English
HomeKnowledge CenterUnderstanding VXLAN: Revolutionizing Network Virtualization

Understanding VXLAN: Revolutionizing Network Virtualization

Posted on Jun 25, 2024 by
  Pieter van den Berg
970

10-100G Module

In today's rapidly developing data center and cloud computing environments, network flexibility and scalability have become particularly important. Traditional network segmentation technologies, such as VLAN (virtual local area network), have been widely used in the past few decades, but with the expansion of data center scale and the increase of multi-tenant requirements, their inherent limitations have gradually emerged. The number of traditional VLANs is limited, the management complexity, and the difficulty of cross-data center, prompting network architects to seek more advanced solutions. In this context, VXLAN (Virtual Extensible LAN) came into being.

This article will explore in depth the working principle, advantages, and how VXLAN solves the limitations of traditional VLANs, providing network engineers and data center managers with an effective tool to cope with complex network requirements. By understanding and applying VXLAN technology, you will be able to build a more flexible, efficient, and scalable network infrastructure to meet the growing network needs in the future.

What Is A VXLAN?

VXLAN (Virtual Extensible LAN) is a network virtualization technology designed to address the limitations of traditional VLAN (Virtual Local Area Network). It provides greater scalability and flexibility by creating a Layer 2 overlay network on top of a Layer 3 network infrastructure. Specifically, VXLAN can be understood as a technology that makes networks more flexible and scalable, allowing virtual connections to be established between different network devices in data centers and cloud environments, surpassing the limitations of traditional network technologies.

First, VXLAN addresses the scale limitations of traditional VLANs. VLANs use 12-bit identifiers and support up to 4096 VLAN IDs, while VXLAN uses 24-bit segment IDs (VXLAN network identifiers, VNIs) and can support up to 16 million unique identifiers. This huge improvement is critical for large data centers because they need to manage and isolate a large number of virtual networks.

Second, VXLAN extends the Layer 2 network on top of the Layer 3 network. By encapsulating Ethernet frames in UDP (User Datagram Protocol) packets, VXLAN enables Layer 2 networks to span different Layer 3 networks. This encapsulation method not only enhances network flexibility, but also simplifies network configuration and management across data centers.

In addition, VXLAN is very suitable for multi-tenant environments, such as cloud data centers. Each tenant can have its own independent VXLAN segment, ensuring that traffic between different tenants is isolated from each other, enhancing security. At the same time, VXLAN supports the mobility of virtual machines. When a virtual machine is migrated from one physical host to another, as long as the new host is in the same VXLAN segment, the virtual machine can keep the original IP address and continue to communicate normally without being affected.

How Does VXLAN Work?

The working mechanism of VXLAN relies on VXLAN Tunnel Endpoint (VTEP) devices, which are responsible for the encapsulation and decapsulation of VXLAN packets. VTEP devices enable communication between different networks by mapping VXLAN VNI to physical network interfaces. Although the original VXLAN standard did not specify a control plane, many implementations use protocols such as BGP EVPN (Border Gateway Protocol Ethernet Virtual Private Network) to distribute MAC addresses and IP information, which improves efficiency and scalability. The following is a detailed explanation of the working mechanism of VXLAN:

  • 1. VXLAN Tunnel Endpoint (VTEP)

The work of VXLAN relies on VXLAN Tunnel Endpoint (VTEP). VTEP is a device responsible for VXLAN encapsulation and decapsulation, usually a switch, router or server. Each VTEP has a unique IP address and acts as a terminal of the VXLAN tunnel.

  • 2. VXLAN Packet Encapsulation

When a device (such as a virtual machine) sends Ethernet frames, these frames first reach the VTEP. VTEP encapsulates these Ethernet frames in a VXLAN packet. The VXLAN packet consists of the following parts:

  • Original Ethernet frame: This is the data that needs to be transmitted.

  • VXLAN header: contains the 24-bit VXLAN network identifier (VNI) to identify different VXLAN segments.

  • UDP header: VXLAN uses UDP (User Datagram Protocol) as the transport protocol.

  • IP header: contains the IP addresses of the source and destination VTEPs.

  • Outer Ethernet header: used to transmit the encapsulated data packets on the physical network.

  • 3. Packet transmission

The encapsulated VXLAN data packets are transmitted over the Layer 3 network (IP network). Since VXLAN data packets are encapsulated in UDP, they can be routed and transmitted over any network infrastructure that supports IP.

  • 4. VXLAN data packet decapsulation

When the VXLAN data packet reaches the destination VTEP, the destination VTEP decapsulates the data packet. It extracts the original Ethernet frame from the UDP and VXLAN headers and forwards it to the destination device (such as the destination virtual machine). In this way, VXLAN implements Layer 2 connectivity across the Layer 3 network.

  • 5. MAC address learning

VXLAN uses the "Flood and Learn" approach to manage the MAC address table. When a VTEP receives an unknown MAC address, it floods the packet to all other VTEPs in the VXLAN segment. This allows other VTEPs to learn the new MAC address and add it to their own MAC address tables.

  • 6. Control Plane

While the original VXLAN standard relied primarily on the data plane flooding and learning mechanism, modern VXLAN implementations typically use control plane protocols such as BGP EVPN to distribute MAC addresses and IP information. This approach improves efficiency and scalability, reduces flooding traffic, and provides better network management capabilities.

VXLAN

VLAN vs. VXLAN

VLAN (Virtual Local Area Network) and VXLAN (Virtual eXtensible Local Area Network) are both network virtualization technologies designed to improve the utilization and management efficiency of network resources, but they differ in scale, technical implementation, and application scenarios:

Identification Space

  • VLAN uses a 12-bit VLAN ID and theoretically supports up to 4096 different VLANs. This is usually sufficient in small to medium-sized networks.

  • VXLAN uses a 24-bit VNI (VXLAN Network Identifier) and can support up to 16 million virtual networks, greatly expanding the scale of the Layer 2 network and suitable for large-scale cloud environments.

Working Principle and Encapsulation

  • VLAN achieves logical isolation of the network by inserting an 802.1Q tag into the Ethernet frame, which occurs at the second layer (data link layer).

  • VXLAN uses MAC-in-UDP encapsulation to encapsulate the original Ethernet frame in a UDP message and then transmit it through the third layer (network layer). This allows VXLAN to cross the three-layer network boundary and achieve a wider range of network virtualization.

Network Scale and Isolation

  • VLAN isolation is based on port configuration on physical switches and is usually limited to a single broadcast domain.

  • VXLAN creates a Layer 2 network across multiple physical switches through tunneling technology (usually between VTEP, VXLAN Tunnel End Point), achieving more flexible logical isolation and cross-subnet communication.

Bandwidth Efficiency and Network Latency

  • VLAN may be restricted by the spanning tree protocol (STP) in traditional networks, resulting in the blocking of some network paths and affecting bandwidth utilization efficiency.

  • VXLAN can bypass STP restrictions and make full use of all network paths to improve bandwidth efficiency because it is encapsulated in UDP and transmitted over IP networks. Although the encapsulation process will introduce a certain amount of additional latency, this impact is usually acceptable in modern high-speed networks.

Application Scenarios

  • VLAN is suitable for smaller-scale network segmentation, such as isolation between departments within an enterprise.

  • VXLAN is more suitable for cloud service providers and large data centers, especially when a large number of tenants need to be isolated and virtual networks need to be extended across data centers.

In summary, VLAN and VXLAN have their own focuses. VLAN is a basic means of network segmentation, while VXLAN is an extension based on VLAN, providing more powerful network virtualization capabilities for large-scale, multi-tenant environments.

Combined EVPN-VXLAN

EVPN (Ethernet Virtual Private Network) is a network technology that uses BGP (Border Gateway Protocol) to provide scalable and efficient Layer 2 and Layer 3 VPN services. When EVPN combined with VXLAN, it provides a powerful solution for modern networks. EVPN ensures efficient MAC address distribution, scalability, and support for Layer 2 and Layer 3 services, while VXLAN provides extensive network segmentation and flexibility through encapsulation and Layer 3 overlay networks. The combination of the two enables a scalable, efficient, and flexible network design that is ideal for large-scale, multi-tenant environments such as data centers and cloud infrastructure.

For more information about EVPN-VXLAN, please refer to What is EVPN-VXLAN and How Does it Work?

Challenges with Using Traditional VLAN

The main challenges of using traditional VLANs in modern network environments include:

  • Scalability Limitations: Traditional VLANs can only support 4096 VLAN IDs, which is difficult to meet the needs of large data centers and cloud environments.

  • Configuration and Management Complexity: VLANs on each switch need to be manually configured, which is prone to errors and increases the management burden.

  • Multi-tenant Environment: It is complex to configure independent VLANs for each tenant, and the number limit makes isolation and security management difficult.

  • Network Topology Limitations: Traditional VLANs are limited by the physical network topology and are difficult to expand to remote data centers or across multiple sites.

  • Difficulty in Virtual Machine Migration: If the VLANs of two data centers are inconsistent, virtual machine migration will cause network interruption and complex configuration.

  • Redundancy and Load Balancing Complexity: Implementing redundancy and load balancing requires complex configurations, such as spanning tree protocol (STP), which may cause network bottlenecks and performance issues.

  • Broadcast Domain Expansion Issues: As VLANs expand, broadcast and flooding traffic increases, affecting network performance and stability.

  • Management and Monitoring Difficulties: VLAN management and traffic monitoring in large-scale networks are more difficult, and troubleshooting is complex.

So the new technology VXLAN was born.

How Does VXLAN Solve These Problems?

VXLAN solves many of the problems faced by traditional VLANs by providing a more flexible and scalable network virtualization solution. The following is a detailed explanation of how VXLAN addresses these challenges:

  • 1. Scalability Limitations

  • Large Number of VLAN IDs: VXLAN uses a 24-bit VXLAN network identifier (VNI) to support up to 16 million unique identifiers, far exceeding the 4096 ID limit of traditional VLANs. This allows VXLAN to meet the needs of large-scale network segmentation in large data centers and cloud environments.

  • 2. Configuration and Management Complexity

  • Automation and Centralized Management: VXLAN can be used in conjunction with control plane protocols such as BGP EVPN to automate the distribution of MAC addresses and IP addresses and simplify network configuration and management. This reduces manual configuration errors and management complexity.

  • 3. Multi-tenant Environment

  • Strong Isolation and Security: VXLAN's up to 16 million VNIs allow the creation of independent virtual networks for each tenant, ensuring traffic isolation between tenants and enhancing security. At the same time, VXLAN can more easily implement network management and security policies in a multi-tenant environment.

  • 4. Network Topology Limitations

  • Layer 2 over Layer 3: VXLAN extends the Layer 2 network across the Layer 3 network infrastructure by encapsulating Layer 2 Ethernet frames in Layer 3 IP packets. This allows the network to span different data centers and geographic locations without being restricted by the physical network topology.

  • 5. Difficulty in Virtual Machine Migration

  • Seamless Migration: Since VXLAN can work on Layer 2 networks across data centers, virtual machines can be seamlessly migrated between different physical hosts without changing IP addresses and network configurations. This greatly simplifies the process of virtual machine migration and reduces the risk of network interruption.

  • 6. Redundancy and Load Balancing Complexity

  • Simplified Load Balancing and Redundancy: VXLAN leverages the load balancing and redundancy features of IP networks to reduce reliance on complex spanning tree protocols (STP). This simplifies network configuration and improves network resilience and performance.

  • 7. Broadcast Domain Expansion Issues

  • Reduce Broadcast Traffic: VXLAN can optimize the processing of broadcast, unknown unicast, and multicast traffic through control plane protocols (such as BGP EVPN), reduce flooding traffic, and improve network performance and stability.

  • 8. Management and Monitoring Difficulties

  • Enhanced Visibility and Management Tools: VXLAN supports more advanced network management and monitoring tools, providing better network visibility and troubleshooting capabilities. Using the control plane protocol, MAC address and IP address information can be centrally managed, simplifying the troubleshooting process.

With these improvements, VXLAN provides a powerful network virtualization solution for modern data centers and cloud environments.

