What is Overlay Network?

2022.02.25

 Why we need to build Overlay network, we have to start from the concept of Underlay network and its limitation. Overlay network is one or more virtual logical networks constructed on the same Underlay network through network virtualization technology. Although different Overlay networks share the equipment and lines in the Underlay network, the services in the Overlay network are decoupled from the physical networking and interconnection technologies in the Underlay network. This is the core networking technology used in solutions such as SD-WAN and data center. Why Overlay Network? Overlay network and Underlay network are relative concepts, Overlay network is a logical network built on top of Underlay network. Why we need to build Overlay network, we have to start from the concept of Underlay network and its limitations. Underlay Network Underlay network, as the name suggests, is the underlying physical foundation of the Overlay network. As shown in the figure below, an Underlay network can be a physical network consisting of multiple types of devices interconnected to be responsible for the packet transmission between networks. Typical Underlay Network In an Underlay network, the interconnected devices can be various types of switches, routers, load balancing devices, firewalls, etc., but each device in the network must ensure the IP connectivity between them through routing protocols. The Underlay network can be a Layer 2 or Layer 3 network. Layer 2 networks are usually used in Ethernet networks, which are divided by VLANs. A typical application of a Layer 3 network is the Internet, which uses OSPF, IS-IS and other protocols for routing control in the same autonomous domain, and BGP and other protocols for routing and interconnection between autonomous domains. With the advancement of technology, there are also Underlay networks built with MPLS, which is a WAN technology between layer 2 and 3. However, the traditional network equipment for packet forwarding is based on hardware, and the Underlay network constructed by it has the following problems. Since the hardware forwards packets based on the destination IP address, the path dependency of transmission is very serious. Adding or changing services requires modification of the existing underlying network connections, and reconfiguration is time-consuming. The Internet cannot guarantee the security requirements of private communication. Network slicing and network segmentation are complicated to implement, and network resources cannot be allocated on demand. Multipath forwarding is cumbersome, and multiple underlying networks cannot be fused to achieve load balancing. Overlay Network In order to get rid of the limitations of Underlay network, network virtualization technology is now mostly used to create virtual Overlay network on top of Underlay network. Overlay Network Topology In Overlay network, devices can interconnect with each other through logical links to form Overlay topology according to the demand. When a packet is ready to be transmitted out, the device adds a new IP header and tunnel header to the packet and blocks the inner IP header, and the packet is forwarded according to the new IP header. When the packet is delivered to another device, the external IP headers and tunnel headers are discarded and the original packet is obtained, and the Overlay network is not aware of the Underlay network during this process. Overlay networks have various network protocols and standards, including VXLAN, NVGRE, SST, GRE, NVO3, EVPN and so on. With the introduction of SDN technology, Overlay networks with controllers have the following advantages. Overlay networks use tunneling technology to flexibly select different underlying links and use multiple methods to ensure stable traffic transmission. Overlay networks can build different virtual topologies as required, without modifying the underlying network. Encryption can solve the problem of protecting private traffic communication on the Internet. Support network slicing and network segmentation. By separating different services, the optimal allocation of network resources can be achieved. Supports multipath forwarding. In an Overlay network, traffic can pass through multiple paths from source to destination, thus achieving load sharing and maximizing the utilization of line bandwidth. What are some examples of Overlay networks? Overlay networks are widely used in SD-WAN and data center solutions. The topology of Overlay networks varies due to the different architecture of the underlying Underlay network. Data Center Overlay Network With the evolution of data center architecture, data centers now mostly use Spine-Leaf architecture to construct Underlay networks, and VXLAN technology to construct interconnected Overlay networks, with business messages running on VXLAN Overlay networks, decoupled from physical carrier networks. Overlay network of data center Leaf and Spine are fully connected, and the equivalent multiple paths improve the availability of the network. The Leaf node serves as a network function access node, providing various network devices in the Underlay network with VXLAN network functions, and also assumes the role of VTEP (VXLAN Tunnel EndPoint) as an edge device of the Overlay network. Spine node is the core node of data center network, which provides high-speed IP forwarding function and connects to each functional Leaf node through high-speed interface. Overlay Network in SD-WAN Underlay network of SD-WAN is based on WAN and achieves interconnection among headquarters, branch and cloud sites by means of hybrid link. By building the logical topology of Overlay network, the interconnection requirements in different scenarios are accomplished. Figure 1-5 SD-WAN Overlay Network (Take Hub-Spoke as an example) SD-WAN network is mainly composed of CPE devices, among which there are two types of CPE, Edge and GW. Edge: It is the egress device of SD-WAN station. GW: It is the gateway device that connects SD-WAN sites with other networks (such as traditional VPN). According to the scale of enterprise network, the number of central sites and the inter-site access requirements, multiple types of Overlay networks can be built. Hub-spoke: Suitable for enterprises with 1~2 data centers, business is mainly in the headquarters and data centers, and the branches can access the business deployed in the headquarters or data centers through WAN. There is no or a small amount of inter-access between the branches, and the branches are bypassed through the headquarters or data center. Full-mesh: Suitable for small enterprises with few sites, or large enterprises that need to do collaborative work between branches. Collaboration services in large enterprises, such as VoIP and video conferencing and other high-value applications, have high requirements for network performance in terms of packet loss, latency and jitter, so these services are more suitable for direct interconnection between branch sites. Hierarchical networking: Suitable for large multinational enterprises and large enterprises with large network sites or sites scattered in multiple countries or regions, with clear network structure and good network scalability. Multi-Hub Networking: Suitable for enterprises with multiple data centers, each of which deploys business servers to provide business services for branches. POP networking: When operators/MSPs provide SD-WAN network access services to enterprises, enterprises cannot transform all sites into SD-WAN sites at one time. One IWG (Interworking Gateway) can provide connectivity between SD-WAN sites and existing traditional MPLS VPN networks for multiple enterprise tenants at the same time. Overlay Network vs Underlay Network Translated with www.DeepL.com/Translator (free version)