How to make VXLAN Network Designs Simple, Scalable, and Uncomplicated?
This is a 100% technical show, we are diving into the weeds on VXLAN and what the critical Network Design Decisions are around that protocol. I am joined by Lukas Krattiger, a Distinguished Engineer in Technical Marketing, who is going to help me with all things VXLAN in today’s episode!
If you want to know all about VXLAN and how to make the right design decisions, check today’s episode of the Zigbits Network Design Podcast!
Let’s go!
How to make VXLAN Network Designs simple, scalable, and uncomplicated
What’s up, everybody? I hope everyone is doing great. Zig Zsiga here and welcome to episode 91 of the Zigbits Network Design Podcast. My Name is Zig Zsiga, I’m here to help you with Network Engineering, Network Design, and Network Architecture, and today we are discussing the ins and outs of VXLAN. Helping me today is my good friend, well-known industry expert, Cisco Live Distinguished speaker, Cisco Press Author Lukas Krattiger.
You’ll Learn
- What is VXLAN?
- What is an overlay network versus an underlay network
- Hear about some examples of how we can ensure VXLAN Network Designs are simple.
- What is the primary goal of VXLAN (Virtual Extensible LAN)?
- How do we handle VXLAN BUM traffic and its transport mechanism?
- Hear why some people make VXLAN Complex.
- How to ensure our VXLAN Designs are scalable?
- What are some of the VTEP termination options and why?
- How do we make VXLAN Manageable?
- Hear Lukas’s best practice recommendations and suggestions for VXLAN
- Find out if VXLAN can be used outside of the “traditional” Data Center Designs?
- How can you start learning VXLAN?
Resources
- Designing Network Architectures – Ensuring Business Success
- Zigbits Monthly Giveaway
- Network Design Principle Reliability – ZNDP 063
- Network Design Principle Resiliency – ZNDP 064
- Zigbits Network Design Pillar Page
- Top 5 Network Design Principles with Daren Fulwell – ZNDP 067
- Zigbits Demystifying The Roles Pillar Page
- The Shift in Availability – Network Design Principle Availability – ZNDP 069
- Zigbits Network Design Course Weekly Status Emails
- Zigbits Discord Server
Today’s Guests:
Lukas Krattiger, CCIE
Lukas is a Distinguished Engineer in Technical Marketing at Cisco Systems with 20+ years of experience in Data Center, Internet, and Application Networks.
Within Cisco’s Intent-Based Networking Group (IBNG), he is specialized in Data Center Switching Architectures and Solutions across Platforms. Lukas is a double CCIE (R&S, Data Center) with several other industry certifications and participated in various technology Leadership- and Advisory-Groups.
Prior to joining Cisco, Lukas was a Senior Network Engineer at System Integrator and Service Providers responsible for Data Center and Internet Networks.
Since joining Cisco, he covered various technologies within the Data Center as well as Enterprise Network portfolio and built foundational solutions for Customers and Partners. Current projects do include innovative approaches for automating Data Center Networks and optimizing Networking with Overlays.
How to stay connected to Lukas:
Network Design Course – Designing Network Architectures
Before we jump in, I want to tell you about something truly awesome! At the request of the Zigbits Discord Community, I have opened my Network Design Course: Designing Network Architecures – Ensuring Business Success! Yes, it’s open right now. The Zigbits Discord Community asked me to be Agile and to publish what’s already completed, so I have. Stage 1 – 5 of my course is published. I am working on the last 3 stages, and they will be published as soon as they are done.
The purpose of this course is to make you the best network designer you can be. It’s targeting everyone in this amazing Network Industry, no matter if you are just starting out or if you are a 30-year veteran Network engineer. This course is going to change your career and your life.
Again to be 100% transparent the course is not completed yet, but if you want to purchase it, you can. You will get access to all of the content that is currently published! Then as the rest of the content is ready, I will publish it to you at no additional cost or fee, of course!
If you are interested and want to hear more, click here! If you have any questions, you can reach out to me on Discord or email me at Zig@zigbits.tech.
Let’s Simplify VXLAN Network Design
In this section of the show, Lukas and I discuss the different ways to make VXLAN Network Design Simple. We start our discussion by defining what VXLAN is, its original purpose, and how it has evolved over the years. We then talk about the differences between an overlay and underlay, and why you need them. One topic that we go into a bit is how to handle the Broadcast, Unknown-unicast, and Multicast (BUM) traffic within VXLAN. Finally, we compare the other protocols that VXLAN can be chosen over and why? (STP, Fabric Path, Trill, etc…)
VXLAN Network Designs that are Scalable
In this section of the show, Lukas and I discuss the different ways to make VXLAN Network Design Scalable. We discuss the different VTEP termination options and why one should be leveraged over the other. Then we compare the different scaling options for leafs of 256 vs 512 of today, versus 64 years ago. We get into some of the platform discussions, what should be our spines and what should be our leafs. Finally, we discuss how we should properly manage VXLAN Network designs moving forward.
VXLAN Network Designs Uncomplicated!
In this section of the show, I ask Lukas what are his best practice recommendations for VXLAN Network Designs. Then we discuss how we can take VXLAN and leverage it in other places of the network like the Campus or a Service Provider POP Design. Finally, we go into some details on how you can start learning VXLAN today.
ZNDP 091: How to make VXLAN Network Designs simple, scalable, and uncomplicated with Lukas Krattiger
Zig Zsiga: [0:00] How to make vxlan Network design simple scalable and uncomplicated with Lucas Treasure episode 91.
[0:10] This is a 100% technical show we are diving into the Weeds on vxlan and what
the critical Network design decisions are around that protocol hey if you want to know all about VX land and how to make the right decisions the right design decisions check.
Today's episode of the zigbits network design podcast
welcome back my friends nerds geeks and ziglets out there we have another episode of the zigbits network design podcast where
zsiga bites those zsiga bites are faster than those gigabytes again we strive to provide that real-world context around technology.
[0:46] Is up everybody I hope everyone is doing great zigzaggy here and welcome to
episode 91 of the zigbits network design podcast we're getting closer and closer to that elusive episode 1 a hundred just nine more to go after this one once again my name is zsiga
I'm here to help you with network engineering Network design and network architecture
but today and today not but today and today we are discussing
the ins and the outs of vxlan helping me helping me today is my good friend well-known industry expert Cisco live distinguished speaker is Cisco press author Lucas krattiger.
Now we're real quick for those that may not know Lucas Lucas krattiger he is a distinguished engineer and Technical marketing he works in the Cisco business unit with 20 plus years of experience
in both data center internet.
[1:44] Occasion networks now within the Cisco business unit he actually works in the intent-based networking group he's specializes in data center switching
architectures and solutions across all our platforms now Lucas is a cc CI with several other industry expert certifications,
he participates in various technology leadership advisory groups he's going to join us today,
I am truly amazed that he's able to join us and have a good little chat about vxlan he's the one I reached out to and I was studying for my CCE years and years ago and I had a bunch of questions on vxlan.
And getting him on here is truly an awesome situation for all of us hey Lucas thanks for joining us today really appreciate it how are you doing buddy.
Lukas Krattiger: [2:32] Well it's at absolute pleasure and I'm doing very well thanks for asking hope you're.
Zig Zsiga: [2:36] Oh yes it's very sunny here I've been in New York today and it's very sunny and it's been raining for the last like week so today being no rain
it's a dry outside it's really nice if I can get out of the office and get some time outside I can't wait hopefully go for a hike or something but it's glad I'm glad to have you here
and I know today we're going to talk about vxlan and we're going to try our best to keep it simple scalable and uncomplicated that's our goal right.
Lukas Krattiger: [3:02] That sounds like fantastic let's go and try to make something which is actually very simple and scalable also uncomplicated I think that's a great topic for today.
Zig Zsiga: [3:11] Before we dive in would you mind kind of giving a quick intro of who you are what you do the kind of the The Cliff Notes versions of Who You Are.
