Cisco Spine-leaf Network Topology | Cisco CCNA 200-301

Keith Barker - The OG of IT

8 Jan 202225:59

Summary

TLDRIn this informative video, Keith Barker explores the spine-leaf architecture commonly used in data centers. He explains the concept, its benefits, and demonstrates its functionality through a detailed diagram. The video delves into the connectivity between hosts and virtual machines, the role of top-of-rack (ToR) switches, and the spine switches that form the backbone of this architecture. Barker also discusses the use of VXLAN for logical placement of devices in the same Layer 2 network across different physical locations, showcasing how traffic is tunneled and load balanced across the network.

Takeaways

🌟 Spine-leaf architecture is a common setup in data centers, designed to facilitate efficient networking within racks of servers.
🔌 Top of Rack (ToR) switches are the 'leaf' components in spine-leaf architecture, providing connectivity for hosts within a rack.
🔗 Spine switches are the 'spine' components, connecting multiple ToR switches and enabling inter-rack communication.
🔄 The design offers redundancy and fault tolerance, as multiple paths exist for data to travel between racks, reducing the risk of a single point of failure.
🛤️ Multi-pathing is a benefit of spine-leaf architecture, allowing for load balancing and improved throughput across the network.
🌐 Virtual Extensible Local Area Network (VXLAN) is used to extend Layer 2 networks over a Layer 3 network, enabling devices in different physical locations to be part of the same broadcast domain.
📦 VXLAN encapsulates Layer 2 frames within a UDP packet, including a VXLAN header that identifies the virtual network, allowing for logical placement in the same VLAN.
🔑 VNI (VXLAN Network Identifier) is a crucial part of VXLAN, used to differentiate different virtual networks within the same physical network infrastructure.
🔍 Demonstrations in the script show how traffic is tunneled through the spine switches, maintaining the logical appearance of being on the same subnet despite physical separation.
🔄 The script includes a practical demonstration of how traffic is load-balanced across multiple spine switches, showcasing the effectiveness of equal-cost multipath routing.
🔬 The video script serves as an educational resource, explaining complex networking concepts in a way that is accessible for those studying for certifications like Cisco CCNA.

Q & A

What is the main topic of the video?
-The main topic of the video is the spine-leaf architecture, its purpose, and how it functions within a data center environment.
What is a spine-leaf architecture?
-A spine-leaf architecture is a network design that separates the access layer (leaf) from the distribution and core layers (spine), allowing for scalability and efficient connectivity in data centers.
Why is spine-leaf architecture commonly used in data centers?
-Spine-leaf architecture is used in data centers due to its scalability, efficient use of resources, and the ability to provide high-speed connectivity between different hosts and virtual machines.
What are the roles of 'spine' and 'leaf' switches in this architecture?
-In spine-leaf architecture, spine switches provide the high-speed backbone or interconnects, while leaf switches are responsible for the direct connection to end devices such as servers and hosts.
How does the video demonstrate the connectivity between different racks in a data center?
-The video demonstrates connectivity by showing how switches, referred to as spine and leaf switches, are used to connect different racks, ensuring communication between virtual machines and hosts across various racks.
What is the purpose of having multiple paths for traffic between racks in the spine-leaf architecture?
-Multiple paths provide redundancy, fault tolerance, and the ability to use multipathing for increased throughput and load balancing in the network.
What is a VLAN and how does it relate to the spine-leaf architecture?
-A VLAN (Virtual Local Area Network) is a logically separate network within a physical network. In the spine-leaf architecture, VLANs can be extended across different physical racks using VXLAN (Virtual Extensible Local Area Network) technology.
What is VXLAN and why is it used in spine-leaf architectures?
-VXLAN is a network protocol that allows for the extension of VLANs across a network by encapsulating layer 2 frames within layer 3 UDP packets. It is used in spine-leaf architectures to create logical layer 2 segments across different physical locations.
How does the video explain the concept of tunneling in the context of VXLAN?
-The video explains tunneling as the process of encapsulating layer 2 frames within a new packet structure, which is then forwarded over the network. This allows devices in different physical locations to be part of the same logical VLAN.
What are the benefits of using VXLAN in a data center environment according to the video?
-The benefits of using VXLAN in a data center include the ability to logically place devices in the same layer 2 broadcast domain regardless of their physical location, efficient use of IP addressing, and the capability for load balancing across multiple paths.
How does the video illustrate the encapsulation and decapsulation process in VXLAN?
-The video illustrates the process by showing an example of a ping request and its journey through the network. It demonstrates how the original layer 2 frame is encapsulated with a VXLAN header and forwarded over the tunnel, and then decapsulated at the receiving end to be processed within the local VLAN.

Outlines

00:00

🌟 Introduction to Spine Leaf Architecture

Keith Barker introduces the concept of spine-leaf architecture, explaining its purpose and relevance in data centers. He begins by visually representing a data center with racks of gear, each containing hosts that support multiple virtual machines (VMs). Barker illustrates the need for networking between VMs on different hosts and introduces the idea of top-of-rack switches to facilitate this connectivity. He also highlights the importance of avoiding single points of failure by using multiple switches and discusses the concept of layer 2 and layer 3 networking within this architecture.

