Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

Courses  Forum Support Tools    Search … 

You are here: Home » VXLAN

Introduction to Virtual 

Extensible LAN (VXLAN)

Course
Lesson Contents Contents
1. Overlay vs Underlay VXLAN
2. VNI
3. VTEP Introduction to Virtual

3.1. Software Extensible LAN (VXLAN)

3.2. Hardware VXLAN Static Ingress

3.3. Interfaces Replication

4. VXLAN Frame Format VXLAN Flood and Learn

5. Packet Walkthrough Multicast Data Plane

6. Control Plane VXLAN Multicast Anycast RP

7. Conclusion VXLAN MP-BGP EVPN L2 VNI

VXLAN MP-BGP EVPN L3 VNI

Virtual eXtensible Local Area Network (VXLAN) is a tunneling MP-BGP EVPN VXLAN ARP
Suppression
protocol that tunnels Ethernet (layer 2) tra!c over an IP
VXLAN Underlay OSPF
(layer 3) network.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 1 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

14:47

Traditional layer 2 networks have issues because of three

main reasons:

Spanning tree.
Limited amount of VLANs.
Large MAC address tables.

Spanning tree blocks any redundant links to avoid loops.

Blocking links to create a loop-free topology gets the job
done, but it also means we pay for links we can’t use. We
could switch to a layer 3 network, but some technology
requires layer 2 networking.

The VLAN ID is 12-bit, which means we can create 4094

VLANs (0 and 4095 are reserved). Only 4094 available VLANs
can be an issue for data centers. For example, imagine we
have a service provider with 500 customers. With 4094
available VLANs, they can only o"er 8 VLANs to each
customer.

Because of server virtualization, the number of addresses in

the MAC address tables of our switches has grown
exponentially. Before server virtualization, a switch only had
to learn one MAC address per switchport. With server
virtualization, we run many virtual machines (VM) or
containers on a single physical server. Each VM has a virtual
NIC and a virtual MAC address. The switch has to learn
many MAC addresses on a single switchport.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 2 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

A Top of Rack (ToR) switch in a data center could connect to

24 or 48 physical servers. A data center could have many
racks, so each switch has to store the MAC addresses of all
VMs that communicate with each other. We require much
larger MAC address tables compared to networks without
server virtualization.

In this lesson, I’ll explain what VXLAN is, how it works, and
how it solves the above layer 2 issues.

1. Overlay vs Underlay
VXLAN uses an overlay and underlay network:

An overlay network is a virtual network that runs on top of a

physical underlay network. Even if you never heard about
this terminology before, you have probably seen it. A GRE
tunnel is a simple example of an overlay network. The GRE
tunnel runs on top of a physical underlay network.

With VXLAN, the overlay is a layer 2 Ethernet network. The

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 3 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

underlay network is a layer 3 IP network. Another name for

the underlay network is a transport network.

The underlay network is simple; its only job is to get packets

from A to B. We don’t use any layer 2 here, only layer 3.
When we use layer 3, we can use an IGP like OSPF or EIGRP
and load balance tra!c on redundant links.

Another advantage is that the overlay and underlay network

are independent. The overlay network is virtual and requires
an underlay network, but whatever changes you make in the
overlay network won’t a"ect the underlay network. You can
add and remove links in the underlay network, and as long
as your routing protocol can reach the destination, your
overlay network will remain unchanged.

2. VNI
The VXLAN Network Identi!er (VNI) identi#es the VXLAN
and has a similar function as the VLAN ID for regular VLANs.
We use 24 bits for the VNI, which means we can create
16,777,215 ( ~16 million) VXLANs. That’s a lot, compared to
those 4094 VLANs with a 12-bit VLAN ID. We can create
plenty of VXLANs, which means a large service provider with
even thousands of customers can use as many VXLANs per
customer as needed.

3. VTEP
The VXLAN tunnel endpoint (VTEP) is the device that’s
responsible for encapsulating and de-encapsulating layer 2
tra!c. This device is the connection between the overlay and
the underlay network. The VTEP comes in two forms:

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 4 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

Software (host-based)
Hardware (gateway)

Let’s look at these two options.

3.1. Software
When I’m talking about hosts, I mean hypervisors like
VMWare’s ESXi or Microsoft’s Hyper-V. These hypervisors use
virtual switches, and some of them support VXLAN. Here’s an
illustration:

The VXLAN tunnels are between the virtual switches of the

hypervisors. The underlay network is unaware of VXLAN.

