Network Working Group H. Zhou
Internet-Draft C. Li
Intended Status: Experimental eBay Inc.
Expires: November 3, 2014 May 2, 2014
Segmentation Offloading Extension for VXLAN
draft-zhou-li-vxlan-soe-01
Abstract
Segmentation offloading is nowadays common in network stack
implementation and well supported by para-virtualized network device
drivers for virtual machine (VM)s. This draft describes an extension
to Virtual eXtensible Local Area Network (VXLAN) so that segmentation
can be decoupled from physical/underlay networks and offloaded
further to the remote end-point thus improving data-plane performance
for VMs running on top of overlay networks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Zhou, et al. Expires November 3, 2014 [Page 1]
Internet-Draft VXLAN-soe May 2014
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Requirements Notation . . . . . . . . . . . . . . . . . . . 4
1.2 Definition of Terms . . . . . . . . . . . . . . . . . . . . 4
2. Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1 VXLAN Header Extension . . . . . . . . . . . . . . . . . . 6
2.2 TX VTEP . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 RX VTEP - Hypervisors . . . . . . . . . . . . . . . . . . . 7
2.4 RX VTEP - Gateways . . . . . . . . . . . . . . . . . . . . . 7
3 IP Fragmentation . . . . . . . . . . . . . . . . . . . . . . . 7
4 Interoperability . . . . . . . . . . . . . . . . . . . . . . . 8
5 Deployment Examples . . . . . . . . . . . . . . . . . . . . . . 9
5.1 Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.2 Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . 11
6 Security Considerations . . . . . . . . . . . . . . . . . . . . 12
7 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 12
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
8.1 Normative References . . . . . . . . . . . . . . . . . . . 13
8.2 Informative References . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Zhou, et al. Expires November 3, 2014 [Page 2]
Internet-Draft VXLAN-soe May 2014
1 Introduction
Network virtualization over L3 transport is evolved along with server
virtualization in data-centers, and data plane performance is one of
the keys to the success of this combination. One of the most critical
improvements in OS kernel TCP/IP stack in recent years is
segmentation offloading, and now hypervisor providers support same
mechanism in para-virtualized Ethernet drivers so that virtual
servers can benefit from the same mechanism in virtualized world by
offloading segmentation tasks to the lowest layer on hypervisors or
NICs (if TSO/UFO is supported by the NICs equipped in the
hypervisor).
While the general idea of segmentation offloading is to postpone
segmentation to the latest point of packet transmission, this draft
introduces a mechanism to avoid overlay segmentation completely in
some situation.
Essentially, overlay networks has its own advantage comparing with
physical underlay networks in that it does not have a hard MTU
limitation. Therefore, segmentation offloading can be pushed to the
remote end-point of the transport tunnel, where segmentation can be
completely omitted (e.g. the remote end-point is a hypervisor),
unless it is going to be forwarded to physical networks (e.g. the
remote end-point is a gateway).
However, this advantage is not utilized when the transport of the
overlay is based on the Virtual eXtensible Local Area Network [I-
D.mahalingam-dutt-dcops-vxlan], which provides a transport mechanism
for logically isolated L2 overlay networks between hypervisors.
Lacking segmentation information in the VXLAN header, hypervisor
implementations have to make pessimistic decisions to always segment
the packet in the size specified by VMs before delivering to
hypervisors' IP stack, because it does not know whether the remote
end-point is bridged to a physical network with hard MTU limitations.
It is worth noting that the segmentation here is not the IP
fragmentation in terms of the physical network MTU, which may still
follow if the segment size resulting from the process above plus the
tunnel outer header is greater than the physical network MTU.
To fulfill the potential of segmentation offloading on overlay, this
draft introduces segmentation metadata in VXLAN header. With the
capability of carrying segmentation metadata in packets, hypervisors
can offload the segmentation decision further to the remote tunnel
end-point, where decision can be made whether segmentation is
omitted, performed, or offloaded further to NIC hardware or next hop
tunnel end-point.