05:00

🔌 Understanding Spine and Leaf Layers in Data Centers

The video script delves deeper into the spine-leaf architecture, explaining the roles of top-of-rack (ToR) switches, also known as leaf switches, and spine switches. Barker clarifies that ToR switches are part of the leaf layer, while spine switches connect the leaf layer, providing inter-rack connectivity. He demonstrates how adding a new rack involves connecting a new ToR switch to the existing spine switches, ensuring full connectivity without direct connections between leaf switches. The script also touches on the use of VLANs and the challenges of extending them across layer 3 networks.

10:01

📡 VXLAN: Bridging Layer 2 Networks Across Layer 3 Boundaries

Barker introduces Virtual Extensible Local Area Networks (VXLANs) as a solution to extend VLANs across a layer 3 network. He explains the concept of VXLAN identifiers (VNIs or VN IDs) and demonstrates how devices in different physical racks can be part of the same logical VLAN through VXLAN tunnels. The script describes the encapsulation process within VXLAN, where layer 2 frames are re-encapsulated with a VXLAN header for transport over layer 3 networks. Barker also discusses the configuration of VXLAN on leaf switches and the use of tunnel endpoints (VTEPs) for tunneling traffic.

15:03

💻 Practical Demonstration of VXLAN Tunneling in Action

The script transitions into a practical demonstration of VXLAN tunneling, showing the IP addressing scheme for tunnel endpoints and the routing table for efficient path selection. Barker explains the configuration of VLANs and VXLAN segments on leaf switches and how traffic is encapsulated and forwarded within a VXLAN network. He performs packet captures to visually demonstrate the encapsulation and de-encapsulation process during a ping and SSH session between servers in the same VXLAN but different physical locations.

20:05

🔄 Exploring Load Balancing and Traffic Distribution with VXLAN

Barker investigates the load balancing capabilities of VXLAN by examining the traffic distribution across multiple layer 3 paths provided by the spine switches. He conducts tests to validate the equal cost multipathing and shows how traffic is balanced between different interfaces on the leaf switches. The script provides a step-by-step guide on monitoring interface output rates to observe the load balancing in action, demonstrating the flexibility and efficiency of VXLAN in handling network traffic.

25:06

🏭 Concluding Thoughts on Network Topologies and VXLAN in Data Centers

In conclusion, Barker recaps the spine-leaf model and its advantages for data center networks, emphasizing the quick communication between devices on different hosts. He contrasts the hierarchical model suitable for campus networks with the spine-leaf model preferred for data centers. Barker also highlights the benefits of leveraging VXLAN to create logical layer 2 networks across a layer 3 infrastructure, wrapping up the video with a reminder of the importance of these concepts for those studying for the Cisco CCNA certification.

Mindmap

Keywords

💡Spine Leaf Architecture

Spine Leaf Architecture is a network design model commonly used in data centers. It consists of two layers: the spine layer, which is a high-capacity layer that interconnects all the switches, and the leaf layer, which is responsible for the end hosts' connectivity. In the video, this architecture is discussed in the context of data center networking, where it provides scalability and redundancy for efficient communication between servers and virtual machines.

💡Data Center

A data center is a facility that houses a large number of servers, storage systems, and network devices. It is critical for the operation of many IT and internet services. In the video, the data center serves as the primary setting for the discussion of network architectures and the deployment of hosts and switches.

💡Hosts

In the context of the video, hosts are servers or computing devices that are housed within the racks of a data center. They are the physical hardware that supports the operation of various applications and services. The script describes how hosts are connected to switches and how they support multiple virtual machines.

💡Virtual Machines (VMs)

Virtual Machines are software-based emulations of physical computers. They allow for the virtualization of computing resources and are commonly used in data centers to maximize efficiency. In the video, VMs are mentioned as being hosted on physical servers, which communicate with each other over the network.

💡Networking

Networking in the video refers to the interconnection of various devices within a data center to enable communication. It involves both the physical layer of connectivity and the logical layer of data exchange. The script discusses how networking is essential for VMs on different hosts to communicate.

💡Layer 2 and Layer 3 Switching

Layer 2 switching refers to the data forwarding based on MAC addresses within a local network, while Layer 3 switching involves IP address-based routing between different networks. In the video, the presenter explains how spine switches can perform both Layer 2 and Layer 3 functions, enabling connectivity and routing within the data center network.

💡Fault Tolerance

Fault tolerance is the ability of a system to continue operating or to recover from a failure without causing unacceptable disruption. In the context of the video, fault tolerance is achieved by having multiple paths and switches in the network, ensuring that if one component fails, the network remains operational.

💡VXLAN (Virtual Extensible Local Area Network)

VXLAN is a network protocol that allows for the creation of virtual networks over an IP network. It enables the extension of Layer 2 networks across Layer 3 networks without the need for all switches to be directly connected at Layer 2. In the video, VXLAN is discussed as a solution for creating logical Layer 2 networks across a spine-leaf architecture.

💡VTEP (VXLAN Tunnel Endpoint)

VTEP is a term used in VXLAN to refer to the endpoints of a VXLAN tunnel. It is responsible for encapsulating and de-encapsulating traffic as it enters and exits the VXLAN segment. The script describes how VTEPs are used to create logical connections between switches in a spine-leaf architecture.

