Windows Server 2016 introduces an alternative encapsulation to NVGRE (which is
still supported): Virtual Extensible LAN (VXLAN). VXLAN is fundamentally a
tunneling protocol that wraps MAC-based layer 2 packets within UDP (layer 4)
packets. Whereas NVGRE was primarily championed by Microsoft, VXLAN is an IETF
standard (RFC 7348) that is supported by most vendors, which aids in compatibility
across vendors and address offload support in networking equipment.
Like NVGRE, VXLAN utilizes a 24-bit segment ID known as a VXLAN network
identifier (VNI), which is used to provide the isolation for the virtual subnet IDs used
within the virtual networks. Only machines in the same VNI can communicate, unless
other types of gateway services are deployed, creating overlay networks on the
physical network topology. The hosts of the VMs act as the VXLAN tunneling end
points (VTEPs), which are responsible for the construction of the UDP encapsulation
packets that identify the actual VTEPs acting as the source (hosting the sending VM)
and the target (hosting the destination VM). Note that because VXLAN is one layer
down, encapsulating the layer 2 packet from NVGRE, which encapsulated the layer 3
IP address, the VTEPs must maintain mapping of the customer MAC address to target
VTEP IP to enable the correct handling of packets on the provider network. Remember
that an IP address gets resolved to a MAC, and so it is still similar in operation to
NVGRE. The full details of VXLAN can be found in its RFC at
https://tools.ietf.org/html/rfc7348.
Although VXLAN’s implementation is slightly different from NVGRE in terms of the
encapsulation payload, the way that it is managed and used is not different. For
administrators, the information I already discussed related to NVGRE applies equally:
Packets from VMs are encapsulated in wrapper packets that are routable on the
physical network, which is the provider address space, and abstracted completely from
the physical fabric. Hosts will have an IP address in the provider address space to
enable them to communicate and transmit VM traffic. VXLAN is the default
encapsulation protocol in Windows Server 2016.
Virtualization policies are used between all of the Hyper-V hosts that participate in a
specific virtual network, to enable the routing of the CA across the physical fabric and
to track the CA-to-PA mapping. The virtualization policies can also define which
virtual networks are allowed to communicate with other virtual networks. It is at this
point where the management and full sets of features in pre-Windows Server 2016
and Windows Server 2016 diverge in a major way.
Windows Server 2012 and 2012 R2 had a version 1 of Hyper-V Network Virtualization
often referred to as HNVv1 or SDNv1, and those terms are used fairly interchangeably.
HNVv1 is still present in Windows Server 2016. However, it has received no new
functionality nor will it do so in the future. HNVv1 exclusively uses NVGRE
encapsulation, and although the configuration of the virtualization policies can be
accomplished via PowerShell, trying to manage network virtualization manually using
PowerShell is not practical. The challenge in using the native PowerShell commands is
the synchronization and orchestration of the virtual network configuration across all