Flow-Based Telemetry for VXLANs (QFX5120)

Benefit of FBT for VXLANs

With FBT for VXLANs, you can enable inline telemetry data for EVPN-VXLAN architectures that have either CRB or ERB overlays, giving you an additional source of information about your network,

A VXLAN with a CRB overlay has core switches configured as Layer/Layer 3 VXLAN gateways where the Integrated Routing and Bridging (IRB) interfaces for the virtual networks are configured on the core switches. In contrast, core switches in a VXLAN with an ERB overlay provide transport of EVPN type-2 and type-5 routes and the IRB interfaces are configured on the distribution switches. The ERB design also enables faster server-to-server, intra-campus traffic. As a result, with an ERB overlay, routing happens much closer to the end systems than with a CRB overlay. Figure 1and Figure 2 show sample topologies for these overlays. To learn more about these EVPN-VXLAN architectures, see Technology Primer: EVPN-VXLAN Fabrics for the Campus.

Figure 1: Centrally-Routed Bridging (CRB) Topology

Figure 2: Edge-Routed Bridging (ERB) Topology

Flow Export Overview

FBT for VXLANs uses software-based IPFIX flow export. (IPFIX is defined in RFC 7011.) A flow is a sequence of packets that have the same core set of parameters on an interface, some of which are source IP, destination IP, source port, destination port, and protocol. This core set of parameters is called a flow key, and the software uses this key to learn about the flows. For each flow, the software collects various parameters and exports the actual packet up to the configured clip length to a collector using the open standard IPFIX template to organize the flow. Once there is no active traffic for a flow, the flow is aged out after the configured inactive-timeout period (configure the flow-inactive-timeout statement at the [edit services inline-monitoring template template-name] hierarchy level).

For FBT for VXLANs, the flow key differs depending on whether you are monitoring IPv4 or IPv6 traffic. The flow key for IPv4 traffic is explained in Table 1 and the flow key for IPv6 traffic is explained in Table 2. For both IPv4 and IPv6 traffic, in addition to the key fields, the flow contains fields for the ingress and egress ports, the flow start and end time, and the byte and packet count delta. The flow start time is the timestamp for when the software learned the flow. The flow stop time is the timestamp of the latest counter query. A sample IPFIX data template for IPv4 traffic is shown in Figure 3.

Figure 3: Sample IPFIX Data Template for IPv4 Traffic

Limitations and Caveats

• FBT for VXLANs is supported only on Junos OS.

• Only IRB interfaces are supported. For EVPN-VXLAN networks with CRB overlays, you can only monitor the IRB interfaces on the spine. For EVPN-VXLAN networks with ERB overlays, you can only monitor the IRB interfaces on the leaves.

• Only one inline-monitoring instance and one collector are supported.

• The collector must be reachable through a network interface, not only through a management or loopback interface.

• You cannot configure an option template identifier or a forwarding class.

• The IPFIX Option Data Record and IPFIX Option Data Template are not supported.

• Flow learning and tracking is based on client traffic data only, not the outer tunnel header. Flow learning is software-based and takes up to 10 seconds per flow.

• Counters are not active until the software learns the flow and installs the flow in the flow table.

• The software does not use the TCP FIN/RST flag for flow aging.

• The software requires a layer 3 header in the packet, and supports only the TCP and UDP protocols.

• The reported egress port might not be correct with LAG, ECMP, broadcast, multicast, or unknown traffic, if the egress port is in a different VRF.