Overlay networking is a method of using software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of the physical network, often providing new applications or security benefits.
Created by taking two endpoints and creating a virtual connection between them, multiple secure overlays can be built using software over existing networking hardware infrastructure. These endpoints could be actual physical locations, such as a network port, or they could be logical locations designated by a software address in the networking cloud.
The virtual connection between two endpoints of a network used created using routing or switching software that can apply software tags, labels, and/or encryption to create a virtual tunnel that runs across the network. If encryption is used, the data can be secured between the endpoints so that the end-users must be authenticated in order to use the connection.
One way to think of overlay networking is to think of it as endpoints designated by an identification tag or number, somewhat like the phone system. A device can be located simply by knowing its identification tag or number in the networking system. These tags are used to create virtual connections.
Many Forms of Overlays and Protocols
Most forms of overlay networking use some sort of “encapsulation,” or software encoding, that markets the data before it is taken to its destination. When it gets to the destination, this encapsulated message is unwrapped and delivered to the destination it was intended for – typically some sort of network application. The process of encapsulating and unwrapping message requires computing power. Critics of a software overlay say this presents scalability issues. This also adds additional complexity to the network.
Overlay networking can include peer-to-peer networks, IP networks, and virtual local area networks (vLANs). The Internet itself, which uses Layer 3 IP addressing, uses overlay networking, identifying locations by IP addresses. This method, known as “Layer 3 networking,” means that the IP addresses can either be static — attached to a permanent physical device — or dynamic, moved around with the user using software.
Overlay networking uses many different networking protocols and standards built over time. Some of the protocols developed for overlay networking technology include IP, virtual extensible LAN (VXLAN — IETF RFC 7348), virtual private networks (VPNs), and IP multicast. More recently, the advent of software-defined networking (SDN) has spawned even more overlay technologies those from individual vendors, the most well known of which is VMware’s NSX. Other emerging overlay solutions for SDN include Alcatel’s Nuage Networks and Midokura. Network overlays enable flexibility by allowing network managers to move around network endpoints using software management.
Overlays and SDN
Different approaches to overlay networking are often debated in the SDN world. Depending on the technique, software-only solutions may not have full control of the hardware, with chip-level integration. One criticism of overlay networking is that it can create performance overhead by adding more layers of software and processing. This occurs as specific software code or “agents” must be installed on the network.