BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Virtual overlay networks have taken center stage as data center managers seek networking solutions that better support VM provisioning, enable scalability and improve automation.
A virtual overlay network -- one form of network virtualization -- uses tunneling protocols to form paths between software-based network agents in hypervisors running on servers. Virtual overlay network software separates the virtual network from the underlying physical network hardware, enabling provisioning of virtual networks and accompanying services between servers in the data center. This means that virtual networks can be spun up on demand to support specific virtual workloads, for example.
How overlay networks work
More on network virtualization and overlays
Are network virtualization and SDN the same?
What is a network hypervisor?
Programmability and network provisioning in the SDN WAN
An SDN exchange that may forever change network interconnect
These overlay networks create virtual network containers that are logically isolated from one another even though they share the same underlying physical network. The containers allow the elements associated with a given VM, including policy, security and VLANs, to migrate across the physical network.
From a technical point of view, network overlays encapsulate one packet inside of another packet. The encapsulated packet is then forwarded to an endpoint where it is de-encapsulated. Network overlays leverage this "packet in a packet" technique to provide secure multi-tenancy and extend VLANs across Layer 2 networks. Overlay networks can employ a number of different tunneling protocols, including Virtual Extensible LAN (VXLAN), Network Virtualization using Generic Encapsulation (NVGRE), stateless transport tunneling (STT) and Network Virtualization Overlays 3 (NVO3).
Benefits of virtual overlay networks
Virtual overlay network technology provides a number of benefits in a large data center environment, including:
- Traffic isolation for multi-tenancy: Traffic isolation features are used by cloud service providers to securely offer services to multiple customers and by large enterprises looking to isolate business unit traffic or specific traffic types (e.g., R&D network) from production traffic.
- Ease of VM provisioning: Overlay networks allow IT managers the freedom to migrate VMs to new locations without worrying about attributes (or limitations) of the physical network. All the higher level elements of the network, including policy, security and VLANs, migrate with the VMs.
- Scalability: Overlay networks allow IT managers to scale their data center networks beyond the several thousand VLAN limit.
- Physical network independence: Overlay networks better enable customers to migrate to lower-cost data center switches (white box switches).
These overlay networks create virtual network containers that are logically isolated from one another even though they share the same underlying physical network.
IT managers have a number of options when it comes to virtual overlay network products for the data center, including:
- VMware via its Nicira acquisition has its network virtualization platform installed at a number of large customers including Rackspace and Ebay.
- Plumgrid recently announced its IO Visor technology, which enables the creation of virtual domains that replicate the physical network. IO Visor is deployed on servers at the edge of the data center.
- Midokura offers MidoNet, which virtualizes the network to let OpenStack and CloudStack cloud-management software rapidly create virtual networks and manage virtual networks.
- Alcatel launched Nuage, which offers the Virtualized Services Platform virtual overlay technology.
Virtual overlay network technology is in its early stages of deployment. The best candidates for adoption are cloud services companies with hyper-scale data centers, as well as very large enterprises migrating to private cloud architectures (e.g., financial services). Organizations with these criteria and with requirements for multi-tenancy, rapid VM migration and scalability challenges should consider overlay networks for their data centers.
About the author
Lee Doyle is principal analyst at Doyle Research. Doyle Research provides targeted analysis on the evolution of intelligent networks: SDN, NFV, OPEX and COTS. Lee Doyle has over 28 years of experience analyzing the IT, network and telecom markets. For more information, please see her website at doyle-research.com, email her at firstname.lastname@example.org, and follow her on Twitter @leedoyle_dc.