alexandremattioli commented on code in PR #444: URL: https://github.com/apache/cloudstack-documentation/pull/444#discussion_r1794118205
########## source/plugins/vxlan.rst: ########## @@ -328,70 +234,134 @@ Since VXLAN uses UDP packet to forward encapsulated the L2 frames, UDP/8472 port must be opened. -Configure in RHEL or CentOS -''''''''''''''''''''''''''' - -RHEL and CentOS use iptables for firewalling the system, you can open -extra ports by executing the following iptable commands: +Make sure that your firewall (firewalld, ufw, ...) allows UDP packets on port 8472, as an example: :: - $ sudo iptables -I INPUT -p udp -m udp --dport 8472 -j ACCEPT - - -These iptable settings are not persistent accross reboots, we have to -save them first. - -:: - - $ sudo iptables-save > /etc/sysconfig/iptables - - -With this configuration you should be able to restart the Network, -although a reboot is recommended to see if everything works properly. - -:: - - $ sudo service network restart - $ sudo reboot + $ sudo firewall-cmd --zone=public --permanent --add-port=8472/udp + $ sudo ufw allow proto udp from any to any port 8472 -.. warning:: - Make sure you have an alternative way like IPMI or ILO to reach the machine - in case you made a configuration error and the Network stops functioning! +VXLAN using EVPN +--------------------- +Using VXLAN with BGP+EVPN as underlay is more complex to set up, but does allow for more scaling and provides much more flexibility. -Configure in Ubuntu -''''''''''''''''''' +This documentation can not cover all elements of deploying BGP+EVPN in your environment. -The default firewall under Ubuntu is UFW (Uncomplicated FireWall), which -is a Python wrapper around iptables. +It is recommend to read `this blogpost <https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn>`_ before you continue. -To open the required ports, execute the following commands: +The main items for using EVPN: -:: +- BGP Routing Daemon on the hypervisor +- No LACP/Bonding will be used +- Modified script is required to use EVPN instead of Multicast Review Comment: @NuxRo Did you truncate the phrase by accident? ########## source/plugins/vxlan.rst: ########## @@ -17,68 +17,47 @@ The VXLAN Plugin ================ -System Requirements for VXLAN ------------------------------ +General +------- +CloudStack supports VXLAN technology to enhance scalability and flexibility in networking designs. -In CloudStack 4.X.0, this plugin only supports the KVM hypervisor with the -standard linux bridge. +Using VXLAN (Virtual Extensible LAN) over traditional VLAN (Virtual LAN) offers several key benefits, especially for modern data centers and cloud networking environments that require high scalability and flexibility. -The following table lists the requirements for the hypervisor. +VXLAN overcomes the limitations of traditional VLANs by providing a highly scalable, flexible, and efficient networking solution. It enables the creation of a large number of isolated virtual networks over a common physical infrastructure, +supports better utilization of network resources through Layer 3 routing capabilities, and simplifies network management and provisioning. -.. cssclass:: table-striped table-bordered table-hover +When deploying a VXLAN-based network, there are two options to choose from: -+----------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ -| Item | Requirement | Note | -+================+===============================================+================================================================================================================+ -| Hypervisor | KVM | OvsVifDriver is not supported by this plugin in CloudStack 4.X, use BridgeVifDriver (default). | -+----------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ -| Linux kernel | version >= 3.7, VXLAN kernel module enabled | It is recommended to use kernel >=3.9, since Linux kernel categorizes the VXLAN driver as experimental <3.9. | -+----------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ -| iproute2 | matches kernel version | | -+----------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ + • Multicast + • EVPN using BGP -Table: Hypervisor Requirement for VXLAN - - -Linux Distributions that meet the requirements ----------------------------------------------- - -The following table lists distributions which meet requirements. - -.. cssclass:: table-striped table-bordered table-hover - -+----------------+-------------------+-------------------------------------------+----------------------------------------------------------------+ -| Distribution | Release Version | Kernel Version (Date confirmed) | Note | -+================+===================+===========================================+================================================================+ -| Ubuntu | 13.04 | 3.8.0 (2013/07/23) | | -+----------------+-------------------+-------------------------------------------+----------------------------------------------------------------+ -| Fedora | >= 17 | 3.9.10 (2013/07/23) | Latest kernel packages are available in "update" repository. | -+----------------+-------------------+-------------------------------------------+----------------------------------------------------------------+ -| CentOS | >= 6.5 | 2.6.32-431.3.1.el6.x86\_64 (2014/01/21) | | -+----------------+-------------------+-------------------------------------------+----------------------------------------------------------------+ - -Table: List of Linux distributions which meet the hypervisor -requirements +While Multicast is the easiest to set up, EVPN offers much more control, scalability, and flexibility. Therefore, it is chosen in most VXLAN network deployments. +.. warning:: + Deploying VXLAN, especially with EVPN, requires extensive networking knowledge which isn't covered by this documentation or CloudStack in general. + Make sure to familiarize yourself with VXLAN, BGP and EVPN before attempting to deploy this network technology. -Check the capability of your system -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +System Requirements / Networking for VXLAN +------------------------------------------ -To check the capability of your system, execute the following commands. -:: +The following table lists the requirements for using VXLAN in your deployment: - $ sudo modprobe vxlan && echo $? - # Confirm the output is "0". - # If it's non-0 value or error message, your kernel doesn't have VXLAN kernel module. - $ ip link add type vxlan help - # Confirm the output is usage of the command and that it's for VXLAN. - # If it's not, your iproute2 utility doesn't support VXLAN. ++---------------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ +| Item | Requirement | Note | ++=====================+===============================================+================================================================================================================+ +| Hypervisor | KVM | Only the BridgeVifDriver (default) is supported | ++---------------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ +| Network Card (NIC) | VXLAN offloading | A NIC with VXLAN-offloading support is recommended. For example Mellanox ConnectX-5 or Intel X710 | ++---------------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ +| IP Protocol | IPv4 or IPv6 | CloudStack is agnostic to the IP-protocol being used as underlay. Both IPv4 and IPv6 are supported | ++---------------------+-----------------------------------------------+----------------------------------------------------------------------------------------------------------------+ +| MTU | >=1550 | VXLAN has an overhead of 50 bytes, therefor 1550 is the minimum. See the notes below | Review Comment: ```suggestion | MTU | >=1550 | VXLAN has an overhead of 50 bytes, therefore 1550 is the minimum. See the notes below | ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
