Datacenters have grown in the last decade towards large server virtualized environments.
The demand for flexibility and agility on the network layer resulted in virtualization of the network to facilitate management, automation and orchestration. Segmentation on a large scale was required to facilitate multi-tenant and geographically spread datacenters.
VXLAN (or Virtual Extensible LAN) is a network virtualization technology well known in datacenters or large cloud deployments. It is a commonly known protocol to create overlay networks on top of the physical network and tunnels L2 ethernet traffic over an IP L3 network. It enables you to create virtualized L2 segments that span physical L3 networks.
VXLAN creates an “overlay” virtual network on top of the “underlay” physical network.
The underlay network is your physical “transport” network. It’s job is to get packets from A to B by using L3 routing. We know this network as our L3 network to connect networks to each other, typically in between sites or in your network switch core or firewall.
The overlay network is virtual and sits on top of the underlay physical network.
Virtual tunnels are created in between VXLAN tunnel endpoints (VTEPs)
VXLAN network identifiers (VNI) identify the VXLAN and is similar to VLAN id’s in a normal network. VNI uses 24-bits which allows +/- 16 million VXLANs compared to 4094 vlan’s.
This allows service providers to use many VNI and facilitate multi-tenancy for its customers.
The advantage of this approach is that both networks are independent.
Changes in the overlay or underlay network don’t affect each other and as long as the underlay network and routing protocol can deliver packets, the overlay network remains unchanged. VXLAN adds resiliency and scale to the physical network as we have never seen before.
You might think by reading documentation about VXLAN technology, it is not meant for you because you are not running a large multi-datacenter network. Well, think again !
We all have virtual machines that remain in a single subnet or broadcast domain.
The hosts running these machines are often close to each other and might be separated by racks or even different local datacenters connected with a L2 physical network.
Have you ever thought about the possibility to spread virtual machines within a single L2 subnet towards different locations or sites ? In the past, the most obvious solution was to ask your provider for L2 connectivity in between your sites or an EVPN solution. Often the cost for such solutions is high, not flexible and requires high network expertise to maintain or troubleshoot.
VXLAN can be the right solution to solve your problem !
By creating an overlay network on top of your existing L3 connections we can stretch L2 networks.
Did you worried about L2 security and the possibility that L2 network issues at one site could impact or break down your other sites ?
VXLAN might help you out !
The creation of different L2 VXLAN tunnels limits layer 2 issues and isolates the problem within one VXLAN segment. The underlay L3 network remains unaffected for L2 issues and allows always-on connectivity in between your sites.
Imagine a backup 3-2-1 scenario.
You have a decent backup strategy and spread your backups locally, on different media and also invest in an offsite backup for disaster scenario’s. Moving backups to a highly secure and segregated environment will make sure that they are protected against all sort of attacks.
But what do you do when disaster strikes ? How are you going to to access your data ?
VXLAN can help by allowing flexible L3 connection towards your restore site in the underlay network and building a virtualized L2 tunnel on top. VXLAN allows direct L2 access and no additional complexity, when you really need it.
Some industries still use machinery from decades ago that do not allow routing or have major limitations in their TCP/IP stack. Often L2 connectivity is the only solution to let them talk to a controller and the impact on cost, complexity and manageability might give you stress or a sky high TCO.
VXLAN can overcome these issues by having a “normal” L3 connection in the underlay and building a L2 overlay. By using this technique, there is no further need for expensive L2 connection capabilities or investment in local controllers at different sites.
For sure, Easi has experience and can help you out with both advanced datacenter VXLAN design & implementations on datacenter technology and cross-site L2 VXLAN implementations based on KMO/Entreprise equipment.
Do not hesitate to reach out to know more or to see how we can help.
Why should you care about VXLAN ?
You might think by reading documentation about VXLAN technology, it is not meant for you because you are not running a large multi-datacenter network. Well, think again !