Page 1



help me finish my paper 05 03

mpoc essay winners of american 05 13

buna beacon february arrest reports 05 13


26 january essay in punjabi language 05 02

writing worksheets for grade one 05 11


looking for thesis proposal on history now 05 15

cover letter orchestra job 05 15


best of funny ads compilation report 05 13

mfa in creative writing programs in california 08 20


volante morgan 82a review of literature 05 15

free help with writing a evolution writers 05 03

corrective feedback writing 05 14

negotiation presentation 08 21


evolution writers in urdu 05 03

afrikaans evolution writers 1 november 2019 05 04

afrikaans evolution writers 1 memo 05 05

functional area information systems essays about life 05 08

worshiping the sun report pdf 05 13

essay concerning human understanding 1690 05 02

downers grove illinois reporters privilege 08 20

essays on joan of arc 05 14

040107 poem annotated 05 02

cover letter for human resources coordinator 05 12

wedding paper divas customer support 05 04

abortion 8 weeks pregnant 05 13

csric report 05 09




get a carfax used car history report 05 12


acc college basketball coaches salaries 08 21

uni interview presentation tips 05 10



brown evolution writers tickets faq 05 03

write a paragraph about my best friend 05 14

750 word essay pages 05 02


essay writing tips in urdu 05 03


decorah newspaper help wanted 05 03

writing a research evolution writers middle school 05 05

School of Nursing ​Traditional data center design can't handle the demand. Virtual machines are popping up faster than my teenager's missing homework excuses. So what to do? We're gonna find out. My name is Robb Boyd, and it's time for TechWiseTV. [MUSIC] There is no one single way to build a data center: You got architecture options that include full-on ACI, NX-OS or Nexus standalone; then you got a traditional bottom-up, layer-two spanning tree. Well our focus today is VXLAN with BGP EVPN, or standards based VXLAN overlay with a BGP EVPN control plane; it's catchy, huh? It's really just an acronym-laden way to say here's how you can take advantage of the latest NX-OS-based networking hardware in an architectural model that you're already familiar with. Well VLANs, created long before virtual became synonymous with servers, gave us a data-link layer answer for network segmentation. It opened things up for better network design. Server virtualization started exploding, and created almost as many challenges as it addressed. I mean, we all lived through it. Spanning tree became much more painful without multipathing, with redundant hardware, now even more expensive as it sat around. And VLANs that showed their age we were reminded that they capped out at 4,096 segments, or even less if you were using STP. And server virtualization was pushing us up to support multitenancy as well, so these limitations were quickly laughable. Well, then comes VXLAN to the rescue in 2012, a tunneling overlay with the entire layer-two frame encapsulated in UDP, only adding around 50 bytes of overhead, but the big advantage was for a cloud network that now could run on top of layer three. 16 million segments, tenant isolation, and layer-three multi-pathing; it took off. But, as many of you know through your own network growing pains, the VXLAN RFC did not specify something that has now emerged as critical: it was a control plane. A very real issue for routing and scalability fears related to flooding. Well today, we're gonna walk you through a solution involving BGP EVPN, a design that did more than just address the control plane challenge, it brought superhero skills to your top-of-rack switches, ARP suppression, security and authentication, layer-three forwarding, multipathing. Doesn't that sound good? Well, there's even more. Lukas Krattiger joins me in the lab to show how all of this comes together, next. [MUSIC] Lukas, it is so good to have you here physically... >> Thanks a lot, Robb. >> ...not another country, at a Cisco Live, or something else. You're here In the San Jose studios. Question is, however, you've been talking about VXLANs limitations and how those are being solved. Why is it that VXLAN has issues that need to be solved? It was the great thing, wasn't it? I mean, I thought it solved all of our VLAN issues. What is it now we're running into? >> VXLAN itself, is another encapsulation, so we're using the same layer two semantics we had previously an Ethernet with VLANs. >> Yep. >> We just add a whole bunch of new identifiers to it, the VXLAN network identifier, meaning 16 million of them... >> Right. >> ...and put it on top of a layer-three network. But as you said, I mean, the behavior, the semantics is still the same. >> So what specific behaviors are some of our larger networks, I believe it is, specifically running into? >> The Ethernet, as well as VXLAN, uses the schematics of flood and learn, so I flood out and try to discover somebody, and then when this somebody that hosts responds, I'm going to add it to my table, and that's how I learn. But I need to scream around first. >> Okay, so it's really a scaling issue, because we're talking about, if I've gotta take an incoming frame, and then every single time it comes in, flood it out every packet, so flooding out copies, especially the spine of a network being artificially large and/or having trouble from a segmentation standpoint. So you're talking about these large-cloud or multitenant service provider-like networks, they're saying, "Wow, I can't have multicast in the backbone. I can't do that kind of stuff," which is required to be able to do that? Am I getting that right? >> Yes, you're getting it right. The spine itself is an IP forwarder, VXLAN, and it sees IP traffic, but also flooding as encapsulated in VXLAN is IP traffic, which needs to be forwarded, and yes, the spine gets unnecessary traffic load as well as the leaf switches themselves; they're just generating traffic for that bump traffic broadcast on unicast and multicast. >> Well you did a two-hour presentation that I watched at Cisco Live recently, and I need you to tell me in 15 seconds a summary of how BGP EVPN is specifically being used to solve these VXLAN issues for larger networks. >> I just lost my 15 seconds. No, so [LAUGH] >> Ha! [LAUGH] Nice. >> Touche. >> So EVPN is a control plane which adds next to the IP reachability we already had in routing protocols, we also add MAC reachability information, too. >> So layer two and three. >> Layer two and layer three. so we have optimized forwarding for bridge traffic, So no more flood and learn. We learn as the host comes online to the switch, and also for routing, we're using the most efficient way between two top-of-rack switches. >> So reestablishing in layer three that control plane that was missing from VXLAN. >> Yes, we're adding layer three and layer two. >> So I took a stab at encapsulating what you said at

