VXLAN Basic Concepts

Virtual extensible local area network (VXLAN) is an NVO3 network virtualization technology that encapsulates data packets sent from virtual machines (VMs) into UDP packets and encapsulates IP and MAC addresses used on the physical network in outer headers before sending the packets over an IP network. The egress tunnel endpoint then decapsulates the packets and sends the packets to the destination VM.

Figure 1 VXLAN architecture

VXLAN allows a virtual network to provide access services to a large number of tenants. In addition, tenants are able to plan their own virtual networks, not limited by the physical network IP addresses or broadcast domains. This greatly simplifies network management. Table 1 describes VXLAN concepts.

Table 1 VXLAN concepts

Concept

Description

Underlay and overlay networks

VXLAN allows virtual Layer 2 or Layer 3 networks (overlay networks) to be built over existing physical networks (underlay networks). Overlay networks use encapsulation technologies to transmit tenant packets between sites over Layer 3 forwarding paths provided by underlay networks. Tenants are aware of only overlay networks.

Network virtualization edge (NVE)

A network entity that is deployed at the network edge and implements network virtualization functions.

NOTE:

vSwitches on devices and servers can function as NVEs.

VXLAN tunnel endpoint (VTEP)

A VXLAN tunnel endpoint that encapsulates and decapsulates VXLAN packets. It is represented by an NVE.

A VTEP connects to a physical network and is assigned a physical network IP address. This IP address is irrelevant to virtual networks.

In VXLAN packets, the source IP address is the local node's VTEP address, and the destination IP address is the remote node's VTEP address. This pair of VTEP addresses corresponds to a VXLAN tunnel.

VXLAN network identifier (VNI)

A VXLAN segment identifier similar to a VLAN ID. VMs on different VXLAN segments cannot communicate directly at Layer 2.

A VNI identifies only one tenant. Even if multiple terminal users belong to the same VNI, they are considered one tenant. A VNI consists of 24 bits and supports a maximum of 16M tenants.

A VNI can be a Layer 2 or Layer 3 VNI.

  • A Layer 2 VNI is mapped to a BD for intra-segment transmission of VXLAN packets.

  • A Layer 3 VNI is bound to a VPN instance for inter-segment transmission of VXLAN packets.

Bridge domain (BD)

A Layer 2 broadcast domain through which VXLAN data packets are forwarded.

VNIs identifying VNs must be mapped to BDs so that a BD can function as a VXLAN network entity to transmit VXLAN traffic.

Virtual Bridge Domain Interface (VBDIF)

A Layer 3 logical interface created for a BD. Configuring IP addresses for VBDIF interfaces allows communication between VXLANs on different network segments and between VXLANs and non-VXLANs and implements Layer 2 network access to a Layer 3 network.

Gateway

A device that ensures communication between VXLANs identified by different VNIs and between VXLANs and non-VXLANs.

A VXLAN gateway can be a Layer 2 or Layer 3 gateway.

  • Layer 2 gateway: allows tenants to access VXLANs and intra-segment communication on a VXLAN.

  • Layer 3 gateway: allows inter-segment VXLAN communication and access to external networks.
Parent Topic: VXLAN Basics
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >