Home > Blogs > VMware SMB Blog


VXLAN – What it is, Components that Make it Work, and Benefits

Post by Terry Huber, System Engineer, VMware

I’ve been asked about VXLAN by a few people recently so I wanted to put together an overview of the technology. When someone asks me what VXLAN is, I usually respond with “What is your networking background?”  VXLAN can’t be explained in an elevator pitch due to the complexity.  I’ll do my best to give a clear picture of what VXLAN is here.

What is VXLAN?

The best way to describe VXLAN is that it is an overlay technology. VXLAN encapsulates MAC frames at layer 2 into a UDP header. Communication is established between two tunnel end points called Virtual Tunnel Endpoints or VTEPs.  VTEPs encapsulate the virtual machine traffic in a VXLAN header as well as strip the encapsulation off and present it to the destination virtual machine with the original layer 2 packet. It may be helpful to have a look at how the encapsulation header is composed.

What VXLAN Can Do

Let’s talk about what it can do. In simplest terms, VXLAN enables you to create a logical network for your virtual machines across different networks. You can create a layer 2 network on top of your layer 3 networks. This is why VXLAN is called an overlay technology. Normally if you want a virtual machine to “talk” to a virtual machine in a different subnet you need to use a layer 3 router to bridge the gap between networks. With VXLAN we can utilize vShield Edge to communicate between VXLAN segments.  Now that I’ve mentioned vShield Edge, it is a necessary component of VXLAN architecture.  Let’s look at the other components needed to utilize VXLAN.

  • VMware vCloud Network and Security Manager (vCNS) is a centralized network management component of the vCloud Network and Security Product suite.

VMware vSphere Distributed Switch (VDS) provides a single point of management for virtual networking aspects in the datacenter. VDS also provides advanced capabilities including traffic management, monitoring, and troubleshooting along with VXLAN support. VDS is only available in the vSphere Enterprise plus edition.

  • Virtual Tunnel End Point (VTEP) is configured on every host as part of the VXLAN configuration process. The VTEP consists of the following modules
    • VMkernel module-VTEP functionality is part of the VDS and is installed as a VIB. This module is used for VXLAN data path processing, which includes maintenance of forwarding tables and encapsulation and de-encapsulation of packets
    • VMknic virtual adapter-This is used to carry VXLAN traffic
    • VXLAN port group-This is configured during initial VXLAN configuration process. It includes physical NICs, VLAN information and teaming policy. These port groups dictate how VXLAN traffic is carried in and out of the host VTEP through the physical NICs.
  • VMware vCloud Networking and Security Edge Gateway is a virtual appliance with advanced network services support such as perimeter firewall, DHCP, NAT,VPN, load balancer and VXLAN gateway function

The VXLAN gateway function of the vCloud Networking and Security Edge gateway is one of the key components of the VXLAN network design. The vCloud Networking and Security Edge gateway acts as a transparent bridge between the VXLAN and non-VXLAN infrastructure. It is used in the following scenarios:

1) When a virtual machine connected to a logical L2 network must communicate with a physical server or virtual machine running on a host that does not support VXLAN, the traffic is directed through the vCloud Networking and Security Edge gateway.

2) When a virtual machine on one logical L2 network must communicate with a virtual machine on another logical L2 network, the vCloud Networking and Security Edge gateway can provide that connectivity.

The vCloud Networking and Security Edge gateway is a highly available virtual appliance that is deployed in an active–standby configuration and has as many as 10 interfaces. It is offered in three sizes: compact, full and x-large. Users have the option of scaling up their vCloud Networking and Security Edge gateway design by increasing the size of the appliance or of scaling out by using multiple virtual appliances.

Benefits

Now that I’ve discussed what VXLAN is and the components needed to make it work I’d like to suggest why you need to use it and the benefits:

  • Helps you move to a software defined datacenter model. It allows a vSphere administrator to provision a VM that can communicate with another VM on a different network without having to involve the network team to configure the physical switches and routers
  • Useful in environments that are nearing the 4000 VLAN limitation
  • Used in sites that have a cluster with a given set of VLANs assigned but these VLANs are not shared across other clusters but have the requirement to place VMs across those clusters
  • Definitely, investment  protection: VXLAN runs over standard switching hardware, with no need for software upgrades or special code versions on the switches.

I direct my customers to the following  resources that can explain configuration very well. I recommend Duncan Epping’s blog post on VXLAN configuration.

I also recommend the VMware VXLAN Deployment Guide found here:

And check out our VMware Solution page for a quick overview of VMware’s Software Defined Networking.

I hope this provided you with tangible information to help optimize your IT infrastructure and solve any datacenter network challenges. How have you resolved your datacenter network challenges?

I look forward to your comments,

Terry

11 thoughts on “VXLAN – What it is, Components that Make it Work, and Benefits

  1. Louis

    Am I correct in stating that VXLAN will essentially give us the ability to create cross network clusters, in which we can migrate and vmotion VMs to hosts that are not in our same physical (immediate network) locations? Or is this confined to just VM -> VM traffic?

    Thanks.

    Reply
  2. Pingback: Big Switch Networks and the (possible) future of the Networking Hardware | ytd2525

  3. Allen

    Thanks Terry.Your description is very useful for me to understand what’s VXLAN and know the structs of this technology.

    Reply
  4. Pingback: O NetworkManager agora suporta o VxLAN | ATALIBA TEIXEIRA

  5. Parthiban

    Hi terry,

    its a very god explanation.
    i have a doubt.
    vlan ID is 12 bits, thus we will have 4096 vlans.

    ” if the cloud provider has more clients (for example more than 5000), then we wll bw out of vlans, so we can use vxlan instead of it”.

    I read the above a while ago in some website. My doubt is, we can use private vlan – isolated vlan for the clients right? so once we create vlan 4000 in transparent mode and mark it as isolated, then we can add more no of clients to this vlan. eventhough they are in same vlan, they wont communicate with each other right? since its a isolated vlan.

    Can you please clarify my doubt.
    Thanks in advance.

    Thanks
    Parthiban

    Reply
    1. Terry Huber

      We get around the 4096 vlan limit by using VXLAN which is an overlay network. It uses an additional header to segment a vlan into multiple VXLANs.

      To address the pvlan, question yes it would work in assisting in isolating the environments. However, I would recommend looking into NSX for Micro-segmentation and a zero trust model if you are needing in depth security between application deployments.

      Recommended reading on pvlan- http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010691

      Reply
  6. Vina

    I never saw a response to the query above from Louis regarding enabling vMotion.

    Am I correct in stating that VXLAN will essentially give us the ability to create cross network clusters, in which we can migrate and vmotion VMs to hosts that are not in our same physical (immediate network) locations? Or is this confined to just VM -> VM traffic?

    Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>