What is a VN-Tag and how does it function?
Last week’s blog focused on VXLAN and the ability of cPacket’s cVu to parse and strip VXLAN headers. This week’s topic will focus on VN-Tag (Virtual Network Tag) and how cPacket’s cVu is addressing some of its challenges.
Before we dive in on defining VN-Tags and their function, let’s begin by providing some background information on how VN-Tags were created. The term VN-Tag (Virtual NIC tag) relates to Cisco, and is commonly used in their technology. VN-Tag is used for tagging the traffic internal to the Cisco data center fabric. Essentially, an additional Ethernet tag is inserted into the Ethernet frame and is used by the Nexus 5000/2000 combination and the Cisco Unified Computing System (USC) Fabric Interconnect/IO Module.
The concept behind Cisco’s Fabric Extender (FEX) technology was designed to deliver a scalable and extensible fabric to simplify operations by reducing cable runs, management points (since parent switches control all FEX’s) and other functions. The VN-Tag technology itself simply adds an additional header to the packet as it traverses between the ‘Instant Access’ (or FEX) and its parent switch, where all the switching occurs. Fabric Extenders only move frames based on the VN-Tag information embedded in each frame by the upstream VN-Tag-aware central switch (Nexus switch or UCS Fabric Interconnect).
VN-Tags can serve several purposes. One is to increase the forwarding capability of an Ethernet switch and make it capable of operating in a virtualized environment. Most of us are aware that traditional Ethernet switches are not capable of supporting the forwarding of frames where the source and destination MAC (media access control) address are on the same port. As a result, these switches don’t support forwarding frames between two VMs connected on the same switch port. VN-Tags can resolve this, and other issues, by creating a virtual Ethernet interface per VM on the switch. Since the switch can forward between these virtual Ethernet interfaces, it is also capable of forwarding between VMs connected on the same physical port.
Because VN-Tags are adaptable, it’s possible to utilize it for both bridge extension and virtual networking awareness. VN-Tags also allow for individual configuration of each virtual interface as if it were a physical port.
Common challenges with VN-Tags:
When Cisco first introduced the Fabric Extender technology, it was designed to deliver several advantages: increase scalability, simplify operations, and a more flexible architecture. But despite the benefits, there are still potential issues that can ensue: security, lost visibility, as well as the inability of analytic tools to fully understand VN-Tag headers. Moreover, there can also be the issue of additional CPU processing that is required to remove these headers. An ideal monitoring infrastructure provides accurate and reliable traffic information while reducing any unnecessary loads on other tools. Unfortunately, because most tools can’t parse packets which are encapsulated with VN-Tags, this leaves us with an inaccurate analysis’ of packets, oversubscription and load balancing issues, as well as security issues.
How cPacket’s cVu addresses the issue:
cPacket’s cVu can strip the VN-Tag header from the packets and it can does so at line rate. What does this mean for network performance? Ultimately, by stripping the header at line rate, network operators benefit from accurate performance and security metrics as well as accurate analytics. Secondly, when cVu is used to strip the VN-Tag header from the packets, other tools down the chain can operate more efficiently.
Enabling VN-Tag stripping on the cVu is a simple and straightforward process: to enable VN-Tag stripping, the user simply goes to the general configuration page and sets the parameters vntag_strip_enable and vntag_strip_ports. For example, the user can set the following to remove VN-Tags from network traffic that is input to the cVu on ports 1, 7, 9 and 11 as seen in the figure below.
vntag_strip_ports 1, 7, 9, 11
cPacket’s cVu is designed to meet the challenges of today’s modern data centers. cVu can operate at line rate speed and with its advanced features and analytic tools, network engineers can be confident that their network environment is operating efficiently and accurately.
To learn more about cVu, click here for more information.