-
Notifications
You must be signed in to change notification settings - Fork 0
VMI to VMI in Same Compute Node
Remember: At any time you can view the index of the wiki
The virtual interface that connects a VM or a container to the Contrail vRouter is called a VMI (VM interface). Everything in this article indistinctly applies to VMs and Containers.
This article illustrates the communication between two VMIs that belong to the same compute node. As for the addressing, we discuss IPv4 here but IPv6 is also fully supported.
A virtual network (VN) in Contrail consists of one or more subnets. Let's discuss first what happens when two VMIs of the same subnet ping each other.
Each VN can be configured in one forwarding mode:
The "Default" mode is equivalent to "L2 and L3". And for a reason: unless there are specific requirements, it is the recommended mode.
An ARP request is a specific type of BUM (Broadcast, Unknown Unicast, Multicast) packet. ARP is special and the vRouter treats in a special manner. So what follows only applies to ARP and not to other BUM packets.
In the "L2 and L3" mode, the vRouter intercepts the ARP request from VM1 and spoofs an ARP reply. Everything in the ARP reply looks exactly as if VM2 had origination it. The vRouter knows all the required information thanks to the control plane and hence it is able to craft such packet. VM2 does not receive the ARP request.
In the "L3 Only" mode, the vRouter intercepts the ARP request from VM1 and replies with its own MAC address. In this case the ARP reply is not spoofed.
The "L3 Only" mode makes sense in scenarios involving several regions where the subnet is distributed but L2 stretch is not an option.
In the "L2 Only" mode, the vRouter does not intercept the ARP request at all. It simply acts like a bridge.
The "L2 Only" mode is offered as a last resort and it is not recommended unless the requirements are very specific and make it the only option.
By definition, there is no inter-subnet forwarding in "L2 Only". As for the other modes, it is supported and it works similarly in all of them. Inter-subnet forwarding takes place in any of the following cases:
- VMIs with IPs in different subnets of the same VN.
- VMIs with IPs in different VNs. A policy allows traffic between both VNs. In this article, we assume that no services are applied through the policy definition.
In any of these cases, the vRouter acts like a classical L3 gateway.
Now that the basic mechanism is illustrated, let's have a look at the internals.
Before computing the adequate forwarding information, there is some route exchange: