Overlay-Netzwerk

Tunneling Over Physical Infrastructure

An overlay network is a virtual network built on top of an existing physical or logical network by encapsulating packets inside another packet. Common encapsulation protocols include VXLAN (UDP encapsulation, 24-bit VNI), GRE, and Geneve. The inner packet carries the original frame or IP packet; the outer packet carries the tunnel endpoints' addresses. The physical Underlay NetworkThe physical network infrastructure (routers, switches, cables, fiber) upon which overlay and virtual networks are built. The underlay handles actual packet forwarding while overlays provide logical abstraction. forwards the outer packet without awareness of the inner payload.

Use Cases

Overlays decouple logical network topology from physical topology. Container NetworkingThe networking layer that enables communication between containers, between containers and the host, and with external networks. Technologies like Docker bridge networks, Kubernetes CNI, and overlay networks provide container connectivity. platforms use VXLAN overlays to give pods consistent IP addresses regardless of which host they run on. VPNVirtual Private Network. A technology that creates an encrypted tunnel between a device and a remote server, protecting data in transit and masking the user's real IP address. Used for privacy, security, and accessing restricted networks. products create encrypted overlays across untrusted ISPInternet Service Provider. A company that provides internet access to consumers and businesses, assigning public IP addresses and routing traffic to the wider internet. Examples include Comcast, AT&T, and SK Broadband. links. SDNSoftware-Defined Networking. An architecture that decouples the network control plane from the data plane, enabling centralized, programmable network management through software controllers. SDN improves agility and automation in large networks. controllers build overlays to implement multi-tenant isolation in cloud environments — thousands of customer segments share the same physical fabric using VXLAN's 16-million VNI space. Data center interconnects use GRE overlays to extend Layer 2 domains across geographically separated sites.

Overhead and MTU

Overlay encapsulation adds header bytes to every packet. VXLAN adds 50 bytes of outer Ethernet plus IP, UDP, and VXLAN headers. If the Underlay NetworkThe physical network infrastructure (routers, switches, cables, fiber) upon which overlay and virtual networks are built. The underlay handles actual packet forwarding while overlays provide logical abstraction. uses a standard 1500-byte MTUMaximum Transmission Unit. The largest packet size (in bytes) that a network interface can transmit without fragmentation. Standard Ethernet MTU is 1500 bytes; jumbo frames allow up to 9000 bytes for high-performance networks., the effective inner MTU is roughly 1450 bytes. Failure to configure MTU correctly causes silent performance degradation — TCPTransmission Control Protocol. A reliable, connection-oriented transport protocol that guarantees ordered, error-checked delivery of data through three-way handshakes, acknowledgments, and retransmission. The foundation of HTTP, SSH, and most internet services. connections work but large transfers fragment or retransmit. Jumbo frames on the underlay provide sufficient headroom for most overlay protocols without requiring MTU reduction on inner traffic. Subnet Calculator helps plan overlay address space separately from underlay addressing.