Virtual Extensible LAN (VXLAN) Overlay

I have been writing about overlay technologies lately like Bridging (802.1q), Provider Bridging (802.1ad), Provider Backbone Bridging (802.1ah) and Shortest Path Bridging (802.1aq) but this time I want to write about a well-known and useful Layer 2 technology in datacenters to communicate Virtual Machines over a Layer 3 network. This technology is called Virtual Extensible LAN or VXLAN and it is increasingly deployed in big datacenters for replication services or because customers requirements go beyond of an unique datacenter or geographic site.

VXLAN is an host overlay technology that is useful for having any workload anywhere across Layer 3 boundaries which is a good news for VM mobility. In addition, this virtual technology scale up to 16 millions of segments thanks to the VXLAN encapsulation where we can have traffic and address isolation easily. Therefore, we are no longer limited by Layer 3 boundaries to spread large Layer 2 networks and also VM mobility is a reality between datacenters. Moreover, we can scale above 4K segments (VLAN limitation) which is already a requirement for service provider datacenters where secure multi-tenancy and traffic isolation is mandatory.

There are some benefits that I would like to highlight like layer 2 connectivity between devices over a layer 3 network, maybe this is the best advantage. We can also increase the scalability of the network above 4096 VLANs, which is useful for service providers with more than 4096 customers, for example. Another advantage is the chance to configure duplicate IPs in the same VXLAN domain but associated to different VNI or Virtual Network Identifier. We could also use VXLAN to extend layer 2 networks transparently through different VLANs with VLANs translation or vlan-xlation. This is a technology that allows us to migrate (VMotion for VMware) virtual machines over a layer 3 network or even communication with physical servers through VXLAN Gateways switches.

If we want to deploy and configure VXLAN, we should know about VXLAN concepts first. We already know about segments, then VXLAN segments are used for tunneling virtual machine traffic over a layer 3 network. On the other hand, the VNI concept used before is a 24-bits identifier to identify and address VXLAN segments. While the tunnel that is used for sending VXLAN packets encapsulated inside VXLAN Tunnel End Points or VTEP is called VXLAN Tunnel Interface or VTI. Therefore, we can have more than one VTEP in a switch. By last, we can use a VXLAN Gateway for bridging VXLAN domains with traditional VLANs transparently.

VXLAN Gateway Example

 

This layer 2 overlay scheme encapsulates the entire layer 2 frame in UDP datagrams, over the udp/4789 port by default, with 50 bytes of header overhead. This encapsulation technology, developed by VMware, Citrix, Red Hat and others, is transparent for virtual machines even for BUM (Broadcast, Unknown and Multicast) traffic where it is always used multicast.

VXLAN Packet Format

Regards my friends, extends your LAN and not stay behind.