Underlay vs. Overlay: Virtual Networking Explained
Key Points
- Frank Chodacki introduces the fundamentals of virtual networking, emphasizing its essential role in cloud environments.
- He distinguishes the **physical underlay** (the real hardware such as servers, switches, and routers) from the **virtual overlay** (the software‑defined network built on top of that hardware).
- The **fabric** is defined as the collection of physical components that support a single instance of a virtual networking environment.
- A **TEP (Tunneling End Point)** is the point where virtual traffic is encapsulated to traverse the physical network, acting like a “Russian‑doll” where the virtual packet is nested inside a physical frame.
- Physical routers and bridges serve as ingress/egress points, bridging the underlay and overlay by handling both physical and virtual traffic.
Sections
- Understanding Physical Underlay and Overlay - IBM Cloud presenter Frank Chodacki explains virtual networking fundamentals by distinguishing the physical underlay (including the fabric of servers, switches, and routers) from the virtual overlay that operates on top of it.
- Physical Routers Bridge Virtual Networks - The speaker explains how physical routers and bridges serve as ingress/egress points linking a simple, “dumb‑pipe” physical layer to an intelligent virtual overlay that handles networking, firewalls, and topology diversity.
- Virtual Routing, Bridging, and Micro‑Segmentation - The speaker explains how virtual routers and bridges operate within a network fabric, how packets are de‑encapsulated via a physical router, and how micro‑segmentation enables firewalling between virtual machines.
Full Transcript
# Underlay vs. Overlay: Virtual Networking Explained **Source:** [https://www.youtube.com/watch?v=u0TgGIn2LIM](https://www.youtube.com/watch?v=u0TgGIn2LIM) **Duration:** 00:08:23 ## Summary - Frank Chodacki introduces the fundamentals of virtual networking, emphasizing its essential role in cloud environments. - He distinguishes the **physical underlay** (the real hardware such as servers, switches, and routers) from the **virtual overlay** (the software‑defined network built on top of that hardware). - The **fabric** is defined as the collection of physical components that support a single instance of a virtual networking environment. - A **TEP (Tunneling End Point)** is the point where virtual traffic is encapsulated to traverse the physical network, acting like a “Russian‑doll” where the virtual packet is nested inside a physical frame. - Physical routers and bridges serve as ingress/egress points, bridging the underlay and overlay by handling both physical and virtual traffic. ## Sections - [00:00:00](https://www.youtube.com/watch?v=u0TgGIn2LIM&t=0s) **Understanding Physical Underlay and Overlay** - IBM Cloud presenter Frank Chodacki explains virtual networking fundamentals by distinguishing the physical underlay (including the fabric of servers, switches, and routers) from the virtual overlay that operates on top of it. - [00:03:05](https://www.youtube.com/watch?v=u0TgGIn2LIM&t=185s) **Physical Routers Bridge Virtual Networks** - The speaker explains how physical routers and bridges serve as ingress/egress points linking a simple, “dumb‑pipe” physical layer to an intelligent virtual overlay that handles networking, firewalls, and topology diversity. - [00:06:27](https://www.youtube.com/watch?v=u0TgGIn2LIM&t=387s) **Virtual Routing, Bridging, and Micro‑Segmentation** - The speaker explains how virtual routers and bridges operate within a network fabric, how packets are de‑encapsulated via a physical router, and how micro‑segmentation enables firewalling between virtual machines. ## Full Transcript
Hello, my name's Frank Chodacki.
I'm part of the IBM Cloud team,
and I'm here to explain the basics of virtual networking.
Virtual networking is primarily used for cloud
that's why it's important to at least understand the basics.
So, we're going to start off with a couple of concepts within this video
that will explain one of the key components
to any given virtual infrastructure,
specifically with regards to virtual networking.
So, we're gonna start off with two concepts:
we have the "physical underlay",
and we'll talk about that first,
and then we have the "virtual overlay".
So, let's start off by talking about the underlay.
The underlay is really just the physical infrastructure.
It's computers, it's physical switches, physical routers,
it's just with some specific software to be able to enable
the virtual network which we call the "overlay".
So, let's start off by talking about the underlay,
and in some of these concepts we will talk about
really lend themselves to both the underlay and the overlay.
