Some network virtualization technologies involve creating virtual Layer-2 and/or Layer-3 topologies on top of an arbitrary physical (Layer-2 or Layer-3) network. Network Virtualization decouples virtual networks and addresses from physical network infrastructure, providing isolation and concurrency between multiple virtual networks on the same physical network infrastructure. Such virtualized networks can be used, for example, in data centers and cloud computing services. Virtualized networks of this sort are commonly referred to as “overlay networks” or “tenant networks.”
Connectivity in the virtual network topology may be provided by encapsulating Layer-2 frames (such as Ethernet frames) in Layer-3 packets (such as Internet Protocol [IP] packets), and transmitting the packets over the physical network. A virtual Layer-2 network of this sort can span multiple physical Layer-3 subnets. In this manner, computers on the virtual Layer-2 network (including both physical and virtual machines) at widely-separated locations can communicate with one another over the Internet or other Layer-3 network by exchanging Layer-2 frames.
A number of protocols have been developed to support network virtualization. For example, Sridharan et al. describe the NVGRE virtualization protocol in an Internet Draft entitled “NVGRE: Network Virtualization using Generic Routing Encapsulation,” draft-sridharan-virtualization-nvgre-01 (Jul. 9, 2012), of the Internet Engineering Task Force (IETF). In NVGRE, every virtual Layer-2 or Layer 3 network is associated with a 24-bit identifier, called a Virtual Subnet Identifier (VSID). The VSID is carried in an outer header, allowing unique identification of the tenant's virtual subnet to various devices in the network. GRE is a proposed IETF standard (described in IETF Requests for Comments [RFC] 2784 and 2890), which provides a way to encapsulate an arbitrary protocol over IP. NVGRE leverages the GRE header to carry VSID information in each packet.
Another network virtualization protocol is VXLAN (Virtual eXtensible Local Area Network), which is described by Mahalingam et al. in an Internet Draft entitled “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks,” identified by the IETF as draft-mahalingam-dutt-dcops-vxlan-02 (Aug. 22, 2012). VXLAN is a Layer-2 overlay scheme over a Layer-3 network, which supports virtual machines (VMs) in a multitenant environment. Each overlay is termed a VXLAN segment. Only VMs within the same VXLAN segment can communicate with one another. Each VXLAN segment is “scoped” through a 24-bit segment ID, termed the VXLAN Network Identifier (VNI). The VNI scopes the inner MAC (Layer-2) frame originated by the individual VM.
Due to this encapsulation, VXLAN could also be termed a tunneling scheme, in which each Layer-2 frame is encapsulated according to a set of rules. The end-point of the tunnel (VTEP) may be located within the hypervisor on the server that houses the VM. Thus, the VNI and VXLAN-related tunnel and outer header encapsulation are known only to the VTEP and are not exposed to the VM. Sridharan et al. describe a similar end-point function in NVGRE and state that a common deployment is for the end-point to be part of a hypervisor.
Other tunneling protocols, such as “IP in IP” encapsulation, are also known in the art.