Zhou, et al. Expires November 3, 2014 [Page 3]
Internet-Draft VXLAN-soe May 2014
This mechanism decouples segmentation for overlay from physical
limitations of underlay, providing higher flexibility to hyerpervisor
implementations to achieve significant performance gains in a major
part of VXLAN deployment scenarios.
Although the performance gains can be achieved is affected by the
physical network MTU, there is inherently no mandatory requirement to
physical layer:
1) When physical network MTU is far bigger than overlay MTU, the
offloading reduces the number of packets being transmitted by TX
hypervisors and received in RX hypervisors and RX VMs.
2) When physical network MTU is close to overlay MTU, the number of
packets being transmitted in physical network (resulted in IP
fragmentation) may not be reduced significantly, but on RX side after
IP reassembling, the number of packets being delivered from the
hypervisor to the receiving VM is largely reduced, thus saving the
cost of hypervisor <-> VM interaction and protocol stack traversing
of the receiving VM. Furthermore, a minor cost saving is that the
bytes being transmitted over physical network is slightly reduced
because only one copy of headers (inner L2-L4 header, VXLAN header
and outer UDP header) is transmitted for a large overlay packet.
In addition, offloading features support from NIC hardware is NOT
required to the performance gains discussed above.
1.1 Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2 Definition of Terms
GSO: Generic Segmentation Offload.
TSO: TCP Segmentation Offload.
UFO: UDP Segmentation Offload.
LRO: Large Receive Offload.
GRO: Generic Receive Offload.
NIC: Network Interface Card.
VM: Virtual Machine.
Zhou, et al. Expires November 3, 2014 [Page 4]
Internet-Draft VXLAN-soe May 2014
TX: Sending side.
RX: Receiving side.
VTEP: Virtual Tunnel End Point.
Zhou, et al. Expires November 3, 2014 [Page 5]
Internet-Draft VXLAN-soe May 2014
2. Approach
2.1 VXLAN Header Extension
The new VXLAN Segmentation Offloading Extension (VXLAN-soe) header is
defined as:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S|R|R|R|I|R|R|R|Overlay MSS Hi | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VXLAN Network Identifier (VNI) |Overlay MSS Lo |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The changes to VXLAN are:
S Bit: Flag bit 0 is defined as the S (Segmentation Offloading
Extension) bit.
S = 1 indicates that VXLAN-soe is applied to the encapsulated
overlay packet, and the Overlay MSS fields (see below) are valid.
S = 0 indicates that VXLAN-soe is NOT applied, and the Overlay MSS
fields MUST be set to 0 in accordance with VXLAN.
Overlay MSS: bit 8 - 15 and bit 56 - 63 together is defined as the
Overlay Max Segment Size (16 bit unsigned integer) specified by TX VM
for the segmentation being offloaded.
Overlay MSS Hi: bit 8 - 15 carries the higher 8 bits of the 16
bit value.
Overlay MSS Lo: bit 56 - 63 carries the lower 8 bits of the 16
bit value.
Definition of the 16 bit value depends on the inner packet type.
For TCP packets, it is defined as the max size of TCP payload; for
UDP packets, it is defined as the max size of IP payload. This
definition follows the convention of Linux kernel implementation,
thus GSO size passed from VM to hypervisor can be directly
utilized. Definition for other inner packet types can be added in
the future.
Zhou, et al. Expires November 3, 2014 [Page 6]
Internet-Draft VXLAN-soe May 2014
This field is valid only if the S bit is set.
2.2 TX VTEP
VTEP at TX side MUST set the S bit to 1 if the packet to be
encapsulated is NOT segmented and it decides to offload the
segmentation to the remote end-point. In such case the Overlay MSS
field MUST be set accordingly. This is the typical use case when the
TX VTEP is a hypervisor transmitting TCP stream of VMs with large
sliding windows.
VTEP at TX side MUST clear the S bit if the packet to be encapsulated
is segmented already or does NOT need to be segmented in terms of the
overlay MTU. In such case, the encapsulation is in the same format as
specified in VXLAN. This is the typical use case when the TX VTEP is
a hypervisor transmitting small size overlay packets, or a gateway
forwarding overlay packets to physical networks.
