VXLAN has been criticized for its reliance on IP multicast to carry broadcast, unknown unicast and multicast traffic originated inside of tenant networks. Many physical networks do not have multicast routing enabled, and engineers unfamiliar with multicast find it an intimidating tool to deploy due to its potential complexity. For this reason, some vendors using VXLAN as an overlay are deploying it with enhanced intelligence provided by an SDN controller so the need for multicast routing is obviated.
Similar to VXLAN, Network Virtualization with GRE (NVGRE) defines tenant networks using a 24-bit identifier, found in this case in the GRE header's key field. NVGRE is largely a Microsoft technology, and is the overlay of choice in Hyper-V.
NVGRE differentiates itself from VXLAN by not requiring multicast to carry broadcast, unknown unicast, and multicast between endpoints. Instead, the Windows Network Virtualization module (a Layer 3 switch) embedded in Hyper-V is pre-populated with all hosts-to-tunnel endpoint mappings by PowerShell cmdlets. This eliminates the need for flooding, as there's no such thing as an unknown endpoint in this approach.
Although VMware is firmly behind VXLAN, the overlay known as Stateless Transport Tunneling (STT) also came under the VMware banner in VMware's acquisition of Nicira. STT is a part of Nicira's Network Virtualization Platform and is notable mostly because the encapsulation format leverages a modern network interface card's hardware capability to take large blocks of data into smaller segments.
Called TCP segmentation offload, a TSO-capable NIC takes on the burden of segmentation, freeing up a server's CPU for other tasks. The future of STT is dubious, considering that VXLAN already has VMware's support as well as support from the wider industry.
Aside from VXLAN, NVGRE and STT, another developing overlay worth following is Network Virtualization Overlays (NVO3). NVO3 is being developed by an IETF working group. The NVO3 problem statements are similar to the issues addressed by the overlays already discussed; namely, traffic isolation, tenant freedom to use whatever addressing scheme they choose, and placing virtual machines anywhere in a network, without concern for Layer 3 separation found in the underlying core. How NVO3 will develop and what encapsulation will be used remains to be seen, but it's shaping up along use-case lines as submitted by NVO3 working group participants.
The three main terminology categories we've discussed can be brought together as: An omniscient central controller discovers the network topology of network switches, whether they are software switches in a hypervisor or hardware switches found in a data center rack.
This central controller acts as middleware between applications in a northbound direction and switches in a southbound direction. The northbound applications articulate business policies, network configuration and the like to the controller; the controller translates these policies and configurations into southbound programming directives aimed at network switches.
Sign up for Computerworld eNewsletters.