VXLAN provides the capability to create isolated, multi-tenant broadcast domains across data center fabrics, and enables customers to create elastic, logical networks that span physical network boundaries.

The first step in creating these logical networks is to abstract and pool the networking resources. Just as vSphere abstracts compute capacity from the server hardware to create virtual pools of resources that can be consumed as a service, vSphere Distributed Switch and VXLAN abstract the network into a generalized pool of network capacity and separate the consumption of these services from the underlying physical infrastructure. A network capacity pool can span physical boundaries, optimizing compute resource utilization across clusters, pods, and geographically-separated data centers. The unified pool of network capacity can then be optimally segmented in logical networks that are directly attached to specific applications.

VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A Segment ID in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. As a result, large numbers of isolated Layer 2 VXLAN networks can coexist on a common Layer 3 infrastructure.

In the vSphere architecture, the encapsulation is performed between the virtual NIC of the guest VM and the logical port on the virtual switch, making VXLAN transparent to both the guest virtual machines and the underlying Layer 3 network. Gateway services between VXLAN and non-VXLAN hosts (for example, a physical server or the Internet router) are performed by the NSX Edge Services Gateway appliance. The Edge gateway translates VXLAN segment IDs to VLAN IDs, so that non-VXLAN hosts can communicate with virtual machines on a VXLAN network.

Table 1. VXLAN Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-VI-NET-014

Use NSX for vSphere to introduce VXLANs for the use of virtual application networks and tenant networks.

Simplify the network configuration for each tenant using centralized virtual network management.

Requires additional compute and storage resources to deploy NSX components.

Additional training on NSX for vSphere might be needed.

CSDDC-VI-NET-015

Use VXLAN with NSX Edge gateways and the Universal Distributed Logical Router (UDLR) to provide management application and customer/tenant network capabilities.

Create isolated, multi-tenant broadcast domains across data center fabrics to create elastic, logical networks that span physical network boundaries.

Using UDLR provides support for a non-disruptive expansion to a dual-region SDDC based on VMware Validated Design.

Transport networks and MTU greater than 1600 bytes has to be configured in the reachability radius.