This chapter provides an overview of Virtual Extensible Local Area Network (VxLAN) and its implementation within OcNOS.

Virtual eXtensible Local Area Network (VxLAN) is widely used in Data Centers (DC) networks. VxLAN is an overlay transport virtualization technology commonly used in cloud networks to support the ever-increasing Virtual LAN (VLAN) and multi-tenant networks in data centers. It enables the "stretching" of a Layer 2 network over a physical Layer 3 network.

VxLAN creates an overlay of virtual L2 LAN segments using a MAC address, and L4 UDP packets in IP encapsulation on top of the physical underlay L3 infrastructure. Technically, it encapsulates L2 Ethernet frames received from a host with L3 IP/UDP packets in a VxLAN header and sends it to the destination in the data center network using IP tunnels. This allows for the extension of L2 networks across data center without changing the underlying physical infrastructure.

VxLAN creates LAN segments using MAC-in-IP encapsulation. The encapsulation carries the original L2 frame received from a host to the destination in another host using IP tunnels. The endpoints of the virtualized tunnel formed using VxLAN are called VXLAN Tunnel End Points (VTEPs). The VxLAN segments carry tenant data in L3 tunnels over the network which permits the network to support multiple tenants.The tenant data is not used in routing or switching. This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses.

Ethernet Virtual Private Network (EVPN) is a protocol based on industry standards used for network virtualization in multi-tenant data center and service provider networks. When used with VxLAN networks, it provides a control plane to create L2 overlays across a L3 network. This enables seamless communication between virtual machines (VMs) or containers across different physical locations as though they are on the same Ethernet segment. EVPN leverages BGP for scalable routing information exchange and distribution of L2 and L3 reachability information across a large network. It also tracks and updates the location of devices based on MAC and IP addresses as they move across the network. It is a critical feature in virtualized environments where VMs or containers may frequently migrate.

Additionally, EVPN supports redundant and active-active multi-homing for robust failover and high availability, by allowing a host to connect to multiple VTEPs. Thus, EVPN ensures, that the traffic is rerouted through an alternate VTEP if a connection to VTEP fails. EVPN is essential for scalable, resilient, and efficient multi-tenant network virtualization when deployed in conjunction with VxLAN in modern data center environments.

The underlay network consists of a physical L3 infrastructure, which provides the foundation for communication in the network. The underlay network is abstracted in the overlay network, allowing seamless communication of the large virtualized L2 network.

Typically, VxLAN network operates as an overlay network over an IP underlay network based on a Spine-Leaf CLOS architecture. The underlay network is often referred to as IP fabric or CLOS fabric.

VxLAN allows the network to support several tenants with minimum changes in the network. They carry tenant data in virtual tunnels over the network. The tenant data is not used in routing or switching. This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses on end devices, hosts, or VMs.

Each overlay tunnel is referred to as a VxLAN segment. VMs can only communicate with each other within the same VxLAN segment, similar to how communication occurs within a traditional VLAN. Each VxLAN segment is identified through a 24-bit segment ID termed the VxLAN Network Identifier (VNI). This allows up to 16 million VxLAN segments to coexist within the same administrative domain. For VMs on different VxLAN segments to communicate, inter-VxLAN routing can be performed on a VxLAN-enabled router or distributed gateway. This is similar to routing between VLANs in a traditional L2 network.

The VNI determines the scope of the inner MAC frame originated from the individual VM. This ensures there can be overlapping MAC addresses across segments, but traffic remains isolated due to the VNI preventing cross-segment interference.

Terms related to VxLAN configuration are defined in the table below.