Transport Technologies: VXLAN and VTEPs Explained

Modern Datacenter Network Architecture

If you’re building a datacenter network today, you are most likely considering using a network topology such as spine and leaf, or an equivalent vendor-specific fabric technology such as Juniper QFabric, Arista Converged Cloud Fabric or Nokia Data Center Fabric.

With a vendor-specific technology approach, flexibility in future upgrade paths tend to be limited to vendor offerings or can create challenges on creating a migration path out. A vendor-agnostic approach using a technology like VXLAN can help enable the same services without that vendor lock in.

Today’s customers prefer an approach to networking that integrates with their software stack using a Virtual Private Cloud (VPC), offering intelligent products like security appliances and firewalls inside the network layer via Virtual Network Functions (VNF). VXLAN enables those technologies in a vendor agnostic way.

What is VXLAN?

Traditionally, datacenter networks (also enterprise and campus) have relied on legacy VLANs and protocols like spanning tree to provide protection against network faults. Doing so adds time to configuration change management, slowing service deployment, complicating troubleshooting and resulting in high operating costs. Being locked into antiquated network architecture also makes automation and modern services like VPCs and VNFs impossible to implement.

VXLAN, short for Virtual eXtensible LAN, was introduced under RFC7348 by engineers from Arista, Cisco, Broadcom and VMWare (among others) to combat a manual approach to network operations, laying a new foundation for networks to scale, while better integrating the software and server layer. VXLAN was first introduced in 2012 (around the same time as Broadcom’s Trident 2 chipset, the first merchant silicon to offer VXLAN VTEP support in hardware), bringing several features that enable cloud-scale networking and automation by removing traditional layer 2 limits.

How does VXLAN work, and how does it differ from traditional VLANs?

Unlike traditional VLANs with their 12-bit 802.1q header limit imposing a maximum of 4096 VLANs per network, VXLAN instead delivers services via encapsulated tunnels routed over an IP network. Each service is separated within the VXLAN by a unique identifier (similar to a VLAN tag) known as a VNID (Virtual Network Identifier), which is a 24 bit field allowing for up to 16 million unique VNIDs per VXLAN. The result allows for a significantly higher number of network services.

VXLAN tunnels are established between VXLAN tunnel endpoints (VTEPs) which are the “edge nodes” of a tunnel – functionally equivalent to a VLAN. Ingress frames are encapsulated by the VTEP as a UDP datagram and are routed across a standard IP network (underlay) to reach the destination VTEP where they are decapsulated and sent out of an egress port or virtual interface. Intermediate routers merely see the tunnel as a UDP flows. This allows for standard routing protocols to be used and allows for a simple way to upgrade the network to support VXLAN – only the edge nodes of the network need to support VXLAN initially. This approach also allows VXLANs to be spread across multiple IP networks, and also allows a self-healing fabric via an existing routed IP infrastructure.

Another advantage of VXLAN is the integration of VTEPs in many hypervisor solutions. Unlike traditional networks with labor intensive configurations, terminating the VXLAN instance directly inside the hypervisor brings the network into the modern world of cloud and datacenter computing, allowing for the automated provisioning of compute and network resources simultaneously. The operator can now introduce an expanded product set with VPCs, VNFs and other modern concepts in a self healing fabric with the ability to seamlessly and instantly move workloads without adjusting network configuration.

Which devices support VXLAN?

Today, most vendors offer VXLAN support in hardware in their vendor silicon boxes (such as Juniper MX and Juniper PTX). Support in merchant silicon has existed since the Broadcom Trident 2 chipset was released and was first used in the Arista 7050 series. Juniper also introduced support in their merchant silicon boxes shortly afterwards with the Juniper QFX5100. Any device featuring a Broadcom Trident 2, Tomahawk or Jericho chipset should have no issues with VXLAN (however, make sure to check before buying that the vendor has the necessary protocols enabled in their software to support the hardware VXLAN features).

What does a VXLAN network architecture look like?

As previously mentioned, the optimal topology from a capacity and resilience perspective within the datacenter is the spine and leaf. This is also true with VXLAN. An example topology:

Transport technologies: VXLAN and VTEPs Explained







7500R3 Series

QFX5120 Series

7250 IXR Series


7050X3 Series

QFX5100 Series

7220 IXR Series

Note: these are just example ideas and are not the only devices offered by each vendor. The specific device you should use will be highly dependent on your network architecture, capacity and intended product set.

We Can Help You

For any questions or quote requests regarding deploying VXLAN or upgrading your network with cutting edge switching and routing, please reach out to connect with your team at nesevo.

US & Canada: sales-us@nesevo.com
EMEA & APAC: sales@nesevo.com
You want to talk to us about? Click here for more contact details.

Article: Transport Technologies: VXLAN and VTEPs Explained


Transport technologies: VXLAN and VTEPs Explained

Get a free quote!

Call Us

+43 5573 83181 60

Copyright © 2023, nesevo GmbH & CO. KG | Privacy Policy

nesevo news

nesevo news

Never miss an article again... join our mailing list to receive the latest news and updates from nesevo.

You have Successfully Subscribed!