Understanding Network Virtualization: VXLAN, NVGRE, STT, and SPBM Explained

Network virtualization enables the creation of multiple virtual networks on shared physical infrastructure by decoupling logical networks from the underlying hardware, offering greater flexibility, scalability, and cost efficiency.

Modern data‑center networking has evolved into an Underlay/Overlay model, where the Overlay encapsulates virtual networks on top of the physical Underlay, allowing isolated logical networks to run over shared physical resources.

VXLAN: Virtual Extensible LAN

VXLAN (Virtual eXtensible LAN) is an IETF‑standard overlay that encapsulates Ethernet frames inside UDP packets, using the existing IP network as the Underlay. It provides high scalability (24‑bit segment ID) and flexibility, overcoming VLAN limitations.

How VXLAN Works

Virtual machine sends a packet to the virtual network.

The virtual switch (VSwitch) encapsulates the Ethernet frame in a VXLAN packet.

The VXLAN packet traverses the physical network.

The destination VSwitch decapsulates the packet.

The original packet is delivered to the target VM.

NVGRE: Network Virtualization using Generic Routing Encapsulation

NVGRE is a Microsoft‑backed overlay that encapsulates Layer‑2 frames inside GRE‑wrapped IP packets. Like VXLAN, it creates virtual Layer‑2 networks over an IP Underlay but uses GRE instead of UDP.

NVGRE supports a 24‑bit virtual segment ID (VSID) for up to 16 million virtual networks, though its GRE header limits compatibility with some load‑balancing solutions.

How NVGRE Works

Virtual machine sends a packet to the virtual network.

The virtual switch encapsulates the packet in a GRE header.

The encapsulated packet travels across the physical network.

The destination virtual switch decapsulates the GRE packet.

The original packet is delivered to the target VM.

STT: Stateless Transport Tunnel

STT is an overlay protocol that adds a lightweight header to Ethernet frames, enabling efficient transmission across the Underlay while remaining stateless, which simplifies operations and improves performance.

How STT Works

Virtual machine sends a packet to the virtual network.

The virtual switch records state and path information in a lightweight header.

The packet traverses the physical network.

The destination virtual switch uses the header for flow control and processing.

SPBM: Shortest Path Bridging MAC‑in‑MAC

SPBM uses MAC‑in‑MAC encapsulation and a distributed control plane (IS‑IS) to create scalable virtual networks, eliminating the need for multiple overlay protocols in the data‑center core.

How SPBM Works

Virtual machine sends a packet to the virtual network.

The SPBM engine forwards the packet based on configured policies.

The packet travels across the physical network.

The destination virtual machine receives the packet.

Benefits of Data‑Center Network Virtualization

Flexibility: Virtual networks can be created on demand, enabling agile resource allocation.

Scalability: Decoupling logical and physical layers allows seamless expansion without re‑configuring the physical fabric.

Security & Isolation: Each virtual network is isolated, enhancing security and preventing unauthorized access.

Simplified Management: Centralized control of virtual networks reduces configuration complexity and eases troubleshooting.

Cost Efficiency: Resource pooling and shared infrastructure lower capital and operational expenditures.