Understanding Network Virtualization: A Beginner's Overview
Choosing Between VXLAN, NVGRE, and STT: A Guide to Network Virtualization Options
Network virtualization is the process of creating virtual networks over a physical network. This allows you to create multiple isolated networks that can run on the same physical infrastructure.
Network virtualization is used for a variety of purposes, including:
Scalability: Network virtualization can help you to scale your network by allowing you to create new virtual networks without having to add new physical infrastructure.
Security: Network virtualization can help you to improve security by isolating different networks from each other.
Cost savings: Network virtualization can help you to save money by allowing you to consolidate your network infrastructure.
There are a number of different ways to implement network virtualization. Some of the most common methods include:
VLANs: VLANs (Virtual Local Area Networks) are a way of creating isolated networks within a physical network. VLANs are typically implemented using Layer 2 switches.
VXLAN: VXLAN (Virtual eXtensible Local Area Network) is a tunneling protocol that allows you to create overlay networks over an existing IP network. VXLAN is typically implemented using Layer 3 switches.
NVGRE: NVGRE (Network Virtualization using Generic Routing Encapsulation) is another tunneling protocol that can be used to create overlay networks over an existing IP network. NVGRE is typically implemented using Layer 3 switches.
Here is a simple analogy to help you understand network virtualization. Imagine that you have a physical network with three hosts, A, B, and C. You can use network virtualization to create two virtual networks, one with hosts A and B, and the other with hosts B and C. The two virtual networks would be completely isolated from each other, even though they are running on the same physical network.
The benefits of using network virtualization overlays include:
Flexibility: Network virtualization overlays are software-defined, which means they can be managed and configured more dynamically than hardware-based networking. They can be easily scaled up or down based on requirements, and can be moved or changed as required.
Isolation: Overlay networks can help to isolate network traffic, which can be beneficial for security and compliance purposes. Traffic on one virtual network does not need to interact with traffic on another, even if they are on the same physical network.
Efficiency: By decoupling the physical network from the logical or virtual networks, you can use network resources more efficiently. For example, you can create multiple virtual networks on a single physical network, each optimized for a particular type of traffic.
Compatibility: Network overlays can allow for the creation of virtual networks that span across different physical network types and hardware from different vendors. This can make it easier to integrate and manage diverse network environments.
Simplification: Virtualization can simplify network design and operation by allowing for centralized control and automation of network functions.
Some common protocols used for network virtualization overlays include VXLAN (Virtual Extensible LAN), NVGRE (Network Virtualization using Generic Routing Encapsulation), and STT (Stateless Transport Tunneling). These protocols help to create virtual networks by encapsulating or "tunneling" network packets within other packets.
VXLAN (Virtual Extensible LAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to create Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A VXLAN allows up to 16 million logical networks to be created, far exceeding the 4096 VLAN limit.
Here's a brief overview of how VXLAN works:
Encapsulation: Each virtual network or VXLAN is identified by a 24-bit segment ID or VXLAN Network Identifier (VNI). When a packet is to be transported from one virtual machine (VM) to another VM on a different physical machine, the packet is encapsulated with a VXLAN header that includes the VNI.
Packet Transmission: The encapsulated packet is then transmitted over the underlying physical IP network via IP tunneling, which means it's encapsulated within a standard IP packet. This allows the VXLAN to operate over existing Layer 3 (IP) networks.
Decapsulation: At the destination, the packet is decapsulated and forwarded to the destination VM based on the VNI in the VXLAN header.
VXLAN uses UDP (User Datagram Protocol) for the transport of encapsulated packets over the IP network. The use of UDP allows VXLAN to take advantage of Layer 3 routing, equal cost multipath (ECMP) routing, and link aggregation protocols that are common in modern IP networks.
VXLAN has been supported and implemented by many vendors in their products, including Cisco, Juniper, Arista, VMware, and others. This technology is especially useful in expanding the capabilities of cloud computing within a data center, and between data centers.
VXLAN
VXLAN is a tunneling protocol that encapsulates Ethernet frames inside IP packets. It uses UDP as the encapsulation protocol, and adds a 46-byte header to the Ethernet frame. VXLAN supports a 24-bit segment ID, which allows for up to 16 million virtual segments.
VXLAN is a widely supported protocol, and is supported by most major vendors. It is also a good choice for scaling, as it can support a large number of virtual segments. However, VXLAN does have some disadvantages, such as its header overhead and complex deployment.
NVGRE
NVGRE is another tunneling protocol that encapsulates Ethernet frames inside IP packets. It uses GRE as the encapsulation protocol, and adds a 44-byte header to the Ethernet frame. NVGRE supports a 24-bit segment ID, just like VXLAN.
NVGRE has some advantages over VXLAN, such as its support for flow ID. Flow ID is a field in the NVGRE header that can be used to identify specific flows of traffic. This can be useful for traffic engineering and load balancing. However, NVGRE is not as widely supported as VXLAN.
STT
STT is a newer tunneling protocol that is still in draft form. It uses TCP as the encapsulation protocol, and adds a 50-byte header to the Ethernet frame. STT does not support flow ID, but it does have some advantages over VXLAN and NVGRE.
STT is stateless, which means that it does not require a discovery protocol. This can simplify the deployment of STT networks. STT also has lower header overhead than VXLAN and NVGRE.
Which one should you choose?
The best choice for you will depend on your specific needs and requirements. If you need a widely supported protocol with good scaling, then VXLAN is a good choice. If you need support for flow ID, then NVGRE is a good choice. If you need a stateless protocol with low header overhead, then STT is a good choice.
network virtualization technologies: VXLAN, NVGRE, and STT:
VXLAN | NVGRE | STT | |
Encapsulation Protocol | UDP | GRE | TCP |
Number of Virtual Networks | 16 million (24-bit VNI) | 16 million (24-bit VSID) | 64K (16-bit Context ID) |
Segmentation Offload | No | No | Yes (Uses TCP Segmentation) |
Multicast Support | Yes | Yes | No |
Developed By | VMware and others | Microsoft and others | Nicira (Now part of VMware) |
Wide Industry Adoption | Yes | Less so | Even less so |
A few things to note:
Encapsulation Protocol: VXLAN uses UDP for encapsulation, NVGRE uses GRE, and STT uses TCP. This can affect compatibility with different network hardware and software, as well as performance and network characteristics.
Number of Virtual Networks: All three technologies support a large number of virtual networks. However, STT supports fewer networks due to its smaller context ID.
Segmentation Offload: STT is designed to take advantage of TCP segmentation offload features in network hardware, which can help reduce CPU overhead.
Multicast Support: VXLAN and NVGRE use IP multicast for BUM (Broadcast, Unknown unicast, Multicast) traffic, while STT does not inherently support multicast.
Developed By and Adoption: VXLAN has the widest adoption across the industry and is supported by a large number of network hardware and software vendors. NVGRE is also supported by many vendors but has seen less adoption than VXLAN. STT has the least industry-wide adoption.