VXLAN (Virtual Extensible LAN) is a network virtualisation technology that encapsulates Layer 2 Ethernet frames inside Layer 4 UDP packets. It allows Layer 2 networks to be stretched across Layer 3 boundaries.
Why VXLAN exists
Traditional VLANs are limited to 4094 IDs. In large datacentres and cloud environments this isn’t enough. VXLAN supports up to 16 million VNIs (Virtual Network Identifiers).
Key components
| Component | Description |
|---|---|
| VNI | VXLAN Network Identifier — the VXLAN version of a VLAN ID |
| VTEP | VXLAN Tunnel Endpoint — the interface that encapsulates/decapsulates VXLAN traffic. Usually a loopback IP |
| EVPN | Ethernet VPN — the control plane for VXLAN. Uses BGP to advertise MAC/IP info instead of flooding |
| IRB | Integrated Routing and Bridging — a Layer 3 logical interface bound to a Layer 2 VLAN. Provides a gateway inside VXLAN |
| Underlay | The physical Layer 3 routed network that carries VXLAN traffic |
| Overlay | The virtual Layer 2 network running on top of the underlay |
How it works
- A VM sends a normal Ethernet frame
- The source VTEP encapsulates it in a UDP packet (default port 4789)
- The packet travels across the IP underlay network
- The destination VTEP decapsulates and delivers the original frame