Outrageous, there are still network engineers who don't understand what an Overlay network is?

News 2023-09-06 05:32:35 views: null

Good afternoon, I'm Lao Yang.

With the development of network technology, the Layer 2 networking structure of the data center has undergone phased architectural changes.

The data center network is divided into two parts, Underlay and Overlay, and the network has entered the Overlay virtualization stage.

Many friends hope to export more new technologies, no, let me explain to you today.

How is the Overlay network formed? What is the difference with Underlay? What problem is it trying to solve?

Today's article reading benefits: "Overlay Technology White Paper"

There is still a lot you need to know about Overlay technology. If you want to learn how Overlay technology is implemented and study typical applications, this solid technical white paper is a must-read.

Private message me , send the password "Overlay", and get limited resources.

01 Why do we need an Overlay network?

The Overlay network and the Underlay network are a set of relative concepts, and the Overlay network is a logical network built on the Underlay network.

And why it is necessary to establish an Overlay network, we must start with the concept and limitations of the underlying Underlay network.

01 Let’s go back to the Underlay network first

As the name suggests, the Underlay network is the underlying physical foundation of the Overlay network.

As shown in the figure below, the underlay network can be a physical network formed by the interconnection of multiple types of devices, and is responsible for the transmission of data packets between the networks.

In an underlay network, interconnected devices can be various types of switches, routers, load balancing devices, firewalls, etc., but routing protocols must be used to ensure IP connectivity between devices on the network.

The Underlay network can be a Layer 2 or Layer 3 network.

The Layer 2 network is usually applied to Ethernet, and is divided by VLAN.

A typical application of the three-tier network is the Internet, which uses protocols such as OSPF and IS-IS for routing control in the same autonomous domain, and uses protocols such as BGP for routing transfer and interconnection between autonomous domains.

With the advancement of technology, an Underlay network built using MPLS, a WAN technology between the second and third layers, has also appeared.

However, the forwarding of data packets by traditional network devices is based on hardware, and the Underlay network constructed by it also has the following problems:

  • Since the hardware forwards the data packets according to the destination IP address, the path dependence of the transmission is very serious.
  • Adding or changing services requires modification of existing underlying network connections, and reconfiguration takes a lot of time.
  • The Internet cannot guarantee the security requirements for private communications.
  • The implementation of network slicing and network segmentation is complicated, and it is impossible to allocate network resources on demand.
  • Multi-path forwarding is cumbersome, and it is impossible to integrate multiple underlying networks to achieve load balancing.

Underlay networks have many of the above limitations, and Overlay brings flexibility that Underlay cannot provide.

02 Why do you need an Overlay network

In order to get rid of the various restrictions of the underlay network, network virtualization technology is often used to create a virtual overlay network on the underlay network.

In an Overlay network, logical links can be used between devices to complete interconnection as required to form an Overlay topology.

A tunnel is established between interconnected Overlay devices. When a data packet is ready to be transmitted, the device adds a new IP header and a tunnel header to the data packet, and the inner IP header is shielded, and the data packet is transmitted according to the new IP header. Department forwards.

When the data packet is delivered to another device, the external IP header and tunnel header will be discarded, and the original data packet will be obtained. During this process, the Overlay network does not perceive the Underlay network.

The Overlay network has various network protocols and standards, including VXLAN, NVGRE, SST, GRE, NVO3, EVPN, etc.

03 How does the Overlay network solve the problem?

With the introduction of SDN technology, adding the Overlay network of the controller has the following advantages:

  • Traffic transmission does not depend on a specific wire. The overlay network uses tunneling technology, which can flexibly select different underlying links and use multiple methods to ensure stable traffic transmission.
  • The Overlay network can establish different virtual topology networks according to requirements, without modifying the underlying network.
  • Encryption can be used to solve the problem of protecting private traffic on the Internet.
  • Supports network slicing and network segmentation. Separating different services can realize optimal allocation of network resources.
  • Support multi-path forwarding. In the Overlay network, traffic can be transmitted from the source to the destination through multiple paths, so as to achieve load sharing and maximize the use of line bandwidth.

02 How is the Overlay network formed?

Overlay is software-based and does not depend on transmission. It is like a virtual network on top of a physical network.

