I’m still getting questions about layer-2 data center interconnect; it seems this particular bad idea isn’t going away any time soon. In the face of that sad reality, let’s revisit what I wrote about layer-2 DCI over VXLAN.
VXLAN hasn’t changed much since the time I explained why it’s not the right technology for long-distance VLANs.
- I haven’t seen integration with OTV or LISP that was promised years ago (or maybe I missed something – please write a comment);
- VXLAN-to-VLAN gateways are still limited to single gateway (or MLAG cluster) per VXLAN segment, generating traffic trombones with long-distance VLANs;
- Traffic trombones generated by stateful appliances (inter-subnet firewalls or load balancers) are impossible to solve.
Then there’s the obvious problem of data having gravity (or applications being used to being close to data) – if you move a VM away from the data, the performance quickly drops way below acceptable levels.
However, if you’re forced to implement a stretched VLAN (because the application team cannot possibly deploy their latest gizmo without it, or because the server team claims they need it for disaster recovery … that has no chance of working) that nobody will ever use, VXLAN is the least horrible technology. After all, you’ve totally decoupled the physical infrastructure from the follies of virtual networking, and even if someone manages to generate a forwarding loop between two VXLAN segments, the network infrastructure won’t be affected assuming you implemented some basic traffic policing rules.