VIRTUAL EXTENSIBLE LAN TUNNEL KEEPALIVES

Information

  • Patent Application
  • 20170118044
  • Publication Number
    20170118044
  • Date Filed
    January 10, 2017
    7 years ago
  • Date Published
    April 27, 2017
    7 years ago
Abstract
One embodiment of the present invention provides a switch that is a member of a fabric switch. The switch includes a keepalive response module that identifies a keepalive response packet that does not correspond to any keepalive packet previously transmitted by the switch. The switch also includes a switch identifier extraction module that extracts a switch identifier from a payload of the keepalive response packet, where the switch identifier corresponds to another member switch in the fabric switch. The switch further includes a forwarding module that constructs a packet that includes the payload and is destined to the other member switch.
Description
BACKGROUND

Field


The present disclosure relates to network management. More specifically, the present disclosure relates to a method and system for monitoring the health of a virtual extensible local area network (LAN), or VXLAN, tunnel based on a keepalive mechanism.


Related Art


The exponential growth of the Internet has made it a popular delivery medium for multimedia applications, such as video on demand and television. Such applications have brought with them an increasing demand for bandwidth. As a result, equipment vendors race to build larger and faster switches with versatile capabilities, such as service insertion and provisioning, to move more traffic efficiently. However, the size of a switch cannot grow infinitely. It is limited by physical space, power consumption, and design complexity, to name a few factors. Furthermore, switches with higher capability are usually more complex and expensive. More importantly, because an overly large and complex system often does not provide economy of scale, simply increasing the size and capability of a switch may prove economically unviable due to the increased per-port cost.


A flexible way to improve the scalability of a switch system is to build a fabric switch. A fabric switch is a collection of individual member switches. These member switches form a single, logical switch that can have an arbitrary number of ports and an arbitrary topology. As demands grow, customers can adopt a “pay as you grow” approach to scale up the capacity of the fabric switch.


Meanwhile, layer-2 (e.g., Ethernet) switching technologies continue to evolve. More routing-like functionalities, which have traditionally been the characteristics of layer-3 (e.g., Internet Protocol or IP) networks, are migrating into layer-2. Notably, the recent development of the Transparent Interconnection of Lots of Links (TRILL) protocol allows Ethernet switches to function more like routing devices. TRILL overcomes the inherent inefficiency of the conventional spanning tree protocol, which forces layer-2 switches to be coupled in a logical spanning-tree topology to avoid looping. TRILL allows routing bridges (RBridges) to be coupled in an arbitrary topology without the risk of looping by implementing routing functions in switches and including a hop count in the TRILL header.


As Internet traffic is becoming more diverse, virtual computing in a network is becoming progressively more important as a value proposition for network architects. For example, virtual extensible local area network (VXLAN) is a network virtualization technology which facilitates an overlay encapsulation protocol, e.g., by providing a layer-3 encapsulation of a layer-2 frame through a VXLAN tunnel. However, because VXLAN tunnels are stateless, a source VXLAN tunnel endpoint (VTEP) typically does not maintain information related to the availability of a destination VTEP. If the destination VTEP is unreachable, the source VTEP may remain unaware and may not be able to bring the tunnel down. This can result in inefficient path utilization. Thus, while overlay tunneling brings many desirable features to a network, some issues remain unsolved in monitoring the health of a VXLAN tunnel.


SUMMARY

One embodiment of the present invention provides a switch that is a member of a fabric switch. The switch includes a keepalive response module that identifies a keepalive response packet that does not correspond to any keepalive packet previously transmitted by the switch. The switch also includes a switch identifier extraction module that extracts a switch identifier from a payload of the keepalive response packet, where the switch identifier corresponds to another member switch in the fabric switch. The switch further includes a forwarding module that constructs a packet that includes the payload and is destined to the other member switch.


In a variation on this embodiment, the first protocol is based on a virtual extensible local area network (VXLAN).


In a further variation, the forwarding module encapsulates the payload based on a second protocol, determines an output port for the encapsulated payload based on the extracted switch identifier, and transmits the encapsulated payload via the determined output port.


In a further variation, the switch and the other member switch are each a virtual routing Bridge (RBridge) that belongs to the fabric switch. The switch identifier for an RBridge is an RBridge identifier associated with a respective switch. The second protocol is Transparent Interconnection of Lots of Links (TRILL).


In a further variation on this embodiment, the switch includes a fabric switch management module that determines a same reserved address for the switch and any member switch in the fabric switch.


In a further variation, the keepalive response packet includes a header and the payload. The header includes a source address corresponding to a switch identifier of a remote switch and a destination address corresponding to a reserved address. The payload includes a source address corresponding to the reserved address, a destination address corresponding to a switch identifier of the switch, and information relating to a tunnel between the switch and the remote switch.


In a further variation, the header further includes a network identifier that indicates a keepalive message and is set to one of: a reserved value; a value of 0; a value configured by a user; and a value that is provisioned between the switch and the remote switch.


In a further variation, the source address included in the header is a media access control (MAC) address that includes the corresponding switch identifier in an encoded format, and the destination address included in the payload is a MAC address that includes the corresponding switch identifier in an encoded format.





BRIEF DESCRIPTION OF THE FIGURES


FIG. 1A illustrates an exemplary network comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention.



FIG. 1B illustrates an exemplary network 100 comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, where the member switch that receives the keepalive response is not the originating member switch of the keepalive packet, in accordance with an embodiment of the present invention.



FIG. 1C illustrates an exemplary network 100 comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, where the member switch that receives the keepalive response is the originating member switch of the keepalive packet, in accordance with an embodiment of the present invention.



FIG. 2 illustrates an exemplary format of a keepalive packet, in accordance with an embodiment of the present invention.



FIG. 3A presents a flowchart illustrating a process of a source VTEP, which is member switch of a fabric switch, monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention.



FIG. 3B presents a flowchart illustrating a process of a member switch of a fabric switch determining whether a keepalive response has been received, in accordance with an embodiment of the present invention.



FIG. 3C presents a flowchart illustrating a process of a destination VTEP processing a keepalive packet, in accordance with an embodiment of the present invention.



