VXLAN as an overlay network
VXLAN is often described as an overlay technology because it allows you to stretch Layer 2 connections over an intervening Layer 3 network.
This works by encapsulation (tunneling) of Ethernet frames in a VXLAN packet that includes IP addresses.
Devices that support VXLANs are called virtual tunnel endpoints (VTEPs) — they can be end hosts or network switches or routers. VTEPs encapsulate VXLAN traffic and de-encapsulate that traffic when it leaves the VXLAN tunnel.
To encapsulate an Ethernet frame, VTEPs add a number of fields, such as:
- Outer media access control (MAC) destination address (MAC address of the tunnel endpoint VTEP).
- Outer MAC source address (MAC address of the tunnel source VTEP).
- Outer IP destination address (IP address of the tunnel endpoint VTEP).
- Outer IP source address (IP address of the tunnel source VTEP).
- Outer UDP header.
- A VXLAN header that includes a 24-bit field — called the VXLAN network identifier (VNI) — that is used to uniquely identify the VXLAN. The VNI is similar to a VLAN ID, but as it has 24 bits it allows you to create many more VXLANs than VLANs. The VXLAN header also contains 8 bits for VXLAN flags and reserved fields.