Skip to content

Flannel VXLAN backend

Flannel VXLAN backend is a networking implementation for Flannel that utilizes the VXLAN (Virtual Extensible LAN) protocol to create a virtual Layer 2 network on top of an existing Layer 3 infrastructure.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] This backend is designed to overcome the scalability and migration limitations of traditional datacenter networks by encapsulating Layer 2 frames within UDP packets.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

Architecture and Components

VXLAN is a network virtualization technology natively supported by the Linux kernel, handling encapsulation and decapsulation entirely in kernel space.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] It operates using a "MAC-in-UDP" encapsulation method (L2 over L4).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

The architecture introduces three key elements not found in traditional network models^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]:

  • VTEP (VXLAN Tunnel Endpoints): These are the edge devices of the VXLAN network, acting as the entry and exit points for VXLAN tunnels.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] VTEPs are responsible for encapsulating original VM/Pod frames into UDP packets and decapsulating them upon arrival.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]
  • VNI (VXLAN Network Identifier): A 24-bit identifier used to distinguish different VXLAN networks (similar to VLAN ID).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] This allows VXLAN to support up to 16 million isolated tenant networks, solving the scaling limitations of the 12-bit VLAN ID space.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]
  • VXLAN Tunnel: A virtual channel established between two VTEPs to transport encapsulated packets over the physical IP network.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

Problem Resolution

The VXLAN backend addresses specific challenges associated with traditional virtualized datacenter networks^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]:

  • MAC Table Overflow: By encapsulating traffic at the VTEP, the original MAC addresses of virtual machines are hidden from the underlying physical network devices.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] Physical switches only see the MAC and IP addresses of the VTEP (host), preventing MAC address table exhaustion caused by the scale of VMs.
  • Limited Network Isolation: The introduction of the 24-bit VNI dramatically increases the number of available isolated networks compared to standard VLANs.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] Different VNIs cannot communicate directly at Layer 2, enabling multi-tenant isolation.
  • Restricted VM Migration: Because VXLAN creates a virtual Layer 2 network over a Layer 3 fabric, the "Layer 2 domain" is no longer constrained by physical boundaries.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] As long as IP routing is available, VMs can effectively migrate anywhere while preserving their IP and MAC attributes.

Comparison with Host-GW

While VXLAN solves connectivity issues across complex networks, it introduces a performance overhead due to the encapsulation and decapsulation process (tunneling).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] In contrast, the host-gw backend (Host Gateway) avoids this overhead by routing traffic directly, resulting in lower performance loss (approx. 10% compared to 20-30% for tunneling modes).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

However, host-gw requires all nodes in the cluster to be on the same Layer 2 network^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]. VXLAN is preferred when this condition cannot be met.

  • [[Host-gw]]
  • Kubernetes
  • [[Container Networking Interface (CNI)]]
  • [[Network overlay]]

Sources

^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]