Lukas Krattiger: [3:20] Sure sure absolutely pleasure so
working at Cisco for not yet ten years soon-to-be so I'm looking forward to a little anniversary there hopefully a big party outside,
and not confined as we are today's in this crazy 20 20 or 20 21 where we are right now beyond that I was working in a lot of service providers in the past very large scale,
networks we did something what's which was called Data Centers at that time but in fact it was more ethernet switching I mean there were not real data centers in the very traditional sense
he lets the racks with some servers and at best you had a switch if not a hop in these
in these wrecks there then in the meantime some service providers said some virus or value-added resellers or Cisco Partners developed with Cisco Partners stand
stood up one partner to be
The Early times the UCS specialization back then so I was on the customer side or the partner side I was also doing a lot of customer engagements at these points in a Consulting Fashions I built networks I design networks I operated Networks
and now I'm building the product on the on the other side with a very little sales prior to moving into the view.
[4:44] I'm working technical marketing these days and it's switching routing protocols data center van,
Enterprise networking you you choose if there is a protocol around happy to have fun.
Zig Zsiga: [4:59] So real quick you said be you what's the be you stand for.
Lukas Krattiger: [5:03] Okay yeah bu short-term internal Cisco which is a business unit it's the groups which are creating products building software the area where I'm working in is the so-called intent-based networking group.
Which entails everything Catalyst everything Nexus everything iOS XE everything Annex OS so that's the technical Marketing Group which I'm sitting in there.
And.
Zig Zsiga: [5:28] You doing everything then I mean really you're doing like everything over there.
Lukas Krattiger: [5:31] I'm not doing everything I'm doing a lot of pieces but when you want to look at.
Things from architecture perspective then it's very important to not only understand that you have a feature X.
But how protocol Works how protocol Works across platforms our protocol Works across vendors so,
multi-protocol multi-vendor kind of work is what I did in the past when you worked at the service provider you probably had a similar experience when you work with customers here to promote similar experience so it doesn't help that you know router ospf configures it on iOS
you need to understand what the the base functionality is behind that what you actually start,
and you need to understand what is the equivalent base functionality you can get
in another vendor operating system or into an xos and what are the defaults how to protocol behaves and then
it doesn't really help you to know the exact CLI command it helps obviously but from a high level perspective it's about how the protocol behaves to.
To to other devices and what is the essence underneath so that's that's the fun part actually of a lot of.
Zig Zsiga: [6:47] It sounds a lot of fun actually and you know I haven't talked about this so I'm a little intrigued so you know it sounds fun because if we would take like a basic protocol like spanning tree or even like you know
ospf like I mean routing protocol generic ospf you have to not just under your to know the theory behind ospf.
I'm going to pick on ospf for a minute from a from a probably an RFC perspective and how it operates but then you also have to know it how it works on each product each its Hardware base and xos and,
Catalyst and then maybe you and other vendors and how it works and how it's different between the different products and hardware-based.
Lukas Krattiger: [7:24] That is correct so let's put Hardware very briefly on site that comes with it when you when you program the forwarding information Etc
but just from a protocol Behavior yet there's the art of see which one would guess is a good guideline but then there are implementation specifics in software
and you took ospf I'm not going down into the lsas but how you take certain things from the link state,
protocol itself that case ospf do the evaluation across the different route types you actually have in there,
or the different Dell essays you have in there and then how you install them in a single routing table what's
let's call it the rip writing information base which is basically the software part and then how you take this information and put it into defib to forwarding information base lot of people call it the tkm or the the hardware at that point
there are a lot of different pieces in between from receiving.
The object to treating the object to installing the object to programming the object so it's it's a lot of fun and you're absolutely right.
[8:35] Different vendors behave differently different OSS behave differently and you need to go and look into that on but the behavior is and what is the,
respective not to turn in order to make it work together and I mean this is
perfect segue to every protocol I mean we took ospf you want to take spanning tree you want to take bgp you want to take VPN address families to do a little bit hook into our upcoming discussions but
all of them you need to understand what is the intended behavior and what is the configured behavior and what do you need to do in order to achieve,
the intended behavior and get the result you're looking.
Zig Zsiga: [9:17] That is that is outstanding I love that so you know I might have to pick pick that up as another Topic in the future of Lucas is the throw that out there for you because I think that could be a
huge topic on you know just just understanding like
the implications there of what you do on a day-to-day right and in the business unit and your on so many different platforms,
focusing on whatever technology that is now from a protocol perspective I think this kind of is a good Segway we're going to focus on vxlan today so you know,
I'm going to ask a maybe it's a myth
Buster question I don't know I think for me and maybe for some people listening vxlan is store historically going to be on the Nexus devices but cannot vxlan run on multiple product multiple Hardware devices besides we excellent or an XLS.
Lukas Krattiger: [10:07] Yes absolutely so.
Vxlan virtual extensible local area network is is basically a data plane encapsulation so it's just how I use a.
If you want to an Ethernet on steroid an Ethernet which can run over IP and their various platforms which support that I mean,
working for Cisco let me take the Cisco head on a little bit so we run it in nx-os we run it in in nx-os
on the hardware platforms which is pretty much every Nexus platform which which which does it iOS XE we run it on the asrs we run it on the catalysts,
so callous Nike for example runs runs vehicle and therefore we have a donde es r 9 K so I OS X are checkmark does it to we actually have it on the asa's.
Or dftd so we have even a vxlan encapsulation there so you see it's very widespread and now we were talking specifically about.
The router switch and network operating system on top of it but if we move over to the service side we have something which is called semen.
[11:18] Cisco virtualized infrastructure management which also runs vxlan tunneling so it is a very versatile
encapsulation and I think the main reason why it's so versatile is I can do everything what I want to.
Over a simple layer 3 IP routed Network that is where actually the the reason for that Simplicity or for some of the Simplicity of the X-Men comes from I just need around an.
Zig Zsiga: [11:47] So that that we bring that all the way down for we just need a router Network and that's kind of where vxlan plays I just need a router Network so I can I can choose VX lands my option and I don't have to run like spanning tree anymore,
per se right so I know that's going to open up a discussion but I have to throw that out there right.
Lukas Krattiger: [12:05] No that's good that's good actually the the one piece which I think vxlan is really a problem solver is,
I can get rid of vxlan in layer as I can get rid of spanning tree and layer 2 networks so it's an alternative,
when I when I want to connect hosts directly to the excellent Network there is no spanning tree I don't have a need for spending tree so I can get rid of it if I want to it's I don't want to call it's an alternative as the protocols are slightly different
from from what they do one is in Ethernet trying to block Loops spanning tree the other thing is doesn't even create loops and creates a equal cost multi path Network point to point on was appointed
point to Cloud tunnels over a layer 3 Network
which implicitly has no Loops so it's it gives you the same result I just think it gives you a better result as you can use all the links
vxlan versus in spanning tree you can use one path per segment.
Zig Zsiga: [13:10] Yeah I'm a big fan of not using spanning tree so if I have multiple links I don't I don't want to have one as an active link one as a backup link but you want to use all my links right so and that's why I've always been a big fan of like layer 3 links orbit vxlan from a design perspective I'm going to run those extra links those extra cables
one gig 10-gig whatever that might be or provider links even I want to build and leverage them I want to build a lose them and consume that traffic or that bandwidth so I can get to my traffic right.
Lukas Krattiger: [13:38] Sure sure absolutely I just give you a little heads-up and that's that's the one check your empty use
vxlan introduces either 50 or 54 bytes depending on if you use an inner doc 1q or no in the dot1q so if you have a VLAN
signalized in the encapsulation or if you don't but if you can address 1550 or 1554
you're pretty good too to run that all over the top or alternative you reduce your host site empty you to something smaller that you can accommodate these 50 or.
Zig Zsiga: [14:12] So we got to check out them to use that's you heard it first everyone you heard it first Lucas said it check your M to use what about I'm going to ask this quilt jumbo frames is that a requirement to hear or is that not a requirement.
Lukas Krattiger: [14:23] It's not a requirement per se I mean going larger than 1500 meaning 50/50 or so isn't a rivet jumbo frame it's more like little Giants or how we call them in the past when we when we added the do Point Q or 2.1 cues to an Ethernet frames.
