Skip to content

VXLAN network virtualization

VXLAN (Virtual Extensible LAN) is a network virtualization technology designed to address the scalability and flexibility limitations of traditional VLAN-based data center networks^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md]. It is supported natively by the Linux kernel and operates by encapsulating Layer 2 Ethernet frames within Layer 4 UDP packets^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].

Core Problem

Traditional data center networks face three primary challenges that VXLAN aims to solve^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md]:

  1. Table Size Limits: The number of MAC addresses required for virtual machines often exceeds the capacity of physical switch MAC tables.
  2. Isolation Limits: Standard VLANs use a 12-bit identifier, restricting the number of usable networks to approximately 4,000, which is insufficient for multi-tenant cloud environments^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].
  3. Migration Restrictions: Virtual machine migration requires preserving IP and MAC addresses, which typically restricts movement to a single Layer 2 domain^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].

Key Concepts

VXLAN introduces several new elements to the network model to overcome these limitations^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md]:

  • VTEP (VXLAN Tunnel Endpoint): The edge device responsible for encapsulating and decapsulating traffic. It acts as the entrance and exit for the VXLAN tunnel^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].
  • VNI (VXLAN Network Identifier): A 24-bit segment ID used to distinguish different VXLAN networks. This expands the available isolation space significantly, supporting up to 16 million unique segments^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].
  • VXLAN Tunnel: A virtual channel established between two VTEPs to transport encapsulated packets over the physical IP network^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].

Mechanism

VXLAN uses a MAC-in-UDP encapsulation method^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].

When a virtual machine sends a frame, the VTEP encapsulates the original Layer 2 frame into a UDP packet. This new packet uses the physical network's IP and MAC addresses for routing^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md]. Consequently, intermediate network devices only process the outer IP header, effectively hiding the inner MAC addresses and reducing the load on switch MAC tables^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md].

  • [[Flannel]] (CNI plugin that supports VXLAN backend)
  • Kubernetes
  • [[VLAN]]

Sources

^[400-devops-06-kubernetes-k8s-paas-kubernetes-yaml.md]