Skip to content

VMI to VMI in Same Compute Node

ato edited this page Aug 1, 2016 · 6 revisions

Remember: At any time you can view the index of the wiki

Local VMI to VMI: Helicopter View

The virtual interface that connects a VM or a container to the Contrail vRouter is called a VMI (VM interface). Everything in this article indistinctly applies to VMs and Containers.

This article illustrates the communication between two VMIs that belong to the same compute node. As for the addressing, we discuss IPv4 here but IPv6 is also fully supported.

Intra-Subnet Forwarding

A virtual network (VN) in Contrail consists of one or more subnets. Let's discuss first what happens when two VMIs of the same subnet ping each other.

Each VN can be configured in one forwarding mode:

VN Forwarding Modes

The "Default" mode is equivalent to "L2 and L3". And for a reason: unless there are specific requirements, it is the recommended mode.

Intra-Subnet Forwarding in "L2 and L3" mode

An ARP request is a specific type of BUM (Broadcast, Unknown Unicast, Multicast) packet. ARP is special and the vRouter treats in a special manner. So what follows only applies to ARP and not to other BUM packets.

L2 and L3 forwarding

In the "L2 and L3" mode, the vRouter intercepts the ARP request from VM1 and spoofs an ARP reply. Everything in the ARP reply looks exactly as if VM2 had origination it. The vRouter knows all the required information thanks to the control plane and hence it is able to craft such packet. VM2 does not receive the ARP request.

Intra-Subnet Forwarding in "L3 Only" mode

In the "L3 Only" mode, the vRouter intercepts the ARP request from VM1 and replies with its own MAC address. In this case the ARP reply is not spoofed.

L2 only intra-subnet forwarding

The "L3 Only" mode makes sense in scenarios involving several regions where the subnet is distributed but L2 stretch is not an option.

Intra-Subnet Forwarding in "L2 Only" mode

In the "L2 Only" mode, the vRouter does not intercept the ARP request at all. It simply acts like a bridge.

L3 only intra-subnet forwarding

The "L2 Only" mode is offered as a last resort and it is not recommended unless the requirements are very specific and make it the only option.

Inter-Subnet Forwarding

By definition, there is no inter-subnet forwarding in "L2 Only". As for the other modes, it is supported and it works similarly in all of them. Inter-subnet forwarding takes place in any of the following cases:

  • VMIs with IPs in different subnets of the same VN.
  • VMIs with IPs in different VNs. A policy allows traffic between both VNs. In this article, we assume that no services are applied through the policy definition.

In any of these cases, the vRouter acts like a classical L3 gateway.

Inter-subnet forwarding

Local VMI to VMI: Deep Dive

Now that the basic mechanism is illustrated, let's have a look at the internals.

Control Plane

Before computing the adequate forwarding information, there is some route exchange: