Overlapping Network Technology: VXLAN/NVGRE

Generally, network engineers are familiar with the General Routing Encapsulation (GRE), which is easier to understand. One packet (or frame) is encapsulated in another packet. The encapsulated packet is forwarded to the tunnel endpoint and then disassembled. The original package is sent to the destination. A stack network uses the so-called "package in package" technology to securely hide a network in another network and migrate network segments. 2-layer extension and multi-tenant are popular overlapping network instances.

Over the past few years, a Standardization Organization has released a number of overlapping protocols, which are caused by the need to move hosts at any time and location in a virtualized data center. Some SDN controllers use superposition as their transmission options to build a bridge between hosts scattered in the data center. Vswitches are usually used as the other end of the tunnel. Virtual extensible LAN (VXLAN) is currently the most widely supported protocol in the industry. Cisco, brocade, and VMware support overlapping networks. Arista and brocade vswitches support VXLAN tunnel endpoints in terms of hardware.The hardware endpoint of VXLAN is bringing about a drastic change in the industry, because the stack is usually composed of software switches as the endpoint.

VXLAN encapsulates layer-2 frames in a layer-3 UDP packet. In this way, the hosts in a VXLAN segment can communicate with each other, as long as they are on the same layer-2 network, even if these hosts may be isolated by one or more layer-3 networks.

In addition, because VXLAN retains all Layer 2 frames and VLAN identifiers, Multiple Layer 3 networks can exist in a VXLAN segment. Customers in the VXLAN segment (also called tenants) will think that the network is similar to the VLAN they used previously, but the underlying network can only use one segment ID to distinguish VXLAN packets.

Each VXLAN network is distinguished by the segment ID in the VXLAN packet header. This ID has 24 BITs, which allows 16 million tenants to share the same network infrastructure and isolate each other.

Similar to VXLAN, using GRE for network Virtualization (NVGRE) uses a 24-bit identifier to define the tenant's network.NVGRE is mainly a technology developed by Microsoft and also a method used by Hyper-V.

Despite VMware's strong support for VXLAN, its overlapping network is still called the stateless Transmission Tunnel (STT). Nicira under VMware. STT is an integral part of the Nicira network virtualization platform. In particular, it must be noted that the STT Encapsulation Format makes full use of the hardware capabilities of the advanced Nic, large data blocks can be divided into small data blocks.

This is called TCP multipart detach (TSO). A network adapter with the TSO function can undertake the task of multipart detach and release the CPU of the server to other tasks. The future of STT cannot be determined yet, but VXLAN already has VMware support and general support from the industry.

In addition to VXLAN, NVGRE, and STT, another overlapping network technology worth noting is network virtualization superposition (NVO3 ).NVO3 was developed by a working group of IETF. The NVO3 issue description is similar to other overlapping technologies discussed above. That is to say, the traffic is isolated and tenants can freely use the selected addressing scheme, virtual machines can be moved freely in the network, without the need to consider the separation of layer-3 networks in the underlying core. How NVO3 will evolve in the future and how to encapsulate it remains to be observed, but the Use Case lines submitted by the NVO3 Working Group members have basically taken shape.