What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
Vložit
- čas přidán 29. 01. 2022
- In this episode, we will learn what VXLAN is and how it can be leveraged as an overlay network to manage Kubernetes POD networks. We will start off by getting a crash course on the networking Open Systems Interconnect (OSI) model, followed by an overview of overlay networks. In the following section, we will discuss what VXLAN is and go over its architecture, encapsulation model, and how it can help segmented Kubernetes POD networks to communicate in a cluster. We will conclude the video by setting up a brand-new Kubernetes cluster leveraging Calico in VXLAN mode.
Links:
Demo scripts:
github.com/gary-RR/myCZcams_...
My Other Videos:
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
• Cilium Kubernetes CNI ...
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process • Cilium Kubernetes CNI ...
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
• What is VXLAN and How ...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
• Managing Linux Logins,...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
• Managing Linux Logins,...
► Sharing Resources between Windows and Linux:
• Sharing Resources betw...
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
• Kubernetes kube-proxy ...
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
• Kubernetes: Configurat...
►Configuring and Managing Storage in Kubernetes:
• Configuring and Managi...
► Istio Service Mesh - Securing Kubernetes Workloads:
• Istio Service Mesh - S...
► Istio Service Mesh - Intro
• Istio Service Mesh (si...
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
• Kubernetes services - ...
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in-depth:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: • Understanding Kubernet...
►Understanding Kubernetes Networking. Part 1: Container Networking: • Video
► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers:
• Setup a Linux-Windows ...
► A Docker and Kubernetes tutorial for beginners:
A Docker and Kubernetes tutorial for beginners. - CZcams
► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server:
• Setup a "Docker-less" ...
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS: • Step by Step Instructi...
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor - CZcams: • Setup and Configure Ce...
►Setup NAT (Network Address Translation) on Hyper-V: • Setup NAT (Network Add...
► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: • Enable Nested Virtuali...
►Setup a Multi-Node MicroK8S Cluster on Windows 10: • Setup a Multi Node Mic...
► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10:
• Detailed Windows Termi... - Věda a technologie
These are great videos ....no one covers k8 networking deeper than you.
amazing video. very useful to understand the concept
One of the best explanation out there for Kubeenetes CNI concepts
the best videos on k8s networking i've seen. right to the point, no smalltalk. will watch all your videos.
Thank you!
Wow, incredible video. Thank you so much for taking the time to make this. Kubernetes should make this the first thing you see in their docs.
Thank you for kind words and glad you enjoyed it!
Amazing content, having worked with K8 for last 5 years, I bet your detailed explanations are something I haven’t seen anywhere else, great work and thanks for sharing
Hi, thank you very much. Glad it was helpful!
I have been trying to wrap my head around CNI for so long. This video helped to a great extend. Thank you!
Amazing explanation! I don't think anyone would have explained like this.
Your channel is a hidden gem, thank you so much for these videos.
Thank you. Glad you like them!
Nicely explained the VXLAN concept.
Amazing explanation
Glad it was helpful!
Wowza, helluva video. I never truly understood vlans or vxlans until now -- 🙏
Glad it helped!
In love with your presentation technique.
Thank you very much! Cheers!
Speechless.
Are you a network engineer? I havn't seen like this detailed k8s networking contents. It is amazing content! Super thanks to you!🙂🙂🙂
It is amazing stuff! Thank you very much for your work!
Thank you, glad it was helful.
Thank you for this awsome presentation
Thank you!
Thanks man!!! Very nice
You bet!
very useful video on vxlan, thank you very much
Thank you, glad it was helpful!
@@TheLearningChannel-Tech could you please make a deep dive videos for cilium cni
@@buacomgiadinh1 Hi, yes, I'll add that to my list. Thanks for your suggestion.
Very useful video. Can you make video about VXLAN EVPN? I'd love to understand it - really love the visual-way of your presentation/teaching style.
Hi, thank you. My focus is around Kubernetes and Kubernetes networking topics. That said, I'll try to see if I can accommodate your request in a future presentation. Thanks.
I can't thank you enough, for the really in-depth coverage on Kube networking concepts.
When we say vxlan is a known type in Linux, does it mean that all the packet processing (wrapping a regular frame in a UDP packet vice versa) takes place in kernel space?
I am imagining it like this, Calico daemonset will create the calico.vxlan device and configures the VNI. Rather than, calico running a UDP daemon to send/recieve the UDP packets which would be very in-efficeient due to the sheer no of context switches and data copies between kernal/user spaces.
Hi, thanks for your kind words and glad you find these videos helpful. VXLAN protocol is optimized on Linux, some the network related operations occur in the kernel. It is a very useful protocol to connect devices in different networks, but it does have certain overhead. If all the worker nodes are in the same subnet, some vendors use a more direct route which is faster, Cilium is one such example: studio.czcams.com/users/videoj2aox7K-7wU/edit
Hello! this was a great video on calico vxlan. Thank you! I had a question.. is there a way to define vxlan segments in K8s calico? have different VNIs between different pods? or is the segments based on different nodes in the k8s cluster?
Hi and thanks for your feedback!
As for your question, the network segments in case of Kubernetes and Calico are in reality the POD networks on each node. Each segmented POD network is given a VNI and managed by Calico.
28:08 Container is created first and then pod namespace? That means later when the namespace is created, then the container process which must be running on some port on host machine is assigned process id = 1 within the pod namespace. That's why we see process id = 1 when we list the running process within the container.
Correct.
Thank you !! One quick question - when UDP pipe is setup between two VMs hosting containers, how is destination VM's IP determined? For example - when we did a curl to hello word service IP from master to node1, to setup the UDP pipe, node1's IP needed to be known. Is calico doing some magic under the hood for this?
Hi, yes when the source pod issues an ARP request, the Calico VTEP forwards it to the other node where the other pod responds, similar to the discussion of VXLAN overview discussion.
@@TheLearningChannel-Tech Thanks for the response. So basically when the ARP response comes back from destination VTEP, source VTEP being a switch will remember that certain MAC lives on this VTEP. So after ARP, when ping packet is sent, source VTEP will establish the UDP pipe between source and destination VTEPs. Does this seem like correct understanding?
@@vipinchawria Close, Calico is a CNI provider responsible for creating pods. It knows what pod (and its IP address) is assigned to what worker node. When the source pod issues an ARP, it basically says I'm looking for the MAC address of the pod that has this IP address. Calico VTEP examines the destination IP address and forwards it to the worker node that hosts that pod.
hi and thank you for this information , i have a questions can we define for each pod a vxlan id ( vxlan segment ) to separate and isolate communications between pods
VXLAN at individual POD level? That would be terribly wasteful and will incur a lot of overhead. If you are concerned about securing communication between PODs then you should look into Wireguard/IPSec or mTLS.
@@TheLearningChannel-Tech in other word how we can isolate pods layer 2 from the host for exemple ? if i have multi users in the same cluster when each user have a pod
I have a question here. We have a datacenter with few VXLANs, one is for load web load balancers and one is for production servers. The K8S vxlan overlay can work on the top of existing VXLANs overlays? Thank you
Hi, the VXLAN implementation is internal to Kubernetes and is used to provide connectivity among pods within the Kubernetes cluster.
Encapsulation in encapsulation in encapsulation in encapsulation ... 😀
Lol, yes, that kind of makes you dizzy!