VXLAN vs VLAN
In a traditional network environment, to have multiple devices communicate on the same segment, we plug them into a switch. Being on the same segment, they share the same subnet. If we have more end devices than we have ports on a single switch, no problem, just connect the switch to more switches. The end devices can still be on the same segment (the same subnet) regardless of having to traverse dozens of switches. Imagine that we have 150 end devices attached to these switches and every device has an IP on the 10.1.1.0/24 subnet.
We also have the ability to have a physical switch support multiple segments by creating VLANs. A single switch would have no problem supporting these traffic loads and keeping them separate.
- 10.1.2.0/24 VLAN 2 Sales
- 10.1.3.0/24 VLAN 3 Marketing
- 10.1.4.0/24 VLAN 4 Accounting
VLAN's Cousin VXLAN
In the NSX virtual environment, we have VLAN's cousin, VXLAN. A VXLAN is also a segment and is also a separate subnet. The X in VXLAN stands for eXtensible. It means that we can extend a VXLAN segment in ways that are not possible with a VLAN.
On Equal Terms
A number of terms here can be used interchangeably for the most part.
In the physical network environment:
VLAN = segment = subnet = broadcast domain
And just to be clear on router vs switch:
Switch - to connect multiple devices on the same segment/subnet/VLAN/broadcast domain
Router - to connect devices on different segments, defining where one segment ends and another begins
Routers Form the Boundaries
For example, we have a Sales PC with the IP address of 10.0.32.32/24 and want to add another PC with the address of 10.0.30.18/24 to the same switch. They are both on the same subnet, 10.0.30.X. But if these devices are physically located on different floors or in a different building altogether, we're going to have a problem if their path includes routers. Routers are Layer 3 devices. Once our Layer 2 domain (the segment) meets a Layer 3 boundary, it's like a wall. Broadcasts don't go through it. The router interface defines the boundary for that subnet.
NSX Logical Switch
A physical switch will often support multiple VLANs. To save money we consolidate. But an NSX Logical Switch supports a single VXLAN. In the logical environment, it's simpler to have each Logical Switch represent a different subnet. If that doesn't sound simpler, think about how you would typically represent different subnets in a network diagram. You might draw a separate line for each. That abstraction is easier for us to see and understand than drawing what it looks like physically, a single switch.
Since there's a 1:1 relationship, each Logical Switch is effectively a separate VXLAN, so we can add that to the list of our nearly interchangeable terms.
VXLAN = segment = subnet = broadcast domain =
Logical Switch
Leap Tall Routers in a Single Bound
But simply having one Logical Switch per subnet isn't a VXLAN's superpower, it's the ability to extend that Logical Switch, the Layer 2 domain, the subnet, across the entire virtual environment regardless of any Layer 3 boundaries in the physical environment that must be traversed along the way from one ESXi host to another. The VXLAN allows VMs on different hosts to communicate as if the physical environment were irrelevant or didn't exist by tunneling through the physical network.
NSX is an overlay network. Your physical environment is the underlay network. For the most part, NSX doesn't care about the physical network or its limitations. It's software sitting on top of your existing physical network, analogous to a virtual reality. In VR, we interact much like we do in the real world, but without the physical limitations. You can fly, see through walls, leap tall buildings. In NSX, if you want two VMs on opposite sides of the data center to behave as if they were sitting side by side on the same host, VXLANs are made for that, allowing your traffic to fly through routers as if they didn't exist.