💡Multi-Pathing

Multi-pathing is a networking technique that allows data to be sent over multiple paths for redundancy and load balancing. In the video, multi-pathing is mentioned as a benefit of the spine-leaf architecture, where traffic can be routed through different spine switches to reach its destination.

💡Equal Cost Multi-Pathing (ECMP)

Equal Cost Multi-Pathing is a routing technique that balances traffic across multiple equal-cost paths to increase throughput and redundancy. In the video, ECMP is discussed as a feature that allows for efficient load balancing across the spine switches in the network.

Highlights

Introduction to spine-leaf architecture in data centers and its purpose.

Explanation of the typical setup of racks and hosts in a data center environment.

Description of virtual machines and their networking within and across physical hosts.

Illustration of the need for networking between virtual machines on different hosts.

Introduction of top-of-rack (ToR) switches and their role in providing connectivity.

Discussion on the importance of fault tolerance in switch deployment.

Explanation of multi-layer switching capabilities for both Layer 2 and Layer 3 forwarding.

Benefits of spine-leaf architecture, such as equal cost paths and fault tolerance.

Introduction to spine switches and their connectivity to ToR switches.

Concept of extending VLANs over a network using VXLAN (Virtual Extensible Local Area Network).

Mechanism of VXLAN tunneling to logically place devices in the same broadcast domain.

Demonstration of VXLAN traffic capture and analysis.

Explanation of how VXLAN encapsulation and de-encapsulation work in a data center.

Practical demonstration of load balancing across multiple spine switches.

Discussion on the impact of spine-leaf architecture on network design and topologies.

Comparison between hierarchical and spine-leaf models for different network environments.

Conclusion summarizing the importance of understanding spine-leaf architecture and VXLAN for network professionals.

Transcripts

00:00

[Music]

00:07

hello and welcome my name is keith

00:10

barker and in this video you and i get

00:11

to take a look at the spine leaf

00:13

architecture to identify first of all

00:15

what is it why do we need it or want it

00:17

and then third to take a look at it in

00:19

action and a spine leaf architecture is

00:21

very typical inside of a data center so

00:23

let's go ahead and draw some racks of

00:24

gear at a typical data center so let's

00:27

label these as rack number three and

00:29

rack number four and rack number five

00:31

and rack number six and let's imagine

00:33

inside those racks they've got some

00:35

amazing hosts let's go ahead and put

00:37

four of them in each of these racks

00:39

and then we'll go ahead and label those

00:41

as host one for the individual hosts

00:43

that are in this rack of gear and host

00:45

two and host three and host four and the

00:49

same for the other three racks here in

00:51

our little mock data center

00:53

and let's also imagine that each of

00:54

these servers these hosts are supporting

00:56

multiple virtual machines maybe a dozen

00:58

or more virtual machines on each host so

01:01

let's measure that vm 11 is running on

01:05

host number one

01:07

and another vm let's call it vm

01:09

12 is running on host number two inside

01:13

of this one physical rack rack number

01:15

three now if these two vms were running

01:17

inside the same host they could have

01:19

logical virtualized networking to allow

01:21

them to connect to each other but if

01:23

this vm11 is on host one and this vm is

01:26

on host number two we need to have some

01:28

networking between them so on each of

01:29

the racks we could add one or more

01:31

switches that allows that connectivity

01:33

and so i'll add one of those switches to

01:34

the top of each of these four racks and

01:37

let me call this one switch 3.

