Network overlays are a method of using software virtualization to create additional layers of network abstraction (or software-based network overlays) that can be run on top of the physical network, often providing new applications or security benefits.
One way to conceptualize an overlay is to think of it as endpoints designated by an identification tag or number, somewhat like the phone system. A device can be located simply by knowing its identification tag or number in the networking system. In a traditional physical network, such as the original phone system, the phone number was used to locate a specific physical device hard-wired on to a network. However, in the modern phone system, a phone number can become “virtualized” – that is, assigned to devices or software, or programmed to follow the user. This is a form of virtualization, or overlay.
The endpoints on an overlay network can function similarly to the phone paradigm. They can be actual physical locations, such as a network port, or they could be logical locations designated by a software address in the networking cloud.
Many Forms of Network Overlays and Protocols
Overlay networks can take on many forms, including peer-to-peer networks, IP networks, and virtual Local Area Networks (vLANs). The Internet itself, which uses layer-3 IP addressing, is an overlay network itself, as endpoints are designated by their IP addresses. This method of overlay is often referred to as “Layer 3 networking. “
Over the years, many different networking protocols have been developed to help build overlay networks to solve common problems.
Some of the protocols developed for network overlay technology include IP, Virtual Extensible LAN (VXLAN — IETF RFC 7348), Virtual Private Networks (VPNs), and IP Multicast. More recently, the advent of Software Defined Networking (SDN) has spawned even more overlay technologies those from individual vendors, the most well known of which is VMware’s NSX. Other emerging “overlay” solutions for SDN include Alcatel’s Nuage. Network overlays enable flexibility by allowing network managers to move around network endpoints using software management.
Vendors such as Cisco have offered their own, hybrid solutions, designed to migrate their clients from a proprietary environment to an SDN environment, while still using their own switching fabric technology, which is often referred to as the “underlay.” With Cisco’s approach, called Application Centric Infrastructure, an application controller, Cisco’s Application Policy Controller Infrastructure (APIC) can be added to the network to attain the SDN functionality. The advantage of this approach is that the APIC overlay is integrated with the underlying hardware infrastructure (the “underlay”).
The underlay-overlay debate comes down to various hardware and software vendors arguing about whether you can separate the two and still run an efficient network, without a performance penalty. This has led many pure overlay vendors – such as Nuage Networks and VMware – to team with underlay suppliers to integrate their technology into a complete solution. For example, Nuage and VMware have teamed with Arista to forge overlay-underlay packages that compete with Cisco’s.
Overlays and SDN
The term “overlay” has become somewhat of a loaded term in the SDN world, because in some ways it implies using a pure software solution to manage the network. One criticism of overlays is they can introduce performance overhead by adding more layers of software and processing. To work well with a wide range of hardware, specific software code or “agents” must be installed on the network.
Most forms of overlay use some sort of “encapsulation” – a software tag that wraps around the message before it is taken to its destination. When it gets to the destination, this encapsulated message is unwrapped and delivered to the destination it was intended for – typically some sort of network application. The process of encapsulating and unwrapping message requires computing power. Critics of a software overlay say this presents scalability issues. This also adds additional complexity to the network.
So what’s the opposite of overlay in SDN world? In theory, a pure SDN solution, built from the ground up with an SDN controller, operating on industry-standard, open hardware. The early purist camp of SDN described the OpenFlow protocol running on a network with Open-Flow controllers, giving it the best performance. The problem with this approach is a pure OpenFlow-based network is hard to find in the real world – most networks are large, heterogeneous combinations of many technologies and protocols. More overlays!
The network overlay is even subject to marketing warfare, as VMware competitors such as Cisco critique pure overlay solutions, saying that network software requires tight coupling with hardware in order to deliver the best performance.
Depending on how an overlay network is built, it means many things to many people, but given that overlay technologies have been around since the beginning of the Internet, they are likely to remain popular as flexible ways to increase the programmability of networks.