As modern data centers scale, the demand for flexible, scalable, and segmented Layer 2 connectivity across large Layer 3 networks becomes increasingly critical. VXLAN, or Virtual Extensible LAN, was developed to address exactly that. This technology plays a crucial role in cloud computing environments and large enterprise networks, enabling the deployment of millions of isolated Layer 2 networks.

In this article, we’ll dive into the key components of VXLAN: VNIs, VTEPs, and the VXLAN architecture itself. Whether you’re just starting out with networking or looking to strengthen your understanding of data center technologies, this simple breakdown will help clarify how VXLAN works and why it’s a foundational technology in modern infrastructure.

Introduction to VXLAN

VXLAN is a network virtualization technology that encapsulates Layer 2 Ethernet frames in UDP packets, enabling Layer 2 segments to be extended across a Layer 3 underlay network. This approach allows for the creation of overlay networks that are independent of the physical topology underneath.

Originally designed to support the scalability requirements of cloud providers and large enterprises, VXLAN enables organizations to create isolated network segments for tenants, applications, or services, overcoming the limitations of traditional VLANs.

Components of VXLAN

Several core elements make VXLAN function efficiently:

• VXLAN Network Identifiers (VNIs)
• VXLAN Tunnel Endpoints (VTEPs)
• VXLAN Headers and Encapsulation Process

Let’s explore each of these in detail.

What Are VNIs?

VXLAN Network Identifiers

VNI stands for VXLAN Network Identifier. This 24-bit identifier functions similarly to a traditional VLAN ID used in 802.1Q Ethernet networks. However, while VLANs are limited to just over 4000 IDs due to their 12-bit format, VNIs can support over 16 million segments (2²⁴ = 16,777,216).

This significant increase allows organizations to create a vast number of isolated Layer 2 domains over a shared Layer 3 infrastructure. Each VNI is unique and corresponds to a specific virtual network segment within the VXLAN overlay.

How VNIs Work

When a Layer 2 frame is transmitted over a VXLAN, it is encapsulated within a UDP datagram. A VXLAN header is inserted during this process, and the VNI value is embedded within this header. It tells the receiving device which virtual segment the encapsulated frame belongs to.

This mechanism is critical for maintaining isolation and segmentation across the network, especially in multi-tenant environments.

What Are VTEPs?

VXLAN Tunnel Endpoints

VTEP stands for VXLAN Tunnel Endpoint. It is the device responsible for encapsulating and decapsulating Ethernet frames into and out of VXLAN tunnels.

VTEPs operate at the edge of the VXLAN overlay network and are connected to both the underlay Layer 3 network and the overlay Layer 2 virtual networks.

Types of VTEPs

There are two main types of VTEPs:

• Software-based VTEPs: These are typically implemented in virtual switches (vSwitches) inside hypervisors like VMware ESXi, KVM, or Hyper-V. The VTEP functionality is handled within the software switch responsible for managing virtual machines (VMs) or containers.
• Hardware-based VTEPs: These are physical switches or routers that have been configured to support VXLAN. The encapsulation and decapsulation process occurs directly within the network hardware.

In both cases, the VTEP acts as the entry and exit point for VXLAN tunnels.

VTEP Interfaces

Each VTEP generally has two types of interfaces:

1. VTEP IP Interface: This is a physical or logical interface that connects to the underlay network. It must have Layer 3 connectivity with other VTEP interfaces across the network.
2. VNI Interfaces: These logical interfaces correspond to specific VNIs and are similar to traditional SVIs (Switched Virtual Interfaces). Multiple VNI interfaces can exist on a single VTEP, sharing the same physical IP interface—much like VLAN trunks.

VXLAN Tunnel Establishment

To understand VXLAN architecture, let’s examine how tunnels are formed between VTEPs.

VXLAN Overlay and Underlay

• Underlay: This is the existing Layer 3 IP network infrastructure that provides basic connectivity between all VTEPs.
• Overlay: This is the VXLAN-based logical Layer 2 network that is built on top of the underlay.

When Layer 2 communication is needed between devices located on different VTEPs, VXLAN encapsulates the traffic into UDP packets and sends it across the underlay.

Example: VXLAN Topology

Imagine a VXLAN network with three switches configured as VTEPs. These VTEPs communicate over the underlay network and work together to provide a seamless Layer 2 network.

Let’s say we want to create three isolated Layer 2 segments across this infrastructure using VNIs:

• VNI 6501
• VNI 6502
• VNI 6503

Each of these VNIs represents a distinct Layer 2 segment. The corresponding VTEPs will have logical interfaces for each VNI, and traffic will be encapsulated and routed through the VTEP IP interfaces.

This logical segmentation allows the entire VXLAN infrastructure to behave like a massive distributed Layer 2 switch, while physically being built on a Layer 3 network.

VXLAN Encapsulation

One of the defining characteristics of VXLAN is its encapsulation mechanism.

Encapsulation Process

Here’s a breakdown of the encapsulation process:

1. Original Ethernet Frame: A standard Layer 2 Ethernet frame is created.
2. VXLAN Header: An 8-byte VXLAN header is added to the frame.
3. UDP Header: The VXLAN frame is encapsulated in a UDP datagram.
4. IP Header: The packet is then wrapped with an IP header for transmission across the underlay.
5. Ethernet Frame: Finally, the entire packet is encapsulated into a physical Ethernet frame for transmission.

The VXLAN Header

The VXLAN header is critical to this entire process and contains the following fields:

• Flags (8 bits): The most important flag is the “I” bit (bit 5), which must be set to 1 for any valid VXLAN packet. The remaining 7 bits are reserved and should be set to 0.
• Reserved (24 bits): These bits are set aside for future use and are ignored during normal operation.
• VNI (24 bits): This is the VXLAN Network Identifier we discussed earlier. It defines which virtual network the frame belongs to.
• Reserved (8 bits): An additional reserved byte at the end of the header.

These reserved fields show that the VXLAN specification is designed with future expansion in mind, allowing for further enhancements without major changes to the protocol.

Conclusion

VXLAN represents a major step forward in the evolution of network virtualization. With its support for millions of Layer 2 segments, flexible tunneling using VTEPs, and a future-proof encapsulation mechanism, it has become a standard in modern data centers and cloud networks.

To recap:

• VNIs allow for extensive Layer 2 segmentation.
• VTEPs act as the encapsulation and decapsulation points at the edges of the VXLAN fabric.
• VXLAN architecture allows Layer 2 networks to stretch across Layer 3 underlay networks without sacrificing performance or scalability.

Also read: MPLS – What is it?

About:

Welcome to telecomTech, where telecom and networking technologies… are simply explained! I’m Lazarus, a telecom professional with over 25 years of experience in network design, architecture, and telecom technologies. Over my career, I’ve led major projects, trained professionals, and helped countless individuals earn certifications and advance their careers.  

My goal is to make networking and telecom concepts clear, practical, and engaging—the way I wish they were taught when I started learning!

Whether you’re a student, a professional growing your skills, or preparing for certifications like Cisco, telecomTech is here to guide you.

Join me as we explore telecom and networking as a lifelong passion, not just a job. Let’s make this journey of growth and discovery together!