August 28, 2019 By Frank Chodacki 6 min read

Exploring virtual networking architecture and the many benefits it provides users and organizations.

It can be costly for organizations to build their own physical infrastructure, so many are now implementing a virtual infrastructure where they can access enterprise-grade servers and applications via the cloud. However, in order to set up their virtualized environment, they must first set up a virtual networking solution to operate.

In this video, I’m going to map out what a virtual networking architecture looks like and explains the many benefits it provides users, such as the ability to interconnect between VMs, virtual servers, and other related components in a virtualized computing environment.

Learn more

Video Transcript

What is virtual networking?

Hello, my name’s Frank Chodacki. I’m part of the IBM Cloud team, and I’m here to explain the basics of virtual networking.

Virtual networking is primarily used for cloud—that’s why it’s important to at least understand the basics. 

So we’re gonna start off with a couple of concepts within this video that’ll explain what are the key components to any given virtual infrastructure, specifically with regards to virtual networking.

So, we’re gonna start off by two concepts really, we have the physical underlay, and we’ll talk about that first, and then we have the virtual overlay.

The physical underlay

So, let’s start off by talking about the underlay.

The underlay is really just the physical infrastructure—it’s computers, it’s physical switches, physical routers, it’s just with some specific software to be able to enable the virtual network, which we call the overlay. 

So, let’s start off by talking about the underlay and in some of these concepts we’ll talk about really lend themselves to both the underlay and the overlay.

The fabric

So, first off, with regards to the underlay, we have something called a fabric.

So what is the fabric? The fabric is actually all of the physical components required to run, let’s say, a single instance of a virtual networking environment or infrastructure. So, if we have our three servers and a router that we have down here in our physical underlay, really, anything outside of that would really constitute the fabric. 

Now there’s some variance in this, and as you get in more advanced topics, you’ll find out the fabric can extend to lots of things, but for the basics, let’s just say it’s the physical infrastructure that actually runs your virtual networking infrastructure.

TEP: Tunneling end point

And within that, we have something called a TEP. What is a TEP?

A TEP stands for tunneling end point. Okay, a tunneling end point—and let’s just draw it here, got our TEP here, TEP here, and a TEP here.

A tunneling end point is the point at which a virtual network actually touches the physical network when it’s going between the devices that actually comprise the fabric. So, when a virtual network goes across physical devices, it actually needs to be encapsulated.

Think about those Russian dolls, you know are you open it up and there’s another doll—it’s kind of the same concept. When it goes on to the physical wire, it’s the little doll inside the big doll. The big doll goes across and then when it hits the next server, you open it up and the little doll and goes to the virtual network, right? So, it’s encapsulation. Pretty basic terms right, so tunneling end point.

Physical routers and bridges

The next thing we’ll talk about is routing. And this could be virtual routers, but at this level, let’s talk about physical routers and bridges. These will appear both in virtual and physical layers because they bridge both.

So, a router—in this case, this router here in the physical environment—is really the embark, disembark, egress, ingress (and more networking terms) of where the physical network touches and gets into the virtual network.

So, this could be one interface that touches a physical network, and the other interface is in the virtual network, which we will describe in a minute.

So, it’s essential. If you didn’t have this, you’d basically just have a snow globe where everything could talk to each other but they couldn’t get out. So, it’s essential that we have routers bridges running at (or at least part of running in) the physical layer. 

So, I also like to call the physical layer a big dumb pipe. So, basically, a network that doesn’t really have much intelligence it just connects everything together. The intelligence we’re gonna talk about is actually in the overlay.

The virtual overlay 

And the overlay is the virtual.

So, the virtual layer is actually where I can be very prescriptive about the networking, the firewalls—I can have much diversity within the topology on top of what is a big dumb pipe. I can put all the intelligence in the virtual network, and I can have many of these duplicated on the same physical infrastructure.

So, let’s talk about some concepts within the virtual network. 


When in virtual network we have segments.

So, what is the segment? A segment is really just a layer-2 network on its own.

So, it would be the equivalent to having a switch here and a switch here. If they’re not connected, or maybe they’re connected by a router, those are segments.

Transport zone

The next concept is a transport zone.

So, transport zone is a collection of segments, and what does that mean? Well, I may not want my virtual fabric up here—maybe I only want it to go across these two hosts, but not that host.

So, a transport zone is a way to limit which of those segments and this fabric of what physical devices making up the physical fabric—what devices they can actually run across.

Routers and bridges

And then we have our old friend routers and bridges.

So again, routers and bridges would really be the virtual point. We could also—within the fabric, we could have a pure virtual router.

So, if I wanted to route between different segments and not really the traverse out of the virtual network, I have a purely virtual router and then I can uplink to a physical router, which allows us to de-encapsulate the packet (remember our friend TEP over here which is a doll inside of a doll). Now I can de-encapsulate the packet and allow it to traverse out on to the physical network to get to the internet, or another site, etc., etc.


And then, actually, there’s one more concept which is called micro-segmentation. Micro-segmentation—what is that? Well that means I can firewall—because all of this is really running on top of another operating system which is down here in the physical layer—means I can insert all kinds of services in the network fabric that makes up the overlay.

And so, one of those things can be a firewall. So I can firewall traffic between VMs on the same segment if I wanted to.

So, it’s akin to having a physical switch port where every physical computer you plug into that port is firewalled off from every other port. You can configure exactly what type of traffic you want to traverse across your fabric.

And there you have it—those are the basics of a virtual network.

Was this article helpful?

More from Cloud

Announcing Dizzion Desktop as a Service for IBM Virtual Private Cloud (VPC)

2 min read - For more than four years, Dizzion and IBM Cloud® have strategically partnered to deliver incredible digital workspace experiences to our clients. We are excited to announce that Dizzion has expanded their Desktop as a Service (DaaS) offering to now support IBM Cloud Virtual Private Cloud (VPC). Powered by Frame, Dizzion’s cloud-native DaaS platform, clients can now deploy their Windows and Linux® virtual desktops and applications on IBM Cloud VPC and enjoy fast, dynamic, infrastructure provisioning and a true consumption-based model.…

Microcontrollers vs. microprocessors: What’s the difference?

6 min read - Microcontroller units (MCUs) and microprocessor units (MPUs) are two kinds of integrated circuits that, while similar in certain ways, are very different in many others. Replacing antiquated multi-component central processing units (CPUs) with separate logic units, these single-chip processors are both extremely valuable in the continued development of computing technology. However, microcontrollers and microprocessors differ significantly in component structure, chip architecture, performance capabilities and application. The key difference between these two units is that microcontrollers combine all the necessary elements…

Seven top central processing unit (CPU) use cases

7 min read - The central processing unit (CPU) is the computer’s brain, assigning and processing tasks and managing essential operational functions. Computers have been so seamlessly integrated with modern life that sometimes we’re not even aware of how many CPUs are in use around the world. It’s a staggering amount—so many CPUs that a conclusive figure can only be approximated. How many CPUs are now in use? It’s been estimated that there may be as many as 200 billion CPU cores (or more)…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters