Overlay Network
An overlay network is network protocols that use encapsulation to provision virtual tunnels and networks without requiring reconfiguration of the underlying transport network.
- used to implement logical links between nodes or networks
- abstracts the complexity of the underlying physical topology
- e.g., VPN
- Other types of overlay network
- use encapsulation protocols and SDN to create a logical tunnel between nodes or networks that might be located in different physical topologies
- allows for the segmentation of the same physical network
- e.g., cloud provider can use an overlay network to isolate each tenant’s traffic from other tenants
- when used inside a datacenter,
- implemented using virtual extensible LANs (VXLANs)
Virtual Extensible LANs
A virtual extensible LAN (VXLAN) uses layer 2 encapsulation to create an overlay network that runs on a layer 3 IP underlay network.
- Each overlay network is allocated a 24-bit VXLAN network identifier (VNI)
- A VXLAN Tunnel Endpoint (VTEP) server, switch, or router encapsulates the layer 2 frames tagged with the VNI in UDP packets
- The UDP packets are routed over the IP network to another VTEP
- receiving VTEP decapsulates the packets to extract and process the frames
- alternative to manually configuring connections between VNIs and VTEPs:
- Ethernet VPN (EVPN) uses Border Gateway Protocol (BGP) to advertise VXLAN networks and nodes as routes
- implements a control plane
- for automated configuration and management of the overlay network
- implements a control plane
- Ethernet VPN (EVPN) uses Border Gateway Protocol (BGP) to advertise VXLAN networks and nodes as routes
Datacenter Interconnect
- overlay network could span two geographically separate locations
- e.g., connecting instances or logical networks hosted in two different datacenters
Data Center Interconnect (DCI) refers to ways of creating links between datacenters and hosts/networks in different datacenters.
- Datacenter services typically use cluster technologies and other applications that depend upon layer 2 adjacency
- means that the clustered servers or VMs must be part of the same broadcast domain and subnet
- even if they are in different datacenters
- stretching layer 2 boundaries over physical fiber links between datacenters with hosts in the different locations configured as part of the same VLAN can generate complex broadcast and spanning tree issues
- mitigated by using VXLAN and EVPN
- to implement datacenter interconnects
- EVPN allows servers to:
- discover adjacent MAC addresses
- forward data using an overlay network to tunnel traffic between them
- mitigated by using VXLAN and EVPN
- means that the clustered servers or VMs must be part of the same broadcast domain and subnet