2.3 RX VTEP - Hypervisors
When a VTEP at RX side is on a hypervisor, where the packet is
delivered to a receiving VM, the hypervisor checks the S bit. If the
S bit is NOT set, the packet is handled as a normal VXLAN packet. In
this case a packet with size larger than the MTU setting of the
receiving VM's virtual interface is usually dropped by the
hypervisor. If the S bit is set, the hypervisor SHALL NOT perform MTU
check against the virtual interface of the receiving VM.
2.4 RX VTEP - Gateways
When a VTEP at RX side is on a gateway node that connects overlay
networks and physical networks, the S bit MUST be checked and the
VTEP MUST ensure the segmentation specified by the Overlay MSS field
is performed by the VTEP itself or offloaded further - it MAY offload
the segmentation again to the subsequent transmission mechanisms:
such as TSO/UFO/GSO, or, if the link to the next hop is also an
overlay based on VXLAN-soe (or other tunneling protocols that
supports segmentation offloading), pass the segmentation metadata to
the next hop.
3 IP Fragmentation
Skipping overlay segmentation results in big size packets being
encapsulated in VXLAN and outer UDP/IP header. When the encapsulated
packet size is bigger than physical network MTU, IP fragmentation has
to be enforced. This can leads to two problems.
The first problem is that a single IP fragment loss will result in a
Zhou, et al. Expires November 3, 2014 [Page 7]
Internet-Draft VXLAN-soe May 2014
drop of the whole IP packet, which will result in waste of band-width
and pose negative impact to the throughput. Because of this, it is
recommended to implement VXLAN-soe as a configurable feature, which
should be enabled only if physical network is highly reliable. Data
center is the typical environment to enable this feature.
Another problem is that inner packet size plus the outer headers can
exceed 65535 bytes, which is the upper limit of IP packet size. In
this situation special handling can be implemented to avoid oversized
IP packets, such as falling back to overlay segmentation. Other
optimal solutions are possible but out of the scope of this document.
4 Interoperability
In addition to offload segmentation requests from VMs, VXLAN-soe
enabled VTEP is able to offload segmentation requests from STT [I-
D.davie-stt] overlay. The metadata required in VXLAN-soe header is a
subset of STT metadata, and the additional segmentation offloading
information carried in STT metadata such as L4 offset can be obtained
by examine inner headers of the packets.
VXLAN-soe is compatible with VXLAN-gpe [I-D.quinn-vxlan-gpe], another
extension of VXLAN. For example, if the packet being encapsulated is
a TCP/IP packet without L2 header, TCP segmentation can also be
skipped at TX side and offloaded to the RX side. See the example in
section 5.2.
Zhou, et al. Expires November 3, 2014 [Page 8]
Internet-Draft VXLAN-soe May 2014
5 Deployment Examples
5.1 Example 1
.--. .--.
( ' '.--._
(''' Physical )
( Network .'-'
'--'._.'. )
/ '--'
Gateway /VLAN
+-----'----+
| |
| VTEP |
+----+-----+
|VXLAN-soe
.--.|.--.
( ' '.--.
.-.' Intra-DC '
( network )
/ .'-\
VXLAN-soe/ '--'._.'. ) \VXLAN-soe
/ '--' \
+--------+-+ +--+-------+
| VTEP | | VTEP |
|+-----+ | | +-----+|
||VM1 | | | | VM2 ||
++-----+---+ +---+-----++
Hypervisor1 Hypervisor2
Figure 1
Figure 1 shows basic scenarios of VXLAN-soe usage. Take TCP stream as
an example, when VM1 on Hypervisor1 send a big data buffer to VM2 on
Hypervisor2, TCP segmentation is offloaded from VM1 to Hypervisor1,
and because of VXLAN-soe, it is offloaded from Hypervisor1 to
Hypervisor2: the VXLAN-soe encapsulated packet is fragmented in IP
fragments according to physical network MTU and transmitted to
Hypervisor2. On Hypervisor2, after IP reassembling, the big TCP data
buffer is delivered directly to VM2.
