What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
HTML-код
- Опубликовано: 15 окт 2024
- In this episode, we will learn what VXLAN is and how it can be leveraged as an overlay network to manage Kubernetes POD networks. We will start off by getting a crash course on the networking Open Systems Interconnect (OSI) model, followed by an overview of overlay networks. In the following section, we will discuss what VXLAN is and go over its architecture, encapsulation model, and how it can help segmented Kubernetes POD networks to communicate in a cluster. We will conclude the video by setting up a brand-new Kubernetes cluster leveraging Calico in VXLAN mode.
Links:
Demo scripts:
github.com/gar...
My Other Videos:
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
• Cilium Kubernetes CNI ...
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process • Cilium Kubernetes CNI ...
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
• What is VXLAN and How ...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
• Managing Linux Logins,...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
• Managing Linux Logins,...
► Sharing Resources between Windows and Linux:
• Sharing Resources betw...
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
• Kubernetes kube-proxy ...
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
• Kubernetes: Configurat...
►Configuring and Managing Storage in Kubernetes:
• Configuring and Managi...
► Istio Service Mesh - Securing Kubernetes Workloads:
• Istio Service Mesh - S...
► Istio Service Mesh - Intro
• Istio Service Mesh (si...
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
• Kubernetes services - ...
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in-depth:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: • Understanding Kubernet...
►Understanding Kubernetes Networking. Part 1: Container Networking: • Video
► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers:
• Setup a Linux-Windows ...
► A Docker and Kubernetes tutorial for beginners:
A Docker and Kubernetes tutorial for beginners. - RUclips
► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server:
• Setup a "Docker-less" ...
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS: • Step by Step Instructi...
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor - RUclips: • Setup and Configure Ce...
►Setup NAT (Network Address Translation) on Hyper-V: • Setup NAT (Network Add...
► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: • Enable Nested Virtuali...
►Setup a Multi-Node MicroK8S Cluster on Windows 10: • Setup a Multi Node Mic...
► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10:
• Detailed Windows Termi...
![ARGENTINA vs. BOLIVIA [6-0] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 10](http://i.ytimg.com/vi/C3wPtKNbAOA/mqdefault.jpg)
Whenever I face any issues with k8s networking, I come to your channel. Precise, concise and brilliant content!!!
the best videos on k8s networking i've seen. right to the point, no smalltalk. will watch all your videos.
Thank you!
I have learnt a lot from your channel. Keep generating such amazing content. It would be great, if there are more frequent videos.
One of the best explanation out there for Kubeenetes CNI concepts
Amazing content, having worked with K8 for last 5 years, I bet your detailed explanations are something I haven’t seen anywhere else, great work and thanks for sharing
Hi, thank you very much. Glad it was helpful!
Wow, incredible video. Thank you so much for taking the time to make this. Kubernetes should make this the first thing you see in their docs.
Thank you for kind words and glad you enjoyed it!
I have been trying to wrap my head around CNI for so long. This video helped to a great extend. Thank you!
Amazing explanation! I don't think anyone would have explained like this.
Your channel is a hidden gem, thank you so much for these videos.
Thank you. Glad you like them!
These are great videos ....no one covers k8 networking deeper than you.
Wowza, helluva video. I never truly understood vlans or vxlans until now -- 🙏
Glad it helped!
Are you a network engineer? I havn't seen like this detailed k8s networking contents. It is amazing content! Super thanks to you!🙂🙂🙂
Nicely explained the VXLAN concept.
In love with your presentation technique.
Thank you very much! Cheers!
Very useful video. Can you make video about VXLAN EVPN? I'd love to understand it - really love the visual-way of your presentation/teaching style.
Hi, thank you. My focus is around Kubernetes and Kubernetes networking topics. That said, I'll try to see if I can accommodate your request in a future presentation. Thanks.
amazing video. very useful to understand the concept
very useful video on vxlan, thank you very much
Thank you, glad it was helpful!
@@TheLearningChannel-Tech could you please make a deep dive videos for cilium cni
@@buacomgiadinh1 Hi, yes, I'll add that to my list. Thanks for your suggestion.
Amazing explanation
Glad it was helpful!
I can't thank you enough, for the really in-depth coverage on Kube networking concepts.
When we say vxlan is a known type in Linux, does it mean that all the packet processing (wrapping a regular frame in a UDP packet vice versa) takes place in kernel space?
I am imagining it like this, Calico daemonset will create the calico.vxlan device and configures the VNI. Rather than, calico running a UDP daemon to send/recieve the UDP packets which would be very in-efficeient due to the sheer no of context switches and data copies between kernal/user spaces.
Hi, thanks for your kind words and glad you find these videos helpful. VXLAN protocol is optimized on Linux, some the network related operations occur in the kernel. It is a very useful protocol to connect devices in different networks, but it does have certain overhead. If all the worker nodes are in the same subnet, some vendors use a more direct route which is faster, Cilium is one such example: studio.ruclips.net/user/videoj2aox7K-7wU/edit
Hello! this was a great video on calico vxlan. Thank you! I had a question.. is there a way to define vxlan segments in K8s calico? have different VNIs between different pods? or is the segments based on different nodes in the k8s cluster?
Hi and thanks for your feedback!
As for your question, the network segments in case of Kubernetes and Calico are in reality the POD networks on each node. Each segmented POD network is given a VNI and managed by Calico.
Speechless.
Thanks man!!! Very nice
You bet!
I have a question here. We have a datacenter with few VXLANs, one is for load web load balancers and one is for production servers. The K8S vxlan overlay can work on the top of existing VXLANs overlays? Thank you
Hi, the VXLAN implementation is internal to Kubernetes and is used to provide connectivity among pods within the Kubernetes cluster.
28:08 Container is created first and then pod namespace? That means later when the namespace is created, then the container process which must be running on some port on host machine is assigned process id = 1 within the pod namespace. That's why we see process id = 1 when we list the running process within the container.
Correct.
Thank you for this awsome presentation
Thank you!
It is amazing stuff! Thank you very much for your work!
Thank you, glad it was helful.
Thank you !! One quick question - when UDP pipe is setup between two VMs hosting containers, how is destination VM's IP determined? For example - when we did a curl to hello word service IP from master to node1, to setup the UDP pipe, node1's IP needed to be known. Is calico doing some magic under the hood for this?
Hi, yes when the source pod issues an ARP request, the Calico VTEP forwards it to the other node where the other pod responds, similar to the discussion of VXLAN overview discussion.
@@TheLearningChannel-Tech Thanks for the response. So basically when the ARP response comes back from destination VTEP, source VTEP being a switch will remember that certain MAC lives on this VTEP. So after ARP, when ping packet is sent, source VTEP will establish the UDP pipe between source and destination VTEPs. Does this seem like correct understanding?
@@vipinchawria Close, Calico is a CNI provider responsible for creating pods. It knows what pod (and its IP address) is assigned to what worker node. When the source pod issues an ARP, it basically says I'm looking for the MAC address of the pod that has this IP address. Calico VTEP examines the destination IP address and forwards it to the worker node that hosts that pod.
perfect content
wow thanks for this amazing viedo and
powerful samples... really helped me alot ..
and i got one question in video 25.13
between udp tunnel and vtep ,
is there some kind of running process(user space) that have udp port and listening so it get packet from other node ?
and if it is how does it communicate with vtep interface?
thank you!
and is there any chance that you could cover about tun , vtep , vtun interfaces?? i know it's lot to ask but no one can deliver the information like you
again really appreciate for your works!
and sorry for my poor english..
Hi, thanks for your feedback. The tunnel is not a permanent construct and is only started any time when the two sides need to communicate and is shut down once the communication is completed. I'm currently planning other topics but if I get around it will consider your request. Thanks.
@@TheLearningChannel-Tech thanks!!
hi and thank you for this information , i have a questions can we define for each pod a vxlan id ( vxlan segment ) to separate and isolate communications between pods
VXLAN at individual POD level? That would be terribly wasteful and will incur a lot of overhead. If you are concerned about securing communication between PODs then you should look into Wireguard/IPSec or mTLS.
@@TheLearningChannel-Tech in other word how we can isolate pods layer 2 from the host for exemple ? if i have multi users in the same cluster when each user have a pod
Encapsulation in encapsulation in encapsulation in encapsulation ... 😀
Lol, yes, that kind of makes you dizzy!
I love all your videos. extremly educational. do you plan to release more content please?
Hi, many thanks for your kind words! Yes, I will be adding more content later in the summer, just have been busy. Any particular topic you are interested in? Thanks!
@@TheLearningChannel-Tech I apreaciate your reply so much. on top of my head I am thinking intro to microservices, or baremetal and k8s, monitoring and observabiities, k8s on prem, etc. I hope you know how valuable your videos are.
@@violinalauradragan7001 I'm really humbled by your kind comments. I'm planning for a few Azure cloud-centric videos next but I will return to Kubernetes and consider your great suggestions, especially an intro to microservices and monitoring. Most of my Kubernetes thus far (except the last one) apply to both on-prem and cloud situations and the instructions to set up clusters from scratch apply to both VMs and bare-metal. If you have any questions about any of the videos or have questions/issues with the labs please post them and I will be more than happy to help if I can. Again, thank you very much for your very motivating kind words! Please take care!