FIG. 4 illustrates an exemplary network that includes a VTEP, which is a standalone switch, capable of monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention.



FIG. 5 illustrates an exemplary format of a keepalive packet, in conjunction with the network of FIG. 4, in accordance with an embodiment of the present invention.



FIG. 6A presents a flowchart illustrating a process of a VTEP, which is a standalone switch, monitoring the health of a VXLAN tunnel based on keepalive packets, in conjunction with the network of FIG. 4, in accordance with an embodiment of the present invention.



FIG. 6B presents a flowchart illustrating a process of a VTEP, which is a standalone switch, determining whether a keepalive response has been received, in accordance with an embodiment of the present invention.



FIG. 7 illustrates an exemplary switch that monitors the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention.





In the figures, like reference numerals refer to the same figure elements.


DETAILED DESCRIPTION

The following description is presented to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present invention. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the claims.


Overview

In embodiments of the present invention, the problem of monitoring the health of a VXLAN tunnel is solved by sending keepalive packets from a source VXLAN tunnel endpoint (VTEP) to a destination VTEP and modifying the state of the VXLAN tunnel based on received keepalive response packets. VXLAN tunnels are typically stateless. Hence, a source VTEP may not maintain state information regarding the availability of a destination VTEP. If the destination VTEP is not reachable, the source VTEP may not be aware of the unavailability, and hence, may not bring down the tunnel. This can lead to inefficient path utilization. One solution is to use Internet Control Message Protocol (ICMP) messages or the Packet to Internet Groper (PING) facility. However, these packets are typically blocked by intermediate routers and firewalls. If a VXLAN tunnel spans a wide area network (WAN) (e.g., across an IP network), these packets may get dropped. As a result, a source VTEP may bring down a tunnel even when the destination VTEP is reachable. Another solution is to use a standard VXLAN keepalive packet. However, if one VTEP supports the keepalive mechanism but the other does not, this can lead to interoperability issues. Furthermore, the source VTEP can be a fabric switch, which is a large-scale logical switch that includes a number of physical member switches. A member switch that sends a VXLAN keepalive packet may not be the same member switch that receives a corresponding keepalive response.


To solve this problem, embodiments of the present invention provide a system that allows a fabric switch, via an originating member switch as the source VTEP, to periodically create and send keepalive packets where the keepalive response packet is included (e.g., encapsulated) in the keepalive packet. This keepalive response packet is destined to the source VTEP. The destination VTEP receives and processes (e.g., decapsulates) the keepalive packet as a standard VXLAN frame. The destination VTEP determines that the keepalive response packet is destined to the source VTEP and sends the keepalive response packet back to the fabric switch. Because any member switch in the fabric switch can receive the keepalive response packet, the receiving member switch performs intra-fabric forwarding as needed to ensure that the keepalive response packet is received by the originating member switch. If the originating member switch does not receive the keepalive response packet, the originating member switch determines that the destination VTEP is not reachable and acts accordingly (e.g., sets the VXLAN tunnel state to down.


Specifically, the originating member switch of the fabric switch creates a keepalive packet that comprises an outer VXLAN header, an inner VXLAN header, and a payload. The payload includes the VXLAN tunnel information and a switch identifier of the originating member switch. The inner VXLAN header and the payload constitute the keepalive response packet. The originating member switch sends the keepalive packet to the destination VTEP, which receives the keepalive packet, decapsulates the outer VXLAN header, and inspects the inner VXLAN header. The destination VTEP can be a switch, a fabric switch, or any layer-3 or layer-3 device capable of processing a VXLAN data frame. Based on the destination addresses included in the inner VXLAN header, the destination VTEP sends the keepalive response packet (comprised of the inner VXLAN header and the payload) back to the fabric switch. Because the keepalive packet is constructed to include the keepalive response packet inside (e.g., the inner VXLAN header and the payload), the destination VTEP can process the keepalive packet like a standard VXLAN data frame and perform a standard VXLAN decapsulation. Thus, the destination VTEP does not need to support any specific VXLAN keepalive mechanisms.


When the fabric switch receives the keepalive response packet from the destination VTEP, a member switch other than the originating member switch may receive the keepalive response packet. The receiving member switch then determines whether it is the originating switch. If not, the receiving member switch forwards the keepalive response packet to the originating member switch. When the originating member switch receives the keepalive response packet, it tracks the received keepalive response based on a previously initiated timer and a drop counter. For example, upon sending the keepalive packet, the originating member switch can initiate a timer with a predetermined expiration time. If the timer expires before a corresponding keepalive response packet is received, the system can increment a drop counter that has a predetermined threshold. If the drop counter exceeds the threshold, the system can set the tunnel to a down state. If a keepalive response packet is received before the expiration of the timer, the system can reset the drop counter and, if the tunnel is in a down state, set the tunnel to an up state.


In some embodiments, the source VTEP does not belong to a fabric switch and is simply a standalone tunnel endpoint. In such a non-fabric scenario, the keepalive packet comprises an outer VXLAN header and an inner VXLAN header, and may not contain a payload with tunnel information. Instead, the keepalive mechanism relies on a virtual network identifier (VNI) in the VXLAN headers to indicate that the packet is a keepalive response packet for a VXLAN tunnel.


In some embodiments, the fabric switch is an Ethernet fabric switch in which any number of switches coupled in an arbitrary topology may logically operate as a single switch. Any new switch may join or leave the fabric switch in “plug-and-play” mode without any manual configuration. A fabric switch appears as a single logical switch to an external device. In some further embodiments, the fabric switch is a Transparent Interconnection of Lots of Links (TRILL) network and a respective member of switch of the fabric switch is a TRILL routing bridge (RBridge). In some embodiments, the fabric switch is layer-3 (e.g., Internet Protocol or IP) network and a member switch is a layer-3 node (e.g., capable of routing based on a routing protocol).


Although the present disclosure is presented using examples based on the TRILL protocol, embodiments of the present invention are not limited to networks defined using TRILL, or a particular Open System Interconnection Reference Model (OSI reference model) layer. For example, embodiments of the present invention can also be applied to a multi-protocol label switching (MPLS) network. In this disclosure, the term “fabric switch” is used in a generic sense, and can refer to a network operating in any networking layer, sub-layer, or a combination of networking layers.


The term “end device” can refer to a device coupled to a fabric switch. An end device can be a host, a server, a conventional layer-2 switch, a layer-3 router, or any other type of device. Additionally, an end device can be coupled to other switches or hosts further away from a network. An end device can also be an aggregation point for a number of network devices to enter the network. The terms “device” and “machine” are used interchangeably.


The term “tunnel” refers to a data communication where one or more networking protocols are encapsulated using another networking protocol. Although the present disclosure is presented using examples based on a layer-3 encapsulation of a layer-2 protocol, “tunnel” should not be interpreted as limiting embodiments of the present invention to layer-2 and layer-3 protocols. A “tunnel” can be established for any networking layer, sub-layer, or a combination of networking layers.


The term “frame” refers to a group of bits that can be transported together across a network. “Frame” should not be interpreted as limiting embodiments of the present invention to layer-2 networks. “Frame” can be replaced by other terminologies referring to a group of bits, such as “packet,” “cell,” or “datagram.”


The term “switch” is used in a generic sense, and it can refer to any standalone or fabric switch operating in any network layer. “Switch” should not be interpreted as limiting embodiments of the present invention to layer-2 networks. Any device that can forward traffic to an external device or another switch can be referred to as a “switch.” Examples of a “switch” include, but are not limited to, a layer-2 switch, a layer-3 router, a TRILL RBridge, or a fabric switch comprising a plurality of similar or heterogeneous smaller physical switches.


The term “RBridge” refers to routing bridges, which are bridges implementing the TRILL protocol as described in Internet Engineering Task Force (IETF) Request for Comments (RFC) “Routing Bridges (RBridges): Base Protocol Specification,” available at http://tools.ietf.org/html/rfc6325, which is incorporated by reference herein. Embodiments of the present invention are not limited to application among RBridges. Other types of switches, routers, and forwarders can also be used.


The term “edge port” refers to a port in a fabric switch which exchanges data frames with an external device outside of the fabric switch. The term “inter-switch port” refers to a port which couples a member switch of a fabric switch with another member switch and is used for exchanging data frames between the member switches.


The term “switch identifier” refers to a group of bits that can be used to identify a switch. If the switch is an RBridge, the switch identifier can be an “RBridge identifier.” The TRILL standard uses “RBridge ID” to denote a 48-bit Intermediate-System-to-Intermediate-System (IS-IS) ID assigned to an RBridge, and “RBridge nickname” to denote a 16-bit value that serves as an abbreviation for the “RBridge ID.” In this disclosure, “switch identifier” is used as a generic term, is not limited to any bit format, and can refer to any format that can identify a switch. The term “RBridge identifier” is used in a generic sense, is not limited to any bit format, and can refer to “RBridge ID,” “RBridge nickname,” or any other format that can identify an RBridge.


The term “fabric switch” refers to a number of interconnected physical switches which form a single, scalable logical switch. In a fabric switch, any number of switches can be connected in an arbitrary topology, and the entire group of switches functions together as one single, logical switch. This feature makes it possible to use many smaller, inexpensive switches to construct a large fabric switch, which can be viewed as a single logical switch externally.


Network Architecture


FIG. 1A illustrates an exemplary network comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention. Network 100 can include a fabric switch 110, which includes member switches 111, 112, and 113, and a fabric switch 120, which includes member switches 121, 122, and 123. Member switches in fabric switch 110 use edge ports to communicate to end devices and inter-switch ports to communicate to other members switches. For example, switch 112 is coupled to an end device 104 via an edge port and to switches 111 and 113 via inter-switch ports, and switch 122 is coupled to an end device 106 via an edge port and to switches 121 and 123 via inter-switch ports. Examples of end devices 104 and 106 include, but are not limited to, a layer-2 switch, layer-3 router, top-of-the-rack switch, and physical or virtual host machine. In some embodiments, fabric switches 110 and 120 are each a TRILL network; switches 111, 112, 113, 121, 122, and 123 are RBridges; and data frames transmitted and received via inter-switch ports are encapsulated in TRILL headers. In some embodiments, fabric switches 110 and 120 are each a layer-3 (e.g., IP) network, switches 111, 112, 113, 121, 122, and 123 are layer-3 nodes, and data frames transmitted and received via inter-switch ports are encapsulated in IP headers.


Network 100 also includes a virtual tunnel 108 between fabric switch 110 and fabric switch 120 passing through a network 106. Network 106 can be a layer-3 network (e.g., an IP network). Network 106 can couple fabric switch 110 and/or 120 via a virtual link aggregation group (vLAG), as specified in U.S. Pat. No. 8,665,886, titled “Redundant Host Connection in a Routed Network,” which is incorporated by reference herein. Fabric switches 110 and 120 can each act as a virtual VXLAN tunnel endpoint (VTEP) in a VXLAN-based communication. A source VTEP can monitor the health of a tunnel by sending keepalive packets to (e.g., denoted by flow 140) and receiving keepalive responses from (e.g., denoted by flows 142 and 146) a destination VTEP.



FIG. 1B illustrates an exemplary network comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, where the member switch that receives the keepalive response is not the originating member switch that created the keepalive packet, in accordance with an embodiment of the present invention. A virtual IP address (VIP) can be associated with a respective fabric switch. For example, fabric switch 110 can have a virtual IP address 115 and fabric switch 120 can have a virtual IP address 125. In addition, a switch identifier can be associated with a respective member switch. Furthermore, a member switch can also have a MAC address. Examples of a switch identifier include, but are not limited to, an RBridge ID, an IP address, a MAC address, and a combination thereof. For example, switch 111 can have a MAC address 116 and switch 121 can have a MAC address 126. In some embodiments, the switch identifier of switch 111 is encoded in MAC address 116 and the switch identifier of switch 121 is encoded in MAC address 126. During operation, a source VTEP (e.g., member switch 111 of fabric switch 110) creates and sends a keepalive packet 180 to a destination VTEP (e.g., member switch 121 of fabric switch 120) via flow 140. Keepalive packet 180 comprises an outer header, an inner header, and a payload. The payload includes MAC address 116 of the originating member switch 111 as the destination MAC address, as described below in conjunction with FIG. 2. Switch 121, which is the destination VTEP, receives keepalive packet 180, decapsulates the outer VXLAN header, and transmits the decapsulated packet (e.g., keepalive response packet 184) back to the fabric switch via flow 142. Keepalive response packet 184 includes the inner VXLAN header and the payload.


