Overview of VXLANs
Definition
As defined by RFC, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses the MAC in User Datagram Protocol (MAC-in-UDP) mode to encapsulate packets.
Purpose
The wide application of server virtualization technology greatly increases computing density in a data center. In addition, VMs need to freely migrate on the network to meet service change requirements. These bring challenges to traditional data center networks of the Layer 2 + Layer 3 architecture.
For VM scale limitations imposed by table entry capacities
Server virtualization leads to an exponential growth of the number of VMs, compared with physical servers. However, the MAC address table size of a Layer 2 device at the access side is incapable to meet this change.
VXLAN encapsulates original data packets sent from VMs in the same domain into UDP packets, with the IP and MAC addresses used on the physical network in outer headers. The network is only aware of the encapsulated parameters. This greatly reduces the number of MAC address entries required on large Layer 2 networks.
For limited network isolation capabilities
While VLAN is the most commonly used network isolation technology, it has its own limitations. The VLAN field in packets is only 12 bits long, which means that at most 4096 VLANs can be used on a network. In public cloud or other cloud computing scenarios involving tens of thousands or even more tenants, VLAN technology can no longer meet network isolation requirements.
A tenant is a complete collection of logical resources deployed on a data center network, including network resources such as VLANs and IP address pools, as well as computing resources such as physical servers and VMs. Each tenant has its own tenant administrator to orchestrate and deploy network services.
VXLAN uses a VXLAN Network Identifier (VNI) field similar to the VLAN ID field to identify users. The VNI field has 24 bits and can identify up to 16 million VXLAN segments, effectively isolating massive tenants in cloud computing scenarios.
For limited VM migration scope
VM migration is a process in which a VM moves from one physical server to another. To ensure uninterrupted services during VM migration, the IP address of VMs must remain unchanged. To meet this requirement, server migration must occur in a Layer 2 domain. Layer 2 domains on a traditional network are small, limiting the VM migration scope.
VXLAN encapsulates original packets sent by VMs over a VXLAN tunnel. VMs at two ends of a VXLAN tunnel do not need to know the physical architecture of the transmission network. In this way, VMs using IP addresses in the same network segment are in a Layer 2 domain logically, even if they are on different physical Layer 2 networks. VXLAN technology constructs a virtual large Layer 2 network over a Layer 3 network, so that VMs are on the same large Layer 2 network so long as there are reachable routes between them. The virtual large Layer 2 network enlarges the VM migration scope.
Benefits
As a Layer 2 VPN technology, VXLAN establishes a Layer 2 virtual network over any networks with reachable routes to implement communication within a VXLAN network through the VXLAN gateway as well as communication between a VXLAN network and a non-VXLAN network.
VXLAN uses MAC-in-UDP encapsulation to extend Layer 2 networks. It encapsulates Ethernet packets into IP packets for these Ethernet packets to be transmitted over routes, and does not need to be aware of VMs' MAC addresses. Because there is no limitation on Layer 3 network architecture, Layer 3 networks are scalable capabilities. This allows for VM migration irrespective of the network architecture.