VLAN vs VXLAN: Choosing the Right Network Virtualization Technique

Introduction

VXLAN (Virtual eXtensible Local Area Network) is a hot network‑virtualization technology that has become a core component of modern data‑center architectures since its introduction in 2014. VLAN (Virtual Local Area Network), introduced in 1998, is the veteran of network virtualization and remains widely used.

The article explores what VLAN and VXLAN are, their differences, why VXLAN is needed despite VLAN, and the scenarios where each is appropriate.

VLAN Basics

A switch is an L2 device; devices connected to the same switch form an L2 network that communicates via MAC addresses and constitutes a broadcast domain.

In a broadcast domain, a device sends a frame to all ports; only the device with the matching MAC processes it, while others discard it, leading to unnecessary bandwidth consumption and potential security risks.

VLAN solves this by partitioning an L2 network into isolated segments. It adds a 4‑byte VLAN ID to Ethernet frames, allowing simple identification of different virtual LANs. Effectively, a physical switch is split into multiple virtual switches, each with its own broadcast domain.

Benefits of VLAN:

Limits broadcast domains, saving bandwidth and improving performance.

Enhances security by isolating traffic; inter‑VLAN communication requires a router or Layer‑3 switch.

Enables flexible virtual workgroups independent of physical location.

Drawbacks of VLAN:

Supports only up to 4096 VLAN IDs, insufficient for large‑scale cloud environments.

Cannot handle overlapping IP/MAC address spaces across tenants.

Large numbers of virtual machines generate massive MAC tables, degrading switch performance.

VXLAN Overview

VXLAN is another network‑virtualization technology, similar to VLAN but far more powerful.

Traditional VLANs are limited to 4096 IDs because the VLAN ID field is 12 bits. VXLAN introduces a 24‑bit VXLAN Network Identifier (VNI), providing over 16 million possible IDs, suitable for massive multi‑tenant data centers.

VXLAN builds an overlay L2 network on top of an L3 underlay. It encapsulates Ethernet frames inside UDP packets, allowing L2 connectivity across disparate L3 networks.

VXLAN packet structure (simplified):

VXLAN Header (8 bytes) containing the VNI and flags.

UDP Header (destination port 4789, source port derived from a hash of the original frame).

Outer IP Header (source and destination IPs of the VTEPs).

Outer MAC Header (source MAC of the sending VTEP and destination MAC of the next hop).

Key advantages of VXLAN:

Supports up to 16 million isolated L2 networks, solving VLAN scalability.

Leverages existing IP infrastructure, making deployment and maintenance easier.

Preserves VM IP and MAC addresses during live migration via MAC‑in‑UDP encapsulation.

VLAN vs. VXLAN Comparison

While VXLAN offers many benefits, it is not a universal replacement for VLAN. VXLAN requires an underlying L3 network (underlay) and often still relies on VLANs for that underlay. For small data centers with only a few dozen hosts, VLAN is simpler and more cost‑effective.

VXLAN deployment can be expensive due to the need for compatible hardware and complex configuration (e.g., BGP EVPN). Therefore, the choice depends on the specific problems you need to solve.

Conclusion

VLAN and VXLAN each have strengths and weaknesses; neither is categorically better. Use VLAN for simple, small‑scale environments and as the underlay for VXLAN. Adopt VXLAN when you need massive tenant isolation, scalability, and flexibility in large data‑center deployments.