01:39

i'll call this one switch four

01:41

and this one switch five

01:43

and this one's switch six and then each

01:45

of these physical servers would have

01:46

connectivity up to that switch very

01:48

likely more than just once for some

01:50

fault tolerance and some additional

01:51

throughput so i'll put some cables there

01:53

it's also very likely we'd have a couple

01:55

of these switches at the top and that

01:57

way if a single switch failed we

01:58

wouldn't have a single point of failure

02:00

so we draw the rest of the connectivity

02:01

in here

02:02

let's also imagine here over in rack 6

02:05

that we have vm

02:07

that's running on host 3 and vm 34

02:11

that's running on host 4. and very

02:13

similar to what was happening over here

02:14

in rack 3 here on rack 6 if vm33 needs

02:17

to communicate with this vm 34 because

02:20

they're on different hosts it would use

02:21

the networking provided between those

02:23

two hosts to facilitate that and we're

02:25

also gonna have some virtualized

02:26

networking on each of the hosts so here

02:28

on host three if vm 33 and let's say vm

02:31

23 we're on the same exact host those

02:33

two vms using logical networking in that

02:36

host could communicate with each other

02:37

but anytime we have to go between two

02:39

physical servers

02:40

we're going to need some networking that

02:42

provides connectivity between those

02:44

servers so are you ready for our next

02:45

challenge here it is what if this vm

02:47

bm11 which is currently being hosted by

02:50

host number one here on rack three what

02:53

if it needs to communicate with vm33

02:55

over here which is running on host three

02:58

on rack six

02:59

once again we're gonna need some

03:01

physical connectivity in this example we

03:03

need some connectivity networking

03:04

connectivity from the servers and the

03:06

hosts here in rack 3 to the hosts over

03:09

here in rack 6. so let's add some

03:12

switches that can allow that

03:13

connectivity let's go ahead and put a

03:15

couple in here and let's call this

03:16

switch 1 and switch 2. and when i'm

03:19

using the term switch here i also want

03:21

to imply multi-layer switching there are

03:23

devices that can do layer 3 forwarding

03:26

based on ip addresses and layer 2

03:28

forwarding based on mac addresses

03:30

depending on how they've been deployed

03:31

so for the connectivity from switch 3 to

03:34

these higher layer switches let's go

03:36

ahead and use a red color and let's

03:38

represent that red is connections that

03:40

are using layer 3. so it'd be an ip

03:42

network associated with this segment

03:44

between switch three and switch one and

03:46

for fault tolerance we'd wanna go from

03:47

switch three to this guy two maybe yet

03:49

another layer three subnet and then from

03:51

switch four to switch one and switch

03:53

four to switch two and then five to one

03:56

and five to two and then

03:58

six i'll go over the top here six to one

04:01

and six to two and for these networks we

04:03

could use a slash 30 or slash 31.

