GRE vs. NAT

GRE vs. NAT

Packet encapsulation (GRE) and packet rewrite (NAT) are the two address translation mechanisms included in Microsoft Hyper-V Virtual Network implementation

A) Packet Encapsulation (GRE)

The VM’s packet is encapsulated by using CA IP addresses inside another packet using PA IP addresses, along with a copy of the VSID and the virtual machine’s sending interface MAC address.

Because of the inclusion of the VSID within the header, we can now identify the company (tenant) owning the virtual machine

B) Packet Rewrite (NAT)

With IP Rewrite, we rewrite the source and destination CA IP addresses in the packet with the appropriate PA addresses as packets leave the host. Similarly, when virtual subnet packets enter the destination host, the PAs are rewritten with appropriate CAs,

IP Rewrite is a NAT technology; therefore it requires a single PA IP for every virtual machine CA (in order to isolate VMs from different tenants and use overlapping IP addresses). This translates into a requirement for a large PA pool and an equally large lookup table.

NAT approach unlike the GRE, VSID is not included in the packets

Because the packet format remains unchanged with (NAT) approach, network hardware offload technologies such as Large Send Offload (LSO) and Virtual Machine Queue (VMQ), and multipath routing in the switches (for example, ECMP, or equal-cost multi-path routing) now work as expected. These offloads provide significant benefit for network-intensive scenarios in a 10 GbE environment.

In the majority of environments, GRE should be used for network virtualization, because it provides the highest flexibility and performance. IP Rewrite (NAT) is primarily targeted to provide performance and compatibility in some current high-capacity datacenters but is almost unmanageable in a dynamic environment without any management tools.