Cisco VXLAN: Virtual Extensible Local Area Network

Virtual Extensible LAN (VXLAN) is an encapsulation method that tunnels a Layer 2 network over a Layer 3 underlay network. With the rapid increase of server virtualization over the last decade, the high demand has led to multiple problems with our traditional Layer 2 networks. The Virtual Extensible LAN protocol supports the virtualization of the data center network and also solves problems such as:

  • A limited number of VLANs (only 12-bit VLAN ID)
  • STP or Spanning-Tree Protocol
  • ECMP or load balancing is not supported
  • Large MAC address tables


Overlay and Underlay Networks

The physical network infrastructure, also known as the transport network, is our underlying network. We have Layer 3 protocols in our underlay network, so dynamic routing and ECMP are utilized. On the other hand, an overlay network is a virtual network built on top of the physical underlay network.
VXLAN packets use a VXLAN network identifier or VNI, similar to a VLAN ID. It is a 24-bit identifier capable of generating 16 million VXLAN segments or bridge domains (overlay), which is more than adequate for even the largest service provider.


VXLAN Tunnel EndPoint (VTEP)

The VTEP is the node where Virtual Extensible LAN tunnels originate or terminate. VTEP is connected to a traffic source which may be stand-alone servers or virtual machines. This node encapsulates and de-encapsulates Layer 2 traffic and maps Layer 2 and Layer 3 packets to the VNI that will be utilized in the overlay network. It has two interfaces:

  • IP Interface – faces the core network, and its IP address helps identify the VTEP in the network. It is also used for encapsulation and de-encapsulation of VXLAN traffic.
  • Local LAN Interface – provides connections between local hosts.



VTEP provides the connection between our underlay and overlay networks. Each VTEP has an IP address in the underlay network and one or more VNIs in the overlay. To forward traffic from one host to another, a source and destination VTEP will create a tunnel and will only exist to deliver a VXLAN header inside a frame.

When a frame reaches a switch, it encapsulates it with UDP ports and IP addresses’ headers. The switch will then forward it to the underlay and a destination VTEP where the packet is de-encapsulated.


4789 is the standard UDP destination port number for Virtual Extensible LAN. However, when VXLAN was first implemented in Linux, many vendors used UDP port 8472.


A VXLAN gateway can be used to connect routers and switches that are not capable of supporting Virtual Extensible LAN which uses traditional VLAN segmentation. It is a VTEP node that combines a Virtual Extensible LAN segment and a classic VLAN segment into one common Layer 2 domain.


VXLAN Control Plane

Virtual Extensible LAN is a data plane protocol and can be used with any control plane. There are various VXLAN control and data planes supported by Cisco devices, and these include VXLAN with:

  • Multicast Underlay
  • MP-BGP EVPN Control Plane
  • LISP Control Plane
  • Static Unicast VXLAN Tunnels


Virtual Extensible LAN with Multicast underlay and MP-BGP EVPN control planes are usually used in datacenters and private cloud environments. VXLAN with LISP control plane is commonly used in campus environments, for example, Cisco SD-Access.

The Virtual Extensible LAN specification came from a Layer 2 LISP specification to support Layer 2 segmentation. However, some fields from the Layer 2 LISP specification are not ported into the VXLAN specification. These unported fields are reserved for future use.

The difference between the Layer 2 LISP specification and the VXLAN specification headers is that LISP encapsulation can only perform IP-in-IP/UDP encapsulation, supporting  Layer 3 overlays only. In contrast, VXLAN encapsulation can encapsulate the original Ethernet header to perform MAC-in-IP encapsulation, supporting both Layer 2 and 3 overlays.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: