What is it?
Network Virtualization Overlay (NVO) is where an independent virtual network infrastructure is created on top of an physical network infrastructure. This concept of an overlay network is not new, but it has become more popular within Data Centers over the past couple of years.
Most businesses will have encountered overlay networks with VPNs, where they have established a private network over another network such as the Internet. They key point being that the physical underlying infrastructure is operated and managed independently from the overlay network.
This brings up the requirement for the physical underlay network to be as resilient as possible. In most modern Data Center designs this means building a layer 3 ECMP network.
Whenever overlay networks are mentioned the following terms are not far behind.
- Underlay: The underlying physical Infrastructure, the switches, servers and cables.
- Overlay: The virtual network implemented on top of the physical Underlay, the logical separation that shares the physical infrastructure,
What problem does it solve?
Overlay networks were developed to solve several issues primarily around offering secure multi-tenant isolation in large Data Center Networks.
With the domination of virtualization within the Data Center an issue began to arise whereby layer 2 networks were required to allow virtual machine migration. Stretching layer 2 networks throughout a Data Center can cause several issues of varying intensity based on the overall architecture, such as increased failure domain, spanning-tree etc. However a main issue for a lot of multi-tenant Data Centers was the limit of 4094 VLANs.
Using an overlay network allows you to abstract the physical Data Center away from the client network. Instead of looking at a Data Center as a single network, you can now have an underlay as the service provider and each overlay as an independent private customer.
Sounds like MPLS?
In many ways, it is similar to an L2 MPLS solution. The big difference with Overlay Networking however, is that you get the same functionality used in an MPLS service providers networks without having to pay for MPLS capable hardware and in most cases a much simpler configuration to boot.
How does it work?
Although each overlay protocol functions slightly differently, in essence they all work in the same way. Additional posts provide more detail on how each overlay solution functions, so please refer to them for more detail, however the basic premise is:
- The original payload is encapsulated in a protocol that adds an ID to make it unique.
- A gateway device that connects the physical network to the virtual network provides the encapsulation service.
- This unique ID is then exchanged to other gateways within the Data Center allowing virtual networks to communicate.
- The crux of the solution is that all of this is transparent to end hosts on the virtual network.
What NVO Solutions are available?
The most common at this moment in time is VXLAN with NVGRE being used purely by Microsoft.
Take a look at the following posts for more information: