Skip to main content

Underlay Network

An underlay network is the physical or logical IP network infrastructure that provides basic connectivity and transport services on top of which one or more overlay networks operate.

Expanded Explanation

1. Technical Function and Core Characteristics

An underlay network consists of routers, switches, links, and routing protocols that forward packets based on physical or logical addressing. It provides reachability, path selection, and transport for encapsulated or native traffic. Network operators design and configure the underlay to meet requirements for bandwidth, latency, reliability, and fault tolerance.

The underlay typically uses established routing protocols such as Open Shortest Path First (OSPF), IS-IS, Border Gateway Protocol (BGP), or segment routing to compute paths and maintain topology information. It can span data centers, wide area networks, and campus environments and can use IP, Multiprotocol Label Switching (MPLS), or Ethernet technologies to carry overlay tunnels and conventional traffic.

2. Enterprise Usage and Architectural Context

In enterprise architectures, the underlay network provides the foundation for technologies such as Software Defined Networking (SDN), Network Virtualization (NV), and data center fabric designs. It carries encapsulated traffic from overlays such as Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), or IPsec tunnels while remaining unaware of the tenant or application semantics inside those overlays.

Architects use the underlay to separate physical transport concerns from virtual network and policy constructs. They define underlay design patterns for leaf-spine fabrics, Wide Area Network (WAN) backbones, and hybrid cloud connectivity and specify service levels that overlays must rely on for performance, availability, and resilience.

3. Related or Adjacent Technologies

The underlay network relates directly to overlay networks, which build virtual topologies and services on top of the underlay using tunneling or encapsulation. Technologies such as VXLAN, Generic Routing Encapsulation (GRE), GENEVE, MPLS VPNs, and Software-Defined Wide Area Network (SD-WAN) overlays depend on an underlay for IP reachability between tunnel endpoints.

It also interacts with network underlay control mechanisms, including interior and exterior gateway protocols, Traffic Engineering (TE) methods, and Quality of Service (QoS) configurations. In many architectures, the underlay integrates with network observability, telemetry, and automation systems that monitor and adjust routing, capacity, and fault handling.

4. Business and Operational Significance

For enterprises, the underlay network underpins connectivity for applications, users, and hybrid cloud services and influences how predictably overlays can deliver security and segmentation policies. Its design and operation affect network availability targets, capacity planning, and compliance with internal service objectives.

Operations teams manage the underlay as a stable infrastructure layer, focusing on routing stability, link health, and hardware or transport lifecycle management. Decisions about underlay topology, protocol selection, and redundancy models affect cost, operational complexity, and how easily organizations can deploy or modify virtualized network services on top.