When VM1 send a big data buffer to some host behind the Gateway, same
process happens on Hypervisor1, but after the IP fragments are
reassembled on the Gateway, TCP segmentation must be performed
according to the overlay MSS in VXLAN-soe header. The Gateway can be
deployed as a ToR switch or a generic server. If the Gateway is a
generic server with TSO supported NIC, it can offload the
Zhou, et al. Expires November 3, 2014 [Page 9]
Internet-Draft VXLAN-soe May 2014
segmentation task to NIC hardware. In both cases, packets transmitted
to the physical VLAN are already segmented according to the overlay
MSS.
When TCP segments destined to VM1 are received from the physical VLAN
on the Gateway, and if the Gateway is a generic server, NIC hardware
with LRO/GRO support can accumulate small TCP segments to bigger TCP
packets, which can be delivered to VM1 efficiently with the help of
VXLAN-soe.
Zhou, et al. Expires November 3, 2014 [Page 10]
Internet-Draft VXLAN-soe May 2014
5.2 Example 2
.--. .--.
( ' '.--._
(''' Inter-DC )
( network .i-'.,
/ '--'._.'. ) ` \
/ '--' \
/ VXLAN-soe + VXLAN-gpe\
Gateway1 / \ Gateway2
+----------+ +----------+
| | | |
| VTEP | | VTEP |
+----+-----+ +----+-----+
|VXLAN-soe |VXLAN-soe
.--.|.--. .--.|.--.
( ' '.--. ( ' '.--.
.-.' Intra-DC ' .-.' Intra-DC '
( network __) ( network __)
( .' ( \
'--/._.'. ) '--'._.'. )\VXLAN-soe
VXLAN-soe/ '--' '--' \
+---+------+ +-----++-+-+
| VTEP | | VTEP |
|+-----+ | |+-----+ |
||VM1 | | ||VM2 | |
++-----+---+ ++-----+---+
Hypervisor1 Hypervisor2
Figure 2
Figure 2 shows how VXLAN-soe and VXLAN-gpe works together. In this
example, traffic from VM1 to VM2 needs to traverse inter-DC network
connected by Gateway1 and Gateway2. In this case VXLAN-gpe is used
between Gateway1 and Gateway2 to encapsulate L3 packets directly.
When a big TCP buffer is sent from VM1, TCP segmentation is firstly
offloaded to Hyervisor1 and then to Gateway1. With the help of VXLAN-
soe between Gateway1 and Gateway2, TCP segmentation is offloaded
further to Gateway2 and then to Hypervisor2, where the big TCP buffer
is delivered directly to VM2.
Zhou, et al. Expires November 3, 2014 [Page 11]
Internet-Draft VXLAN-soe May 2014
6 Security Considerations
There is no special security issues introduced by this extension to
VXLAN.
7 IANA Considerations
This document creates no new requirements on IANA namespaces
[RFC5226].
Zhou, et al. Expires November 3, 2014 [Page 12]
Internet-Draft VXLAN-soe May 2014
8 References
8.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
8.2 Informative References
[I-D.mahalingam-dutt-dcops-vxlan]
Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
L., Sridhar, T., Bursell, M., and C. Wright, "VXLAN: A
Framework for Overlaying Virtualized Layer 2 Networks over
Layer 3 Networks", draft-mahalingam-dutt-dcops-vxlan-08
(work in progress), February 2014.
[I-D.davie-stt]
Davie, B. and J. Gross, "A Stateless Transport Tunneling
Protocol for Network Virtualization (STT)", draft-davie-
stt-05(work in progress), March 2014.
[I-D.quinn-vxlan-gpe]
Agarwal, P., Fernando, R., Kreeger, L., Lewis, D., Maino,
F., Quinn, P., Yong, L., Xu, X., Smith, M., Yadav, N., and
U. Elzur, "Generic Protocol Extension for VXLAN", draft-
quinn-vxlan-gpe-02 (work in progress), December 2013.
Authors' Addresses
Han Zhou
eBay, Inc.
EMail: hzhou8@ebay.com
Chengyuan Li
eBay, Inc.
Email: chengyli@ebay.com
Zhou, et al. Expires November 3, 2014 [Page 13]