VXLAN Overlay – Cisco Network Virtualization
VXLAN Overlay
Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide logical segmentation of Layer 2 boundaries or broadcast domains. However, due to the inefficient use of available network links with VLAN use, the rigid requirements on device placement in the data center network, and the limited scalability to a maximum of 4094 VLANs, using VLANs has become a limiting factor for IT departments and cloud providers as they build large multitenant data centers. Virtual Extensible LAN (VXLAN) provides the solution to the data center network challenges posed by traditional VLAN technology by providing elastic workload placement and the higher scalability of Layer2 segmentation required by today’s application demands.
Virtual Extensible LAN (VXLAN) is a Layer 2 overlay scheme over a Layer 3 network and provides a means to extend Layer 2 segments across a Layer 3 infrastructure using MAC-in-UDP encapsulation and tunneling. VXLAN supports a flexible, large-scale multitenant environment over a shared common physical infrastructure. The transport protocol over the physical data center network is IP plus UDP.
VXLAN has the following benefits:
- Flexible placement of workloads across the data center fabric: VXLAN provides a way to extend Layer 2 segments over the underlying shared Layer 3 network infrastructure so that tenant workloads can be placed across physical pods in a single data center—or even across several geographically diverse data centers.
- Higher scalability to allow more Layer 2 segments: VXLAN uses a 24-bit segment ID, the VXLAN network identifier (VNID). This allows a maximum of 16 million VXLAN segments to coexist in the same administrative domain. In comparison, traditional VLANs use a 12-bit segment ID that can support a maximum of 4096 VLANs.
- Optimized utilization of available network paths in the underlying infrastructure: VXLAN packets are transferred through the underlying network based on their Layer 3 headers. They use equal-cost multipath (ECMP) routing and link aggregation protocols to use all available paths. In contrast, a Layer 2 network might block valid forwarding paths to avoid loops.
Before understanding the VXLAN operation, let’s first discuss a few important terms:
- VXLAN tunnel: VXLAN encapsulated communication between two devices, where they encapsulate and decapsulate an inner Ethernet frame, is called a VXLAN tunnel. VXLAN tunnels are stateless since they are UDP-encapsulated.
- Virtual network instance (VNI): Each VNI identifies a specific virtual network in the data plane and provides traffic isolation. VLANs are mapped to a VNI to extend a VLAN across a Layer 3 infrastructure.
- VXLAN network identifier (VNID): This is a unique 24-bit identifier added to an original L2 frame during VXLAN encapsulation. It can be compared to a VLAN identifier field and is used to provide a unique identifier for the individual VXLAN segment (VNI). With all 24 bits in VNID, VXLAN can support 16 million LAN segments.
- VXLAN tunnel endpoint (VTEP): VXLAN tunnel endpoints (VTEPs) are devices, either physical or virtual, that terminate VXLAN tunnels. They perform VXLAN encapsulation and de-encapsulation. Each VTEP has two interfaces. One is a Layer 2 interface on the local LAN segment to support a local endpoint communication through bridging. The other is a Layer 3 interface on the IP transport network. The IP interface has a unique address that identifies the VTEP device in the transport network. The VTEP device uses this IP address to encapsulate Ethernet frames and transmit the packets on the transport network. A VTEP discovers other VTEP devices that share the same VNIs it has locally connected. It advertises the locally connected MAC addresses to its peers. It also learns remote MAC address to VTEP mappings through its IP interface.