Versions Compared

Old Version 89

changes.mady.by.user Murali Reddy

Saved on

compared with

New Version 90

changes.mady.by.user Murali Reddy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Consider case where VM1 (assume with IP 10.1.1.20) in tier1 running on host 1, wants to communicate with VM1 (10.1.2.30) in tier 2 running on host 2. sequence of flow would be:
    • 10.1.1.20 sends ARP request for 10.1.1.1 (gateway for tier1)
    • VPC VR sends ARP response with MAC address (say 3c:07:54:4a:07:8f) on which 10.1.1.1 can be reached
    • 10.1.1.20 sends packet to 10.1.2.30 with ethernet destination 3c:07:54:4a:07:8f
    • flow rule on tier 1 bridge on host 1, over rides the default flow (normal l2 switching) and sends the packet on patch port
    • logical router created for VPC on host 1 receives packet on patch port 1. logical router does route look up (flow table 1 action) and does ingress and egress ACL's and modifies source mac address with mac address of 10.1.2.1 and modifies destination mac address with mac address of 10.1.2.30 and sends packet on patch port2.
    • tier 2 bridge on host 1 receives packet on patch port, does a mac lookup.
    • if the destination mac address is found, then sends packet on the port else floods packets on all the ports
    • tier 2 bridge on host 2 receives packet (due to unicast or flooding on the bridge tier 2 on host1) and forward to VM1. 
  • Consider case where VM3 (assume IP with 10.1.1.30) in tier 1 running on host 3 wants to communicate with VM1 in tier 2 running on host 2. Sequence of flow would be:
    • 10.1.1.30 sends are request for 10.1.1.1
    • VPC VR sends ARP response with MAC address (say 3c:07:54:4a:07:8f) on which 10.1.1.1 can be reached
    • 10.1.1.30 sends packet to 10.1.2.30 with ethernet destination 3c:07:54:4a:07:8f
    • VPC VR receives packet does a route look up, sends packets out on to tier 2 bridge on host 3, after modifying the packets source and destination mac address with that of 10.1.2.1 and mac address at which 10.1.2.30 is present (possibly after ARP resolution)
    • tier 2 bridge on host 2 receives packet and forward to VM1.  

Key concepts

Above example with just three hosts can be extended to VPC that spans large number of hosts. Here are the basic constructs to generalize to any number of hosts:

  • On host that runs VPC VR, nothing need to be changed from the perspective of setting up logical router and flows setup.
  • On rest of the hosts on which VPC spans
    • irrespective of host has VM from a tier, bridge will be created on the host for each tier in the VPC
    • each bridge is setup with full mesh of tunnels with rest of the hosts on which VPC spans
    • there is logical router provisioned on each host
    • logical router is interconnected to bridges corresponding to the tiers in the VPC through patch ports
    • flow rules need to be setup on each bridge to forward the inter-tier traffic to logical router
    • flow rules need to be setup on logical router for routing and ACL's

Fall back mechanism

Given the nature of distributed configuration required to setup bridges and flow rules on multiple hosts, there will be windows of time where the configuration is not up to date or as expected to reflect correct VPC network topology. Following principles shall be used to mitigate the impact:

...