04:06

sometimes that's allowed so it's not

04:08

going to tie up a big block of ip

04:09

addressing but i wanted to represent the

04:11

connectivity between these upper level

04:14

switches and these top of rack switches

04:16

that's going to be layer 3 connectivity

04:18

so here's the great news if host 1 needs

04:20

to forward traffic on behalf of his vm

04:22

11 over to vm33 that traffic from host 1

04:26

would go through this top of rack switch

04:28

and then it has two paths it could go

04:29

through switch one as a routing decision

04:32

and then with switch one's connectivity

04:33

over to rack six that traffic could be

04:35

forwarded down to host number three so

04:37

that'd be one path i'll go ahead and

04:38

draw that here there'll be one path and

04:40

another path would be going through

04:42

switch two and that would look like this

04:44

so as a result of this design here are

04:46

some of the benefits we have two equal

04:48

cost paths to get from this rack here

04:51

rack number three over direct number six

04:53

so we have equal class paths we could

04:55

use multi-pathing also we have some

04:57

fault tolerance if we lose one of these

04:58

switches at the top here switch one or

05:00

switch two the other one still is

05:02

providing connectivity and we still have

05:03

communications between these two racks

05:05

so let's go ahead and remove that path

05:07

for a moment and let's talk about some

05:09

interesting names they have for these

05:11

switches

05:12

for these switches that are placed at

05:14

the top of the rack and this is for

05:15

convenience they don't have to be at the

05:16

very top of the rack but they're often

05:18

referred to as t

05:19

o r or top of rack switches also this

05:22

layer right here these topper rack

05:24

switches are also making up what's known

05:26

as the leaf layer so if you take a look

05:29

at the spine and leaf architecture or

05:30

spine leaf design these top of rack

05:32

switches are literally the leaf portion

05:35

of our spine leaf design and for these

05:37

switches up here i'll go ahead and put a

05:39

little dividing line for these switches

05:40

up here these are considered to be the

05:42

spine switches that are providing

05:44

connectivity between the top of rack

05:46

switches so when somebody talks about a

05:48

spine leaf design or a spine leaf

05:50

architecture they're talking about

05:52

exactly this

05:53

and if we were to add another rack let's

05:55

go ahead and add another rack we'll call

05:56

this rack number seven this new rack

05:58

would also have a top of rack switch

06:00

we'll call it switch number seven and it

06:02

would have connectivity up to the spine

06:03

switches so in our case i just have two

06:05

spine switches here but if we had 10

06:07

spine switches we would have 10

06:09

connections from this top of rack switch

06:11

one for the connection to each of our

06:13

spines another thing to note is that the

06:15

spine switches themselves they don't

06:17

have cross connects between them going

06:19

horizontally also the top of rack

06:21

switches also do not have connectivity

06:24

between them however each spine switch

06:26

has a connection to each and every leaf

06:29

switch

06:30

and every leaf switch has a connection

06:32

to each and every spine switch and what

06:34

this facilitates is connectivity between

06:36

the hosts and any of these racks and the

06:39

host in any other racks on behalf of the

06:41

vms that may need to communicate with

06:42

each other so vm11 here can communicate

06:45

with vm33 maybe this guy's on the 10.3

06:49

subnet and over here this vm is on the

06:51

10.6 subnet and they have a layer 3

06:54

routed path they can use to reach each

06:57

other however what if we wanted to put

07:00

vm11 here which is over here in rack

07:02

three and vm 33 over here on rack six

07:05

what if we wanted to logically place

07:07

them in the same layer two network the

07:10

same broadcast main the same vlan well

07:12

one of our challenges we don't have

07:14

trunks up here that are connecting all

07:15

the switches together but rather what we

07:17

have is layer 3 connectivity so how do

07:20

you extend a vlan over a network if you

07:23

have routers in the way that are doing

07:25

layer 3 forwarding and the answer is

07:27

using v

07:28

x lands

07:30

and that's what i'd like to talk with

07:31

you about right now that can leverage

07:33

this kind of architecture with a spine

07:35

leaf design and allow devices over here

07:38

in one rack of gear to be the same

07:40

logical vlan as a vm that's in a

07:43

completely separate rack even though

07:45

they are not directly connected at layer

07:47

two so this represents the leaf layer of

07:49

our switches our top of rack switches

07:51

and this represents our spine layer

07:54

right here

07:55

unless we have full connectivity between

07:57

each spine device and all of the leafs

08:00

and each leaf has full connectivity to

08:02

all the spine switches so we can imagine

08:04

that each of these leaf switches

08:05

represents a separate rack and i've also

08:07

placed some devices on our topology that

08:09

we can play with and look at the results

08:11

and as a reminder all the connectivity

08:13

between the spine and the leaf it is all

08:15

layer three so there's no native

08:17

extensions of a vlan for example from

08:19

over here in rack three over here to

08:21

rock six but what we are gonna do

08:22

instead is we are gonna use v

08:24

x lan and that's an acronym for virtual

08:28

extensible

08:29

local area network so they took the

08:31

second character there for the x to make

08:33

the acronym vxlan effectively we can

08:36

choose to put devices even in separate

08:38

physical racks even though they're not

08:40

connected directly at layer 2 we can

08:42

logically place them in the same vlans

08:44

by using this concept called vxlan and

08:47

here's how we're going to pull it off

08:48

for these vxlans we're going to create

08:49

some identifiers for the vxlans these

08:52

are commonly referred to as v and i's

08:55

i've also seen them as vn ids so let's

08:57

imagine we want to create an identifier

08:59

of six seven eight three which happens

09:02

to be my cci number and let's imagine

09:04

that we want these two devices here on

09:06

this left hand side of our network we

09:08

want them to be a part of that vxlan of

09:12

6783 and we want these two devices over

09:15

here on the right hand side of our

09:16

topology also to be in that same vxlan

09:18

of 6783

09:21

so as far as the actual subnet address

09:22

that we're going to use with that let's

09:24

use a 10.9.0.0

09:27

with a 24-bit mask and let's imagine

09:29

that pc6 is at dot 6 and the server here

09:32

is at 106

09:34

and over here on the left hand side this

09:36

guy is at dot three and the server is at

09:38

dot one o three all of it in the ten

09:41

nine zero address space now first glance

09:43

you might think well how in the hell in

09:45

the world is that gonna work i've got

09:46

these devices on the 1090 network over

09:48

here i've got these other devices on the

09:50

1090 network over here how do i get the

09:52

traffic across these racks in the same

09:55

vlan and the secret and the answer to

09:56

that question is by doing tunneling

09:59

we're going to set up tunnels now these

10:00

tunnels can be manually set up and

10:02

statically configured also they can be

10:04

dynamically discovered there's lots of

10:05

different ways of doing that but at the

10:07

end of the day we're going to set up

10:08

tunneling between our leaf devices so

10:10

i'm going to put my tunnel in this color

10:12

right here i'm going to put a tunnel in

10:13

from leaf 3 over to leaf6 and i'll kind

10:17

of fill it in here

10:18

and one interesting thing about a tunnel

10:20

is that it has two end points

10:22

we're gonna have one end point over here

10:23

on leaf three and another end point over

