Overview of VXLANs
Definition
As defined by RFC, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses the MAC in User Datagram Protocol (MAC-in-UDP) mode to encapsulate packets.
Background
VM scale limited by network devices' table entry capacities
On a traditional Layer 2 network, data packets are forwarded at Layer 2 based on the MAC address table. Server virtualization leads to an exponential growth of the number of VMs and the number of MAC addresses of the VM network interface cards (NICs). However, the MAC address table size of a Layer 2 device at the access side is incapable to meet this change.
Insufficient network isolation capabilities
While VLAN is the most commonly used network isolation technology, it has its own limitations. The VLAN field in packets is only 12 bits long, which means that at most 4096 VLANs can be used on a network. In public cloud or other cloud computing scenarios involving tens of thousands or even more tenants, VLAN technology can no longer meet network isolation requirements.
A tenant is a complete collection of logical resources deployed on a data center network, including network resources such as VLANs and IP address pools, as well as computing resources such as physical servers and virtual machines (VMs). Each tenant has its own tenant administrator to orchestrate and deploy network services.
Limited VM migration scope
VMs on a data center network frequently migrate due to server resource issues, such as high CPU usage and insufficient memory.
VM migration is a process in which a VM moves from one physical server to another. To ensure uninterrupted services during VM migration, the IP and MAC addresses of VMs must remain unchanged. To meet this requirement, server migration must occur in a Layer 2 network. However, a traditional Layer 2 network limits the VM migration scope.
For VM scale limitations imposed by table entry capacities
VXLAN encapsulates original data packets sent from VMs in the same region into UDP packets, with the IP and MAC addresses used on the physical network in outer headers. The network is only aware of the encapsulated parameters. This greatly reduces the number of MAC address entries required on large Layer 2 networks.
For limited network isolation capabilities
VXLAN uses a VXLAN Network Identifier (VNI) field similar to the VLAN ID field to identify users. The VNI field has 24 bits and can identify up to 16M VXLAN segments, effectively isolating massive tenants in cloud computing scenarios.
For limited VM migration scope
VXLAN encapsulates original packets sent by VMs over a VXLAN tunnel. VMs at two ends of a VXLAN tunnel do not need to know the physical architecture of the transmission network. In this way, VMs using IP addresses in the same network segment are in a Layer 2 domain logically, even if they are on different physical Layer 2 networks. VXLAN technology constructs a virtual large Layer 2 network over a Layer 3 network, so that VMs are on the same large Layer 2 network so long as there are reachable routes between them. The virtual large Layer 2 network enlarges the VM migration scope.
Purpose
VXLAN is developed to implement server virtualization and free VM migration on data center networks. As a VPN technology, VXLAN can also be used on campus networks to provide Layer 2 interconnection between dispersed physical sites and Layer 3 interconnection between sites.
Currently, related devices and multiple Layer 2 and Layer 3 network technologies need to be deployed on campus networks to implement Layer 2 and Layer 3 interconnection between tenant sites. Overlay-based VXLAN technology establishes Layer 2 virtual networks between any networks with reachable routes to implement Layer 2 interconnection. Layer 3 interconnection is implemented between sites by VXLAN Layer 3 gateway at the same time. In all, VXLAN realizes faster and more flexible site interconnection.
