Various types of cloud services with public internet access are hosted inside the datacenters of cloud service providers. For example, cloud services such as web services, storage, and virtual machines (“VM”) for business needs, may be accessible via a cloud service provider. Due to the facts that there are so many public Internet Protocol addresses (“IP addresses”) and that datacenter switches have limited hardware resources, (e.g., routing table), the cloud datacenter network is designed so that the public IP addresses are aggregated and announced by intermediary devices, such as gateway routers, server load balancing devices (“SLB”), and switches, which may be either virtual or physical. For convenience in this document, unless otherwise specified, these types of intermediary devices may be referred to as gateway devices herein.
Thus, all public network traffic, including public network traffic originating from the inside datacenter, ends up passing through the gateway device before being forwarded to the desired end destination. In addition, conventional datacenter network architectures are External Border Gateway Protocol (“BGP” or “eBGP”) based layer-3 Clos network architectures. Since public IP addresses are announced using BGP protocol in the network, a data packet (“packet”) with the public IP address end destination cannot be routed to the destination automatically or directly. Therefore, the gateway device forwards the packet to the end destination via tunnels, such as Virtual Extensible Local Area Network tunneling technology (“VXLAN”), Generic Routing Encapsulation (“GRE”), and IP in IP tunnels. When the server or host receives the packet, the packet is processed before being delivered to the final end destination, which may be a cloud service process or a VM. In the instance where the end destination is a VM in a virtual private cloud (“VPC”), a virtual switch (“vSwitch”) hosted on the server generally processes the packet. It is noted, however, that depending on the network design, some of the outgoing network traffic may not go through the gateway device.
In the event that multiple packets are entering and being forwarded by a gateway device and are destined to one public IP address in a cloud datacenter, the gateway device becomes a bottleneck and a single point failure for the public network traffic. Such a network design introduces more and more latency as the packets need to be forwarded to the gateway devices first.
Recently, VXLAN tunneling technology has become more and more popular. This protocol was developed in part due to the fact that the traditional virtual local area network (“VLAN”) protocol can only support a maximum of 4096 users, which is insufficient in modern busy datacenters, where each is assigned a unique VLAN.