Yes you can do jumbo absolutely so you can go all the way up to 92 16 I think that's what we mostly use on the platforms these days but again keep in keep in mind 9216 is what your switch probably can do.
You go 50 back when or 54 back in order to accommodate.
But whatever needs to be from an overhead but then you're still wide enough for supporting all the hosts which most of the time only support like 9k
or 9,000 right so ethernet wise 9000 you plug in 9000 9050 would be the number which you minimal would support but in fact you have 9216 on a network side so
yeah you can go crazy with jumbo empty you in there as much.
Zig Zsiga: [15:29] I had asked the question right I actually have some customers that are using the can't do certain things but they don't have double MTU support but it's just a clarifying question for myself so.
Lukas Krattiger: [15:40] Application demands DMT you very.
Zig Zsiga: [15:42] It's application demands it right so you know the so I think there's this idea with the VX land and so maybe you can help me here on this is do we need an underlay and overlay Network and if we do what are they.
Lukas Krattiger: [15:56] The thing with this terminology of underlay and overlay.
A lot of questions around very often because you talk about vxlan you talk about it overly,
you talk about the encapsulation which runs on top and then everyone explains it what we excellent does and everyone forgets about what actually the transport Network requires to do where you run vxlan over so that that's what we call the underlay it's the
it's the network underneath the overlay or but allows you to build the topology the overlay can't even exist and I don't have
real purse a requirement to it I mean give me ip reach ability give me a ride your IP reach ability between vitebsk sweet apps are the vxlan tunnel endpoints that's the IP address where the tunnel originates from and to Tunnel will destined to.
Most often you would guess use a loopback given again we want to use equal cost multi pass networks so we want to advertise it equally across all the paths look back is an interface behind the physical interface so it becomes much more
prevalent to use something like this instead of.
Zig Zsiga: [17:06] Bgp neighbor ships right in a service product world you want to do your loo package is 0.
Lukas Krattiger: [17:10] Yeah same thing right Mew,
loopback is always a good thing I would give that as a as a height thumbs up if you do that if you're not doing that you probably will create your own little issues apart from that some vendor it might not even work.
Loopback routed Network routed loop back to loop back juicy a routing protocol
I mean I think just because of just the routing protocol discussion itself you can probably spend hours
about and I have opinions and strong opinions come from the Simplicity side I think,
and igp works super well as what we call an unduly protocol
which exchange these loopback addresses remember it's a couple of loop X your exchange it's a couple of point-to-point at best
you have so this is not a huge routing table it's very huge link State database you have and.
[18:09] You also get in the Simplicity of the igps you get link cost,
you know actually what a link a metric is automatically sometimes by the bandwidth of the link being told to you if you think of a port Channel,
so you have a four Links at 10 gig
in a port channel it's a 40 gig at that point if one gig disappears we signalized to the routing protocols hey bandwidth is reduced so From ecmp perspective we are changing these things these are all kind of things which you would like to have more wood.
[18:43] Potentially would like to have in in building an on the late there so,
my vote often goes most of the people know ospf so they run with ospf I prefer to some extend a little bit of more complicated protocols like is is.
Just for for the case I can run V4 and V6
independent of the protocol ospf there is some variation of doing address families but in its Essence is always pay for you we to ospf V3 for V4 V6 respectively,
so I said is is,
cool protocol if you if you like it if you get something else if you want to get familiar with with this works works pretty well in these areas I have to say I haven't seen eigrp.
At all.
Zig Zsiga: [19:36] There's no limitation there right.
Lukas Krattiger: [19:39] Good
could be an option I mean I really don't care it's it's more of a question of the eigrp fits your topology I think the routing protocol needs to fit
topology and leave spine for example ospf easy is is easy eigrp.
Don't know if you get some stuck in,
inactive in some scenarios so we can happen and I'm not saying it does it's just least fine will probably not be the droopy case given its hybrid nature,
I think Edie other igps are Orwell more suitable but.
I would for example never use rip to be very honest and and the similar way as I would never use a rep as an underlay is I would never use pgp as an underlay because in the essence.
Pass vector or or.
Such Pro Tour distance Vector I don't think these protocol will really fit too well.
In such leaves by networks when we introduce an overlay I want to be very specific to this then we introduce an overlay if you're just use it as a router Network and you do some crazy.
See that stair only on might fit very well but we know of customers they have equally scalable networks though SPF as well as pgp and they came in the house so your choice it's really your choice.
Zig Zsiga: [21:07] I think this is great right because I think we can summarize real quick and I think there's that misnomer that VX lands the the underlay at times I think I got some people that say be excellent is the underlay and it's not.
Lukas Krattiger: [21:19] That's it.
Zig Zsiga: [21:20] I think that's just a.
Um people have and so I mean based on what you just said I think it's easy to summarize the underlays your its IP connectivity it's fast reliable redundant IP connectivity between those V tap,
locations as loopback addresses that we're talking about,
now is there any need to for the other routes to be known I could you I mean if you had a very large environment could you filter everything else out but the loopback addresses.
Lukas Krattiger: [21:50] You need to reach ability between the loop X that's the essence of what you need for the oh ballet and we can go back in history if you use GRE,
what did you really need in order to make a GRE tunnel work in essence is the loop back to loop back which was required do you need to have the intermediate hops,
great for your troubleshooting and for topology visibility but not for the encapsulation protocol itself it's not really required at that point.
Zig Zsiga: [22:18] Yeah just curious like visit sounds very similar to like LSP is like in a label switch Network for mpls right like you don't necessarily need you just need to be able to create those labels right that that end-to-end label path those label neighbors and then also be
you pee you just need to go create the neighbors you need to IP connectivity from your neighbor addresses but you don't need to know the rest so you can literally reduce the size if you had a need to reduce the size of the table not that you have a DOI need these days to reduce the size of the tables
in the underlay.
Lukas Krattiger: [22:47] Correct I mean they're in LSP or in
label switch path you still have considerations around traffic engineering for example very Denton the protocol becomes more important from a functionality I mean we know single area
I GPS for Te cases at least in the rtcp world is is a key thing the other thing,
which which I want to give a little bit of a contrast to the VA excellent side if you let music is in vxlan the only.
Notes which are relevant for tunnel encapsulation is the V tap who originates at the V tab.
Who terminates so the source and the destination every hop in the middle doesn't have a requirement to vxlan.
Because we're not touching it it's an IP UDP encapsulation so for us it looks like IP UDP traffic at that point.
When we when we put that over too.
[23:49] Mpls you need to have as soon as it at least you have a layer 3 hop in the middle you need to have a layer switched,
router or links which path which goes end to end and that was actually one of the big problems in Ethernet networking,
or in fabric path that you notes have to be encapsulation Aver.
In vxlan the source and the destination needs to be
encapsulation of are arrest doesn't require any encapsulation of Ernest again coming back to why that protocol is actually so simple to use
protocol is actually pretty complicated when we look at it from the very detail,
there are a lot of moving parts around that but the network is super simplified.
From a transport perspective from a underlay perspective from a topology.
Zig Zsiga: [24:42] Well that's really cool so I'm are there other other reasons why or other defining characteristics that people assume that make vxlan complex but it's not really that complex.
Lukas Krattiger: [24:56] Yeah I think one one of the area's is vxlan flood and learn.
As which was the original vxlan if you want so required,
evade to distribute broadcast on a unicast and multicast traffic so what we call bung be um,
and in flood and learn there is no real
active control protocol which would tell you about that's my universe of vxlan segments or Mac addresses or anything that's flooded learn so I have to flood in order to I can learn like like an Ethernet.
Say these designs in these early days multicast was a requirement for the.
And a lot of people are not comfortable with multicast so it's a moving part where it's becomes complicated I mean it's not really it's not really complicated per se it's just,
it's the not a protocol to unicast protocol you have to.
Zig Zsiga: [25:54] I think it I think that's an assumption that people make that it's complicated I mean if you don't do it on a daily basis you kind of forget it
like you know like we do routing on a daily basis you don't really forget routing but if you don't do multicast everyday I mean
you lose that skill sets and the theory you have to read and learn it I have to relearn all the time so I think that just a done yeah.