Cisco Live, and what it boiled down to me is, how do we get better host mobility at scale on these larger networks? And some of the benefits around getting rid of STP--and I'm going to give you the pen back because I want you to answer some of these-- multipath, optimizing east-west traffic, and security authentication. I hope that that's a good summary. But starting with STP and this getting away from how we don't waste hardware to prevent loops and such, what are we doing differently here that would be worth mentioning? >> So host mobility, generally, one of the greatest use cases we have, and we really see it going over and over in the data centers and the enterprise service providers, and so on and so forth. In regards to your specific question on no spanning tree: When we are looking at how VXLAN is being done, in spanning tree, previously classic Ethernet, we created loops, and we needed to prevent these loops so we did that blocking and forwarding thing like 50% or only one path. >> Love that, yeah. >> Now with VXLAN, we're encapsulating an IP, so it's a MAC and IP encapsulation we are doing. So we can now build a layer-three network. And with layer-three networks, we have everything forwarding because we use routing protocols. We are not on the layer-two level anymore; we get time to elapse, and so on and so forth. And we have many different routing protocols which support equal-cost multipath, ECMP. >> Speaking of multipath then, let's jump right in. You go ahead, I'm gonna go ahead, 'cause I know it's next anyway, so I'll bring it up. I'll give you a fresh network. Tell me about multipathing then. What is it that we're doing uniquely there? >> Okay, in VXLAN we have tunnel endpoints, or VXLAN tunnel end points-- the V taps--which I denote here with V on my top-of-racks, and you can see my spines don't have VTAPs. They're just IP-forward; they don't know about VXLAN itself. >> By design. >> By design. >> Okay. >> It's IP UDP traffic for them. >> Gotcha, okay. >> Now, when I do tunnels, I normally have a source IP and a destination IP, and for hashing across a network, that's not very efficient there. >> Right. >> With VXLAN, we are changing the source port. So it's IP UDP traffic, we are having a source port, and depending on the traffic flow, the respective five tuples which are created to different traffic patterns, we start balancing it across the different spine and using that entropy, that hashing approach of ECMP to scale it out there. >> Did we have multipathing in VXLAN? >> We had multipathing in VXLAN; it was already there, we used a similar semantic. We just improved the overall reachability information with EVPN on top of it. >> Okay, perfect. All right, so now, optimize east/west traffic for me. >> I said before, we have these VTAPs on my top-of-racks, and if I were to use centralized gateways, I would have to go somewhere (in) layer-two. So maybe somewhere up here, and then get that gateway and go back again. So it's always go up, go down, so not very efficient there, not very much a scaleout approach. Now, with EVPN, we are bringing IRB, or an integrated routing bridge. With this, every top-of-rack is at the same time also your default gateway. >> Okay. >> So the host, either bridging or routing, will hit the top of rack. We make bridging or routing decision. And forward efficiently to wherever we wanna go, where my destination host itself is. And importantly, it's for MAC reachability, so in the same VLAN, in the same segment, or routing between segments, which was previously much more inefficient. >> And so we're not wastefully going up to this spine; we're only sending certain types of traffic up here, and you said that's what, UDP and- >> Yeah, it's all IPUDP traffic, the VXLAN encapsulation from the leaf switch into the fabric itself. That's all we have. >> Very nice. >> That's all we see up there. The logic, the intelligence, is all down on the top of rack, as close to the host as possible, and it also reduces the filler domain. >> Do we still call that the anycast gateway? >> It's the distributed IPN anycast gateway, yes. >> We'll check with Brand to make sure you get all of those things done for. Okay, so one thing that I think has caused confusion sometimes in the past is this notion of security authentication, because I was thinking when I first put this up here that this was some of the natural extension from a BGP perspective. But you said no, actually it's a little bit more; what is it you mean? >> Yeah, we do a little bit more on the security with VXLAN and EVPN there. We're using BGP authentication to identify my neighbor VTAPs, which are valid to send traffic to. So I do have pre-validation just because of the authentication we are doing there. In addition, if you are not authenticated to me, I'm not allowing any traffic from the website to me. >> You are saying, "I'm just gonna ignore you." >> Yeah, I just drop it. I just drop it. >> You don't get access to my tables. >> No. >> Yeah, okay. >> I don't wanna tell you anything, and you don't tell me anything, so we're completely separated from each other. >> Okay, so it's a myth that... >> A divorce. >> ...we're necessarily insecure, and especially the way in which we have specifically done this. We have unique capabilities from a Cisco perspective that allows us to push that information down into the leaf layer that others just flat aren't doing, correct? So our efficiency is inevitably stronger. >> Absolutely, the Cisco Nexus family has inherently Cisco ASIC, Cisco intellectual property in there, and our ASICs, which are happening at these different layers, here at these leaf layers, allow us to do VXLAN bridging as well as VXLAN routing, which is a pretty important piece. From platforms, specifically Nexus 9000 shipping, Nexus 5600 shipping, Nexus 7000, we have three line cards also shipping today. >> Perfect. Okay, so that is continuing to grow, and it's been growing quite a bit. So just a last final question, a catch all: is there anything else that we need to understand about capabilities here

