3. VXLAN Basics: Format, Function, and Flow
VXLAN Packet Format
#image_title
- Isolation across tenants and subnets
- Flexible IP address reuse
- Seamless east-west and north-south communication
2. Azure Local SDN Architecture Recap
Core Components
| Component | Description |
|---|---|
| Network Controller | Central SDN brain; distributes intent-based policy across hosts |
| Host Agent | On-host SDN agent that receives and enforces NC policy |
| vSwitch | Hyper-V Virtual Switch; core data path connecting vNICs to VFP, HNS, NIC |
| VFP | Kernel-mode filtering engine attached to vSwitch |
| HNS | Host Networking Service; configures host-level virtual networks and endpoints |
| SLB Mux/Agent | Software Load Balancer for SNAT, DNAT, and load distribution |
Flow Hierarchy on Host (Simplified)
#image_title
VM1
↓
vSwitch
↓
VFP (ACL/NAT/Bandwidth policies)
↓
Local Routing (same vSwitch instance)
↓
VM2
- Encapsulation: ❌ None
- vSwitch Role: Internal bridging and enforcement
- VFP Role: Policy decision and enforcement per SDN Controller
5. East-West Packet Walkthrough: Cross Host
Scenario
VM1
↓
vSwitch
↓
VFP → Encapsulate (VXLAN)
↓
NIC → Network → HostB NIC
↓
VFP → Decapsulate
↓
vSwitch
↓
VM2
- Encapsulation: Required
- vSwitch Role: Entry/exit point, port policies
- VFP Role: Encapsulation, routing, policy enforcement
6. Ingress & Egress: VM ↔ Physical Network
6.1 VM → Internet (Egress)
- VM packet enters vSwitch
- Processed by VFP, NAT performed via SLB Agent
- VXLAN-encapsulated packet sent to SDN Gateway
- Decapsulated and routed to TOR switch
Overlay networking enables virtual workloads to communicate over an abstracted logical network, regardless of physical IP schema or host location. How about we perform a day in the life of a packet? In Azure Local SDN, VXLAN (Virtual Extensible LAN) is used to encapsulate tenant packets, enabling:
*The thoughts and opinions in this article are mine and hold no reflect on my employer*