Lukas Krattiger: [26:15] It's inverse right it's not it's not forward it's reverse so that's if you're there and understand the source of the receivers and the path
you're pretty much there I guess there's a couple of nuances in pain which which makes it more complicated like
going from Cher tree to a source tree and howdy howdy handoffs work there but remember in vxlan if you use.
[26:39] Multicast you are always in a source tree so you're already simplifies a lot of the mechanics and dawid app is your source.
And every other V tap is a receiver to you so you actually have not only one trees but everyone creates its own tree meaning every V tab is
the own source of its own tree and every other V tap joints that same tree so you can make.
Make it complicated if you want to and use Asm.
Any Source multicast or very often called a sparse mode or you can go over and use by dear.
Which basically means you just need a routing vector and everything becomes much simpler you just go into star G group.
Bindings instead of sort of group bindings as with sparse and you have things much more simplified are again I'm going back to the leaf spy Network think of it.
[27:34] My spine is most likely my Rendezvous point so do I want my Rendezvous point to distribute State information or help me too
to distribute State information as it is in sparse mode or if I use pie dear
it becomes my routing vector and as anyway all my traffic goes to the spine and he's my writing Vector it already does the job more implicitly so do I need to keep all the Eskimo jeez
four
Pim sparse or can I go to the star G's as with by deer and and have it simpler and that point so you can make things even with complicated.
Simpler by using the right protocol of.
Zig Zsiga: [28:13] So I think he said something there and I want to I want to bring it up and harp on it right you jump right into multicast right so no no that's cool,
I mean I'm all with you I just I just want to make sure I make this point for everyone else is listening to this because.
You have to understand the theories of the protocols like it's you have to understand the pros and cons so when we're talking about star comedies and and the opposite of what we were just talking about right the.
All the different mechanisms under the hood there's pros and cons to losing like around you point are using biter like you have to weigh those pros and cons and compare them and contrast them so what Lucas just said one option would be.
Complex and not efficient not effective it would work but it be complex not efficient effective and then if you did by der that option would actually be.
Less complex and more effective more efficient right so you have to compare an overlay the different Technologies together that's all the design is right that's all design is so.
Lukas Krattiger: [29:16] It is knowing,
knowing the protocols it is Essence for what you want to use it for your topology I mean let's be honest by the here not very well known like like is I is for example,
but there's some things in these protocols and why they were built.
And and writing our data so there is a reason for everything that has been done so it's good to understand the protocols
maybe you don't need to have every little detail of these protocols but it's good to understand them from a from what they try to solve.
And then your choice of building your transport Network your underlay with the right protocol for your topology meeting your requirements will make your life easier subsequent.
Down the road.
Zig Zsiga: [30:04] Percent understand why the protocol exists what it solves what it's there for like that I wish someone had told me that like my first two years in this industry like because you know
back when I started out I was all about like I like the ones and zeros I like routing I'm going to do eigrp only eigrp right that this was years and years ago but there's a reason
the all the stuff exists and so if we can just pull that back and understand.
Spanning tree is here for a reason I hate it but it's there for a reason what's the reason right and then if you can't mitigate that reason then it's a perfect.
Tool to mitigate to address that reason from a design perspective on that note.
I know we talked about some of the other protocols we talked about spanning tree you mentioned fabric Pratt path so I'm going to ask like are there any other protocols that can be kind of be chosen or used to be chosen over vxlan.
Lukas Krattiger: [30:56] Oh they're probably tons of it we had some iteration of mpls in the data center.
Didn't really make it I have a strong opinion there to lie it didn't make it and I think that will not change any time soon if you use npls or mpls like the rivets
I mean the Viet fabric path I said is that Mac and Mac encapsulation at the ethernet layer basically adding some header function there.
An alternative to it or the standard to it was trill.
[31:32] I think we close the drill working group like two years ago I think in the ietf so it's kind of finished if you want so but I haven't seen much in the industry as well spb.
Shortest path bridging was another one when we go there but then there were other protocols next to to vxlan some of them came around the same time same others came a little bit later so Envy GRE was one,
iteration of it which comes from the GRE world but with the layer 2 capability was a contender to to be excellent at that time is not much widely deployed these days I would say
I cannot say I died I mean pops up from some in some areas but it's not really widely present
then a little bit later we had gpe.
Or if you want to call it vxlan on vxlan 2.0 GPA is generic protocol encapsulation it's it looks at vxlan but allows you to have option headers being present there so.
Took some of the vxlan is a layer to Overlay.
Protocols you always have an in a Mac header to you can choose what the inner header is it Mac is it IP or even add some service stitching.
[32:52] SOB's function chaining functioning in GP but did invent white in the industry and similarly there was there was another protocol which was called gue
which is basically just a,
mirroring to 2GB itself and more more recently there is that whole notion around Geneva.
[33:14] Which is out there which is again trying to solve similar approaches as gpe or gue does to add
more option header in the data plane encapsulation to have more intent more notion of what you actually want to do with the encapsulation covered entity,
these were some of these and the more recently we see some mpls or or IPv6 approaches coming up segment routing is one segment writing V6 or
tomato puree successor is another one they're all of these different variations if you want self protocols,
what is he using list but right in the campus for example SDA be using lisp in SD then we using o MP.
[33:58] Which is kind of another overlay protocol dare even as a blending now a little bit things together
from the X land as a pure data plane encapsulation to some of these other terms I used which,
often have a combination of data plane and control plane.
Together I mean list for example is data plane and control plane in its original Essence today in sta for example we use vxlan with lisp OMP
is more of a overly management protocol it's not really the encapsulation itself we use some encryption there as well to get these coins and I have to be careful to stay
accurate when you asking me these questions otherwise I'll getting it in in a bad.
Zig Zsiga: [34:46] Because you wouldn't I mean and just so everyone knows that Leslie like like none of this was scripted like we didn't list all these things out Lucas just went off and he listed everything that he could think of and he's got a ton of those things in his head so that's awesome that's great stuff.
Lukas Krattiger: [34:59] I think I forgot oh TV I did.
Zig Zsiga: [35:00] You did forget what TV do you co TV a lot these days though I haven't seen no TV in a few years I'll be honest.
Lukas Krattiger: [35:12] Original intention of what the encapsulation is we all see a lot because it's basically how vxlan looks like,
when you look at the header format oh TV header format which was a UDP encapsulation looks pretty much the same as the vxlan headers so in from that sense yes we co TV alone.
Zig Zsiga: [35:29] Vxlan let's see what you did.
Lukas Krattiger: [35:31] Yes exactly so that thank you Dino for that one if you want some in lisp similar thing from that side but.
We do still see it we do a slide transition from oh TV to be excellent evpn actually
from from a data center in to connect perspective simple reason is no TV we had is I as a control plane for Mac reach ability so we did layer to only.
Then we moved to be excellent evpn we do layer 2 but also we do layer 3,
so we enhanced our Outreach ability to the data center interconnect which makes it for some users simple some customs simple to have one protocol which character,
average carries the notion of a bridging information and routing information versus having one protocol for bridging and a different one.
Zig Zsiga: [36:25] Let's go to keep it all together right that for me why we get y have multiple protocols if you don't need them it's where I'm at to so.
Lukas Krattiger: [36:33] Yeah I mean we could have added it to OTV an IP address function I mean is is again it's a neutral protocol there we could have had the nice is IP address family if you want so and then we would have been done a similar way
but in the industry move towards a more bgp friendly approach
when we look at the vxlan control plane and that's where evpn meant to ethernet VPN.
Zig Zsiga: [37:00] I think I think we've made it a little simple I think we've talked about all the ways to make vxlan symbol I think it's time to maybe discuss some scalability options from like design perspectives so maybe just just some basic stuff right.
What about V tap termination right we talked about V tabs we talked about kind of you know the whole point is to get the IP connectivity from VTech to V tap,
so any specific kind of scalability concerns we're talking about termination options for vitebsk.