that I didn't get a chance to ask you to organize neatly? >> VXLAN, when we look at the infrastructure we're building, with BGP EVPN, it's very service provider-like, so we're building a similar approach like MPLS VPN, but we're adding also the bridging capabilities on top of it, so it's not only the L3, the routing piece, it's also the bridging piece, and with this, we have nice segmentation, efficient segmentation, simplified segmentation from a configuration perspective, and a lot of IDs. >> You know, my first reaction to this was we were adding complexity to create more simplicity. But you really have grown this out of maturing VXLAN over time. There's nothing wrong; it's been very good, but it was not specifically designed to do certain things that we are asking of it these days, especially now when it comes to, as you said, these SP-like networks when we need host mobility, we need that clean segmentation at extremely large scales. This is the type of thing that BG-- and am I saying it right? BGP EVPN for VX LAN; will that work? >> Yeah, BGP EVPN. E stands for Ethernet, so we are creating Ethernet VPNs on top of VXLAN, or with the VXLAN encapsulation. To your point, you said VXLAN is actually was always to be layer-two encapsulation only. So we brought layer-three to VXLAN with this kind of semantics. >> You can solve it with a little bit of routing; perfect. >> Awesome. >> Thank you so much. >> Thanks for having me. >>Appreciate your time. >>Thanks, Robb. [MUSIC] >> Oh, hey, guys! Listen, the workshops are where we get live and interactive. We do one with just about every single show. You don't wanna miss it. If there's not a link at the bottom of the video you're watching right now, you can always go to and just click on the Workshops. They're live, we have some of the same experts we had here, and we always go deeper, and we always take your questions. Workshops, only on TechWiseTV. [MUSIC] Well, BGP EVPN gives us VXLAN routing at the leaf switches, to give us better host mobility, segmentation, and scale. It's the efficient use of layer three for scalability, convergence, and resilience, with no dependency on spanning tree. Better link utilization with Equal Cost Multi-Path, and isolation of broadcast and failure domains. Much of this flexibility stems from the Cisco Nexus family of switches. It's flexibility that includes the ability to stay highly scalable, traditionally data-center-designed, where the same hardware can be used to migrate toward an ACI design if and when that is deemed beneficial. You can run Nexus Switches as a VPC kind of pair, classic Ethernet, MultiChassis Link Aggregation, but then the same hardware will let you use network overlays, the control plane, all the third- party devops implementation like Puppet, Chef, even Ansible, or even one day decide that full-blown SDN is what you need. Just add the APIC controller and build the ACI fabric. Well now, that's what I call investment protection. The BGP control plane for VXLAN solution relies on Cisco's track record with multitenant service provider-like data centers. Hey, for more information, check out the links on the screen. But also, I'm gonna put all kinds of resources up in the show notes at As for Twitter, you can follow me for updates and insights. You should always follow the show, of course. And with that, if you can only remember one thing, make it All the shows, including this one, can be found right there. So thank you so much for watching. We'll you on the next one. [MUSIC] Modern Orthodox Judaism.