A typical example of an Overlay network is Internet VPN, which builds a virtual closed network on the Internet.

By constructing virtual networks using protocols such as IPsec, communication with private IP addresses is possible.

In addition, SDN and SD-WAN also adopt the concept of Overlay network.

However, to build Overlay in SD-WAN, a special CPE called SD-WAN edge device is required.

Let me explain to you an example of establishing a GRE tunnel with an SD-WAN edge device.

A tunnel is established between interconnected SD-WAN edge devices. When the data packet is ready to be transmitted, the device adds a new IP header and tunnel header to the data packet.

The internal IP header is isolated from the MPLS domain, and MPLS forwarding is performed based on the external IP header.

Once the packet reaches its destination, the SD-WAN edge device removes the outer IP header and the tunnel header, resulting in the original IP packet.

During the whole process, the Overlay network cannot perceive the Underlay network.

The same process can also be used for the Internet Underlay, but it needs to be encrypted using IPSec.

03 Two specific cases about the application of the Overlay network

Overlay networks are widely used in SD-WAN and data center solutions.

However, because the architecture of the underlying Underlay network is also different, the topology of the Overlay network has different forms.

01 Overlay network in the data center

With the evolution of the data center architecture, most data centers now use the spine-leaf architecture to build the underlay network.

The VXLAN technology is used to build an interconnected overlay network. Service packets run on the VXLAN overlay network and are decoupled from the physical bearer network.

Leaf and spine are fully connected, and equal-cost multipathing improves network availability.

As a network function access node, the leaf node provides various network devices in the underlay network with the function of accessing the VXLAN network.

At the same time, it also assumes the role of VTEP (VXLAN Tunnel EndPoint) as an edge device of the Overlay network.

The spine node is the backbone node, which is the core node of the data center network, provides high-speed IP forwarding function, and connects each functional leaf node through a high-speed interface.

02 Overlay network in SD-WAN

The SD-WAN underlay network is based on the wide area network, and realizes the interconnection between the headquarters site, branch sites, and cloud site sites through hybrid links.

By building the logical topology of the Overlay network, the interconnection requirements in different scenarios are met.

Overlay network of SD-WAN (take Hub-Spoke as an example)

The SD-WAN network is mainly composed of CPE equipment, and CPE is divided into two types: Edge and GW.

  • Edge: It is the egress device of the SD-WAN site.
  • GW: It is a gateway device that connects SD-WAN sites and other networks (such as traditional VPNs).

Multiple different types of Overlay networks can be built according to the scale of the enterprise network, the number of central sites, and the mutual access requirements between sites.

Hub-spoke:

Applicable to enterprises with 1 or 2 data centers, the business is mainly in the headquarters and data centers, and the branch accesses the services deployed in the headquarters or data centers through WAN.

There is no or a small amount of mutual access requirements between branches, and the branches bypass the headquarters or data center.

Full-mesh:

It is suitable for small enterprises with small sites, or deployed in large enterprises that need to coordinate work between branches.

Collaboration services of large enterprises, such as high-value applications such as VoIP and video conferencing, have high requirements for network performance such as network packet loss, delay, and jitter, so this type of service is more suitable for direct mutual access between branch sites .

Hierarchical networking:

It is suitable for large-scale multinational enterprises and large enterprises with large-scale network sites or scattered sites in multiple countries or regions. The network structure is clear and the network scalability is good.

Multi-Hub networking:

It is suitable for enterprises with multiple data centers, and each data center deploys business servers to provide business services for branches.

POP networking:

When operators/MSPs provide SD-WAN network access services for enterprises, enterprises cannot transform all sites into SD-WAN sites for a while;

There are two types of sites, traditional branch sites and SD-WAN sites, in the network, and there is a requirement for traffic communication between these sites.

A set of IWG (Interworking Gateway, Interworking Gateway) networking can simultaneously provide multiple enterprise tenants with SD-WAN sites and existing traditional MPLS VPN network site connectivity services.

04 Overlay network VS Underlay network

The difference between the Overlay network and the Underlay network is as follows:

Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club

Guess you like

Origin blog.csdn.net/SPOTO2021/article/details/132360789
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com