Lukas Krattiger: [37:30] Sure a lot of them and a lot of them got get forgotten over over the years so the V tip itself.
It is one object in the network and you can have.
Envy tabs meaning normally every switch is a v tab at that point.
[37:53] Can a switch have multiple V Taps theoretically yes what is the use case of value for it,
let's discuss that separate so we'll stick to one VTech purse which each V tab,
can assign what we call Via nice vxlan network interfaces are necessarily vxlan Network identifiers which is basically.
[38:14] VLAN which is wider so we go from four case to 60 million identifiers and
please bear with the answering identifiers I'm not saying you can do 60 million bricks domains on a single switch that would probably completely go crazy there but,
you attach multiple Vienna eyes to a v Tab and if you have consistency across the network.
Meeting another V tab has the same DNA as a you that's when communication starts and that communication starts by creating a,
tunnel adjacency it's dynamically discovered so you don't have to say my neighbor retep IP addresses X we discovered that automatically over
D in flooded learned the pump protocols or evpn based on the EBP and control plane meaning bgp at that point now.
As it is a full mesh kind of networks memory meaning every V tab,
with the same vni connects to every other we tap with the same DNA that's that's basically a n Square minus one problem you're creating scalability is something which needs to be looked at.
[39:26] What is the amount of V tabs I can have as neighbor.
[39:33] That's one entity and then how many feet apps do I want to have as direct neighbor so the can and the want I can.
Meaning our Hardware platforms specifically Nexus 9000 we have think the hardware supports somewhere larger than 8,000 tunnel Neighbors,
that means
tent 8000 8000 tunnel neighbors multiplied by 4000 vlans which is normally the amount of villain to Vienna mapping you can do it a switch so do your math on how many
theoretical technology agencies you actually creating at that point and if you really want to have that it's not 8000 and that's the maximum I can do
meeting 4,000 veal and a dozen you get the math there it becomes very very complicated on how the multiplication ends up at a point but it's how,
large you want to go it's not really how large you can go so today.
From the hardware not really restricted on the software there in the areas between 256 or 512 it depends a little bit on how you design actually your networks but I can have 512.
Neighbors and do 4,000 layer two segments to these 512 Neighbors.
[40:57] So that's basically the exactly I mean look at the stacking,
the full mesh Network and then you stick that full mesh Network like 4000 times this is like.
Nothing which was here in Ethernet and I often ask our partners our customers on how large was you largest ethernet networks was it Beyond 16 Bridges,
as I know we keep it small because of spanning trees okay so you have 16 Bridges.
You took 4,000 vlans 4016 Bridges why suddenly is it okay to do 256 or 512 oh
thousand Bridges with 4,000 villains so it has nothing to do with Mi more scalable really yes of course I am because the protocol gives me more
numbers identifiers and so on in its availability but should I really go that way again we go back to the to the make a complicated versus make it simple go scale big
I often say if you scale big and flat you fall flat I think we can scale very well our software is pretty
sturdy on that side I'm not very concerned on this but operationally I have my concerns thinking of broadcast storms which can happen in such networks and de spread such broadcaster.
Storms can have just simply by the scalability of the protocol itself.
Zig Zsiga: [42:27] Yeah I mean that's scales crazy right that's a that's an insane scales and that that's what it can.
Lukas Krattiger: [42:33] But it's not enough right it's not enough we still need more we still need more it's not enough.
Zig Zsiga: [42:37] I feel like we're talking about IPv6 now we're like every every ipv4 address has its own IPv6 / 64 range right like that's that's we have the scalability now like the hardware and even
software has a scalability the question comes down to what's your need right what's what do you want why do you need it and I would always bring that back to the requirements what are you trying to solve from a design perspective right and I and truly identify that.
Because you may not need 512 neighbors or I think that's what you said right making sure I'm accurate you do.
Don't need 512 Neighbors in a full mesh configuration I don't know do you have any real world use cases customer use cases without naming them of course where they're actually using 512 neighbors is that something that's real in production today.
Lukas Krattiger: [43:27] Well they're they're they're absolutely customers which have deployments all the way up to 512 e-tabs it does absolutely exists and to to make it worse
I mean verse from from Justice scale number perspective they're using actually vxlan not just for doing.
Encapsulation of a single VLAN but there actually is doing something we call q8v and I so q and Q very well-known process so we do Q in Vienna so you have 4,000 vlans in one Vienna.
[43:58] So think of the scalability you actually could achieve we also have sudo wires where you can literally punt,
everything into the switch port and it will cover the other side so if you really want to go crazy when I go and do an mpls over vxlan or something like that I mean.
It happens and their use cases they use cases for that.
And customer leveraging these use cases and they're looking at us on giving them advice on how far they should go where they should stop we just don't try we don't try to do an artificial number.
Of course there are scale numbers which we adhere to just simply from a testing perspective but.
Very often we stopped the earlier in the scalability discussion instead the 512 to be to be very honest and I think today to 256 is a more.
Baili use numbers versus if you go year or two back it was actually 64.
[45:04] Yeah it's a huge difference but it doesn't come from.
The fact that vxlan changed it came that our Hardware e-cig changes so when we go back 6.4 terabit.
Was what the chips had like probably two years ago three years ago so 6.4 terabits is 64 ports of hundred gig.
So if you want to go with a fixed spine you have 64 quarts so the horizontal scale of a leaf set is 64 leaves just very simple math now these days we are 25.6 tea.
Which gives you 256 ports so the horizontal scale,
the the whiteness of your leaves can go all the way to 256 on a fixed form factor switch to Rack units or something similar like that so we we start thinking on,
again designs become super super critical the we start thinking on what is the right platform for the right function.
For the right size of networks so you built that tear that leaf spine tear,
in the most simplest way with the least amount of object which can break.
[46:22] So you don't try to make it bigger than it needs to be you make it as big as you can handle and you're not trying to introduce artificial complexity.
You want to keep it simple and you want to fail fast.
You don't might have brownouts if something breaks I want to fail it I want to get rid of it so that's where this whole notion of our peer cloud provider or Cloud Titans come from and say they building in a very
cookie cutter kind of approach in 10 expanding in a hierarchical fashion so not go flat.
And white built it layer by layer by layer to fit your requirement of scale where you need to go.
Zig Zsiga: [47:07] That's awesome but that's
awesome so um okay you know I keep thinking that we keep going back to a 6 and a lot of the conversations I've been having it always come back to the A6 and what the Asic can support and all the upgrades that we do and I'm just amazed like over the years I mean if you go back 10 years ago right the A6 just didn't have the capability that they have now it's truly amazing to me and I can only imagine what's going to happen in 20 years from now like I mean here like you said we're
we're doing so much more bandwidth than we were a year ago and could you just imagine 20 years from now I mean I don't even know what's going to happen right.
Lukas Krattiger: [47:42] I can't I I don't know the.
Zig Zsiga: [47:44] We know when those numbers.
Lukas Krattiger: [47:45] Maybe somebody comes up,
yes we are at 400 cake 400 cake is emerging I think we see the first customers looking at Data Center deployments,
at 400 geek we see service providers spending 400 gig across there,
their long-distance links but it's not yet dare in the data center in the very traditional sense at least one is still hunger geek I think it's mostly cop cost and Optics which which play a big factor into that.
But give it a chip pass now they more bandwidth I have more ports I can build at this same
bandwidth per link meaning 200 geek much more efficient and cost-effective effective in such platforms and I don't have to go to four hundred cakes let me just call out 408 platforms these days but very often it's still be.
Zig Zsiga: [48:37] Nonchalant right yeah I'm going to use it for her gig platform I need that right and most people don't actually need that but but soon but soon right everyone the whole world will be four hundred gigs.
Lukas Krattiger: [48:48] Yeah yep we will see will see 800 gig is next I guess.
Zig Zsiga: [48:52] Terabyte man like this is it's gonna get to a terabyte screw screw gigs it's going to be all right I got a terribly up link to my switch you know I have so much data coming down to Mike.