So, first off, with regards to the underlay, we have something called a fabric.
So what is the fabric?
The fabric is actually all of the physical components
that are required to run,
a single instance of a virtual networking environment
or infrastructure.
So, if we have,
let's say, our 3 servers and a router here in our physical underlay,
and anything outside of that would really constitute the fabric.
Now, there's some variance in the this, and as you get more advanced topics
you'll find out that the fabric can extend to lots of things
but for the basics, let's just say it's the physical infrastructure
that actually runs your virtual networking infrastructure.
And, within that, we have something called a TEP.
What is a TEP?
A TEP stands for Tunneling End Point.
Okay, a tunneling end point,
... and let's just draw it here ...
we've got our TEP here, TEP here, and a TEP here.
A tunneling end point is the point at which
a virtual network actually touches the physical network
when it's going between the devices that actually comprise the fabric.
So, when a virtual network goes across physical devices,
it actually needs to be encapsulated.
Think about those Russian dolls,
you know are you open it up and there's another doll,
it's kind of the same concept -
when it goes on to the physical wire it's the little doll inside the big doll.
The big doll goes across and then when it hits the next server,
you open it up, the little doll, and goes to the virtual network,
so it's encapsulation.
Pretty basic terms, right, so tunneling end point.
The next thing we'll talk about is routing
and this could be virtual routers, but
at this level let's talk about physical routers and bridges.
These will appear both virtual and physical layer because they bridge both.
So, a router in this case,
this router here in the physical environment
is really the embark, disembark, egress, ingress,
in more networking terms,
of where the physical network touches and gets into the virtual network.
So, this could be one interface that touches a physical network
and the other interface is in the virtual network,
which we will describe in a minute.
So, it's essential.
If you didn't have this, you'd basically just have a snow globe
where everything could talk to each other, but they couldn't get out.
So, it's essential that we have routers and bridges running in the physical layer.
So, I also like to call the physical layer a big dumb pipe.
So, basically a network that doesn't really have much intelligence
it just connects everything together,
the intelligence we're gonna talk about is actually in the overlay.
And the overlay is the virtual ...
yeah, stay in school kids, so you learn how to write
- not like me.
So, the virtual layer is actually where
I can be very prescriptive about the networking,
the fire walls, I can have much diversity within the topology
on top of what is a big dumb pipe.
I can put all the intelligence in the virtual network,
and I can have many of these duplicated on the same physical infrastructure.
So, let's talk about some concepts within the virtual network.
Within the virtual network we have segments.
So, what is the segment?
A segment is really just a layer 2 network on its own.
So, it would be the equivalent to having a switch here and a switch here,
they're not connected, or maybe they're connected by a router, those are segments.
The next concept is a transport zone.
So, transport zone is a collection of segments
... and what does that mean?
Well, I may not want my virtual fabric (up here), ...
I may not want that virtual fabric to ...
Maybe I only want it to go across these two hosts but not that host.
So, a transport zone is a way to limit which
of those segments and this fabric of what
physical devices making up the physical fabric
what devices they can actually run across.
And then we have our old friend routers and bridges.
So again, routers and bridges would really be the virtual point.
We could also, within the fabric, we could have a pure virtual router.
So, if I wanted to route between different segments
and not really traverse out of the virtual network,
I have a purely virtual router,
and then I can uplink to a physical router
which allows us to de-encapsulate the packet,
(remember our friend TEP over here, which is a doll inside of a doll),
I can de-encapsulate the packet and allow it to traverse out on to the physical network
to get to the internet, or another site, etc.
And then actually there's one more concept
which is called micro-segmentation.
Micro-segmentation, what is that?
Well, that means I can firewall,
because all of this is really running on top of another operating system
which is down here in the physical layer.
It means I can insert all kinds of services
in the network fabric that makes up the overlay.
And so, one of those things can be a firewall.
So, I can firewall traffic between VM's
on the same segment if I wanted to.
So, it's akin to having a physical switch port
where every physical computer you plug into that port
is firewalled off from every other port.
You can configure exactly what type of traffic you want to traverse across your fabric.
And there you have it.
Those are the basics of a virtual network.
Thank you for watching.
If you have any questions please drop us a line.
If you would like to see more videos like this in the future be sure to "LIKE" and subscribe.