What is an overlay network?
An overlay network is a virtual or logical network that is created on top of an existing physical network. The internet, which connects many nodes via circuit switching, is an example of an overlay network.
An overlay network is any virtual layer on top of physical network infrastructure. This may be as simple as a virtual local area network (VLAN) but typically refers to more complex virtual layers from software-defined networking (SDN) or a software-defined wide area network (SD-WAN).
The overlay creates a new layer where traffic can be programmatically directed through new virtual network routes or paths instead of requiring physical links. Overlays enable administrators to define and manage traffic flows, irrespective of the underlying physical infrastructure.
Overlay networks and SDN
SDN is a quickly growing network strategy where the network operating system separates the data plane (packet handling) from the control plane (the network topology and routing rules). SDN acts as an overlay, running on the distributed switches, determining how packets are handled, instead of a centralized router handling those tasks.
SDN enables more flexible virtual networking that enables a more hands-off approach without changes to the physical underlay. SDN is an example of distributed computing where the actual processing is spread across multiple nodes, a departure from client-server computing where those routes were hardcoded.
Overlay network structure and protocols
Overlay network protocols include Virtual Extensible LAN (VXLAN), Generic Routing Encapsulation, Network Virtualization using GRE, Stateless Transport Tunneling and Network Virtualization Overlays.
Most network overlays work at Layer 3 in the Open Systems Interconnection (OSI) model, handling all traffic through the IP address. But, if a VLAN is created as an overlay, then the overlay would be done at Layer 2 with media access control (MAC) addresses.
In the case of SDN, the most common protocol for communication is OpenFlow, an open standard protocol that provides interoperability and is used in some fashion by most SDN tools.
Advantages of overlay networks
Network overlays provide some key benefits to networking, including the following:
- Flexibility. The overlay provides a more flexible networking approach by removing the hardcoded constraints of a physical network, which enables configuration tied to usage or function.
- Management. Overlays offer better access management by segmenting and joining devices logically instead of managing these components physically.
- Security. Overlay networks enhance security by segmenting traffic and restricting access by groups, individuals or devices. In the case of a network compromise -- when using SDN as an overlay -- an attacker's traffic can be detected and stopped more easily.
- Redundancy and efficiency. With an overlay, traffic has an easier time changing routes based on either traffic saturation or network interruptions.
Disadvantages of overlay networks
Despite the advantages of overlay networks, organizations should heed the potential challenges or disadvantages as well, including the following:
- Extra layers of management. IT would have to manage two different network layers daily. Most importantly, the layers must be managed in unison as the topology that the overlay expects needs to be accurately represented in the underlay.
- Troubleshooting. Again, this must occur for both the underlay and overlay.
- Potential security exposure. The negative effects of misconfiguration can be amplified across a wider set of devices or users.
Examples and uses of overlay networks
Some examples of overlay network deployments include virtual private networks, peer-to-peer networks, content delivery networks, voice over IP services and non-native software-defined networks. Other examples and uses of overlay networks are the following:
- VLAN or VXLAN. These networks are created at Layer 2 or encapsulated with Layer 2 to create logical segments for routing traffic.
- Hypervisor and virtual servers. Virtual networking creates virtual switches and virtual network cards that create an overlay for communicating between virtual machines or between the hypervisor and the rest of the network.
- SD-WAN. SD-WAN creates an overlay that manages a communication tunnel between two networks so that all the communications do not need to be hardcoded to the connection.
- SDN. SDN uses protocols like OpenFlow to create a virtual overlay that sits on top of network switches, enabling the switches to handle more of the data routing functions, optimizing data flow.
Overlay vs. underlay networks: What are the differences?
An overlay network is a network that is built on top of another network and is supported by its infrastructure. An overlay network decouples network services from the underlying infrastructure by encapsulating one network packet inside of another packet. After the encapsulated packet has been forwarded to the endpoint, it is de-encapsulated.
What is an underlay network?
An underlay network comprises the physical switches, routers and other devices that connect nodes and route data among them. An underlay network employs some physical network medium -- such as copper wire, fiber optic or even wireless -- for the physical transfer of data.
Every overlay requires an underlay to operate. In comparison to vehicle traffic on roads, the overlay is the traffic signs, lights and markings that direct traffic, and the underlay is the physical street. One could change the direction of the traffic by changing the signage, while the actual road surface remains untouched.