Lukas Krattiger: [49:02] Soon soon yep
yeah but I said the most important from a scalability is really how you build out your data center topology,
if you know your racks you want to go your bandwidth requirement your oversubscription Factor then you start building out your pots,
be called part basically the leaf spine function is 2 layers this collapsed class
that's what we call it pot so it's always the leaf and Spine and when you want to go beyond that part you take some technology to interconnect these parts
to to get that seamless vxlan end-to-end feeling and we made a lot of work in these areas.
[49:48] But I said it's it really starts on choosing.
The right platforms for the right function for the right topology the right protocol and then you just build.
One layer after the next and you scale it out it's a bit pot one I build pot to about part 3A interconnect these parts with what we call from a technology it's called multi side and you have.
Each part of 256 multiplied by I think today we're at 25 or something like this so do we math on what your vitebsk ale can go but and that's one of the important things which I want to relate to which we had previously discussion.
I don't have a full mesh anymore as I'm isolating the full mesh with in a pot.
An interconnect the next layer with each other so reducing the fan out which is necessary and with this simplifying disc the troubleshooting and optimizing the scalability sorry I jumped a little.
Zig Zsiga: [50:49] No you're fine that's great so I'm going to ask some pointed questions right so you talk about single-site multi-site real quick right.
So those pods right you're defending those pods and you're limiting the scalability to that pot you're not you're not creating that V tap full mesh outside of that pod building block if you will right it's like a pod building block.
It's still a vxlan network or is it not a longer like between the different pods is still running vxlan.
Lukas Krattiger: [51:17] Yeah we actually still running vxlan so what we do is we do vehicle and tunnel stitching so we take.
Based on the routing protocol we know Vernon points is and based on,
we know where it sits we know what the next stop is so weary originating the next stop at,
the border so let's say Leaf spine spine access my border so I know,
I have to send it to the Border because it's outside of my pot or outside of my fabric if you want sir and from that point I know okay
it's not local to me I need to send it to somebody else who's responsible so I send it to a neighbor Gateway be called a border Gateway is by the way so we send it to a navigate way because the next stop defines that I have to send it to that neighbor Gateway he takes it
looks at it as a lookup say oh actually that hosts it somewhere at the leaf let me send it to the leaf so we do the simple hop by hop by hop Behavior,
from a bgp perspective and v-stitch to Tunnel there ever to Next Top Acts or where the next stops it's so we have e X9 tunnel from Leaf to what we call border Gateway and then for Border gateway to border Gateway
and again for the gateway to leave and it's almost always.
Closest to the source closest to the destination so we're trying to not do some some crazy hair painting or anything like that we're just following what the routing protocols tells us.
Zig Zsiga: [52:43] Yes was effective it's efficient and it's also scalable in your head that that construct that pod contract that you can roll out moving forward and you probably have some sort of upper bound with the higher level element to that if okay you hit your number of PODS you can,
have connected maybe you scale that out to it's just a matter of time.
Lukas Krattiger: [53:02] I can theoretically build a hierarchy of the hierarchy of the hierarchy if I really.
Zig Zsiga: [53:07] Yeah I got you up track it.
Lukas Krattiger: [53:08] Again it's designed right it's literally coming off this first Leaf tear your spine tear to your border tear and then the interconnect between these borders and how you want to do.
It's all starts at the.
Zig Zsiga: [53:23] So what about like super spines is that a thing is that is that a thing.
Lukas Krattiger: [53:28] Yeah,
sure super spine absolutely everything there there's various confusion around what a super spine is different people have a different meaning behind that but
in the traditional essence of what it means it's an IP router or a switch which just IP routing similar as a spine but it is not.
The first tier after the leaf leaf spine after that there is a super spine so if you need to build,
to leave spine pots and you say hey there there only 64 but I want to go 25th 256 wide I can interconnect the spine layers with a super spy,
so that's that's the traditional terminology very weird came from but in the meantime people using super spy and as a board to note
setting I terminate VX LED there and just do IP routing afterwards so that it's a little bit confusing.
A little bit confusing these days on that everyone understands the same thing but super for superimposed on top of the spine.
Linda super super spine is super super imposed or superimposed on the super spine so just just think of the terminology of error de super comes from.
Zig Zsiga: [54:47] I feel like we're talking about supers like we have superpowers now you know.
Lukas Krattiger: [54:51] Of course we are all Superman.
Zig Zsiga: [54:53] Yes.
I was just like you know the Super's family you know like I don't know I'm a young kid Incredibles is what I'm thinking in my head The Incredibles movie so that's.
Lukas Krattiger: [55:03] Oh yeah that's pretty cool.
Zig Zsiga: [55:04] So I you know on the scalability I have one question left on scalability and we can move into making it
uncomplicated the last kind of area that we want to talk about so what about like mac flooding because you know when we talk about Mac flooding and some other protocols it's it can get complicated and it can actually be really difficult to scale so
how is it handled at a high level in how is how do we ensure it scalable.
Lukas Krattiger: [55:29] Sure sure the the flooding always happens based on the bum.
So what whatever floats come into the tunnel.
We'll go to Every V tap which is part of the same layer two segments meaning the layer the same layer to V and I have the same VLAN if you want so the vxlan veal and vxlan extended VLAN.
Zig Zsiga: [55:52] So so sorry I'm going to ask akka thought clarifying thought for myself so that means if you have those 512 the tap neighbors all running the same via die there we go all that flooding information all of them okay.
Lukas Krattiger: [56:06] Yeah you will view flot that single let's say it's an ARP broadcast that's sometimes it's very simple to use art because everyone knows or heard of our it's a broadcast it
it is basically a Mac flood at that point right so I'll I'll send out an ARP if I have 512 e-tabs I have to replicate,
that to every V tab which hosts that same segment that same layer 2 segment because I could have a host in that same,
submit which is behind us I have to replicated now there are two ways on how I can replicate that traffic multicast we discussed prior stats network based replication so I send one copy out of the VTA
to the network and let the network do the replication one packet per link or we use what he calls Ingress replication or head and replication then,
the VTech who receives that our packet meaning the Ingress note the first node which does the encapsulation has to multiply it for every neighbor he needs to send
so I think of it it needs to replicate the packet 512 so on your link you're not only having one packet going out you have 512 packets going out.
It's hardware-accelerated so I don't really.
Zig Zsiga: [57:17] Huge packets right how big are the packets.
Lukas Krattiger: [57:19] Keep the pad with keep the bandwidth in mind just there but you didn't ask really on
how efficient or inefficient is but you were asking about the problems around it how it can actually go and mitigate some of these issues which my head lighting's General so the first thing is scope your via nice to where you actually need it.
[57:42] Don't go everything everywhere.
Scope it sculpt your network I think that's best practice back in the dark one cube world we said Villanova out lists today it's basically just,
only sent to delete apps where you really need reduces the impact of all of this flooding.
The second thing is you can always use a storm control on the access ports easy way to do it.
You only send a certain rate out instead of everything,
that might impact your application so be very very careful on what the rate is your setting and what the action is there but that's
that's a point which you can look at the third one again I'm going slightly back to the hierarchical scaling meaning building multiple pots and interconnecting them if I were flooding in a 64 byte pod.
I sent only one copy to the Border note.
Right it's 1V tap that border note is one we tap that border Gateway and from that border Gateway has sent one copy to each neighboring border Gateway.
[58:51] So I don't need to send it for all the other leaves which are in the other fabric I just can reduce it to one
copy between these two ports between these two will fabric so I do again a hierarchical scaling of I receive one copy I'll send one copy forward and I do the fan out subsequently there and if I do this,
I'm not.
Only reducing the amount of copies I create either multicast or Ingress replication but I can also rate limit at the Gateway note so we're a stitch I can say.
The geek of broadcast I don't want to send to my remote networks there must be an issue and have a gig of broadcast let me limit it down,
10 Mac and it just.
Isolates failure as well as a result of it so Mac flooding is again a design discussion how you build your network how you fan out your via nice to wherever you need them
and then how to hierarchically stitch things together and create enforcement points to avoid.