Because member switches in fabric switch 110 can share the same virtual IP address, any member switch of fabric switch 110 can receive keepalive response packet 184. The receiving member switch (in this case, switch 112) decapsulates the inner VXLAN header and determines whether the local MAC address of switch 112 matches the destination MAC address included in the payload. If not, switch 112 encapsulates the payload with a fabric header to generate an intra-fabric keepalive response packet 188 and forward packet 188 to switch 111, which is the originating member switch, via flow 144. Examples of a fabric header include, but are not limited to, a TRILL header, an IP header, and an outer Ethernet header. Switch virtualization in a fabric switch and its associated operations, such as data frame forwarding, and fabric switch configurations in a virtual cluster fabric using a TRILL protocol are respectively described in U.S. Pat. No. 8,665,886, titled “Redundant Host Connection in a Routed Network,” and U.S. patent application Ser. No. 13/087,239, titled “Virtual Cluster Switching,” the disclosures of which are incorporated herein. In some embodiments, switches 111 and 112 are RBridges in a TRILL network 110 and RBridge 112 forwards intra-fabric keepalive response packet 188 to RBridge 111 by encapsulating keepalive response packet payload 192 in a TRILL header. In some embodiments, switches 111 and 112 are layer-3 nodes in a layer-3 network (e.g., an IP network) and switch 112 forwards intra-fabric keepalive response packet 188 to switch 111 by encapsulating keepalive response packet payload 192 in an IP header. Note that if the receiving member switch is the originating member switch, intra-fabric switch forwarding does not occur, as described below in relation to FIG. 1C.


Upon receiving intra-fabric keepalive response packet 188, switch 111 determines that it is the destination member switch, decapsulates the fabric header, and inspects the payload (e.g., keepalive response packet payload 192). Switch 111 then examines the destination MAC address included in the payload, determines that it matches local MAC address 116, and takes an action based on the VXLAN tunnel information included in the payload. For example, switch 111 can reset a drop counter and, if the tunnel is in a down state, sets the tunnel to an up state. The drop counter can have a predetermined threshold. Furthermore, switch 111 can initiate a timer with a predetermined expiration time when it sends keepalive packet 180. In monitoring the health of a VXLAN tunnel, switch 111 can use the drop counter and the timer in conjunction with the received keepalive response packets (e.g., keepalive response packet 184 and infra-fabric keepalive response packet 188) from switch 121 to determine whether to set VXLAN tunnel 108 to an up or a down state, as described below in relation to FIG. 3A.



FIG. 1C illustrates an exemplary network 100 comprising a fabric switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, where the member switch that receives the keepalive response is the originating member switch of the keepalive packet, in accordance with an embodiment of the present invention. Similar to FIG. 1B, during operation, switch 111, which is the source VTEP creates and sends a keepalive packet 180 to switch 121, which is the destination VTEP via flow 140. Keepalive packet 180 comprises an outer header, an inner header, and a payload. The payload includes a MAC address 116 of originating member switch 111 as the destination MAC address. Switch 121, which is the destination VTEP, receives keepalive packet 180, decapsulates the outer VXLAN header, and transmits the decapsulated packet (e.g., keepalive response packet 184) back to the fabric switch via flow 146. Keepalive response packet 184 includes the inner VXLAN header and the payload.


The member switch that receives keepalive response packet 184 (in this case, switch 111) decapsulates the inner VXLAN header and, based on the switch identifier included in the payload, determines whether its local MAC address 116 matches the destination MAC address included in the payload. Since they match, switch 111 uses the VXLAN tunnel information included in the payload to take an action, as described above in relation to FIG. 1B (e.g., by modifying the state of the VXLAN tunnel based on the received keepalive response packet, a drop counter, and a timer expiration).


Thus, the originating member switch of a fabric switch acts as the source VTEP, creates and sends keepalive packets, and can receive a keepalive response packet via two types of ports: 1) via an inter-switch port, an intra-fabric keepalive response packet 188, where keepalive response packet payload 192 is encapsulated with a fabric header, as described in relation to FIG. 1B; and 2) via an edge port, a keepalive response packet 184, where keepalive response payload 192 is encapsulated with an inner VXLAN header, as described in relation to FIG. 1C.


Exemplary Format of a Keepalive Packet


FIG. 2 illustrates an exemplary format of a keepalive packet 200, in accordance with an embodiment of the present invention. Keepalive packet 200 includes, but is not limited to, the fields described herein. Keepalive packet 200 is a control packet that facilitates a source VTEP to determine whether a connection between the source VTEP and a destination VTEP is available (e.g., whether a VXLAN tunnel between the source VTEP and the destination VTEP is up). Keepalive packet 200 includes an outer VXLAN header 210, an inner VXLAN header 240, and a payload 260. Inner VXLAN header 240 and payload 260 form a keepalive response packet 230. Outer header 210 includes an Ethernet header 212, an IP header 214, a UDP header 220, and a VXLAN header 222. IP header 214 includes a source IP address 216 with a value set to the IP address of the source VTEP (e.g., virtual IP address 115 of fabric switch 110 as shown in FIG. 1B) and a destination IP address 218 with a value set to the IP address of the destination VTEP (e.g., virtual IP address 125 of fabric switch 120 as shown in FIG. 1B). VXLAN header 222 can include a VXLAN network identifier (VNI) 224 with a value set to “VNI-RES” which is programmed in both fabric switches 110 and 120 and used only for keepalive purposes. “VNI-RES” can be set by the system or can be configured by the user. In some embodiments, “VNI-RES” can be set to a value of “0” so that it does not collide with data VNIs.


