VXLAN Introduction

Definition

Virtual extensible local area network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses MAC-in-UDP encapsulation.

Purpose

As a widely deployed core cloud computing technology, server virtualization greatly reduces IT and O&M costs and improves service deployment flexibility.

Figure 1 Server virtualization

On the network shown in Figure 1, a server is virtualized into multiple virtual machines (VMs), each of which functions as a host. A great increase in the number of hosts causes the following problems:

VM scale is limited by the network specification.

On a legacy large Layer 2 network, data packets are forwarded at Layer 2 based on MAC entries. However, there is a limit on the MAC table capacity, which subsequently limits the number of VMs.
Network isolation capabilities are limited.
Most networks currently use VLANs to implement network isolation. However, the deployment of VLANs on large-scale virtualized networks has the following limitations:
- The VLAN tag field defined in IEEE 802.1Q has only 12 bits and can support only a maximum of 4094 VLANs, which cannot meet user identification requirements of large Layer 2 networks.
- VLANs on legacy Layer 2 networks cannot adapt to dynamic network adjustment.
VM migration scope is limited by the network architecture.

After a VM is started, it may need to be migrated to a new server due to resource issues on the original server, for example, when the CPU usage is too high or memory resources are inadequate. To ensure uninterrupted services during VM migration, the IP address of the VM must remain unchanged. To carry this out, the service network must be a Layer 2 network and also provide multipathing redundancy backup and reliability.

VXLAN addresses the preceding problems on large Layer 2 networks.

Eliminates VM scale limitations imposed by network specifications.

VXLAN encapsulates data packets sent from VMs into UDP packets and encapsulates IP and MAC addresses used on the physical network into the outer headers. Then the network is only aware of the encapsulated parameters and not the inner data. This greatly reduces the MAC address specification requirements of large Layer 2 networks.
Provides greater network isolation capabilities.

VXLAN uses a 24-bit network segment ID, called VXLAN network identifier (VNI), to identify users. This VNI is similar to a VLAN ID and supports a maximum of 16M [(2^{^24} - 1)/1024^{^2}] VXLAN segments.
Eliminates VM migration scope limitations imposed by network architecture.

VXLAN uses MAC-in-UDP encapsulation to extend Layer 2 networks. It encapsulates Ethernet packets into IP packets for these Ethernet packets to be transmitted over routes, and does not need to be aware of VMs' MAC addresses. There is no limitation on Layer 3 network architecture, and therefore Layer 3 networks are scalable and have strong automatic fault rectification and load balancing capabilities. This allows for VM migration irrespective of the network architecture.

Benefits

As server virtualization is being rapidly deployed on data centers based on physical network infrastructure, VXLAN offers the following benefits:

A maximum of 16M VXLAN segments are supported using 24-bit VNIs, which allows a data center to accommodate multiple tenants.
Non-VXLAN network edge devices do not need to identify the VM's MAC address, which reduces the number of MAC addresses that have to be learned and enhances network performance.
MAC-in-UDP encapsulation extends Layer 2 networks, decoupling between physical and virtual networks. Tenants are able to plan their own virtual networks, not limited by the physical network IP addresses or broadcast domains. This greatly simplifies network management.