FS VXLAN Network Solution In Data Center

FS provides a data center network architecture built on EVPN-VXLAN. The architecture consists of the following parts:

  • Underlay Network: This part includes two firewalls and two VXLAN gateways. The firewall is used to protect the internal network from external threats and control inbound and outbound traffic. The VXLAN gateway is responsible for connecting the VXLAN tunnel to the underlying physical network.

  • EVPN-VXLAN Network: This area contains two core switches (Spine Switches), which are interconnected through a multipath protocol (MLAG) to provide high availability and load balancing. These switches are the core of the data center and are responsible for routing and forwarding packets.

  • Leaf Switches: These devices are located between the server and the core switch and provide access services for the server. They usually have high port density and low latency to handle large amounts of server traffic.

In terms of overall design, this solution adopts a layered structure, that is, a three-layer model consisting of Underlay Network, EVPN-VXLAN Network, and Leaf Switches. This design helps to improve network performance, scalability, and management efficiency. At the same time, the use of technologies such as VRF (Virtual Routing and Forwarding) and OSPF can achieve isolation and routing information sharing between different services, ensuring the security and flexibility of the network.

VXLAN Network Solution In Data Center

Final Thoughts

VLAN is suitable for small-scale networks and simple network segmentation needs, but its limitations are particularly prominent in the face of modern large-scale data centers and cloud environments. VXLAN has become an ideal choice for modern network virtualization by providing greater scalability, flexibility, and stronger multi-tenant support.

VXLAN is a better choice for environments that need to manage a large number of tenants, span multiple data centers, and require high scalability and flexibility. Although its implementation and management are more complex, the advantages and solutions it brings far exceed traditional VLAN.

In short, in modern data centers and cloud environments, VXLAN provides powerful network virtualization capabilities, overcomes many limitations of traditional VLAN, and is a better choice for complex network needs.

Want to know more details about FS success stories? Contact us now to learn more about FS network deployment solutions and take the first step in network upgrading. Let FS become your trusted partner to jointly create an efficient, stable and advanced network environment.

Tags

You might be interested in

Knowledge
See profile for Howard.
 Howard
VXLAN: the Future for Data Center Networks
May 20, 2023
9.6k
Knowledge
See profile for Howard.
 Howard
Achieve Cloud Networking with the VXLAN Network Solution
Oct 20, 2023
1.1k
Knowledge
See profile for Howard.
 Howard
Optimizing Data Center Networks: Harnessing the Power of EVPN-VXLAN, RoCE, and Advanced Routing Strategies
Dec 22, 2023
1.3k
Knowledge
See profile for Moris.
 Moris
Layer 2 vs Layer 3 Switch: Which One Do You Need?
Oct 6, 2021
617.9k
Knowledge
See profile for John.
 John
Fiber Optic Cable Types: Single Mode vs Multimode Fiber Cable
May 10, 2022
959.4k
Knowledge
See profile for Sheldon.
 Sheldon
Running 10GBASE-T Over Cat6 vs Cat6a vs Cat7 Cabling?
Mar 18, 2024
470.7k
Knowledge
See profile for Sheldon.
 Sheldon
Decoding OLT, ONU, ONT, and ODN in PON Network
Mar 14, 2023
436.0k
Story
See profile for Jason Paul.
 Jason Paul
Server re-rack is complete! Thanks to Primespec Inc and FS.com for the great customer service, and a
Jul 29, 2021
18.2k
Knowledge
See profile for Irving.
 Irving
What's the Difference? Hub vs Switch vs Router
Dec 17, 2021
383.5k
Knowledge
See profile for Sheldon.
 Sheldon
What Is SFP Port of Gigabit Switch?
Jan 6, 2023
375.0k
Knowledge
See profile for Jason.
 Jason
The Advantages and Disadvantages of Fiber Optic Transmission
Sep 29, 2021
126.7k
Knowledge
See profile for Migelle.
 Migelle
PoE vs PoE+ vs PoE++ Switch: How to Choose?
May 30, 2024
460.4k
News Letter
Videos
Global Delivery Service | FS
01:11
Jun 26, 2024
113
Global Delivery Service | FS
Recent Trend
PicOS® Switch Software

PicOS® Switch Software

AmpCon™ Management Platform

AmpCon™ Management Platform

Hot Tags
Popular
FS.com About FS FS APP Contact Privacy Terms