Overlay Network: Why would you need it?

An overlay network dramatically increases the number of virtual subnets that can be created on a physical network, which in turn supports multitenancy and virtualization features such as VM mobility, and can speed the configuration of new or existing services.

What is an Overlay Network?

An overlay network is a virtual or logical network that is created on top of an existing physical network. The internet, which connects many nodes via circuit switching, is an example of an overlay network.

It is any virtual layer on top of the physical network infrastructure. This may be as simple as a virtual local area network (VLAN) but typically refers to more complex virtual layers from software-defined networking (SDN) or a software-defined wide area network (SD-WAN).

The overlay creates a new layer where traffic can be programmatically directed through new virtual network routes or paths instead of requiring physical links. Overlays enable administrators to define and manage traffic flows, irrespective of the underlying physical infrastructure.

How a Network Overlay works

An overlay is a method of defining layers of network abstraction using software to run multiple separate, virtualized networks on top of a physical layer. Network overlays provide the ability to deploy flexible services based on the ever-changing connectivity and mobility demands of the endpoints and applications.

Decoupling the overlay network from the physical topology enables on-demand deployment of layer 2 and layer 3 services, irrespective of the underlay physical topology. This eliminates the cost of manually modifying the network to cater to the movement of clients and applications.

Network overlays also carry endpoint or user role information across the network without requiring all devices in the path to understand or manage the roles.

Advantages 

• Flexibility: The overlay provides a more flexible networking approach by removing the hardcoded constraints of a physical network, which enables configuration tied to usage or function.
• Management: Overlays offer better access management by segmenting and joining devices logically instead of managing these components physically.
• Security: Overlay networks enhance security by segmenting traffic and restricting access by groups, individuals, or devices. In the case of a network compromise – when using SDN as an overlay – an attacker’s traffic can be detected and stopped more easily.
• Redundancy and efficiency: With an overlay, traffic has an easier time changing routes based on either traffic saturation or network interruptions.

Disadvantages 

• Extra layers of management: IT would have to manage two different network layers daily. Most importantly, the layers must be managed in unison as the topology that the overlay expects needs to be accurately represented in the underlay.
• Troubleshooting: Again, this must occur for both the underlay and overlay.
• Potential security exposure: The negative effects of misconfiguration can be amplified across a wider set of devices or users.

Why consider a network overlay?

Digital acceleration driven by hybrid work, new customer and user experiences, and the need for improved IT efficiencies make it more important than ever for the network to provide the necessary flexibility and security to keep up with constantly changing business requirements. Advancing critical business initiatives while managing a growing volume of network sites and topologies can quickly become overwhelming. By using a network overlay, network, and security administrators can configure disparate and dispersed infrastructure using a common set of services — no hands-on configuring of the underlying infrastructure is required.