Inner VXLAN header 240 includes an Ethernet header 242, an IP header 248, a UDP header 254, and a VXLAN header 256. Ethernet header 242 includes a source media access control (MAC) address 244 with a value set to the MAC address of the destination VTEP. Ethernet header 242 also includes a destination MAC address 246 with a value set to a preassigned and reserved MAC address, MAC-INNER, shared by all member switches in the fabric switch that includes the source VTEP. In some embodiments, source MAC address 244 is MAC address 126 of switch 121 and destination MAC address 246 is the reserved MAC (e.g., MAC-INNER). In some embodiments, member switches in both fabrics are programmed as a local MAC address (e.g., a MAC address assigned to the local switch).


IP header 248 can include a source IP address 250 with a value set to the IP address of the destination VTEP (e.g., virtual IP address 125 of fabric switch 120) and a destination IP address 252 with a value set to the IP address of the source VTEP (e.g., virtual IP address 115 of fabric switch 110). VXLAN header 256 includes a VXLAN network identifier (VNI) 258 with a value set to “VNI-RES,” as described in relation to VNI field 224 of outer VXLAN header 210.


Payload 260 (e.g., keepalive response packet payload 192 of FIG. 1B) includes an Ethernet header that includes a source MAC address 262 with a value set to MAC-INNER and a destination MAC address 264 with a value set to MAC address 116 of the originating member switch 111. Payload 260 also includes a tunnel information field 266, which includes information that identifies the VXLAN tunnel to which keepalive packet 200 belongs. For example, tunnel information field 266 can be a cookie that includes a tunnel identifier, a timestamp, the RBridge identifier of the sender, etc. Payload 260 includes an Ethernet header (which includes source MAC address 262 and destination MAC address 264) and tunnel information 266. Note that tunnel information 266 is the payload portion of payload 260, where payload 260 is the payload of keepalive response packet 230 (e.g., keepalive response packet payload 192, as shown in FIGS. 1B and 1C). Furthermore, keepalive response packet 230 is the payload of keepalive packet 200. Thus, the Ethernet header of payload 260 can be viewed as a third header for the “payload” of tunnel information 266, where the first header is outer VXLAN header 210 and the second header is inner VXLAN header 240.


Sending a Keepalive Packet and Processing a Keepalive Response


FIG. 3A presents a flowchart illustrating a process of a source VTEP, which is a member switch of a fabric switch, monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention. During operation, the switch creates a keepalive packet (operation 302). This switch can be the originating switch of the fabric switch. The switch transmits the keepalive packet to a destination VTEP (e.g., a remote switch) through a VXLAN tunnel (operation 304). The destination VTEP can be a standalone switch or member switch of a fabric switch. The originating member switch starts a timer that has a predetermined expiration time (operation 306). The switch checks whether the timer has expired (operation 308). If the timer has expired, the originating member switch increments a drop counter that has a predetermined threshold (operation 310). The switch then checks whether the drop counter has crossed the threshold (operation 312). If the drop counter has crossed the threshold, the switch sets the VXLAN tunnel to a down state (operation 314). If the drop counter has not crossed the threshold, the switch continues to send keepalive packets (operations 302, 304, and 306). If the timer has not expired, the switch determines whether a keepalive response has been received (operation 316). Operation 316 is further described in relation to FIG. 3B. If a keepalive response has not been received, the switch continues to check whether the timer has reached the predetermined expiration time (operation 308). If a keepalive response has been received, the originating member switch resets the drop counter (operation 318) and checks whether the VXLAN tunnel is in an up state (operation 320). In some embodiments, the drop counter can be reset to a value of “0” or “1.” If the VXLAN tunnel is not in an up state (e.g., is in a down state), the originating member switch sets the VXLAN tunnel to an up state (operation 322).



FIG. 3B presents a flowchart illustrating a process of a member switch of a fabric switch determining whether a keepalive response has been received, in accordance with an embodiment of the present invention. During operation, the switch receives a keepalive response packet that has a header and a payload (operation 352). The switch then checks whether the packet is fabric-encapsulated (e.g., has a fabric header, as in intra-fabric keepalive response packet 188 of FIG. 1B) (operation 354). If the packet is fabric-encapsulated and the packet is destined for the local switch, the switch decapsulates the fabric header and extracts the payload (operation 356). The payload is, for example, keepalive response packet payload 192 as shown in FIGS. 1B and 1C. If the packet is fabric-encapsulated and the packet is not destined for the local switch, the switch forwards the fabric-encapsulated packet to the originating switch (operation 370). If the packet is not fabric-encapsulated (e.g., does not have a fabric header, as in keepalive response packet 184 of FIG. 1C), the switch determines that the destination IP address in the header (e.g., inner VXLAN header of keepalive response packet 184) is the local IP address (operation 356). The switch can also determine that the destination MAC address in the header is the local MAC address. For example, the member switch determines that destination IP address 252 of inner VXLAN header 240 as shown in FIG. 2 is the same as the local IP address of the switch (e.g., virtual IP address 115 of fabric switch 110), and also that destination MAC address 246 of inner VXLAN header 240 is the same as the local MAC address of the switch (e.g., MAC-INNER of fabric switch 110). The member switch decapsulates the VXLAN header (e.g., inner VXLAN header of keepalive response packet 184) and extracts the payload (e.g., payload 260, which corresponds to keepalive response packet payload 192 of FIG. 1B) (operation 358).


The member switch then determines whether the destination MAC address of the Ethernet header of the payload (e.g., destination MAC address 264 of payload 260 as shown in FIG. 2) matches the local MAC address of the switch (e.g., MAC address 116 of switch 111) (operation 360). If they match, the switch decapsulates the Ethernet header of the payload and extracts the tunnel information (e.g., tunnel information 266 of payload 260). The switch subsequently determines that a keepalive response has been received based on the tunnel information (operation 364).


In some embodiments, when the switch determines the destination MAC address to be the local MAC address, the tunnel information is processed by the software of the switch. The tunnel information included in the payload can be extracted by the software, which can modify a keepalive timestamp for a VXLAN tunnel to record the latest received keepalive response. Processing the keepalive response can also be offloaded to the switch hardware by maintaining a per tunnel access control list (ACL) with a counter, thereby allowing the software to poll a respective tunnel counter to determine whether a keepalive response has been received.