Zig Zsiga: [59:57] That's great I love it it good you always bring it back to the design right
so I think that's critical you know this is a design podcast so it's fitting right that's not who would have thought who would have thunk it right so.
So what about management right we talked about all this and I don't know if everyone's going on the command line and doing all this work manually every day or if there's some sort of management component how do we how do we people how to people,
complete their own em tasks are operations management tasks everyday.
Lukas Krattiger: [1:00:29] Sure their customers which were very adamant on the CLI.
Feel free you can build your Python scripts on top of our nx-os shell and reduce the amount of input you give for the result you want.
We have that option there V support and zabel.
[1:00:48] We're going to support terraformed So build your own playbooks if you want from the past,
we had puppet and Chef salt juicer stack you actually want that is there we have very extensive apis we do net conf.
Most of it native models we have open config we actually are in the midst of
expanding vxlan evpn model in open conflict give it there were a lot of things missing there so
thank you to the whole Community working on open config that's amazing and then last but not least we are doing a lot with our data center network manager.
A DC and em it's being revamped when we started going into DC and I'm version 11 we added a function which we call fabric Builder.
And out of fabric Builder you can build exactly what I explained UD scalable multi-layer networks but with a couple of clicks so it's very efficient very fast forward and a lot of platform knowledge in there
given
it's our operating system and xos it's our switch so we can build the best practices and the most simplified ways and scalable ways into the controller itself which we did with data center network manager Lon.
Zig Zsiga: [1:02:05] So flipping over to some additional things right we talked about a lot of best practices already so any other best practice recommendations or suggestions you might have Lucas.
Lukas Krattiger: [1:02:18] Don't go and configure anything before you mapped out what you really want to do very often people forget that.
[1:02:28] It is a switch or a router
you want to set an IP on top of it you want to set a protocol on top of it and then later you figure out oh oh I want to do point-to-point subnet with / 30 in / instead of / 30 ones what I want to use IP unnumbered or I want to use
IPv6 there's this common used RFC 5549 for doing before addressing over V6
how many Loop X do I need and for what so have your IP addressing plans done your,
link plans Don before you even touch the first switch have it have it
painted out in however you like it I think that that is one and when you do this you will see very very fast,
they're your scalability goes from a topology perspective think of it you create an aggregate.
For all of their point two points if we take a slice 30/31 it means you have a different amount of links you actually can address and when you do that addressing do you want to incorporate.
To what spine that link goes in the IP addressing so think of simple 10111 goes to spine one.
Ten to one one goes to spine to if you do a traceroute in your underlay you immediately see.
[1:03:51] Which spine your traffic is actually hitting and these kind of areas make make your life easier Loop backs I can tell you need at least two Loop X.
[1:04:02] One for the data plane the VTEC the encapsulation one foot control plane bgp peering for the overlay router ID whatever you want to call it so protocol look back,
Hardware data plane Lubeck if you want so do I must use to know should I use C,
should I use take to yes you should two completely different functions what if you have at a point.
You want to bring down your next hop address for the encapsulation.
[1:04:35] But you want to keep your bgb session up and running remember today when you use pgp it's not anymore the neighbor which defines if you have reach ability and if the protocol has been used it's the next hop reach ability which is there
recursive next hop resolution that's the key in there so you can bring down your loop back for you read tab,
it will invalidate all the routes going to that Vita without.
Shutting down your bgp neighbor session so think think of these things and sorry for digressing a little bit but it comes back to the design right is.
Is there a function where you want to.
Shut down the loopback for the data plane versus the control plane should keep their do you want to you have any operational tasks where you want to avoid traffic coming to you
we do that we have something called gir graceful intention and removal or maintenance mode in easier terms.
It doesn't bring down the B2B session it brings down your encapsulation capability or decapsulation capability and and routes the traffic around but heebie-jeebie session stays up I don't need to learn.
[1:05:43] Everything again I can keep it I just have to invalidate the routes which don't have a next time again sorry for the dressing A little bit but these These are these basic design things out of band worth versus in band management,
it's another of a design question you have to make your mind up what you want or you do you provisioning over controller so the second thing you should make your mind up early because whatever you do ends up literally.
In how it is on your.
Zig Zsiga: [1:06:12] No so I'm going to just add a couple things because I was didn't want to cut you off you were on it and on a roll and it was great but it was great so.
Lukas Krattiger: [1:06:20] Sorry.
Zig Zsiga: [1:06:21] It's the first thing that you mentioned was you know don't don't touch the switch until you have a plan well that's just design right you can't you got a plan you gotta you gotta have a I call it plan to plan like dedicate the time and plan things out and effectively designed and understand it
everything is a design decision there's pros and cons to everything you're doing.
Lukas Krattiger: [1:06:41] I could show you the amount of paper which is in my desk just for doodling designs or is it is it some tablet or some other vade divide board is your best friend to.
Zig Zsiga: [1:06:53] And I did you have to understand what you're doing you don't understand the implications though like like if you have that like your example with one loopback right you could do it with one loop back but what's the
locations there and I would call it a design term called shared feet you're going to if you you Lou if you use that same blue pack for your control plane and your forwarding plane.
Well now you have no ability to reduce the outage there if you bring that loopback address down you affect both your control plane and your data plane I mean that's just.
Lukas Krattiger: [1:07:23] And if you do in band management over the loop X you cut your off during during the 2 a.m. in the morning troubleshooting cases I'm a bet with your dad.
Zig Zsiga: [1:07:31] And you're wondering in your head like shoot how did I not get into this what happened here and they like oh man I messed up.
Lukas Krattiger: [1:07:37] Let's drive to the office right or drive to the data center.
Zig Zsiga: [1:07:40] Okay but this is the that was definitely all good stuff.
We already talked about this I think can vxlan be used outside of the traditional data centers designed and you did say yes at the beginning is it something that you're seeing a lot in the campus side of things now outside of maybe SDA I mean SD a does it,
right already but Manuel I'm thinking more manual with that question.
Lukas Krattiger: [1:08:02] Sure I think the question is slightly wrong.
Sorry to say that but I think the campus moves to a fabric like approach.
And as such you will see overlays being introduced here what is the right over lie for you for your use case that's what you need to determine
evpn has the capability on iOS XE it's there
it has all the good stuff of layer to stretch of layer 3 routing of we are F's use pgp control plane for the overlay evpn address family it's all there,
but you have to look on,
do you need layer to mobility in a campus Network in the traditional sense where your laptop or your PC is plugged into an ethernet port there is no Mobility so is that really a criteria they're now going to
violists or Wi-Fi there is a completely different Mobility required.
So we'll or can EVP and accommodate that or is violence an overlay on top of the overlay.
Zig Zsiga: [1:09:10] Now we're nesting now are nesting overlays on top of overlays.
Lukas Krattiger: [1:09:12] Hey well I here we go look me saying
EVP and it's the right thing for the campus would would basically say I would have a technology religion on one very specific thing the use case and your designs Drive what you really
neat in the respective networks we have customers using evpn in the van,
is it running on a Nexus know is it running on an ASR yes is it running with vxlan know is it running with mpls yes so again there's so many variations happening on Control Data plane,
platforms location end-to-end flat we know what it means it's it's not always the best.
Build hierarchical structures and such other articles instructions might introduce that.
[1:10:05] And I'm just taking the example for sta right now I wanna have SDA in the campus but I want to have vxlan evpn and data center or a CI in the data center why.
These are two domains different requirements and I can interconnect them very simple at layer 3 because I don't need a lawyer to between campus and data-centric in the traditional sense right and very often there is a man in the middle so do you really want to have evpn from the,
Texas which in my campus to my van in the middle to my data center.
And again you said Mac flooding I think that was your topic right do you really want to have that flooding potentially going all-in to end,
no you want to create your domain boundaries you want to have,
control points what we normally call The Border notes of fabric and juice juice the right technology for the right design for The Right Use case that that's what I would like to give us an answer to that amount very long.