10:25

here at least six and these end points

10:27

are referred to with vxlan as

10:30

vtep which is a vlan tunnel endpoint so

10:34

with an ipsec tunnel we're taking the

10:35

original payload encrypting it and then

10:38

we're putting it inside of a whole brand

10:39

new packet and then it shipped across

10:41

the network to the other peer who then

10:43

decrypts it and a very similar concept

10:45

works like that with vxlan except

10:46

instead of encapsulating for the benefit

10:48

of encryption we're encapsulating for

10:50

the benefit of forwarding traffic to

10:52

make these devices in this vxlan believe

10:56

they're on the same subnet and it's

10:57

accomplished by taking the original

10:59

payload from layer two up then

11:02

re-encapsulating that inside of a packet

11:04

which we're gonna forward over the

11:05

tunnel and i think a fantastic example

11:07

would be this let's imagine that this pc

11:10

right here does a ping to the address

11:12

over here on dot three which is

11:16

10.9.0.3

11:17

so that initial arp request is a

11:19

broadcast so originally the broadcast is

11:22

an arp request and the source mac

11:24

address would be pc6 mac address and the

11:27

destination would be the broadcast

11:28

address at layer two and here's what

11:31

leave six will do it'll take that

11:32

original request like this including the

11:34

layer two header and it's going to

11:36

re-encapsulate it into a whole new

11:39

datagram that looks like this so this is

11:41

our payload it's going to have a vxlan

11:43

header that's going to identify the

11:45

vxlan it belongs to 6783 in this case

11:48

and then at layer 4 it's going to be

11:50

using udp and then layer 3 is going to

11:52

have the source address of switch 6

11:55

whatever the v tip is for switch six and

11:57

for the destination ip address it's

11:58

gonna be the vtep or the logical end of

12:00

the tunnel that switch three is

12:02

supporting so the destination is gonna

12:03

be

12:04

switch

12:05

three and then the layer two headers are

12:07

gonna be swapped out as that packet is

12:09

forwarded across the network so the

12:10

actual path of the traffic would be

12:12

going from this leaf to either switch

12:15

two or switch one who would then forward

12:17

it down to leave three who would then

12:19

take a look at the header and say oh my

12:20

goodness i see what this is d

12:21

encapsulate it and then simply forward

12:23

the original layer two frame down to

12:26

this vlan down here at which point pc3

12:28

would see it say oh there's a request

12:30

that darp request from pc6 it would

12:32

respond and then that traffic would once

12:34

again be re-encapsulated at least three

12:36

shipped logically over the tunnel where

12:38

leave six would de-encapsulate that and

12:40

then for the response down to pc6 so the

12:43

actual literal traffic is being routed

12:45

over the network however the logical

12:47

path is through the tunnel between the

12:49

two leaf switches so the benefit of

12:51

vxlan in the data center is that we can

12:53

logically place devices in the same

12:56

layer 2 broadcast domain even though

12:58

those devices may be separated by one or

13:01

more layer 3 routers on the path to get

13:03

there again it's all done through the

13:04

tunneling mechanisms that vxlan uses so

13:07

i thought to myself wow it'd be really

13:09

cool if we could like you know take a

13:10

look at the packets involved when vxlan

13:13

is in use and i just so happen to have a

13:15

topology it's the one we're looking at

13:17

that i'd like to go ahead and demo for

13:19

you right now and here's the lay of the

13:21

land regarding ip addressing for the

13:22

tunnel endpoints here on lead three i'm

13:24

going to be using 10.10.10.3

13:27

as the tunnel endpoint here only three

13:30

and the other end of that tunnel for

13:31

this demonstration on leaf six is going

13:32

to be 10.10.10.6.

13:37

so if we looked at the routing table

13:38

from leaf6's perspective regarding how

13:39

to reach the other end of the tunnel

13:41

it's going to have two paths one that

13:43

goes this way one goes that way and as a

13:45

result of it having multiple paths it

13:47

can use equal cost multipathing which is

13:49

fantastic and that way we can send some

13:51

traffic this way and some traffic that

13:53

way and get more throughput as we're

13:54

forwarding traffic over the tunnel on

13:56

behalf of our hosts and vms so here from

13:59

the perspective of leaf six if we do a

14:01

show nve and a question mark and let's

14:04

go ahead and take a look at piers

14:07

so here showing that we have up here at

14:08

10 10 10 3 that's the leaf 3 switch

14:12

and if we do a show nve peers and detail

14:15

here it shows us that the peer state is

14:17

up it's also specifying that the virtual

14:19

network identifier that it's supporting

14:21

is 6783 and that is the same virtual

14:24

network identifier that we're using so

14:26

we did a show iprout for that specific

14:28

route of 10.10.10.3

14:31

this will help us confirm that we have

14:32

multiple paths to get there one going

14:34

out ethernet one slash one the other

14:36

going out ethernet one slash two also

14:38

let's do a show run and let me share

14:39

with you a few tidbits from this

14:41

configuration so currently i have vlan 9

14:44

that's the local vlan on this leaf

14:46

switch and i've associated with it the

14:48

vn segment the virtual network segment

14:50

of that vxlan id of 6783 so the play by

14:54

play is if we have the switch we have a

14:55

device connected to let's say port 1 7

14:58

which we do right here if we assign that

15:00

port as an access port in vlan 9 based

15:03

on this configuration that client is

15:05

also logically going to be in the vxlan

15:08

6783 so if the client sends in a

15:10

broadcast like an arp request this

15:12

switch will take that re-encapsulate it

15:15

forward it over to the pier who will

15:16

de-encapsulate it and then forward it

15:18

down to the other devices that it has

15:20

locally which are also associated with

15:22

the vxlan of 6783 also just to confirm

15:25

who to show interface status

15:28

and let me scooch this over just a

15:29

little bit here showing us that ethernet

15:31

1 and 2 these interfaces here are layer

15:34

3 connections up to the spine layer also

15:36

part 6 and 7 which i have configured

15:38

right here

15:39

they are configured as access ports in

15:41

vlan9 which based on our configuration

15:44

is also associated with a virtual

15:46

network id of 6783 and switch 3 has

15:49

similar treatment for ports 6 and 7 over

15:51

here on its side as well so here's what

15:53

i like to do before we send traffic from

15:55

pc6 or server 6 over here to server 3 or

15:57

pc3 let's do some captures on e1 slash 1

16:01

and 1 2 so we can actually see the vxlan

16:04

traffic and the re-encapsulation that's

16:06

done as part of the tunneling

16:08

so i'll go ahead and start those

16:09

captures so we'll capture one slash one

16:12

and click ok we should see some ospf

16:15

hello messages and other stuff that's

16:16

going on great great great it's working

16:18

all right let me go ahead and make that

16:19

a little bit smaller for the moment and

16:21

let's also capture on e one slash two so

16:24

go ahead and right click again click on

16:25

capture we'll specify e one slash two

16:28

and we'll click on okay all right make

16:30

that also a little bit smaller

16:32

and move it over here a little bit to

16:34

the right just to make sure there's some

16:35

activity on it good good good so we can

16:37

bring out the pc or the server let's go

16:38

and bring up the server

16:40

all right so this represents the server

16:42

we'll just double check its idp address

16:44

real quick by bringing up a command line

16:46

and let's do ifconfig for ethernet 0 and

16:50

sure enough

16:51

10.9.0.106. this is hanging off of

16:53

switch 6.

