Virtual Extensible LAN (VXLAN) is a network virtualization technology that enables the creation of Layer 2 overlay networks on top of Layer 3 underlay networks. It provides a way to scale out data center networks, overcome VLAN limitations, and stretch Layer 2 segments across geographically dispersed networks. In this article, we’ll explore how VXLAN works by focusing on its encapsulation process, headers, and packet transmission. We’ll also walk through the communication between two hosts and touch upon the control plane mechanisms used to make it all work.

Introduction to VXLAN

VXLAN was designed to address the scaling limitations of traditional Ethernet VLANs, particularly the 4096 VLAN ID limit imposed by the IEEE 802.1Q standard. By introducing a 24-bit segment identifier known as the VXLAN Network Identifier (VNI), VXLAN supports up to 16 million unique Layer 2 segments. This makes it ideal for large-scale cloud data centers and multi-tenant environments.

If you are new to VXLAN, it may be helpful to first review the basics and the components that make up a VXLAN infrastructure, such as Virtual Tunnel Endpoints (VTEPs), the underlay and overlay networks, and VNIs. This article builds upon those concepts by explaining how actual data gets transmitted within a VXLAN network.

VXLAN Header and Encapsulation

At the heart of VXLAN is the concept of encapsulation—taking a traditional Layer 2 Ethernet frame and wrapping it in multiple layers of headers so that it can travel across an IP-based underlay network.

The VXLAN Header

The VXLAN header is inserted between the original Ethernet frame and the UDP/IP headers that follow. This header contains the crucial VXLAN Network Identifier (VNI), which tells the receiving VTEP which virtual network the frame belongs to.

The encapsulated data includes:

• The original Ethernet frame (including source/destination MACs and upper-layer data)
• A VXLAN header with the VNI
• A UDP header (with port number 4789, the default for VXLAN)
• An IP header for the underlay network
• A Layer 2 header (Ethernet, MPLS, etc.) depending on the underlay

This entire stack forms what is known as the VXLAN-encapsulated packet.

Purpose of Encapsulation

This encapsulation allows the original Layer 2 frame to be transported across Layer 3 networks without requiring Layer 2 connectivity across the physical infrastructure. The underlay network is completely unaware of the encapsulated data and is only responsible for routing the packet based on its IP headers.

VXLAN Packet Transmission: Step-by-Step

Let’s take a detailed look at how VXLAN enables communication between two hosts, PC1 and PC2, that are part of the same virtual Layer 2 network, but located in separate physical locations connected via an IP-based underlay.

Network Setup Overview

• PC1 and PC2 belong to the same Layer 2 segment, which is mapped to VNI 6501.
• Each host is connected to a VTEP. These are responsible for encapsulating and decapsulating VXLAN packets.
• The underlay can be any network with IP connectivity between VTEPs—it could be the Internet, a WAN, or MPLS.

Step 1: Sending the Frame

PC1 sends an Ethernet frame to PC2 using its standard MAC and IP addressing. It is completely unaware that VXLAN is in use. This frame includes:

• Source and destination MAC addresses (PC1 and PC2)
• Source and destination IP addresses (PC1 and PC2)

Step 2: Encapsulation at the Source VTEP

Once the frame arrives at the source VTEP (connected to PC1), VXLAN processing begins:

1. VXLAN Header Added: The VTEP appends a VXLAN header that includes VNI 6501.
2. Destination VTEP Lookup: The VTEP uses a local mapping table to determine which remote VTEP corresponds to PC2’s MAC address.
3. UDP Encapsulation: The entire frame (including the VXLAN header) is encapsulated in a UDP datagram. VXLAN uses UDP port 4789 by default.
4. IP Header Added: An IP header is added, where:
   • Source IP = IP address of the local VTEP
   • Destination IP = IP address of the remote VTEP (connected to PC2)
5. Final Encapsulation: The IP packet is wrapped in a Layer 2 frame suitable for the underlay network (Ethernet, MPLS, etc.)

Step 3: Routing Through the Underlay

The underlay network treats the packet like any other IP packet. It uses the outer IP header to route it from the source VTEP to the destination VTEP. The underlay network has no knowledge of the VXLAN encapsulation—it just forwards the IP packet to its destination.

Step 4: Decapsulation at the Destination VTEP

Upon arrival at the destination VTEP:

1. The outer Ethernet, IP, and UDP headers are stripped.
2. The VXLAN header is examined to identify the VNI.
3. The VTEP places the frame into the corresponding Layer 2 segment identified by VNI 6501.
4. The resulting Ethernet frame is then forwarded to PC2.

To PC2, the packet appears as though it arrived over a regular Ethernet network.

The Control Plane in VXLAN

While the encapsulation process is straightforward, the control plane—which handles the mapping between MAC addresses and VTEP IPs—is more complex. The control plane is responsible for ensuring that each VTEP knows how to reach other VTEPs in the VXLAN network.

Methods for VTEP Discovery and MAC Mapping

1. Static Configuration (Unicast VXLAN)
   Administrators can manually configure MAC-to-VTEP IP mappings. This is simple but not scalable.
2. Multicast-based Discovery
   This is the method originally described in the VXLAN standard (RFC 7348). Each VNI is associated with a multicast group. VTEPs join these groups and use multicast to discover peers and flood unknown frames.
3. BGP EVPN (Ethernet VPN)
   A more scalable and modern approach. BGP EVPN acts as a control plane for VXLAN, dynamically distributing MAC-to-VTEP mappings. It is widely used in data centers and supports automation and high scalability.
4. LISP (Locator/Identifier Separation Protocol)
   LISP separates endpoint identity from location. It’s used in software-defined networking (SDN) environments to manage VXLAN tunnels dynamically.

Each of these methods helps VTEPs discover where to send traffic for unknown destination MAC addresses within the overlay network.

VXLAN Summary

VXLAN is a powerful technology that enables Layer 2 segments to span large-scale IP networks, breaking through the scalability limitations of traditional VLANs. By using UDP encapsulation and IP routing, VXLAN abstracts the transport layer and allows for great flexibility in network design.

Key Takeaways:

• VXLAN encapsulates Layer 2 Ethernet frames in UDP/IP packets using a VXLAN header containing the VNI.
• The underlay network is unaware of the encapsulated data; it simply routes IP packets between VTEPs.
• Decapsulation occurs at the destination VTEP, which restores the original frame and forwards it appropriately.
• Control plane options such as static mappings, multicast, BGP EVPN, and LISP allow VTEPs to discover peers and route frames correctly.

VXLAN may seem complex at first, but once you understand the encapsulation process and the role of VTEPs, the technology becomes more intuitive. It’s a foundational component of modern data center networking and SDN architectures.

Also read: VXLAN – VNIs, VTEPs, and VXLAN Architecture

About:

Welcome to telecomTech, where telecom and networking technologies… are simply explained! I’m Lazarus, a telecom professional with over 25 years of experience in network design, architecture, and telecom technologies. Over my career, I’ve led major projects, trained professionals, and helped countless individuals earn certifications and advance their careers.  

My goal is to make networking and telecom concepts clear, practical, and engaging—the way I wish they were taught when I started learning!

Whether you’re a student, a professional growing your skills, or preparing for certifications like Cisco, telecomTech is here to guide you.
Join me as we explore telecom and networking as a lifelong passion, not just a job. Let’s make this journey of growth and discovery together!