Tuesday, January 29, 2019

Understanding VXLAN – 10,000-foot Overview


VXLAN or Virtual extensible LAN is a network overlay technology. It was created by a consortium of VMware, Cisco, Intel and many others to improve scaling of the virtualized datacenter.

In this article I will try to explain VXLAN in simple terms and provide a few interesting use cases and where it can be very useful.

Most of the current environments, have multiple various underlying network components such as Switches and Routers. A traditional network would look something like the picture below –

Cluster 1 has an IP address in the range of 192.168.0.0/24 and Cluster 2 has a range of

The router would route traffic between the 0.0 and the 0.1 network and all the VM’s on each host/cluster would be in the same IP ranges.

Now, imagine you are an MSP with a large IT infrastructure. Each client provision their own servers across the multiple clusters. They need the servers in the different clusters to communicate with one another. In this case, the MSP would have to create separate routes and isolations across your underlying network. Imagine this environment had thousands of clusters and how cumbersome this could get?

This is where VXLAN can help us. VXLAN is an encapsulation technology that allows UDP layer 2 over layer 3. The component that does the encapsulation is called VTEP (VXLAN Tunnel Endpoint) and VXLAN’s provide a 24 bit address space called VNI (VXLAN Network Identifier) to separate out the segments.

Let’s get back to our MSP example. They have 2 customers(tenants), XMART and WONKA industries. Coincidentally both WONKA and XMART pick the same IP range (10.10.0./24). They have VM’s across the 2 clusters, but they need to have their VM’s communicate with one another without communicating with each other. In this case a VXLAN tunnel is created across the 2 clusters.


Let’s say XMART and WONKA 10.10.0.1 is sending data to 10.10.0.2 on Cluster 2.

1)    The original frame would read the To-address – 10.10.0.2 and from 10.0.0.1

2)    The VTEP would encapsulate it with a VXLAN header on top of the original L2 frame. The VXLAN to address – 192.168.1.10 and from 192.168.0.10. The UDP port 4789 is reserved for VXLAN.

3)    The difference is in VNI. By using VNI 100, XMART can transmit the packet to the XMART server on host 2 and similarly for WONKA the VNI is 200.

Hope this article provides a high-level overview for anyone trying to understand VXLAN. 

Being an outstanding leader – 5 L’s of leadership (From Pat Gelsinger’s keynote at VMUG Wisconsin)

I have been wanting to write this article since my last visit to Milwaukee for the VMUG Wisconsin Usercon a couple of week...