Why VXLAN Is Essential for Modern Data Center Virtualization

VXLAN (Virtual Extensible LAN) is a network virtualization technology widely used in Layer‑2 networks. It creates a logical VXLAN tunnel between source and destination devices, encapsulating original Ethernet frames in UDP, allowing the encapsulated packets to be routed like ordinary IP packets.

Why VXLAN is needed

It supports VM live migration without changing IP/MAC addresses and provides isolation for a massive number of tenants, addressing the limitations of traditional VLANs.

VM live migration

Server virtualization splits a physical server into multiple VMs, improving utilization and reducing costs. Live migration requires VMs to keep their IP/MAC and state, which is limited to the same Layer‑2 domain in traditional networks.

VXLAN extends the Layer‑2 domain over an IP network, effectively turning the underlying network into a giant virtual switch, enabling large‑scale or cross‑region VM migration.

Tenant isolation

Traditional VLANs support about 4,000 IDs, insufficient for cloud data centers with tens of thousands of tenants. VXLAN introduces a 24‑bit VNI, supporting up to 16 million segments.

VXLAN vs VLAN

VLANs are limited in ID space and Layer‑2 domain size, while VXLAN uses a 24‑bit VNI and builds a virtual tunnel over IP, creating a “large Layer‑2 network” that supports extensive VM migration.

VXLAN packet format

A VXLAN packet adds an 8‑byte VXLAN header (including the VNI), a UDP header (destination port 4789), an outer IP header, and an outer MAC header.

VXLAN operation

VTEP and VNI

VTEP (VXLAN Tunnel Endpoint) is the edge device that encapsulates and decapsulates traffic. VNI (VXLAN Network Identifier) identifies a tenant or segment, similar to a VLAN ID.

VXLAN gateways

VXLAN gateways provide inter‑segment communication. They can be centralized (single three‑layer gateway) or distributed (each leaf switch acts as a gateway), each with its own advantages and drawbacks.

VXLAN EVPN control plane

EVPN (Ethernet VPN) supplies the control plane for VXLAN, automating VTEP discovery, tunnel establishment, and MAC learning. It defines BGP route types: Type‑2 (MAC/IP), Type‑3 (VNI/VTEP), and Type‑5 (IP prefix).

Packet forwarding in VXLAN

Within a VXLAN domain, MAC tables handle Layer‑2 forwarding and FIB tables handle Layer‑3 forwarding. The article describes forwarding flows for same‑subnet and cross‑subnet VM communication in both centralized and distributed VXLAN deployments.

Source: Architecture Engineer Technical Alliance