3.2. Hardware
A hardware VTEP is a router, switch, or #rewall which
supports VXLAN. We also call a hardware VTEP a VXLAN
gateway because it combines a regular VLAN and VXLAN
segment into a single layer 2 domain. Some switches have
VXLAN support with ASICs, o"ering better VXLAN
performance than a software VTEP. Here’s what it looks like:

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 5 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

In the above picture, the VXLAN tunnels are between the

physical switches. The devices that connect to the physical
switches are unaware of VXLAN.

3.3. Interfaces
Each VTEP has two interfaces types:

VTEP IP interface: Connects the VTEP to the underlay

network with a unique IP address. This interface
encapsulates and de-encapsulates Ethernet frames.
VNI interface: A virtual interface that keeps network
tra!c separated on the physical interface. Similar to an
SVI interface.

A VTEP can have multiple VNI interfaces, but they

associate with the same VTEP IP interface. Here’s a
picture to help you visualize this:

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 6 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

Let me explain what you see above:

We have three VTEP devices, and each VTEP has a VTEP

IP interface that connects to the underlay network.
All VTEP devices have a VNI interface for VNI 5012 to
create a layer 2 segment.
VTEP1 and VTEP2 also have another VNI interface for
VNI 5013 to create another layer 2 segment.

4. VXLAN Frame Format

Let’s take a closer look at the VXLAN frame and header:

When a VTEP encapsulates an Ethernet frame, it adds a

VXLAN header. In this header, we #nd the VNI and some
%ags.

The o!cial UDP port number for VXLAN is 4789. However,

it’s possible that you also run into UDP port 8472. When
VXLAN was #rst implemented in Linux, there was no o!cial
port number yet, and many vendors used port 8472.

The VXLAN header looks similar to the LISP

header. This is not by accident. The idea was to

add layer 2 support to LISP and call it layer 2 LISP.
Instead, they came up with the name VXLAN.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 7 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

5. Packet Walkthrough
Let’s look at an example of how VXLAN encapsulates and de-
encapsulates an Ethernet frame. Here’s the topology:

H1 and H2 are regular hosts and unaware of VXLAN. VTEP1

and VTEP2 are two switches that act as VTEP devices. We use
VNI 5012 to encapsulate Ethernet frames between H1 and
H2.

Let me walk you through this process:

H1 transmits an Ethernet frame, destined for H2.

VTEP1 receives the Ethernet frame on its VNI interface
and performs the following actions:
Look up the VNI (5012 in my example) to which
H1 is attached.
Find the mapping between the destination MAC
address and remote VTEP IP address.
Add the VXLAN header with VNI 5012.
Add the UDP header.
Add the outer IP header and set the VTEP IP
addresses of VTEP1 and VTEP2.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 8 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

Transmit the IP packet on the underlay network.

VTEP2 receives the IP packet on its VTEP interface and
performs the following actions:
De-encapsulate the IP packet.
Verify whether the VNI is correct and check if
there is a host that uses the destination MAC
address.
Forward the original Ethernet frame towards H2.
H2 receives the Ethernet frame.

6. Control Plane
In the packet walkthrough example, I explained that the
VTEP device looks up the mapping to #gure out what VTEP IP
address to use to reach the destination MAC address. I didn’t
explain how VTEP1 learned this mapping information. Let’s
see how this works.

With a traditional VLAN, the #rst time two hosts

communicate with each other, it goes like this:

H1 sends an ARP request.

Switches in between H1 and H2 learn the MAC address
of H1.
Switches %ood the ARP request.
H2 receives the ARP request.
H2 answers with an ARP reply.
Switches learn the MAC address of H2.

With VXLAN, each VTEP has a VXLAN mapping (forwarding)

table that maps a destination MAC address to a remote VTEP
IP address. How do VTEP devices learn MAC addresses?
There are di"erent control plane solutions. Cisco supports
these four options:

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 9 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

VXLAN with static unicast VXLAN tunnels.

VXLAN with multicast underlay.
VXLAN with MP-BGP EVPN.
VXLAN with LISP.

