Scaling Overlay Virtual Networks

Webinar: 4.74 Instructor: 4.71 Materials: 4.81 more …

Register to access this free webinar

Webinar details

Every major hypervisor- and networking vendor has an overlay virtual networking product or solution. Most of them work reasonably well in small environments, but would they also scale to thousands of hosts and tens- or hundreds of thousand of virtual machines or Docker containers?

This free webinar sponsored by Nuage Networks explores the scalability challenges of overlay virtual networks and give you some guidelines that you can use to select the overlay virtual networking solution for your public or private cloud.


Distributed Forwarding Plane

Virtual networking infrastructure must provide layer-2, layer-3 and network services abstractions, preferably distributed across the physical infrastructure to prevent chokepoints and optimize end-to-end traffic flow.

This section describes the typical challenges a distributed forwarding plane must cope with and solutions used by Nuage VSP to overcome them.

Scaling Control Plane

Regardless of how well a cloud orchestration system or cloud infrastructure controller is implemented, it’s bound to hit scalability limits that can only be overcome with a scale-out architecture, ideally implemented with a loosely coupled federation of controllers.

High Availability and Multiple Availability Zones

Architects of large cloud deployments usually split them in multiple independent availability zones to minimize the impact of catastrophic failures.

The availability zones should be as loosely coupled as possible; their only potential interaction point should be the cloud orchestration system. Overlay virtual networking solutions with federated controllers are obviously one of the best possible architectures one can use to implement highly independent availability zones.

Hardware VTEPs

Integration of overlay virtual networks with the physical world is one of the crucial functions of every overlay virtual networking solution. Small-scale implementations can rely on software gateways; hardware gateways are the only viable answer in large-scale deployments.

Service providers offering multi-tenant cloud services to their existing VPN services customers face another challenge: integration of overlay virtual networks with customer VPN networks.

This section will describe the range of potential solutions, from software gateways and L2/L3 hardware gateways to full-blown overlay-VPN integration offered by Nuage VSP.

Large-Scale Security Groups and Microsegmentation

Modern scale-out application architectures often rely on host-level protection (sometimes called VM NIC firewall or microsegmentation) – a packet filter or firewall inserted between a virtual machine (or a Linux container) and the adjacent virtual switch.

Most microsegmentation implementations allow the users to specify security rules between groups of virtual machines or containers, resulting in a typical O(n^2) problem – the number of packet filter or firewall rules inserted in front of a VM grows faster than the size of the application infrastructure, potentially resulting in performance bottlenecks.

In this section you’ll see how scalable microsegmentation approaches relying on control-plane security group tagging reduce this problem, resulting in improved forwarding performance in large-scale virtual networking implementations.

Scaling Network Address Translation

Network Address Translation (NAT) is even harder to scale than distributed firewalling. While it’s possible to distribute the translation state across the virtual infrastructure, the necessary state synchronization makes most such approaches impractical.

Nuage VSP uses an alternate approach to distributed NAT that allows a cloud designer to implement common NAT requirements (floating public IP addresses and access to public IP address space from private IP address space) without sacrificing the overall scalability.

Service Chaining and High Availability

Service chaining (insertion of transparent or inter-subnet network services in the forwarding path), particularly when coupled with high availability requirements, is another typical scalability obstacle. This section will describe the typical challenges encountered while deploying service chaining and features of Nuage VSP one can use to alleviate them.

Target Audience

Network architects, designers and implementation engineers working in environments that plan to deploy private or public cloud services.


To attend this webinar, you should be familiar with the basics of server and network virtualization, VLANs and IP routing.

Awareness of virtual networking concepts is highly recommended. Consider listening to the Introduction to Virtual Networking, Cloud Computing Networking and Overlay Virtual Networking webinars.

Happy Campers

About the webinar

I am new to the cloud technologies and it was very fullfilling for me. Thanks.

Presents the technologies relevant information concisely without the vendor sales hype.
It was simply an excellent presentation. Just straight to the point!! This has been enormous uplift to my career.
Aju Francis


I'm definitely a geek to enjoy waking up to pals @ioshints & @dstiliadis talking "way over my head" networking stuff on notsosurround sound.
Attending @ioshints ’s Scaling Overlay Virtual Networks webinar. Very new to this stuff. Can we say “trying to drink from a firehose?”
Sitting in on the Scaling Overlay Virtual Networks webinar hosted by @ioshints and sponsored by @nuagenetworks. Fantastic information! #SDN
Good information on scaling overlay networks w/ @ioshints and @dstiliadis. Thanks guys
Great under the bonnet webinar on @nuagenetworks from @ioshints & @dstiliadis Subscribe to for video & slide content
@patricia_dugan @shi_sha_ Class or no class, I'd watch anything that had @dstiliadis & @ioshints playing off each other.
@RealLisaC @patricia_dugan Enthusiastically agree! Both great teachers - lucky me/us @dstiliadis @ioshints thank you.
@RealLisaC what I love is that @ioshints is always just facts and technology and no marketing.

The Authors

Ivan Pepelnjak

Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.

Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.

More about Ivan Pepelnjak

Dimitri Stiliadis

Dimitri Stiliadis leads technology and architecture initiatives at Nuage Networks. Before founding Nuage Networks, Dimitri was the CTO of Alcatel-Lucent Ventures and he led the Alcatel-Lucent strategy in cloud computing and NFV. He was also the CTO of the OmniAccess Nonstop Laptop Guardian, a security and compliance solution for IT organizations. At Bell Labs Research, he led a series of research programs with fundamental contributions in packet classification, traffic management, router architectures, and asset management, and was instrumental in the commercialization of these technologies. Dimitri received a PhD and an MsC in computer engineering from the University of California, Santa Cruz, in 1996 and 1994 respectively. He is the author for more than 50 papers in international conferences and journals, holds more than 20 patents, and was the co-recipient of the 1998 IEEE Fred W. Ellersick Prize Paper Award.

Nuage Networks

Nu-âhj: From French, meaning ‘cloud’. Nuage Networks brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries. The Silicon Valley-based start up has applied radically new thinking to the problem of delivering massively scalable and high programmable SDN solutions with the security and availability required by business-critical environments. Nuage Networks, backed by Alcatel-Lucent’s (Euronext Paris and NYSE: ALU) rapidly growing IP division, has the pedigree to serve the needs of the world’s biggest clouds. The cloud has made promises – the mission of Nuage Networks is to help you realize them. For more information, visit Nuage Networks on:, read the latest posts on the Nuage Networks blog and follow the company on Twitter:

You'll get

Webinar roadmaps

Custom webinars

To get more information about customized versions of this webinar, on-site workshops, pricing or scheduling details, please contact us.

Related blog posts

Upcoming webinars