge-1/0/0 native-vlan-id 4094 set interfaces ge-1/0/0 encapsulation extended-vlan-bridge set interfaces ge-1/0/0 unit 0 vlan-id 4094 set vlans 28805c1d-0122-495d-85df-19abd647d772 interface ge-1/0/0.0
This sample configuration sets up physical interface ge-1/0/0 as a trunk interface. It also configures a native VLAN with an ID of 4094 and specifies that logical interface ge-1/0/0.0 is a member of the native VLAN. As a result, logical interface ge-1/0/0.0 handles incoming untagged packets.
We reserve VLAN ID 4094 for native VLANs in an OVSDB environment. As a result, when you create either a logical switch port (NSX) or a logical interface (Contrail), if you specify VLAN ID 4094, the Juniper Networks switch does not dynamically configure a corresponding interface. Also, a system log error message is generated.
Instead of dynamically configuring physical interface ge-1/0/0 as an access interface, which typically handles untagged packets, the Juniper Networks switch configures it as a trunk interface. The intent of this configuration is to support the division of physical interface ge-1/0/0 into multiple logical interfaces, some of which are associated with VXLANs that handle untagged packets and some of which are associated with VXLANs that handle tagged packets.
The sample configuration also creates logical interface ge-1/0/0.0 and associates this interface with VXLAN 28805c1d-0122-495d-85df-19abd647d772.
Dynamic Association of a Trunk Interface Supporting Tagged Packets to a Dynamically Created VXLAN
Starting with Junos OS Release 14.1X53-D15 for QFX5100 switches, 15.1X53-D10 for QFX10002 switches, 15.1X53-D30 for QFX10008 switches, 15.1X53-D60 for QFX10016 switches, 15.1X53-D210 for QFX5110 and QFX5200 switches, and 18.1R1 for QFX5210 switches, the dynamic configuration of trunk interfaces and their association with an OVSDB-managed VXLAN is supported.
In a network that is divided into multiple VXLANs, each VXLAN has a VLAN ID associated with it. Packets associated with a particular VXLAN include the corresponding tag. In this situation, the interface that connects the Juniper Networks switch to a physical server in an OVSDB environment is a trunk interface that handles only tagged packets.
To determine the type of interface to create and associate with an OVSDB-managed VXLAN, the Juniper Networks switch uses the VLAN ID that you specified when configuring either the logical switch port (NSX), or the logical interface (Contrail). If you specified a valid VLAN ID other than 0 in either configuration, the switch creates a trunk interface that can handle tagged packets. (If you specified 0 as the VLAN ID, the switch creates a trunk interface that handles untagged packets.)
After the SDN controller pushes the NSX or Contrail configuration to the Juniper Networks switch, the switch dynamically creates a configuration similar to the following:
set interfaces ge-1/0/0 flexible-vlan-tagging set interfaces ge-1/0/0 encapsulation extended-vlan-bridge set interfaces ge-1/0/0 unit 10 vlan-id 10 set vlans 28805c1d-0122-495d-85df-19abd647d772 interfaces ge-1/0/0.10
The sample configuration sets up physical interface ge-1/0/0 as a trunk interface. It also configures a VLAN with an ID of 10 and specifies that interface ge-1/0/0.10 is a member of the VLAN. With the configuration of VLAN 10, logical interface ge-1/0/0.10 accepts incoming packets with a VLAN tag of 10 and adds a tag of 100 to each packet. Adding a tag of 100 identifies the packets as received by the VXLAN 28805c1d-0122-495d-85df-19abd647d772, which has a VNI of 100. This configuration also associates the trunk interface with VXLAN 28805c1d-0122-495d-85df-19abd647d772.