Why VXLAN Is the Key to Scalable Data Center Networks

01 Overview

Abstract: To address the limitations of traditional data center networks on server virtualization, VXLAN technology emerged.

1.1 Traditional Data Center Network Issues

VM scale limited by MAC table size

Network isolation capability limited

VM migration range limited

In traditional Layer‑2 networks, switches forward frames based on MAC tables, which cannot accommodate the massive number of VMs after virtualization. VLAN tags provide only 12‑bit IDs, insufficient for large cloud tenants. VM migration must stay within a single Layer‑2 domain.

1.2 VXLAN Overview

VXLAN (Virtual eXtensible LAN) is a VPN‑type overlay that encapsulates Ethernet frames in UDP over IP, allowing a virtual Layer‑2 network on any routable IP fabric. It uses MAC‑in‑UDP encapsulation, a 24‑bit VXLAN Network Identifier (VNI) supporting up to 16 M segments, and enables VM migration without physical network constraints.

1.3 VXLAN Applications in Data Centers

VXLAN solves the three problems above: it removes MAC‑table limits, provides 24‑bit VNI for massive tenant isolation, and creates a virtual Layer‑2 domain that spans multiple physical locations, allowing unrestricted VM migration.

1.4 VXLAN in Campus Networks “One Network, Multiple Uses”

Virtual networks (VN) are created on a single physical fabric for different business scenarios (office, R&D, IoT).

iMaster NCE SDN controller centralizes device management and translates intent into device commands via NETCONF.

02 Basic Concepts

2.1 VXLAN Packet Format

2.2 NVE (Network Virtualization Edge)

NVE is the entity (hardware or software switch) that runs VXLAN and builds a Layer‑2 virtual network on top of a Layer‑3 fabric. SW1 and SW2 are examples of NVE.

2.3 VTEP (VXLAN Tunnel Endpoint)

VTEP performs encapsulation and decapsulation of VXLAN packets.

The outer IP header source is the VTEP’s IP, destination is the remote VTEP’s IP.

One VTEP pair forms a VXLAN tunnel.

Encapsulated packets are sent through the tunnel; the remote VTEP decapsulates them.

Loopback interfaces are typically used as VTEP addresses.

2.4 VNI (VXLAN Network Identifier)

Similar to VLAN ID, distinguishes VXLAN segments; VMs in different segments cannot communicate at Layer‑2.

Each tenant can have one or more VNIs; length is 24 bits.

2.5 BD (Bridge Domain)

Analogous to a VLAN broadcast domain; a BD represents a large Layer‑2 broadcast domain in VXLAN.

VNI maps 1:1 to a BD, enabling Layer‑2 connectivity within the BD.

2.6 VAP (Virtual Access Point)

Provides two access methods: sub‑interface mode or VLAN‑binding mode to connect endpoints to a VXLAN.

03 VXLAN Gateways

2‑Layer (L2) Gateway

Enables traffic to enter the VXLAN virtual network and supports intra‑VXLAN subnet communication.

3‑Layer (L3) Gateway

Facilitates inter‑subnet communication within VXLAN and access to external (non‑VXLAN) networks.

04 VBDIF

VBDIF is the VXLAN equivalent of VLANIF, a Layer‑3 logical interface created on a BD.

Configuring an IP on VBDIF enables communication between different VXLAN segments and between VXLAN and non‑VXLAN networks.

05 Distributed vs. Centralized Gateways

5.1 Centralized Gateway

All inter‑subnet traffic passes through a single L3 device, simplifying management but may not follow optimal paths.

5.2 Distributed Gateway

VTEP nodes act as both L2 and L3 gateways, providing shorter forwarding paths, though deployment and troubleshooting are more complex.

06 VXLAN Tunnel Establishment

A VXLAN tunnel is defined by a pair of VTEP IP addresses; as long as the VTEPs are routable, the tunnel can be created.

6.1 Static VXLAN

Manually configure VNI and VTEP IPs on both ends.

6.2 BGP EVPN Control Plane

EVPN, an extension of BGP, provides automatic VTEP discovery, host learning, and distributes VXLAN tunnel information, eliminating manual configuration and reducing flooding.

07 VXLAN in CloudCampus Solution

7.1 Requirements

Build a fabric over the physical network with distributed gateways.

Create two virtual networks (OA and RD) with isolation, DHCP, and external connectivity.

7.2 Fabric Management

Users add physical devices to the fabric, assign roles (Border, Edge), and iMaster NCE automatically configures OSPF, BGP EVPN, and underlay connectivity.

7.3 VN Management

Users define VN parameters; iMaster NCE translates intent into device configurations.

VXLAN Tunnel Automation

BGP EVPN advertises tunnel information, devices establish VXLAN tunnels, and traffic is forwarded accordingly.

Endpoint Address Acquisition

Authenticated users obtain IP addresses via DHCP relayed through VXLAN tunnels.

In‑VN Communication

Same‑subnet hosts communicate via VXLAN encapsulation across edges.

Cross‑subnet hosts use BGP‑advertised routes to reach each other through VXLAN.

External network access is achieved by routing through the Border device.