If the destination MAC in the payload does not match the local MAC address (operation 360), the switch encapsulates the payload with a fabric header (operation 368). The switch forwards the fabric-encapsulated payload to the originating member switch based on an intra-fabric forwarding protocol (operation 370), thereby allowing the originating member switch to receive the intra-fabric keepalive response packet and subsequently determine whether it has received a keepalive response. In some embodiments, the fabric header can be a TRILL header or an IP header. For example, the switch can create a TRILL header and set the egress identifier of the TRILL header as the switch identifier of the originating switch (e.g., based on the destination MAC address of the payload). The switch can determine an output port by looking up the next hop information for the switch identifier, and send the TRILL-encapsulated payload via the determined output port.


Receiving and Processing a Keepalive Packet


FIG. 3C presents a flowchart illustrating a process of a destination VTEP processing a keepalive packet, in accordance with an embodiment of the present invention. During operation, a destination VTEP (e.g., switch 121 of fabric switch 120 of FIG. 1B) receives a keepalive packet (operation 382). The destination VTEP can be a member switch of a fabric switch or a standalone switch. The destination VTEP determines that the destination IP address in the outer VXLAN header of the keepalive packet (e.g., destination IP address 218 of outer VXLAN header 210 as shown in FIG. 2) matches the local IP address of the destination VTEP (e.g., virtual IP address 125 of fabric switch 120) (operation 384). The destination VTEP decapsulates the outer VXLAN header and extracts the keepalive response packet (operation 386). The keepalive response packet includes the inner VXLAN header and the payload, as shown in keepalive response packet 184 in FIGS. 1B and 1C. The destination VTEP processes the keepalive response packet like a standard VXLAN frame. The destination VTEP identifies the destination address of the source VTEP included in the inner VXLAN header (operation 388) and forwards the keepalive response packet via the VXLAN tunnel to the identified destination address for the source VTEP (operation 390).


VXLAN Tunnel Keepalives in a Non-Fabric Switch


FIG. 4 illustrates an exemplary network 400 that includes a VTEP, which is a standalone switch, capable of monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention. Network 400 can include a switch 410, a switch 420, and a virtual tunnel 408 between switch 410 and switch 420 passing through a network 406. Network 406 can be a layer-3 network (e.g., an IP network). Network 406 can couple switch 410 and/or switch 420 via a virtual link aggregation group (vLAG), as specified in U.S. Pat. No. 8,665,886, titled “Redundant Host Connection in a Routed Network,” which is incorporated by reference herein. Switches 410 and 420 can each act as a virtual VXLAN tunnel endpoint in a VXLAN-based communication. An IP address can be associated with a respective switch. For example, switch 410 can have an IP address 415 and switch 420 can have an IP address 416. While switch 420 is depicted as a standalone switch in FIG. 4, switch 420 can also be a fabric switch.


A source VTEP can monitor the health of virtual VXLAN tunnel by sending a keepalive packet to a destination VTEP and tracking keepalive response packets received from the destination VTEP. During operation, the source VTEP (e.g., switch 410) creates and sends a keepalive packet 480 to the destination VTEP (e.g., switch 420) via flow 440. Keepalive packet 480 includes an outer VXLAN header and an inner VXLAN header, as described below in conjunction with FIG. 5. Switch 420, which is the destination VTEP, receives keepalive packet 480, decapsulates the outer VXLAN header, and transmits the decapsulated packet (e.g., keepalive response packet 484) back to switch 410, which is the source VTEP, via flow 446. Keepalive response packet 484 includes the inner VXLAN header. Based on a VXLAN network identifier (VNI) included in the inner VXLAN header and set to a value that indicates a keepalive response, switch 410 determines that the packet is a keepalive response packet and takes the appropriate action to monitor the health of the VXLAN tunnel, as described below in relation to FIG. 6A.



FIG. 5 illustrates an exemplary format of a keepalive packet 500, in conjunction with the network of FIG. 4, in accordance with an embodiment of the present invention. Keepalive packet 500 includes, but is not limited to, the fields described herein. Keepalive packet 500 includes an outer VXLAN header 510, an inner VXLAN header 540, and an optional payload 560. Inner VXLAN header 540 (along with payload 560, if included) comprises a keepalive response packet 530. Outer header 510 includes an Ethernet header 512, an IP header 514, a UDP header 520, and a VXLAN header 522. IP header 514 includes a source IP address 516 with a value set to the IP address of the source VTEP (e.g., IP 415 of switch 410) and a destination IP address 518 with a value set to the IP address of the destination VTEP (e.g., IP 416 of switch 420). VXLAN header 522 can include a VXLAN network identifier (VNI) 524 with a value set to “XYZ” which can be a data VNI provisioned between the source VTEP and the destination VTEP. The value of “XYZ” can also be any reserved VNI that an application may choose to use only for keepalive purposes.


Inner VXLAN header 540 includes an Ethernet header 542, an IP header 548, a UDP header 554, and a VXLAN header 556. IP header 548 can include a source IP address 550 with a value set to the IP address of the destination VTEP (e.g., IP 416 of switch 420) and a destination IP address 552 with a value set to the IP address of the source VTEP (e.g., IP 415 of switch 410). VXLAN header 556 includes a VXLAN network identifier (VNI) 558 with a value set to a VNI reserved for keepalive purposes. In some embodiments, the value of VNI 558 is set to “0”.



FIG. 6A presents a flowchart illustrating a process of a VTEP, which is a standalone switch, monitoring the health of a VXLAN tunnel based on keepalive packets, in conjunction with the network of FIG. 4, in accordance with an embodiment of the present invention. During operation, a source VTEP creates a keepalive packet (operation 602) and transmits the keepalive packet to a destination VTEP through a VXLAN tunnel (operation 604). The destination VTEP can be a standalone switch or member switch of a fabric switch. The source VTEP starts a timer that has a predetermined expiration time (operation 606). The switch checks whether the timer has expired (operation 608). If the timer has expired, the source VTEP increments a drop counter that has a predetermined maximum threshold (operation 610). The switch then checks whether the drop counter has crossed the predetermined threshold (operation 612). If the drop counter has crossed the threshold, the source VTEP sets the VXLAN tunnel to a down state (operation 614). If the drop counter has not crossed the threshold, the source VTEP continues to send keepalive packets (operations 602, 604, and 606). If the timer has not expired, the source VTEP determines whether a keepalive response has been received (operation 616). Operation 616 is further described in relation to FIG. 6B. If a keepalive response has not been received, the source VTEP continues to check whether the timer has reached the predetermined expiration time (operation 608). If a keepalive response has been received, the source VTEP resets the drop counter (operation 618) and checks whether the VXLAN tunnel is in an up state (operation 620). In some embodiments, the drop counter can be reset to a value of “0” or “1.” If the VXLAN tunnel is not in an up state (e.g., is in a down state), the source VTEP sets the VXLAN tunnel to an up state (operation 622).



