What is a Virtual Extensible Local Area Network (VXLAN) and how does it differ vs VLAN?
Virtual Local Area Networks (VLAN) allow network administrators to separate traffic across logical divisions. VLANs increase security by limiting which devices can transmit data. They work well for offices, but more addresses are needed to meet the network requirements of edge infrastructure, which hosts many more customers on the same physical devices.
Edge infrastructure, like data centers and content delivery networks, requires isolating network traffic on shared physical infrastructure via a Virtual eXtensible Local Area Network (VXLAN).
VXLANs work similarly to VLANs by inserting a tag into a data transmission that identifies the data as part of a virtual network. However, VXLANs drastically increase the number of divisions. Defined in RFC-7348, a VXLAN uses a 24-bit address and can support up to 16 million segments. By contrast, the maximum number of VLANs is limited to 4096 by the 12-bit VLAN tag.
How Do VXLANs Work?
Larger networks may need to create many network segments for different clients, also called tenants, on shared physical infrastructure. It's a similar process to VLANs but at a much larger scale.
Encapsulation
When data is sent over a network, it is encapsulated within a packet and given a header that contains information about the data. This is true whether the network is made of two computers connected via an Ethernet cable, or the entire modern internet.
A VXLAN inserts a tag into a header. This 24-bit tag is called a Virtual Network Identifier (VNI). Different devices on a network use the VNI to figure out how to handle the packet.
VXLAN Tunnel Endpoint
VXLAN data is sent via a virtualized tunnel, a logical overlay that directs data across a network without decapsulating packets at each stop. This tunnel eventually ends where an IP network interface connects to a LAN segment.
Since VXLAN packets are encapsulated, they also must be decapsulated. The point at which tunneling stops and the packet is encapsulated or decapsulated is called a VXLAN tunnel endpoint (VTEP).
The VTEP also maintains maps between VXLAN segments and the corresponding physical networks which route traffic between logical VXLAN overlay networks and ensure that encapsulated frames reach their destinations. This includes mapping different types of network traffic, like broadcast, multicast, unicast, and anycast traffic.
What are some use cases for VXLANs?
CDN companies like bunny.net serve tens of thousands of customers with vastly different resource needs anywhere from a few gigabytes to petabytes of monthly bandwidth. When handling multi-tenant traffic, administrators must isolate traffic so one tenant’s traffic is invisible to the other tenants. Providing different logical networks for customers on shared physical infrastructure is called multi-tenancy.
Isolating tenants' traffic has a few benefits:
Security: improves by making traffic inaccessible to unrelated endpoints.
Resource utilization: improved through load balancing, allowing administrators to manage the bandwidth available to each client across logical divisions.
Troubleshooting and monitoring: it is easier to monitor and troubleshoot traffic.
Conclusion
VXLANs are like VLANs, but more scalable. With support for up to 16 million network segments, VXLANs operate at a scale beneficial to CDN providers and data centers. Through multi-tenancy, they also enable edge-computing services by allowing enterprise hardware to serve numerous clients without intermingling their network traffic. Basically, VXLAN is one virtualization technology that makes edge-computing services possible.
