Understanding VXLAN: How Virtual Extensible LAN Powers Scalable Data Center Networks

What Is VXLAN?

VXLAN (Virtual eXtensible Local Area Network) is an IETF‑defined NVO3 (Network Virtualization over Layer 3) standard that extends traditional VLAN by encapsulating Layer‑2 Ethernet frames inside UDP packets, allowing them to be transported over an IP network.

Why VXLAN Is Needed

Data‑center server virtualization creates two key requirements: seamless virtual machine (VM) migration without IP changes, and massive tenant isolation for large‑scale clouds. VXLAN meets both by providing a virtual Layer‑2 overlay that behaves like a giant switch spanning the entire IP fabric.

Server Virtualization and VM Migration

Physical servers typically have low utilization (10‑15%). Virtualization partitions a single server into multiple VMs, each with its own OS, MAC, and IP, improving resource efficiency. VM migration moves a VM between physical hosts while keeping its IP and state unchanged, but this requires a common Layer‑2 domain, which traditional VLANs cannot provide across large data‑center topologies.

VXLAN vs. VLAN

Traditional VLANs support only ~4 000 IDs, insufficient for modern multi‑tenant data centers. VXLAN introduces a 24‑bit VNI (VXLAN Network Identifier), supporting up to 16 million segments, enabling massive isolation. VXLAN also creates a virtual tunnel that abstracts the underlying IP network, effectively turning the whole data center into a single Layer‑2 switch.

VXLAN Packet Format

A VXLAN packet consists of an outer Ethernet header, an outer IP header, a UDP header (destination port 4789), and a VXLAN header (8 bytes) that carries the VNI and flags. The original Ethernet frame is placed inside the UDP payload.

VXLAN Tunnel Establishment

VXLAN tunnels are built between VTEPs (VXLAN Tunnel Endpoints). Two VTEPs that need to exchange traffic for the same virtual network (same VNI) establish a tunnel, either manually (static configuration) or automatically using EVPN.

Manual Tunnel Creation

Administrators configure each VTEP with its own IP, the remote VTEP IP, and the VNI. Example configuration on a Huawei CloudEngine switch creates an NVE interface with vni 5000 head‑end peer‑list 2.2.2.2 and vni 5000 head‑end peer‑list 2.2.2.3, generating a peer‑list table that drives broadcast replication.

Automatic Tunnel Creation

EVPN (Ethernet VPN) automates VTEP discovery and VNI distribution, eliminating the need for manual peer configuration.

Key VXLAN Elements: VTEP and VNI

VTEP is the edge device that performs encapsulation and decapsulation of traffic. It can be a physical switch (e.g., Huawei CloudEngine) or a virtual switch inside a server. VNI is the 24‑bit identifier that distinguishes virtual networks, analogous to a VLAN ID but with far greater scale.

VXLAN Gateways

VXLAN gateways enable communication between different VNIs or between VXLAN and non‑VXLAN networks. They come in two layers:

Layer‑2 gateway – provides endpoint access to the VXLAN overlay and intra‑VXLAN subnet communication.

Layer‑3 gateway – handles inter‑subnet routing within VXLAN and external network access.

Gateways can be deployed centrally (single device) or in a distributed manner (each leaf switch acts as a gateway). Centralized gateways simplify management but can create sub‑optimal paths and ARP table limits. Distributed gateways scale better by keeping ARP tables local to each leaf.

Packet Forwarding in VXLAN

In a static, centralized VXLAN, traffic within the same subnet follows an ARP‑based learning process. A VM sends an ARP broadcast, VTEPs encapsulate and replicate the request to all peers in the VNI’s peer list, and each VTEP learns MAC‑VNI‑port mappings. Subsequent traffic is unicast and follows the same encapsulation/decapsulation steps.

For inter‑subnet communication, VMs send traffic to their respective VTEP’s BDIF (Bridge‑Domain Interface) IP address. The VTEP routes the packet, encapsulates it with the appropriate VNI, and forwards it to the remote VTEP, which decapsulates and delivers it to the destination VM.

Illustrative Diagrams

Source: Huawei Support – https://support.huawei.com/enterprise/zh/doc/EDOC1100087027