Zig Zsiga: [1:11:03] That's great that's,
last question you know we talked a lot about vxlan are that's the whole point of the show today so you know for those that are listening and they want to get started you know they're excited because we've been talking about it all the nerd knobs and the zeros and ones and all the pros and cons what would you recommend for them to be able to get started right now today do you know play with vxlan learn it
toy around toy around with it.
Lukas Krattiger: [1:11:27] Hmm well tell you around we have a Nexus 9000 virtual go and get it put it in your lap play around with the convicts have fun with it go in the lab definitely.
Zig Zsiga: [1:11:37] Not in production that's the key don't do it in production.
Lukas Krattiger: [1:11:44] It's learning and experience which which makes you proficient rate it's it's never comes from nowhere so read a book I mean we we wrote a book on it a couple of years back its
mostly vxlan evpn on an xos focused and we'll try to get some books over to you so you had them
hand them out logistic is the bigger thing than writing the book actually will make sure that we get that going there is
related to that book we did a little bit earlier Cisco press video series so you can go to Cisco press and look at the EVP at video series there think it's like eight hours of talking about a lot of things and and.
More technical constructs not too much designs that.
Zig Zsiga: [1:12:31] More in the weeds.
Lukas Krattiger: [1:12:32] But these are the good areas to start with yeah it's all about tweets right it's all about getting into the details and learn.
Zig Zsiga: [1:12:37] So I'll make sure that we make sure we have the links to the.
Video course you mentioned said eight hours there's a video course right make sure I heard that right yeah I'll make sure we have a link to that in the show notes and then your book that you mentioned is that your book right it's not someone else's book it's your book.
Lukas Krattiger: [1:12:57] My book I mean it's with my dear co-authors David Jensen working very close with me
and then some company in the engineering side works very close with me so we co-authored it's us three together so it's not my book it's our.
Zig Zsiga: [1:13:13] Man our I mean yours.
Lukas Krattiger: [1:13:15] The Royal we.
Zig Zsiga: [1:13:16] Is a group sorry I didn't mean it specifically just you but I wanted to make sure that under everyone has said it was the.
Lukas Krattiger: [1:13:21] You're perfectly fine yes.
Zig Zsiga: [1:13:22] A trait that that was my key there and I want you mentioned that you'd handsome out for free is that what I heard.
Lukas Krattiger: [1:13:30] Well I have a couple of them lying around somewhere and I'll try to get some of them over to you and then
let's let's raffle it out or something like that and get them to do the folks out there listening.
Zig Zsiga: [1:13:47] Do giveaways just so you know we do a monthly giveaway and we could totally do this for as a giveaway to if you wants up to you no pressure no pressure,
and we could make it so that you could keep them at your house if you want not send it to me and then whoever wins the giveaway you could just send them directly to them.
Lukas Krattiger: [1:14:05] Sure absolutely we can do that.
Zig Zsiga: [1:14:06] Follow you on Twitter to and Linkedin whatever you want.
Lukas Krattiger: [1:14:09] I'm sure if anyone wants Twitter LinkedIn juice out don't try Facebook just as I probably haven't looked in for the last week or so.
Zig Zsiga: [1:14:19] Off the my wife always tagged me I'm like oh man I gotta go on Facebook now.
Lukas Krattiger: [1:14:24] Yeah the buzzer is happening than right.
Zig Zsiga: [1:14:26] Hey Lucas this has been great buddy I appreciate it any last minute comments concerns questions thoughts opinions you want to share with everyone.
Lukas Krattiger: [1:14:36] Yeah I think what one thing to to say and now it becomes a long sentencing and are first is don't stop at the data plane encapsulation
look at what the control plane solves for you so yes vxlan is cool but majority of the problem is solved when you add evpn to it.
And,
that is that is one thing I would put in everyone's heart to consider that and caps are great it's fancy terms of sniffing them but the control planes making your life easier there,
and next to that there is.
Actually created stickers on that I probably have to create some more of them which says don't build snowflakes they tend to melt.
Zig Zsiga: [1:15:23] That that's cool.
Lukas Krattiger: [1:15:26] We all over the network meltdown so I guess everyone figures out that building very individual things just takes much longer to get it resolved and not building snowflakes will make you sleep.
Zig Zsiga: [1:15:38] Yeah that's great where can people find you on the interwebs like if they want to keep the conversation going they want to reach out to you as some vxlan questions where can they find you on the interwebs today.
Lukas Krattiger: [1:15:50] Sure I'm on Twitter it's probably the easiest one to figure it out I use my very proud ccie there as a handle so it says ccie 21 921.
That's probably the easiest one you can find me or on LinkedIn Lukas krattiger you can find me there.
Zig Zsiga: [1:16:10] Well I will have Alva in the show notes so make it real easy you don't have to memorize Lucas's ccie number unless you already did which is cool so but you could just.
Lukas Krattiger: [1:16:19] It's a super simple number right 21 921 let me.
Zig Zsiga: [1:16:22] You know you and I remember eyes are CCI numbers I don't know what other people do I don't know if you remember ours.
Lukas Krattiger: [1:16:26] Well I had to read it right now so that's.
Zig Zsiga: [1:16:29] The truth comes out Lucas Lucas I appreciate it buddy it's been great thank you so much for doing this with me I hope you have a great day and hopefully I'll get you back on your soon.
Lukas Krattiger: [1:16:41] Absolutely anytime thanks a lot for having me and wonderful day together.
Zig Zsiga: [1:16:46] Hey friends nerds geeks and ziglets that's going to close out today's episode of the zigbits network design podcast where we talked about the ins and the outs of vxlan today's show notes will be at zigbits dot text / 91.
I have opened up the doors to my network design course and it's called a designing Network architectures and ensuring business success hey if you're interested to hear more about my course or you're ready to enroll right now,
do the zigbits that tag / DNA if you want to have live Network design conversations or right now
join the zigbits Discord Community you are missing out if you're not in there there are a ton of Highly skilled experts not just design experts I'm talking experts in a whole bunch of other things and they're ready they're there to help you.
All of your network design questions,
simply go to zigbits dot tax last Discord to join and once again just to be clear it's a 100% free community of course donations are always welcome but they're never required.
[1:17:49] If you like today's episode let us know you can find more zigbits network engineering Network design and network architecture content including technical podcast like this one monthly webinars
YouTube videos and I dedicated community on Discord all of this content I just mentioned is free content.
Hey find all of this and much more at zigbits. Tech follow us on Twitter at zigbits and find us on LinkedIn.
[1:18:16] One last thing you can sign up for our free Weekly Newsletter the network design digest filled with the best that I mean the best network design content in network engineering.
Today it's at zigbits tactics last newsletter as always I appreciate you and I thank you for listening.
Don't forget to attack your goals attack the day attack your life and make progress my friends until next time.
Bye for now.
Join The Zigbits Newsletter
Enter your name and email address and I'll send you periodic updates and advice that will help you in your career and life.
Come hangout with Zig and the rest of the Zigbits community in our Discord Server.
Check out our current Zigbits giveaway here. Free is my favorite color! I love free stuff and I hope you do as well!
If you want Zigbits themed merchandise you can check out our store to see Zigbits branded t-shirts, hoodies, mugs, and stickers! Check out the Zigbits store here.
More Content for you to enjoy!
Do you need a CCIE to get the CCDE?
Do you need a CCIE, spending all of the time and resources in that process ...
Get Your License To Design with the CCDE – ZNDP 094
Show Notes Coming Soon. Show Notes Coming Soon. Come hangout with Zig and the rest of the ...
Global Scale Network Design with Malcolm Booden – ZNDP 092
Today we are talking about Network Design but at the Global Scale! What do you ...
How to Make VXLAN Network Designs Simple, Scalable, and Uncomplicated with Lukas Krattiger – ZNDP 091
This is a 100% technical show, we are diving into the weeds on VXLAN and ...
How Abstraction, Orchestration, and True Automation can make your Career Successful with Tim Fiola – ZNDP 090
How Abstraction, Orchestration, and True Automation can make your Career Successful! This is all about making ...
Network Design Principle Security – ZNDP 088
Network Design Principle Security! Network Design Principles… we have to know them and leverage them in ...