VXLAN

2.3 Describe network virtualization concepts

📘CCNP Encore (350-401-ENCORE-v1.1)

VXLAN is a network virtualization technology that allows you to extend Layer 2 networks over a Layer 3 infrastructure. It’s widely used in data centers and cloud environments to provide scalable and flexible network segmentation.

1. Why VXLAN Exists

Traditional VLANs (Virtual LANs) have limitations:

  • Maximum of 4096 VLANs per network (due to 12-bit VLAN ID).
  • VLANs are limited to a single Layer 2 domain, which can make large data centers hard to scale.
  • Difficulty in stretching networks across multiple physical sites without complex configurations.

VXLAN solves these problems by:

  • Using a 24-bit VXLAN Network Identifier (VNI), supporting up to 16 million unique segments.
  • Encapsulating Layer 2 frames in Layer 3 packets, allowing them to traverse large Layer 3 networks.
  • Making network overlays scalable and flexible in cloud and multi-tenant environments.

2. How VXLAN Works

VXLAN uses a tunnel-based encapsulation approach. Here’s the step-by-step:

  1. Encapsulation:
    • A VM or server sends a Layer 2 frame.
    • The frame is encapsulated with a VXLAN header and a UDP/IP header.
    • This encapsulation allows the Layer 2 frame to travel across a Layer 3 network.
  2. VXLAN Tunnel Endpoints (VTEPs):
    • VXLAN requires devices called VTEPs.
    • VTEPs perform two key functions:
      • Encapsulate original Ethernet frames into VXLAN packets at the source.
      • Decapsulate VXLAN packets back to Ethernet frames at the destination.
    • VTEPs can be physical switches or virtual switches inside hypervisors.
  3. VXLAN Header & VNI:
    • Each VXLAN segment has a VXLAN Network Identifier (VNI).
    • The VNI (24 bits) identifies which VXLAN segment a packet belongs to.
    • This allows multiple tenants or applications to have isolated networks over the same physical infrastructure.
  4. Transport Across IP Network:
    • The encapsulated packet now has a standard UDP/IP header.
    • This allows VXLAN traffic to traverse routers and Layer 3 networks.
    • VXLAN uses UDP port 4789 as the default destination port.

3. VXLAN Components

ComponentDescription
VTEPVXLAN Tunnel Endpoint: handles encapsulation/decapsulation of packets.
VNIVXLAN Network Identifier: unique ID for each VXLAN segment (similar to VLAN ID but bigger).
Underlay NetworkThe physical Layer 3 network that carries VXLAN traffic.
Overlay NetworkThe virtual Layer 2 network created on top of the underlay network using VXLAN.

4. VXLAN in an IT Environment

Here’s how VXLAN is applied in real IT scenarios:

  1. Data Center Multi-Tenancy:
    • Each tenant’s network can have its own VXLAN segment.
    • The same physical infrastructure can support thousands of tenants without conflicts.
  2. VM Mobility:
    • When virtual machines move between hosts in a data center, VXLAN maintains their network identity.
    • The VNI ensures the VM stays on the correct virtual network even if the physical path changes.
  3. Extending Networks Across Sites:
    • VXLAN allows Layer 2 networks to span multiple physical locations over an IP backbone.
    • Useful for disaster recovery or hybrid cloud setups.
  4. Network Segmentation:
    • Security policies can be applied per VXLAN segment, isolating applications or departments.

5. VXLAN Encapsulation Example

A simplified view:

Original Ethernet Frame:
[Source MAC | Dest MAC | Payload]

VXLAN Encapsulated Packet:
[Outer IP Header | UDP Header | VXLAN Header | Inner Ethernet Frame]
  • Outer IP Header: Routes the packet across Layer 3.
  • UDP Header: Provides transport using port 4789.
  • VXLAN Header: Contains VNI to identify the segment.
  • Inner Ethernet Frame: Original data from the VM or host.

6. VXLAN Benefits

  1. Scalability: Supports up to 16 million segments (vs 4096 VLANs).
  2. Flexibility: Layer 2 networks can traverse Layer 3 infrastructure.
  3. VM Mobility: Easier movement of virtual machines across physical servers.
  4. Multi-Tenant Isolation: Each tenant or application can have its own isolated network.
  5. Integration with SDN and Cloud: Works well with automation tools and software-defined networking.

7. Key Exam Points for VXLAN

  • VXLAN uses VTEPs for encapsulation/decapsulation.
  • VXLAN segments are identified by 24-bit VNIs.
  • Encapsulation allows Layer 2 over Layer 3 connectivity.
  • Default UDP port: 4789.
  • VXLAN provides scalable multi-tenancy, network isolation, and VM mobility.
  • Underlay vs Overlay:
    • Underlay: Physical network (IP routed network).
    • Overlay: Virtual network (VXLAN segments, VNI-based).

8. Summary Table

FeatureVXLAN
PurposeExtend Layer 2 over Layer 3, scalable segmentation
Max Segments16 million (24-bit VNI)
EncapsulationEthernet frame inside UDP/IP packet
DeviceVTEP (physical or virtual)
Default UDP Port4789
BenefitsScalability, multi-tenancy, VM mobility, network segmentation

VXLAN is one of the most important network virtualization technologies for modern data centers and cloud networks. For the CCNP exam, focus on VTEPs, VNI, encapsulation, overlay vs underlay, and use cases in IT networks.

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by