Where Is the Explosion of Overlay Virtual Networks

Three years ago I was speaking with one of the attendees of my overlay virtual networking workshop @ Interop Las Vegas and he asked me how soon I thought the overlay virtual networking technologies would be accepted in the enterprise networks.

My response: “you might be surprised at the speed of the uptake.” Turns out, I was wrong (again). Today I’m surprised at the lack of that speed.

Do keep in mind that I’m talking about enterprise networks. Many service providers are busy deploying overlay-based cloud pilots, mostly using OpenStack.

So, what went wrong? Like always, the need for numerous virtual subnets has been greatly exaggerated. They start making sense only when you deploy every application stack as an individual tenant, and most enterprises are not nearly ready to do that.

Second, VMware NSX (what most of the enterprises would have to use these days) is _expensive_ unless you get a bundled deal, and it’s really hard to justify the price if you don’t have a pressing need.

Third, it turns out networking actually is more complex than the VPs of Marketing would like you to believe. I’ve heard several stories of virtualization teams going to NSX training and deciding that they don’t want to touch another heap of complexity.

Fourth (and now I’m getting really cynical), it’s easier to blame others. The networking team is a convenient cog in the deployment process because they can’t provision new VLANs or firewall rules in seconds. If you want to take over the networking and security (or get rid of them because SDN), you also have to own the responsibility.

Well, the real reason the networking team is always late to the game might be because someone asked them to change the network or security setup on Friday afternoon after the deployment of new application has been delayed for months, but let’s not go there.

And finally, it looks like private clouds are still primarily server virtualization 2.0, and if you add a bit of microsegmentation to the mix you’re done. No need to deploy thousands of segments, and if you don’t need more than two switches, VLANs won’t be too big anyway.

So, will we see the overlay virtual networks in the enterprise? Absolutely – every major data center networking vendors is replacing whatever must-have layer-2 fabric solution they praised last year with EVPN-over-VXLAN. Arista, Brocade, Cisco, Cumulus, HP and Juniper already have fabric-over-VXLAN solutions (with Brocade, Cisco and Juniper shipping EVPN-over-VXLAN). Too bad we (yet again) missed the opportunity to push the virtual network edge to where it belongs – to the hypervisor.

Or maybe not – all large public cloud providers use some form of overlay virtual networking to implement their services (because nothing else scales to their size), and if you believe in the eventual demise of the private clouds, the reality of enterprise data centers doesn’t matter in the long run. On the other hand, if you’re a skeptical old grunt like myself and feel you might have to build another data center or two in your career, join the online course starting on September 1st.


  1. Hi Ivan,

    This is true that virtualization teams don't want an another heap of complexity. It is much harder to these teams learn networking than networking teams virtualization. That's why overlay networking is mainly for networking teams or merged teams where network guys are operating.

    In terms of the NSX price it is easier to justify on the CAPEX level where we compare a price of an East-West firewall or a L7 load-balancer.

  2. This comment has been removed by the author.
  3. If you measure by how many companies *use* an overlay, the numbers are quite impressive, and growing fast. The public cloud gives each customer an overlay to use, such as AWS VPC. Sure, not many companies have *built* an overlay, but why does that matter when in fact they are using one. Overlays are awesome, like a jet airplane. It makes more sense to just use them and leave the building part to the experts.
    1. Hi Brad,

      It's so nice to hear from you after a long while, and like almost always we're in perfect sync ;)

      Best, Ivan
  4. Hi Ivan,

    Good post, as usual. VMware has finally released a tiered licensing model for those who kept complaining about high licensing costs :) Details here - http://www.vmware.com/products/nsx/compare.html
  5. Hi Ivan,

    I quote:"push the virtual network edge to where it belongs – to the hypervisor".
    Is VMWare working on the implementation of BGP EVPN for the NSX Vxlan control plane ?


    1. Haven't heard anything along these lines. They have their own solution and seem to be pretty happy with it ;) But then, getting VMware to interoperate with anyone else wasn't ever easy, right?
Add comment