Skip to main content

VXLAN

Virtual extensive Local Area Network (LAN) (or Virtual Extensible LAN (VXLAN)) is a protocol for running a Layer 2 network and stretching it over a Layer 3 network, which can be referred to Autonomous System (AS) a VXLAN segment or tunnel by utilizing MAC-in-UDP encapsulation.

The concept of a VXLAN standard emerged around 2011. It has been tracked by the Internet Engineering Task Force (IETF) AS RFC 7348.

The most important need for VXLANs was to add a 24-bit segment ID. When using a simple Virtual LAN (VLAN), network managers can max out the number of available network addresses. This was introduced to help increase the size of the network, increasing the available Intrusion Detection System (IDS) to 16 million. That shift represents an increased usage rate of over 390,000 percent.

Increases Scaleability

For many companies and work environments, the use of a LANs was sufficient AS the servers and computing machines were in close proximity and allowed for the moderate network traffic they produced. However, AS cloud computing and virtual networks have become more common network workloads have increased and more issues with scaleability have popped up. VLANs were created to isolate and encapsulate packets and tenants creating multiple broadcast domains. This Layer 2 move allowed for distinct information to be shared specifically between the needed users AS opposed to the entire system. Once again, though, problems arose with scalability AS VLAN’s 12-bit ID only provides for 4,094 network IDS, an issue for growing companies and an ever-expanding cloud.

VXLANs arrived to save the day. The protocol was originally introduced and promoted by the cooperation of two large networking companies, Cisco and VMware. It gained support from a broad range of industry players who helped develop the protocol, including Arista, Broadcom, Brocade, Cumulus Networks, Emulex, Intel, and Red Hat.

[caption id=“attachment_25466” align=“aligncenter” width=“465”] Source: Cisco[/caption]

The VXLAN overlay system allows for major improvements of the VLAN Layer 2 usage of Spanning Tree Protocol (STP), (STP) which ends up not using half of the network by blocking certain paths. VXLAN can utilize Layer 3 routing, which includes equal-cost multipath, opening up a far larger portion of the available paths. VXLAN utilizes VXLAN tunnel endpoint (VTEP) technology to chart a user’s end device to the VXLAN segments AS it encapsulates and de-encapsulates the information. Each VTEP performs two duties. One is to transport Ethernet frames and packets to the transport Internet Protocol (IP) network through an IP interface. The other is a switch on the local LAN segment, which communicates between the network and the user.

[caption id=“attachment_25467” align=“aligncenter” width=“471”] Source: DCXTC[/caption]

Security Included

Due to the structure of a VXLAN, tunneled traffic can utilize traditional security options, which authenticate and encrypt the traffic. In addition, the existing LAN infrastructure provides the perfect setting. A VLAN can be designated just for VXLAN traffic, providing security with just the servers sending the traffic. The setup ensures that all the endpoints are authorized on the LAN.

Also, within the broadcast, unknown unicast, and multicast traffic, IP multicast is utilized within a VXLAN. Each VTEP device is individually set-up and is a member of the multicast group AS an IP host.

VXLAN is one of the best methods for facilitating vMotion, a form of live migration where an entire Virtual Machine (VM) can switch from one physical server to another, in a matter of seconds.

In summary, VXLANs have emerged to expand the functionality and scalability of VLANs across a wide range of virtual networks.