Virtual extensible LAN (VXLAN) is a virtual network overlay technology that is currently widely used in data centers and other networks, because it allows building private networks without changing the core of the network. However, when using VXLAN, the network itself only sees the outer IP header and has no visibility to the traffic from the virtual machines (VMs) inside the VXLAN network. The network can only use the outer header data when making quality of service (QoS) policy decisions. This effectively limits QoS policy application to the tunnel itself, not to the VM, or virtual-network-specific traffic. Additionally, if there are problems within the network, the administrators cannot identify the correlation between the real and virtual network topologies. These issues are especially acute in a cloud orchestration environment such as OpenStack®, where multiple virtual (tenant) networks with numerous VMs (and their associated traffic flows) are all contained within one VXLAN tunnel. Alcatel-Lucent Enterprise has addressed these issues with the new feature on the OmniSwitch® 6900 and 10K platforms: virtual machine snooping. VM snooping allows OmniSwitch to see and act on the VXLAN-specific header information, as well as the embedded VM-specific addresses and header fields. Having this information, OmniSwitch can not only monitor and record the presence and actual traffic patterns of VM, but also apply QoS policies to specific VXLAN virtual networks or to specific virtual machines.

1. VIRTUAL MACHINE
SNOOPING ON
ALCATEL-LUCENT
OMNISWITCH 6900 AND 10K
APPLICATION NOTE

2. Virtual machine snooping on Alcatel-Lucent OmniSwitch 6900 and 10K
ALCATEL-LUCENT ENTERPRISE APPLICATION NOTE
2
INTRODUCTION
Virtual extensible LAN (VXLAN) is a virtual network overlay technology that is currently
widely used in data centers and other networks, because it allows building private
networks without changing the core of the network. However, when using VXLAN, the
network itself only sees the outer IP header and has no visibility to the traffic from the
virtual machines (VMs) inside the VXLAN network. The network can only use the outer
header data when making quality of service (QoS) policy decisions. This effectively limits
QoS policy application to the tunnel itself, not to the VM, or virtual-network-specific
traffic. Additionally, if there are problems within the network, the administrators cannot
identify the correlation between the real and virtual network topologies. These issues
are especially acute in a cloud orchestration environment such as OpenStack®, where
multiple virtual (tenant) networks with numerous VMs (and their associated traffic flows)
are all contained within one VXLAN tunnel.
Alcatel-Lucent Enterprise has addressed these issues with the new feature on the
OmniSwitch® 6900 and 10K platforms: virtual machine snooping. VM snooping allows
OmniSwitch to see and act on the VXLAN-specific header information, as well as the
embedded VM-specific addresses and header fields. Having this information, OmniSwitch
can not only monitor and record the presence and actual traffic patterns of VM, but also
apply QoS policies to specific VXLAN virtual networks or to specific virtual machines.
This feature can be very useful when combined with cloud orchestration environments
(like OpenStack), because it allows the network operator to apply QoS policies that are
attached to specific tenant networks and specific operator-identified VM flows within a
tenant network.
Figure 1: VXLAN network
VM1.0 1.1.1.1
VM1.1 1.1.1.2
VM6.0 6.6.6.1
VXLAN
VM Host
172.16.222.27
VM Host
172.16.222.28
VM host
172.16.222.25
Snooping enables
visibility to the
individual VM
traffic flows
Only the aggregate
traffic from
172.16.222.27
is visible
VM5.0 5.5.5.1

3. enterprise.alcatel-lucent.com Alcatel-Lucent and the Alcatel-Lucent Enterprise logo are trademarks of Alcatel-Lucent. To view
other trademarks used by affiliated companies of ALE Holding, visit: enterprise.alcatel-lucent.com/trademarks. All other trademarks are
the property of their respective owners. The information presented is subject to change without notice. Neither ALE Holding nor any of
its affiliates assumes any responsibility for inaccuracies contained herein. (April 2015)
KEY FEATURES OF VM SNOOPING
• The operator is able to see VM-specific flow data within a VXLAN tunnel: VXLAN
Network Identifier (VNI), VM source MAC address, and VM source IP address. The
traffic flow details include flow statistics that can be used to identify and track flows
which may require further investigation (or require QoS-policy-based actions).
• Tracking of multiple tunnels based on the outer User Datagram Protocol (UDP)
destination port allows configurations using non-standard tunnel definitions, or
multiple tunnels that use different outer UDP destination ports.
• Snooping is enabled on a port basis (single port or multiple ports, link aggregates can
be included). This allows the operator to target the specific physical devices or paths of
interest.
• QoS profiles can be applied to combinations of inner packet VM header fields, which
makes it possible to target very specific flows. The flow data may be based on the
flows discovered through VM snooping, or on specific characteristics known by the
operator. The profile can contain and enforce any currently supported QoS policy
action.
• QoS policies may be static or dynamic. Dynamic policies maximize the available policy
actions by loading only those associated with active (detected) flows.
• Advanced policy mode allows the use of IPv6 addresses, Layer 4 source and
destination ports, as well as IP protocol data in profile definitions at the expense of the
number of policies allowed.
• OmniVista® aggregates VM Snooping data from multiple OmniSwitches, allowing a
network-wide view of VM traffic. The operator can then create global profiles within
OmniVista, and these profiles can be applied to one or more OmniSwitches.
• When provisioning tenant VMs using an orchestration system (like OpenStack), the
operator can use VM-specific data (such as source and destination MAC address) that
is generated by the system to manually define QoS profiles for use within OmniVista.
CONCLUSION
The VM snooping feature provides visibility and tracking of the virtual network traffic
flows within a VXLAN topology. This allows network operators to identify, monitor
and target specific VM traffic flows or entire virtual networks for special QoS handling,
which in turn makes network optimization possible also for traffic that was previously
untraceable. The QoS policies can be general — any flow in a specific virtual network —
or targeted to a specific protocol from a specific VM.
Benefits
• VM snooping provides a view of the traffic flow inside the VXLAN tunnel, making it
possible for network operators to identify and understand VM traffic flows.
• QoS profiles can be associated to the VXLAN tunnel that applies policies affecting
specific VM traffic, or all traffic within a virtual network in the tunnel. This allows the
network operator to optimize VM traffic as needed.
• VM snooping can be used in conjunction with cloud orchestration tools (like
OpenStack) to provide QoS for the tenant network (based on VNI alone, or in
combination with VM-specific data, such as inner source IP).