Post by Terry Huber, System Engineer, VMware
I’ve been asked about VXLAN by a few people recently so I wanted to put together an overview of the technology. When someone asks me what VXLAN is, I usually respond with “What is your networking background?” VXLAN can’t be explained in an elevator pitch due to the complexity. I’ll do my best to give a clear picture of what VXLAN is here.
What is VXLAN?
The best way to describe VXLAN is that it is an overlay technology. VXLAN encapsulates MAC frames at layer 2 into a UDP header. Communication is established between two tunnel end points called Virtual Tunnel Endpoints or VTEPs. VTEPs encapsulate the virtual machine traffic in a VXLAN header as well as strip the encapsulation off and present it to the destination virtual machine with the original layer 2 packet. It may be helpful to have a look at how the encapsulation header is composed.
What VXLAN Can Do
Let’s talk about what it can do. In simplest terms, VXLAN enables you to create a logical network for your virtual machines across different networks. You can create a layer 2 network on top of your layer 3 networks. This is why VXLAN is called an overlay technology. Normally if you want a virtual machine to “talk” to a virtual machine in a different subnet you need to use a layer 3 router to bridge the gap between networks. With VXLAN we can utilize vShield Edge to communicate between VXLAN segments. Now that I’ve mentioned vShield Edge, it is a necessary component of VXLAN architecture. Let’s look at the other components needed to utilize VXLAN.
- VMware vCloud Network and Security Manager (vCNS) is a centralized network management component of the vCloud Network and Security Product suite.
VMware vSphere Distributed Switch (VDS) provides a single point of management for virtual networking aspects in the datacenter. VDS also provides advanced capabilities including traffic management, monitoring, and troubleshooting along with VXLAN support. VDS is only available in the vSphere Enterprise plus edition.
- Virtual Tunnel End Point (VTEP) is configured on every host as part of the VXLAN configuration process. The VTEP consists of the following modules
- VMkernel module-VTEP functionality is part of the VDS and is installed as a VIB. This module is used for VXLAN data path processing, which includes maintenance of forwarding tables and encapsulation and de-encapsulation of packets
- VMknic virtual adapter-This is used to carry VXLAN traffic
- VXLAN port group-This is configured during initial VXLAN configuration process. It includes physical NICs, VLAN information and teaming policy. These port groups dictate how VXLAN traffic is carried in and out of the host VTEP through the physical NICs.
- VMware vCloud Networking and Security Edge Gateway is a virtual appliance with advanced network services support such as perimeter firewall, DHCP, NAT,VPN, load balancer and VXLAN gateway function
The VXLAN gateway function of the vCloud Networking and Security Edge gateway is one of the key components of the VXLAN network design. The vCloud Networking and Security Edge gateway acts as a transparent bridge between the VXLAN and non-VXLAN infrastructure. It is used in the following scenarios:
1) When a virtual machine connected to a logical L2 network must communicate with a physical server or virtual machine running on a host that does not support VXLAN, the traffic is directed through the vCloud Networking and Security Edge gateway.
2) When a virtual machine on one logical L2 network must communicate with a virtual machine on another logical L2 network, the vCloud Networking and Security Edge gateway can provide that connectivity.
The vCloud Networking and Security Edge gateway is a highly available virtual appliance that is deployed in an active–standby configuration and has as many as 10 interfaces. It is offered in three sizes: compact, full and x-large. Users have the option of scaling up their vCloud Networking and Security Edge gateway design by increasing the size of the appliance or of scaling out by using multiple virtual appliances.
Now that I’ve discussed what VXLAN is and the components needed to make it work I’d like to suggest why you need to use it and the benefits:
- Helps you move to a software defined datacenter model. It allows a vSphere administrator to provision a VM that can communicate with another VM on a different network without having to involve the network team to configure the physical switches and routers
- Useful in environments that are nearing the 4000 VLAN limitation
- Used in sites that have a cluster with a given set of VLANs assigned but these VLANs are not shared across other clusters but have the requirement to place VMs across those clusters
- Definitely, investment protection: VXLAN runs over standard switching hardware, with no need for software upgrades or special code versions on the switches.
I direct my customers to the following resources that can explain configuration very well. I recommend Duncan Epping’s blog post on VXLAN configuration.
I also recommend the VMware VXLAN Deployment Guide found here:
And check out our VMware Solution page for a quick overview of VMware’s Software Defined Networking.
I hope this provided you with tangible information to help optimize your IT infrastructure and solve any datacenter network challenges. How have you resolved your datacenter network challenges?
I look forward to your comments,