VLAN - bobbae/gcp GitHub Wiki

VLANs allows network administrators to group hosts under the same switch or between different switches.

The protocol most commonly used today to support VLANs is IEEE 802.1Q.

VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

Ethernet

https://en.wikipedia.org/wiki/Ethernet

Virtual Networking

Network Virtualization is a process of logically grouping physical networks and making them operate as single or multiple independent networks called Virtual Networks.

For example, VMware NSX Data Center is a network virtualization platform that delivers networking and security components like firewalling, switching, and routing that are defined and consumed in software.

Linux also has network utilities and rich virtual networking capabilities that are used as basis for hosting VMs and containers, as well as cloud environments.

NFV, VNF, SDN

Comparison of NFV, VNF, SDN

https://cloudify.co/blog/mobile-world-congress-nfv-sdn-network-orchestration-automation/

NFV

Network Function Virtualization is an approach by Telecom companies for deployment, management, and scaling of network functions. NFV allows for decoupling and virtualization of existing OSS or legacy hardware to make them software-driven and use standardized hardware. NFV is about the overarching concept as a framework for running SDN functions.

VNF

Virtualized Network Function is the implementation of a network function by utilizing a software decoupled from the underlying hardware infrastructure. This concerns with the general requirement for significant changes to existing code in order to convert a Network Function (NF) into a Virtualized Network Function (VNF). Common VNFs include virtualized routers, firewalls, WAN optimization, and network address translation (NAT) services.

SDN

Software Defined Networking is an approach that decouples the control plane from the data plane in networking equipment. NFV and SDN are complementary. SDN enables keeping the intelligence of the network within the controller, leaving the network equipment handling data which can execute operations mandated by the controller. The network equipment does not need powerful controller capabilities and can be based on POTS (Plain, Off the shelf) virtualized servers.

MANO

MANO is defined by ETSI as the layer that manages and orchestrates the cloud resources infrastructure. It consists of VIM, VNFM, and Orchestrator. Together they provide a full end-to-end lifecycle solution of NFV orchestration and management -- from installation, deployment, and through to post-deployment. MANO makes use of TOSCA as the NFV orchestration standard.

OVS

Open vSwitch, sometimes abbreviated as OVS, is an open-source implementation of a distributed virtual multilayer switch. The main purpose of Open vSwitch is to provide a switching stack for hardware virtualization environments, while supporting multiple protocols and standards used in computer networks.

It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vSwitch or Cisco's Nexus 1000V.

Bridge

A Linux bridge behaves like a network switch. It forwards packets between interfaces that are connected to it. It's usually used for forwarding packets on routers, on gateways, or between VMs and network namespaces on a host. It also supports STP, VLAN filter, and multicast snooping.

https://wiki.linuxfoundation.org/networking/bridge

Bonding

The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interface depends on the mode; generally speaking, modes provide either hot standby or load balancing services.

Team device

Similar a bonded interface, the purpose of a team device is to provide a mechanism to group multiple NICs (ports) into one logical one (teamdev) at the L2 layer.

VLAN

A VLAN, aka virtual LAN, separates broadcast domains by adding tags to network packets.

VXLAN

VXLAN (Virtual eXtensible Local Area Network) is a tunneling protocol designed to solve the problem of limited VLAN IDs (4,096) in IEEE 802.1q. It is described by IETF RFC 7348.

MACVLAN

With VLAN, you can create multiple interfaces on top of a single one and filter packages based on a VLAN tag. With MACVLAN, you can create multiple interfaces with different Layer 2 (that is, Ethernet MAC) addresses on top of a single one.

Before MACVLAN, if you wanted to connect to physical network from a VM or namespace, you would have needed to create TAP/VETH devices and attach one side to a bridge and attach a physical interface to the bridge on the host at the same time, as shown below.

Running Openshift on Openstack with Macvlan CNI Plug-in

https://cloud.redhat.com/blog/openshift-on-openstack-with-macvlan-cni-plug-in

IPVLAN

IPVLAN is similar to MACVLAN with the difference being that the endpoints have the same MAC address.

https://hicu.be/macvlan-vs-ipvlan

MACVTAP/IPVTAP

MACVTAP/IPVTAP is a new device driver meant to simplify virtualized bridged networking. When a MACVTAP/IPVTAP instance is created on top of a physical interface, the kernel also creates a character device/dev/tapX to be used just like a TUN/TAP device, which can be directly used by KVM/QEMU.

https://linuxnatives.net/2012/virtualized-bridged-networking-with-macvtap

https://liuhangbin.netlify.app/post/virtual-ifaces/#macvtapipvtap

MACSec

MACsec (Media Access Control Security) is an IEEE standard for security in wired Ethernet LANs. Similar to IPsec, as a layer 2 specification, MACsec can protect not only IP traffic but also ARP, neighbor discovery, and DHCP.

https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic

VETH

The VETH (virtual Ethernet) device is a local Ethernet tunnel.

VCAN

The VCAN (virtual CAN) driver offers a virtual local CAN (Controller Area Network) interface, so users can send/receive CAN messages via a VCAN interface. CAN bus is a vehicle bus standard to allow microcontrollers to communicate, mostly used in the automotive field.

VXCAN

Similar to the VETH driver, a VXCAN (Virtual CAN tunnel) implements a local CAN traffic tunnel between two VCAN network devices. When you create a VXCAN instance, two VXCAN devices are created as a pair. When one end receives the packet, the packet appears on the device's pair and vice versa. VXCAN can be used for cross-namespace communication.