FIG. 6B presents a flowchart illustrating a process of a VTEP, which is a standalone switch, determining whether a keepalive response has been received, in accordance with an embodiment of the present invention. During operation, the source VTEP receives a keepalive response packet (e.g., keepalive response packet 484 of FIG. 4) (operation 652). The source VTEP determines that the destination IP address in the header of the keepalive response packet is the same as the local IP address (operation 654). The source VTEP determines that the VXLAN header includes a VNI that indicates a keepalive response (operation 656). The source VTEP subsequently determines that a keepalive response packet has been received (operation 658).


Exemplary Switch


FIG. 7 illustrates an exemplary switch capable of monitoring the health of a VXLAN tunnel based on keepalive packets, in accordance with an embodiment of the present invention. In this example, a switch 700 includes a number of communication ports 702, a forwarding module 720, a keepalive response module 730, a switch identifier extraction module 732, a packet processor 710 coupled to keepalive response module 730, and a storage 750. In some embodiments, switch 700 may maintain a membership in a fabric switch, wherein switch 700 also includes a fabric switch management module 760. Fabric switch management module 760 maintains a configuration database in storage 750 that maintains the configuration state of a respective switch within the fabric switch. Fabric switch management module 760 maintains the state of the fabric switch, which is used to join other switches. Under such a scenario, communication ports 702 can include inter-switch communication channels for communication within a fabric switch. This inter-switch communication channel can be implemented via a regular communication port and based on any open or proprietary format.


During operation, keepalive response module 730 operates to receive a keepalive response packet via one of communication ports 702. Communication ports 702 are adapted to receive packets encapsulated based on a first protocol. In some embodiments, the first protocol is based on a virtual extensible local area network (VXLAN). Keepalive response module 730 further operates to determine whether the keepalive response packet corresponds to any keepalive packet previously transmitted by switch 700. Switch 700 can be a member switch of a fabric switch.


Switch identifier extraction module 732 is adapted to extract a switch identifier from a payload of the keepalive response packet, where the switch identifier can correspond to another member switch in the fabric switch. Forwarding module 720 is adapted to construct a packet that includes a payload of a keepalive response packet, where the constructed packet is destined to the other member switch (corresponding to the extracted switch identifier). In some embodiments, packet processor 710 constructs the keepalive packet. Forwarding module 720 is further adapted to encapsulate the payload based on a second protocol, determine an output port for the encapsulated payload based on the extracted switch identifier, and transmit the encapsulated payload via the determined output port. Fabric switch management module 740 is adapted to determine a same reserved address for the switch and any member switch in the fabric switch.


Note that the above-mentioned modules can be implemented in hardware as well as in software. In one embodiment, these modules can be embodied in computer-executable instructions stored in a memory which is coupled to one or more processors in switch 700. When executed, these instructions cause the processor(s) to perform the aforementioned functions.


In summary, embodiments of the present invention provide a switch, method, and computer system for monitoring the health of a VXLAN tunnel. In one embodiment, the switch includes a keepalive response module, a switch identifier extraction module, and a forwarding module. During operation, the keepalive response module identifies a keepalive response packet that does not correspond to any keepalive packet previously transmitted by the switch. The switch identifier module extracts a switch identifier from a payload of the keepalive response packet, where the switch identifier corresponds to another member switch in the fabric switch. The forwarding module constructs a packet that includes the payload and is destined to the other member switch. In this way, the switch facilitates the other switch to monitor the health of a VXLAN tunnel based on keepalive packets.


The methods and processes described herein can be embodied as code and/or data, which can be stored in a computer-readable non-transitory storage medium. When a computer system reads and executes the code and/or data stored on the computer-readable non-transitory storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the medium.


The methods and processes described herein can be executed by and/or included in hardware modules or apparatus. These modules or apparatus may include, but are not limited to, an application-specific integrated circuit (ASIC) chip, a field-programmable gate array (FPGA), a dedicated or shared processor that executes a particular software module or a piece of code at a particular time, and/or other programmable-logic devices now known or later developed. When the hardware modules or apparatus are activated, they perform the methods and processes included within them.


The foregoing descriptions of embodiments of the present invention have been presented only for purposes of illustration and description. They are not intended to be exhaustive or to limit this disclosure. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. The scope of the present invention is defined by the appended claims.

