VXLAN provides the capability to create isolated, multi-tenant broadcast domains across data center fabrics, and enables customers to create elastic, logical networks that span physical network boundaries.

The first step in creating these logical networks is to abstract and pool the networking resources. Just as vSphere abstracts compute capacity from the server hardware to create virtual pools of resources that can be consumed as a service, vSphere Distributed Switch and VXLAN abstract the network into a generalized pool of network capacity and separate the consumption of these services from the underlying physical infrastructure. A network capacity pool can span physical boundaries, optimizing compute resource utilization across clusters, pods, and geographically-separated data centers. The unified pool of network capacity can then be optimally segmented into logical networks that are directly attached to specific applications.

VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A Segment ID in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. As a result, large numbers of isolated Layer 2 VXLAN networks can coexist on a common Layer 3 infrastructure.

In the vSphere architecture, the encapsulation is performed between the virtual NIC of the guest VM and the logical port on the virtual switch, making VXLAN transparent to both the guest virtual machines and the underlying Layer 3 network. Gateway services between VXLAN and non-VXLAN hosts (for example, a physical server or the Internet router) are performed by the NSX Edge Services Gateway appliance. The Edge gateway translates VXLAN segment IDs to VLAN IDs, so that non-VXLAN hosts can communicate with virtual machines on a VXLAN network.

The shared edge and compute cluster hosts all NSX Edge instances and all Universal Distributed Logical Router instances that are connect to the Internet or to corporate VLANs, so that the network administrator can manage the environment in a more secure and centralized way.

VXLAN Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-VI-Net-015

Use NSX for vSphere to introduce VXLANs for the use of virtual application networks and tenants networks.

Simplify the network configuration for each tenant via centralized virtual network management.

Requires additional compute and storage resources to deploy NSX components.

Additional training may be needed on NSX.

SDDC-VI-Net-016

Use VXLAN along with NSX Edge gateways, the Universal Distributed Logical Router (UDLR) and Distributed Logical Router (DLR) to provide customer/tenant network capabilities.

Create isolated, multi-tenant broadcast domains across data center fabrics to create elastic, logical networks that span physical network boundaries.

Transport networks and MTU greater than 1600 bytes has to be configured in the reachability radius.

SDDC-VI-Net-017

Use VXLAN along with NSX Edge gateways and the Universal Distributed Logical Router (UDLR) to provide management application network capabilities.

Leverage benefits of network virtualization in the management pod.

Requires installation and configuration of a NSX for vSphere instance in the management pod.