What is VXLAN and How It is Used as an Overlay Network in Kubernetes?

Рет қаралды 10,681

Күн бұрын

In this episode, we will learn what VXLAN is and how it can be leveraged as an overlay network to manage Kubernetes POD networks. We will start off by getting a crash course on the networking Open Systems Interconnect (OSI) model, followed by an overview of overlay networks. In the following section, we will discuss what VXLAN is and go over its architecture, encapsulation model, and how it can help segmented Kubernetes POD networks to communicate in a cluster. We will conclude the video by setting up a brand-new Kubernetes cluster leveraging Calico in VXLAN mode.
Links:
Demo scripts:
github.com/gar...
My Other Videos:
► Cilium Kubernetes CNI Provider: Part 4, IP Routing Modes (Direct and Encapsulated)
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
• Cilium Kubernetes CNI ...
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process • Cilium Kubernetes CNI ...
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
• What is VXLAN and How ...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
• Managing Linux Logins,...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
• Managing Linux Logins,...
► Sharing Resources between Windows and Linux:
• Sharing Resources betw...
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
• Kubernetes kube-proxy ...
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
• Kubernetes: Configurat...
►Configuring and Managing Storage in Kubernetes:
• Configuring and Managi...
► Istio Service Mesh - Securing Kubernetes Workloads:
• Istio Service Mesh - S...
► Istio Service Mesh - Intro
• Istio Service Mesh (si...
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
• Kubernetes services - ...
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in-depth:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: • Understanding Kubernet...
►Understanding Kubernetes Networking. Part 1: Container Networking: • Video
► Setup a Linux-Windows (Calico based) Hybrid Kubernetes Cluster to Host .NET Containers:
• Setup a Linux-Windows ...
► A Docker and Kubernetes tutorial for beginners:
A Docker and Kubernetes tutorial for beginners. - KZbin
► Setup a "Docker-less" Multi-node Kubernetes Cluster on Ubuntu Server:
• Setup a "Docker-less" ...
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS: • Step by Step Instructi...
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor - KZbin: • Setup and Configure Ce...
►Setup NAT (Network Address Translation) on Hyper-V: • Setup NAT (Network Add...
► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: • Enable Nested Virtuali...
►Setup a Multi-Node MicroK8S Cluster on Windows 10: • Setup a Multi Node Mic...
► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10:
• Detailed Windows Termi...

Пікірлер: 59

@caruccio Жыл бұрын

the best videos on k8s networking i've seen. right to the point, no smalltalk. will watch all your videos.

@TheLearningChannel-Tech Жыл бұрын

Thank you!

@rizwanqayyumi1814 Жыл бұрын

Amazing content, having worked with K8 for last 5 years, I bet your detailed explanations are something I haven’t seen anywhere else, great work and thanks for sharing

@TheLearningChannel-Tech Жыл бұрын

Hi, thank you very much. Glad it was helpful!

@jimothyus 9 ай бұрын

Wow, incredible video. Thank you so much for taking the time to make this. Kubernetes should make this the first thing you see in their docs.

@TheLearningChannel-Tech 9 ай бұрын

Thank you for kind words and glad you enjoyed it!

@ganeshk5374 6 ай бұрын

One of the best explanation out there for Kubeenetes CNI concepts

@muthupriyadharshinim9033 2 жыл бұрын

I have been trying to wrap my head around CNI for so long. This video helped to a great extend. Thank you!

@rohitmishra6402 Жыл бұрын

Your channel is a hidden gem, thank you so much for these videos.

@TheLearningChannel-Tech Жыл бұрын

Thank you. Glad you like them!

@kumar.abhinav 10 ай бұрын

Amazing explanation! I don't think anyone would have explained like this.

@jonassteinberg3779 7 ай бұрын

Wowza, helluva video. I never truly understood vlans or vxlans until now -- 🙏

@TheLearningChannel-Tech 7 ай бұрын

Glad it helped!

@Techtips200 3 ай бұрын

These are great videos ....no one covers k8 networking deeper than you.

@sanjeethg4958 2 ай бұрын

amazing video. very useful to understand the concept

@eddie3610 9 ай бұрын

Are you a network engineer? I havn't seen like this detailed k8s networking contents. It is amazing content! Super thanks to you!🙂🙂🙂

@zulh-civo 2 жыл бұрын

Very useful video. Can you make video about VXLAN EVPN? I'd love to understand it - really love the visual-way of your presentation/teaching style.

@TheLearningChannel-Tech 2 жыл бұрын

Hi, thank you. My focus is around Kubernetes and Kubernetes networking topics. That said, I'll try to see if I can accommodate your request in a future presentation. Thanks.

@taahashaikh7575 2 жыл бұрын

In love with your presentation technique.

@TheLearningChannel-Tech 2 жыл бұрын

Thank you very much! Cheers!

@vijaykrbansal5995 Жыл бұрын

Nicely explained the VXLAN concept.

@buacomgiadinh1 2 жыл бұрын

very useful video on vxlan, thank you very much

@TheLearningChannel-Tech 2 жыл бұрын

Thank you, glad it was helpful!

@buacomgiadinh1 2 жыл бұрын

@@TheLearningChannel-Tech could you please make a deep dive videos for cilium cni

@TheLearningChannel-Tech 2 жыл бұрын

@@buacomgiadinh1 Hi, yes, I'll add that to my list. Thanks for your suggestion.

@SarangDumbre 6 ай бұрын

Speechless.

@gsmurugaraja 3 ай бұрын

Amazing explanation

@TheLearningChannel-Tech 3 ай бұрын

Glad it was helpful!

@GK-rl5du 9 ай бұрын

I can't thank you enough, for the really in-depth coverage on Kube networking concepts. When we say vxlan is a known type in Linux, does it mean that all the packet processing (wrapping a regular frame in a UDP packet vice versa) takes place in kernel space? I am imagining it like this, Calico daemonset will create the calico.vxlan device and configures the VNI. Rather than, calico running a UDP daemon to send/recieve the UDP packets which would be very in-efficeient due to the sheer no of context switches and data copies between kernal/user spaces.

@TheLearningChannel-Tech 9 ай бұрын

Hi, thanks for your kind words and glad you find these videos helpful. VXLAN protocol is optimized on Linux, some the network related operations occur in the kernel. It is a very useful protocol to connect devices in different networks, but it does have certain overhead. If all the worker nodes are in the same subnet, some vendors use a more direct route which is faster, Cilium is one such example: studio.kzbin.infoj2aox7K-7wU/edit

@SushilYadav7 Жыл бұрын

28:08 Container is created first and then pod namespace? That means later when the namespace is created, then the container process which must be running on some port on host machine is assigned process id = 1 within the pod namespace. That's why we see process id = 1 when we list the running process within the container.

@TheLearningChannel-Tech Жыл бұрын

Correct.

@Thinkingfeed Жыл бұрын

Thanks man!!! Very nice

@TheLearningChannel-Tech Жыл бұрын

You bet!

@pedhigala 2 жыл бұрын

Hello! this was a great video on calico vxlan. Thank you! I had a question.. is there a way to define vxlan segments in K8s calico? have different VNIs between different pods? or is the segments based on different nodes in the k8s cluster?

@TheLearningChannel-Tech 2 жыл бұрын

Hi and thanks for your feedback! As for your question, the network segments in case of Kubernetes and Calico are in reality the POD networks on each node. Each segmented POD network is given a VNI and managed by Calico.

@simo47768 2 жыл бұрын

Thank you for this awsome presentation

@TheLearningChannel-Tech 2 жыл бұрын

Thank you!

@mariuscristian7617 4 ай бұрын

I have a question here. We have a datacenter with few VXLANs, one is for load web load balancers and one is for production servers. The K8S vxlan overlay can work on the top of existing VXLANs overlays? Thank you

@TheLearningChannel-Tech 4 ай бұрын

Hi, the VXLAN implementation is internal to Kubernetes and is used to provide connectivity among pods within the Kubernetes cluster.

@alexanderkrutko644 Жыл бұрын

It is amazing stuff! Thank you very much for your work!

@TheLearningChannel-Tech Жыл бұрын

Thank you, glad it was helful.

@vipinchawria 3 ай бұрын

Thank you !! One quick question - when UDP pipe is setup between two VMs hosting containers, how is destination VM's IP determined? For example - when we did a curl to hello word service IP from master to node1, to setup the UDP pipe, node1's IP needed to be known. Is calico doing some magic under the hood for this?

@TheLearningChannel-Tech 3 ай бұрын

Hi, yes when the source pod issues an ARP request, the Calico VTEP forwards it to the other node where the other pod responds, similar to the discussion of VXLAN overview discussion.

@vipinchawria 3 ай бұрын

@@TheLearningChannel-Tech Thanks for the response. So basically when the ARP response comes back from destination VTEP, source VTEP being a switch will remember that certain MAC lives on this VTEP. So after ARP, when ping packet is sent, source VTEP will establish the UDP pipe between source and destination VTEPs. Does this seem like correct understanding?

@TheLearningChannel-Tech 3 ай бұрын

@@vipinchawria Close, Calico is a CNI provider responsible for creating pods. It knows what pod (and its IP address) is assigned to what worker node. When the source pod issues an ARP, it basically says I'm looking for the MAC address of the pod that has this IP address. Calico VTEP examines the destination IP address and forwards it to the worker node that hosts that pod.

@user-bf9ic4yd7d 2 ай бұрын

wow thanks for this amazing viedo and powerful samples... really helped me alot .. and i got one question in video 25.13 between udp tunnel and vtep , is there some kind of running process(user space) that have udp port and listening so it get packet from other node ? and if it is how does it communicate with vtep interface? thank you! and is there any chance that you could cover about tun , vtep , vtun interfaces?? i know it's lot to ask but no one can deliver the information like you again really appreciate for your works! and sorry for my poor english..

@TheLearningChannel-Tech 2 ай бұрын

Hi, thanks for your feedback. The tunnel is not a permanent construct and is only started any time when the two sides need to communicate and is shut down once the communication is completed. I'm currently planning other topics but if I get around it will consider your request. Thanks.

@user-bf9ic4yd7d 2 ай бұрын

@@TheLearningChannel-Tech thanks!!

@simo47768 2 жыл бұрын

Encapsulation in encapsulation in encapsulation in encapsulation ... 😀

@TheLearningChannel-Tech 2 жыл бұрын

Lol, yes, that kind of makes you dizzy!

@otmaniyounes8119 Жыл бұрын

hi and thank you for this information , i have a questions can we define for each pod a vxlan id ( vxlan segment ) to separate and isolate communications between pods

@TheLearningChannel-Tech Жыл бұрын

VXLAN at individual POD level? That would be terribly wasteful and will incur a lot of overhead. If you are concerned about securing communication between PODs then you should look into Wireguard/IPSec or mTLS.

@otmaniyounes8119 Жыл бұрын

@@TheLearningChannel-Tech in other word how we can isolate pods layer 2 from the host for exemple ? if i have multi users in the same cluster when each user have a pod

@violinalauradragan7001 2 ай бұрын

I love all your videos. extremly educational. do you plan to release more content please?

@TheLearningChannel-Tech 2 ай бұрын

Hi, many thanks for your kind words! Yes, I will be adding more content later in the summer, just have been busy. Any particular topic you are interested in? Thanks!

@violinalauradragan7001 2 ай бұрын

@@TheLearningChannel-Tech I apreaciate your reply so much. on top of my head I am thinking intro to microservices, or baremetal and k8s, monitoring and observabiities, k8s on prem, etc. I hope you know how valuable your videos are.

@TheLearningChannel-Tech 2 ай бұрын

@@violinalauradragan7001 I'm really humbled by your kind comments. I'm planning for a few Azure cloud-centric videos next but I will return to Kubernetes and consider your great suggestions, especially an intro to microservices and monitoring. Most of my Kubernetes thus far (except the last one) apply to both on-prem and cloud situations and the instructions to set up clusters from scratch apply to both VMs and bare-metal. If you have any questions about any of the videos or have questions/issues with the labs please post them and I will be more than happy to help if I can. Again, thank you very much for your very motivating kind words! Please take care!