VXLAN Gateway Deployment
To implement Layer 3 interworking, a Layer 3 gateway must be deployed
on a VXLAN. VXLAN gateways can be deployed in centralized or distributed
Centralized VXLAN Gateway Mode
In this mode,
Layer 3 gateways are configured on one device. On the network shown
in Figure 1, traffic
across network segments is forwarded through Layer 3 gateways to implement
centralized traffic management.
Figure 1 Centralized VXLAN gateway networking
Centralized VXLAN gateway deployment
has its advantages and disadvantages.
- Advantage: Inter-segment traffic can be centrally managed, and
gateway deployment and management is easy.
- Forwarding paths are not optimal. Inter-segment Layer 3 traffic
of data centers connected to the same Layer 2 gateway must be transmitted
to the centralized Layer 3 gateway for forwarding.
- The ARP entry specification is a bottleneck. ARP entries must
be generated for tenants on the Layer 3 gateway. However, only a limited
number of ARP entries are allowed by the Layer 3 gateway, impeding
data center network expansion.
Distributed VXLAN Gateway Mode
distributed VXLAN gateways addresses problems that occur in centralized
VXLAN gateway networking. Distributed VXLAN gateways use the spine-leaf
network. In this networking, leaf nodes, which can function as Layer
3 VXLAN gateways, are used as VTEPs to establish VXLAN tunnels. Spine
nodes are unaware of the VXLAN tunnels and only forward VXLAN packets
between different leaf nodes. On the network shown in Figure 2, Server 1 and Server
2 on different network segments both connect to Leaf 1. When Server
1 and Server 2 communicate, traffic is forwarded only through Leaf
1, not through any spine node.
Figure 2 Distributed VXLAN gateway networking
A spine node supports high-speed
IP forwarding capabilities.
A leaf node can:
- Function as a Layer 2 VXLAN gateway to connect to physical servers
or VMs and allow tenants to access VXLANs.
- Function as a Layer 3 VXLAN gateway to perform VXLAN encapsulation
and decapsulation to allow inter-segment VXLAN communication and access
to external networks.
Distributed VXLAN gateway networking has the following
- Flexible deployment. A leaf node can function as both Layer 2
and Layer 3 VXLAN gateways.
- Improved network expansion capabilities. A leaf node only needs
to learn the ARP or ND entries of servers attached to
it. A centralized Layer 3 gateway in the same scenario, however, has
to learn the ARP or ND entries of all servers on the network.
Therefore, the ARP or ND entry specification is no longer
a bottleneck on a distributed VXLAN gateway.