The #rst option is simple. You manually con#gure the VXLAN

mapping table. This works, but it’s not a scalable solution.
The VXLAN standard describes the second solution, where
we use a multicast “%ood and learn” solution on the
underlay.

Here’s how it works:

Each VNI maps to a multicast group.

The VTEP devices join the multicast group.
When VTEP1 receives the ARP request, it transmits it to
the multicast group.
VTEP2 receives the ARP request and learns the MAC
address of H1.
VTEP2 stores the MAC address of H1 and the IP
address of VTEP1 in the mapping table.
When VTEP2 receives the ARP reply from H2, it uses
the information in the mapping table to send a unicast
packet to VTEP1.

The MP-BGP EVPN solution is popular in data centers and

private clouds. VXLAN with LISP is a popular choice for
campus networks. For example, Cisco’s SD-Access uses
VXLAN with LISP on the control plane.

7. Conclusion
Let’s summarize what we have learned:

Traditional layer 2 networks have issues:

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 10 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

Spanning tree blocks all redundant links. We can’t

use ECMP.
Limited amount of VLANs because of the 12-bit
VLAN ID.
Large MAC address tables because of server
virtualization.
VXLAN uses an overlay and underlay network;
The underlay network is 100% layer 3, so we don’t have
to use spanning tree and can use load balancing.
The overlay network is virtual.
The 24-bit VNI identi#es the VXLAN and is similar to a
VLAN ID. We create ~16 million VXLANs. More than
enough, even for large service providers.
The VTEP device encapsulates and de-encapsulates
layer 2 tra!c. There are two versions:
Software: Runs on the virtual switch of a
hypervisor.
Hardware: Runs on a router, switch, or #rewall.
Some hardware VTEPs use ASICs for better
performance.
Each VTEP has two interfaces:
VTEP IP interface: Connects the VTEP to the
underlay network. This interface encapsulates
and de-encapsulates VXLAN tra!c.
VNI interface: Virtual interface, similar to a SVI
interface.
A VTEP can have multiple VNI interfaces, but they
associate with the same VTEP interface.
VXLAN encapsulates an Ethernet frame and adds a
VXLAN, UDP, and IP header.
The VXLAN standard describes a multicast “%ood and
learn” solution for the control plane.
Other control plane options are MP-BGP with EVPN, or
VXLAN with LISP.
You can learn more about VXLAN in RFC 7348.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 11 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

VXLAN has many advantages. Let me give you an overview:

VXLAN allows you to segment your network just like

with VLANs, without the disadvantages of layer 2
networks.
No spanning tree so we can use redundant links
(ECMP).
Simple underlay network.
It is not limited to 4094 VLANs because of the 12-bit
VLAN ID.
You can create more than 16 million VXLANs because
of the 24-bit VNI.
No need to build large layer 2 topologies and span
VLANs across the entire network.
Less %ooding:
Broadcast tra!c.
Multicast tra!c.
Unknown unicast tra!c.
High performance with hardware VTEPs that use ASICs.

I hope you enjoyed this lesson. If you have any questions,

please leave a comment.

Next Lesson
VXLAN Static Ingress
Replication
»

Forum Replies

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 12 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

davide.concio

Hi Rene, this is a very good lesson on VXLAN, straight to the point and well written.
I’m particularly passionate to this topic because I worked on a VXLAN EVPN Fabric the last year and love
this technology.
If I had done a lesson like this when I started It would have been easier to learn the topic…

bikram.na

Hi Rene,
How can we con#gure vxlan. Could you please explain.

lagapidis

Hello Bikram

Take a look at the following lesson in order to further understand how to implement a VXLAN topology.

https://networklessons.com/cisco/ccnp-encor-350-401/vxlan-%ood-and-learn-with-multicast

I hope this has been helpful!

Laz

syedabrar_8055

This is the BEST explanation document on VXlan available on internet.

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 13 of 14
Introduction to Virtual Extensible LAN (VXLAN) 07/02/25, 4:49 PM

lagapidis

Hello Syed

Thanks so much for your positive feedback, it gives us the drive to continue to do our best!

Laz

 58 more replies! Ask a question or join the discussion by visiting our Community Forum

© 2013 - 2025 NetworkLessons.com 22072 Disclaimer Privacy Policy Support About

https://networklessons.com/vxlan/introduction-to-virtual-extensible-lan-vxlan Page 14 of 14