16:54

so if we are going to do a ping over to

16:57

let's go ahead and ping server 3 on the

16:59

left and he is at 10.9.0.103

17:04

and press enter

17:07

i'm always a little shocked when it

17:09

works so well the first time let's do a

17:10

ctrl c there so what's happening behind

17:12

the scenes is that this switch right

17:14

here switch 6 is taking those requests

17:18

wrapping them up shipping them over the

17:19

tunnel and then switch three is

17:21

de-encapsulating them forwarding them

17:22

down and then for the replies back the

17:25

reverse process happens also while the

17:27

captures are still running let's do a

17:28

couple more things let's go ahead and do

17:30

an ssh session let's do an ssh over to

17:33

10.9.0.103

17:38

and press enter okay it's asking me if i

17:40

don't trust the fingerprint i'll say yes

17:42

and what is the password over there is

17:45

it this let's see here um is it that

17:48

nope is it that

17:50

nope okay really doesn't matter too much

17:51

i just want to make sure we can capture

17:52

some traffic going back and forth

17:54

between this server here on the right

17:57

and this server over here in the same

17:58

vxlan but yet in a separate part of the

18:01

network so let's go ahead and stop our

18:02

captures and we'll take a look all right

18:05

we could probably grab either one and

18:06

get some traffic let's go ahead and

18:07

start with e 1 2 that interface and take

18:10

a look and let me make the font a little

18:12

bit bigger so let's start with a ping

18:15

and let's go ahead and do a filter

18:16

display filter looking for just icmp

18:18

traffic and here we go right here so

18:20

here we have traffic from 109.0.106

18:23

that was the server on the right pinging

18:25

10.9.0.103

18:27

that's the server on the left but check

18:29

it out because we captured the traffic

18:30

as it was going over the logical tunnel

18:32

look what it did so let's take a look at

18:34

what happened here so the ethernet frame

18:36

is being sent and this would be coming

18:38

from

18:39

the mac address associated with the

18:41

ethernet one slash two interface on

18:44

switch six going to the layer two

18:45

address of the next top router so that's

18:47

the outmost ethernet header and inside

18:50

of the ethernet header is saying the

18:51

next protocol is hexadecimal 800 which

18:54

is ipv4 so here in the ipv4 header the

18:57

source is the tunnel endpoint address

19:00

for switch 6 and the destination is the

19:03

tunnel endpoint address for switch 3.

19:05

and then the header it says hey the next

19:07

protocol is udp and so here's the udp

19:10

header that was being used for the

19:12

re-encapsulation of this tunnel traffic

19:14

and then after the udp header then we

19:16

have a vxlan header right here and here

19:19

it's identifying the vxlan network

19:20

identifier the 6783 and that way when

19:23

the receiving switch sees it says okay

19:25

great it can de-encapsulate it and then

19:27

forward it appropriately to the devices

19:29

in the vlans associated with that vxlan

19:32

so once switch 3 receives this it's

19:34

going to strip off all this information

19:36

and what's going to forward is the

19:37

original layer 2 header with the source

19:39

mac address of server 6 on the right

19:42

hand side and the destination mac

19:44

address of server 3 on the left hand

19:46

side and then in this ethernet header it

19:48

then points to the next protocol being

19:50

ipv4 and then the payload for this

19:52

packet was an icmp echo request which is

19:55

right here so from the server's

19:56

perspective they don't know that all

19:58

this encapsulation de-encapsulation

20:00

happened all they think is that hey

20:02

we're two devices on the same subnet on

20:04

the 10.90 subnet and it feels like to

20:07

these devices it feels like we're right

20:09

next to each other so here's saying the

20:10

response wasn't found but it's very

20:12

possible that the response could have

20:13

come back on the other path because

20:15

there's two layer three paths provided

20:16

by the spine so the response could have

20:18

come back over the other interface all

20:20

right so let's go take a look at ssh we

20:23

also did an ssh session or we started

20:25

one let's go ahead and do a display

20:26

filter for that and i'm going to go

20:28

ahead and right click and go to follow

20:30

and say let's follow the tcp stream and

20:32

that's going to close that and give us

20:34

just a filter for that session so if we

20:36

pick one of these as being initiated by

20:37

the server at 106. let's go ahead and

20:39

grab this right here everything in these

20:40

first one two three four five entries

20:44

here are based on the re-encapsulation

20:46

and setting the traffic through the

20:47

tunnel so all this is for the benefit of

20:49

the two endpoints of the tunnel and then

20:51

when the receiver gets it switch three

20:53

it would de-encapsulate it and it would

20:55

simply forward the layer two header

20:57

which from the mac address it looks like

20:59

it's sourced from the mac address

21:01

associated with server six going to the

21:04

mac address associated with server three

21:07

and then the next protocol is ip and

21:08

then layer four is tcp and then we have

21:11

the payload of the original request

21:12

which was an ssh message so is it

21:14

possible to have a tcp header and a udp

21:16

header the answer is yes here we have

21:19

udp header that was part of the

21:21

encapsulation and the tunnel traffic and

21:22

then after that got stripped off the

21:24

actual real protocol trying to be used

21:26

by the client was using a layer 4 tcp

21:29

in association with ssh so let me go

21:31

ahead and close those captures and one

21:33

last little test i'd like to do is just

21:34

to validate that we're actually doing

21:36

load balancing across the two interfaces

21:39

as traffic goes from server six over to

21:41

server three so here on leaf six we do a

21:44

show iprout to the other end of the

21:46

tunnel which is 10.10.10.3

21:49

we have two equal cost paths and let's

21:51

get a little bit creative and let's do a

21:53

show

21:54

interface

21:55

ethernet one slash one and let's pick

21:58

out a few elements that might be

21:59

relevant here so we can filter them out

22:01

with a pipe and how about this let's

22:02

let's go ahead and filter on the 30

22:04

second output rate right there so i'm

22:06

going to copy that to my buffer

22:08

and let's do a show for that interface

22:11

we'll do a pipe and we'll put in some

22:13

quotes paste that in and end quote and

22:16

enter

22:18

and it says keith you might want to put

22:19

it include there

22:22

i thought it didn't that count all right

22:24

sounds good and then we'll do it again

22:26

also for

22:27

ethernet one slash two so to be a little

22:29

creative let's do this let's do a show

22:31

interface ethernet one slash two

22:33

looking for just the output that

22:34

includes that line press enter and we'll

22:37

also do it for one one now we can go

22:38

back and forth we can actually see the

22:40

amount of traffic over the last 30

22:41

seconds that's currently being used so

22:43

currently it's about 80 bits per second

22:45

not very taxing so if we bring up our

22:47

server let's do this let's do a ping and

22:49

we'll say the size is 1000 bytes

22:52

and we'll ping the target at

22:54

10.9.0.103 that should put some load and

22:57

they'll just be a continuous ping and

22:58

that way we can look at the output here

23:00

and see approximately if it's doing any

23:02

load balancing so i'll go ahead and just

23:04

let that run the background and let's go

23:06

ahead and give that a moment and let's

23:08

look at ethernet one slash one and now

23:10

it's at two thousand bits per second and

23:12

one slash two is about eleven sixty

23:15

eight so we'll go ahead and give it a

23:16

few more moments and then we'll test it

23:18

again so both are being used it's not

23:20

exactly perfect but if we had more

23:22

clients it's very likely to be more

23:24

equally spread out there we go that's 3

23:26

100 and 3 300

23:28

amazing and we'll go ahead and do it

23:29

again

23:30

and now it's 47 and 35.

23:33

there's 5200 and 5500 so i also want to

23:36

verify just by stopping my ping i'm

23:38

going to do a control c to stop the

23:40

traffic and then then we'll give it

23:41

about 15 20 seconds and then we'll look

23:43

at it again and those numbers should be

23:45

dropping so it's been about 30 seconds

23:47

and so i'm going to go ahead and look at

23:49

both of them again so we have 480 bits

23:51

now per second on one slash one and on

23:54

one slash two we have about 96. so let's

23:57

go ahead and just verify that real quick

23:58

so there we go they're both coming down

24:01

so let's recap we have up here we have

24:04

switches that are at the spine layer and

24:06

there's full connectivity between each

24:08

switch at the spine layer and each

24:09

device at the leaf layer right here also

24:12

there's no cross connects so we don't

24:14

have cross connections between a switch

24:16

1 and switch 2 at spine layer no no no

24:18

we also don't have cross connects here

24:21

horizontally between any of the leaf

24:23

switches everything's going through the

24:25

spine we also took a look at the concept

24:27

of tunneling and using vxlans which

24:30

gives us the ability to take any devices

24:32

we want to pretty much anywhere here in

24:33

the data center and logically place them

24:36

on the same subnet and that's done by

24:38

tunneling the traffic between the

24:39

switches so the actual packets are being

24:42

routed over the spine but the logical

24:44

tunnel is going from one switch over to

24:46

the other switch so when considering

24:48

network designs and network topologies

24:50

in light of the cisco ccna i'd like you

24:53

to remember two major families one is

24:55

the hierarchical model which is the

24:56

three layer model we had a separate

24:58

video just on that and that's with the

24:59

axis layer distribution layer and the

25:02

core or if you want to smash the

25:04

distribution and core together as a

25:05

collapse core that would be the two tier

25:08

hierarchical model and that's really

25:09

great for like a campus network if we

25:11

however have a data center that we need

25:13

devices to be able to communicate very

25:15

quickly back and forth even if they're

25:16

on different hosts we'd very likely be

25:18

using a spine leaf model as we've just

25:21

discussed in this video and if you want

25:22

to on top of that leveraging vxlans as

25:25

well so thanks for joining me in this

25:26

video and i'll see you my friend in the

25:28

next live event or next video until then

25:30

be happy and treat everybody well i'll

25:32

see you next time

25:34

[Music]

25:54

all your hopes are never

تصفح المزيد من مقاطع الفيديو ذات الصلة

Virtual Extensible LAN - CompTIA Network+ N10-009 - 1.8

Computer Network Devices

Everything Switches do - Part 1 - Networking Fundamentals - Lesson 4

Network Virtualization Simplified

Logs and Monitoring - N10-008 CompTIA Network+ : 3.1

VLANs and Trunking - N10-008 CompTIA Network+ : 2.3

Rate This

★

★

★

★

★

5.0 / 5 (0 votes)

هل تحتاج إلى تلخيص باللغة الإنجليزية؟