VXLAN is an NVO3 network virtualization technology that encapsulates data packets sent from original hosts into UDP packets and encapsulates IP and MAC addresses used on the physical network in outer headers before sending the packets over an IP network. The virtual tunnel endpoint (VTEP) then decapsulates the packets and sends the packets to the destination host.
By leveraging VXLAN, a virtual network can accommodate a large number of tenants. Tenants can plan their own virtual networks without being limited by physical network IP addresses or broadcast domains. This technology significantly simplifies network management, allows VMs to migrate over a large Layer 2 network, and isolates tenants in a data center.
Similar to a traditional VLAN, a VXLAN also allows for intra- and inter-VXLAN communication.
Comparison Between VXLAN and VLAN
The following table lists the differences between VXLAN and VLAN.
Item | VLAN | VXLAN |
Concept | Virtual Local Area Network | Virtual Extensible Local Area Network |
Implementation Method | A physical LAN is divided into multiple BDs logically to limit the network to a small geographic range | Layer 2 virtual networks are established between networks with reachable routes. Such networks are not subject to geographical restrictions and can deliver a large-scale scalability |
Supported capacity | VLAN is the most commonly used network isolation technology. The VLAN field in packets is only 12 bits in length, which means that only a maximum of 4096 VLANs can be used on a network. In public cloud or other cloud computing scenarios involving tens of thousands or even more tenants, VLAN technology can no longer meet network isolation requirements. | VXLAN is a new network isolation technology defined in IETF RFC. It has a 24-bit segment identifier (VNI) and can isolate up to 16M (about 16 million) tenants. This technology effectively enables isolation of mass tenants in cloud computing |
Network division mode | VLAN IDs are used to divide broadcast domains. Hosts within a BD can communicate at Layer 2. | BDs are used to divide broadcast domains. VMs within a BD can communicate at Layer 2 |
Encapsulation mode | A VLAN tag is added to packets. | During VXLAN encapsulation, a VXLAN header, UDP header, IP header, and outer MAC header are added in sequence to an original packet |
Network communication mode | Inter-VLAN communication is implemented by VLANIF interfaces. As Layer 3 logical interfaces, VLANIF interfaces enable Layer 3 communication between VLANs. | Communication between VLANs or between VXLANs and non-VXLANs is implemented by VBDIF interfaces. VBDIF interfaces are configured on VXLAN Layer 3 gateways and are Layer 3 logical interfaces based on BDs. |
Benefits | Limits broadcast domains: A broadcast domain is limited in a VLAN, which saves bandwidth and improves network processing capabilities. Enhances LAN security: Packets from different VLANs are separately transmitted. Hosts in a VLAN cannot directly communicate with hosts in another VLAN | Location-independent capability: Services can be deployed flexibly at any location, solving network expansion issues related to server virtualization. Flexible network deployment: VXLANs are constructed over the traditional network. They are easy to deploy and highly scalable while preventing broadcast storms on a large Layer 2 network. Cloud service adaptation: A VXLAN is able to isolate ten millions of tenants and support large-scale deployment of cloud services. Technical advantage: VXLAN uses MAC-in-UDP encapsulation. Such encapsulation mode does not rely on MAC addresses of VMs, reducing the number of MAC address entries required on a large Layer 2 network. |
For more details, please visit: https://tinyurl.com/HuaweiVxLAN