Claims
  • 1. A switch, comprising: one or more ports;keepalive circuitry configured to generate a keepalive message for a tunnel, wherein the keepalive message includes a switch identifier identifying the switch;keepalive response circuitry configured to decapsulate a keepalive response message encapsulated by a first encapsulation header, wherein the keepalive response message corresponds to the keepalive message, and wherein the first encapsulation header includes the switch identifier as a destination identifier and a second switch identifier of a second switch as a source identifier; andwherein the keepalive circuitry is further configured to determine that the tunnel is active based on the keepalive response message.
  • 2. The switch of claim 1, wherein the tunnel is based on a virtual extensible local area network (VXLAN).
  • 3. The switch of claim 1, further comprising forwarding circuitry configured to encapsulate the keepalive message with an outer encapsulation header, wherein the inner encapsulation includes an Internet Protocol (IP) address identifying a remote virtual tunnel endpoint of the tunnel as a destination identifier.
  • 4. The switch of claim 1, wherein the keepalive message includes the keepalive response message comprising an inner encapsulation header and a payload, wherein the inner encapsulation header includes an IP address identifying a local virtual tunnel endpoint of the tunnel as a destination identifier, and wherein the payload includes the switch identifier of the switch as a destination identifier.
  • 5. The switch of claim 1, wherein the switch and the second switch are members of a network of interconnected switches identified by a fabric identifier, wherein the fabric identifier is assigned to the switch and the second switch.
  • 6. The switch of claim 5, wherein the first encapsulation header is based on an encapsulation protocol used for encapsulating inter-switch messages in the network of interconnected switches.
  • 7. The switch of claim 1, wherein the keepalive circuitry is further configured to: maintain a timer for the keepalive message;in response to the timer being expired, increment a counter; andin response to the counter reaching a threshold, determine that the tunnel is inactive.
  • 8. The switch of claim 7, wherein the keepalive response circuitry configured to determine that the tunnel is active in response to identifying a keepalive response message for the tunnel, wherein a current state of the tunnel indicates the tunnel to be inactive.
  • 9. A computer-implemented method, comprising: generating a keepalive message for a tunnel, wherein the keepalive message includes a switch identifier identifying a switch;decapsulating a keepalive response message encapsulated by a first encapsulation header, wherein the keepalive response message corresponds to the keepalive message, and wherein the first encapsulation header includes the switch identifier as a destination identifier and a second switch identifier of a second switch as a source identifier; anddetermining that the tunnel is active based on the keepalive response message.
  • 10. The method of claim 9, wherein the tunnel is based on a virtual extensible local area network (VXLAN).
  • 11. The method of claim 9, further comprising encapsulating the keepalive message with an outer encapsulation header, wherein the inner encapsulation includes an Internet Protocol (IP) address identifying a remote virtual tunnel endpoint of the tunnel as a destination identifier.
  • 12. The method of claim 9, wherein the keepalive message includes the keepalive response message comprising an inner encapsulation header and a payload, wherein the inner encapsulation header includes an IP address identifying a local virtual tunnel endpoint of the tunnel as a destination identifier, and wherein the payload includes the switch identifier of the switch as a destination identifier.
  • 13. The method of claim 9, wherein the switch and the second switch are members of a network of interconnected switches identified by a fabric identifier, wherein the fabric identifier is assigned to the switch and the second switch.
  • 14. The method of claim 13, wherein the first encapsulation header is based on an encapsulation protocol used for encapsulating inter-switch messages in the network of interconnected switches.
  • 15. The method of claim 9, further comprising: maintaining a timer for the keepalive message;in response to the timer being expired, incrementing a counter; andin response to the counter reaching a threshold, determining that the tunnel is inactive.
  • 16. The method of claim 15, further comprising determining that the tunnel is active in response to identifying a keepalive response message for the tunnel, wherein a current state of the tunnel indicates the tunnel to be inactive.
  • 17. A computer system for monitoring data flow, the system comprising: a processor; anda storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising: generating a keepalive message for a tunnel, wherein the keepalive message includes a switch identifier identifying a switch;decapsulating a keepalive response message encapsulated by a first encapsulation header, wherein the keepalive response message corresponds to the keepalive message, and wherein the first encapsulation header includes the switch identifier as a destination identifier and a second switch identifier of a second switch as a source identifier; anddetermining that the tunnel is active based on the keepalive response message.
  • 18. The computer system of claim 17, wherein the method further comprises encapsulating the keepalive message with an outer encapsulation header, wherein the inner encapsulation includes an Internet Protocol (IP) address identifying a remote virtual tunnel endpoint of the tunnel as a destination identifier.
  • 19. The computer system of claim 17, wherein the method further comprises: maintaining a timer for the keepalive message;in response to the timer being expired, incrementing a counter; andin response to the counter reaching a threshold, determining that the tunnel is inactive.
  • 20. The computer system of claim 19, wherein the method further comprises determining that the tunnel is active in response to identifying a keepalive response message for the tunnel, wherein a current state of the tunnel indicates the tunnel to be inactive.
RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No. 14/618,941, Attorney Docket Number BRCD-3270.1.US.NP, titled “Virtual Extensible LAN Tunnel Keepalives,” by inventors Amit Kumar Ray, Phanidhar Koganti, Shunjia Yu, and Vardarajan Venkatesh, filed 10 Feb. 2015, which claims the benefit of U.S. Provisional Application No. 61/937,950, Attorney Docket Number BRCD-3270.0.1.US.PSP, titled “Virtual Extensible LAN Tunnel Keepalives,” by inventors Amit Kumar Ray, Phanidhar Koganti, Shunjia Yu, and Vardarajan Venkatesh, filed 10 Feb. 2014; and U.S. Provisional Application No. 62/037,519, Attorney Docket Number BRCD-3270.0.2.US.PSP, titled “Virtual Extensible LAN Tunnel Keepalives,” by inventors Amit Kumar Ray, Phanidhar Koganti, Shunjia Yu, and Vardarajan Venkatesh, filed 14 Aug. 2014, the disclosures of which are incorporated by reference herein. The present disclosure is related to: U.S. patent application Ser. No. 13/087,239, Attorney Docket Number BRCD-3008.1.US.NP, titled “Virtual Cluster Switching,” by inventors Suresh Vobbilisetty and Dilip Chatwani, filed 14 Apr. 2011 (hereinafter U.S. patent application Ser. No. 13/087,239); U.S. patent application Ser. No. 13/092,724, Attorney Docket Number BRCD-3010.1.US.NP, titled “Fabric Formation for Virtual Cluster Switching,” by inventors Shiv Haris and Phanidhar Koganti, filed 22 Apr. 2011 (hereinafter U.S. patent application Ser. No. 13/092,724”); and U.S. Pat. No. 8,665,886, Attorney Docket No. BRCD-112-0439US, titled “Redundant Host Connection in a Routed Network,” by inventors Somesh Gupta, Anoop Ghanwani, Phanidhar Koganti, and Shunjia Yu, issued 4 Mar. 2014 (hereinafter “U.S. Pat. No. 8,665,886”), the disclosures of which are incorporated by reference herein.

Provisional Applications (2)
Number Date Country
61937950 Feb 2014 US
62037519 Aug 2014 US
Continuations (1)
Number Date Country
Parent 14618941 Feb 2015 US
Child 15402924 US