Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

VXLAN Implementation. Simplified.

Mohammed Mohsin CCIE, CISSP, CCSP, CISM
2 min readOct 8, 2022

--

VXLAN is in simple terms switching over routing. VXLAN allows you to create an L2 network on top of an L3 network. Using underlay and overlay networks.

Similar to what MPLS VPNs do. PE routers know the endpoint destinations. But the core P routers have no knowledge about the overlay networks. They only route based on external MPLS label.

The difference is MPLS VPNs provide logical layer 3 networks, whereas VXLAN provides layer 2 overlay networks.

So, to understand how VXLAN is implemented, we need to know how underlay network is built. VXLAN utilizes this underlay network to build its overlay network.

The essential questions to ask are:

📌 How is the underlay network built?

📌 Once reachability is established between VTEPs using any IGP or BGP, how they establish overlay VXLAN tunnels?

📌 How does a VTEP forward layer 2 frames from a locally connected source to a destination mac address behind another VTEP?

📌 How unicast mac addresses are learnt over the VTEP cloud?

📌 How broadcast, unknown unicast and multicast (BUM) traffic is sent across the VTEP cloud?

📌 How to make sure there are no loops?

📌 How to best utilize the bandwidth of the underlay network using ECMP?

📌 How to adapt to dynamic changes to endpoint mac addresses? Think of VM mobility.

Below is a primer for implementation steps.

➡️ VXLAN adds 50+ bytes of overhead to the layer 2 frame. So be prepared to increase the default MTU along the path.

➡️ A loopback interface to be used as Network Virtualization Endpoint (NVE) interface on all VTEPs. This will be the source of VTEP through which other VTEPs will be reachable.

➡️ An interior gateway protocol (IGP) such as OSPF or BGP can be used as the underlay routing protocol for VTEP reachability through NVE.

➡️ Multicast group to VNI mapping on the VTEP external interfaces.

➡️ VNI to VLAN mapping on the VTEP internal interfaces.

I cannot cover the full implementation in one post. So, will share other missing components that make VXLAN work in another post.

Let’s understand piece by piece and stitch together all the pieces!

Stay tuned! Thank you.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Acı
Vxlan

--

--

Mohammed Mohsin CCIE, CISSP, CCSP, CISM
Mohammed Mohsin CCIE, CISSP, CCSP, CISM

Written by Mohammed Mohsin CCIE, CISSP, CCSP, CISM

2 Followers
0 Following

Network, Cloud & Security Architect | Cybersecurity Leader | Passion for building careers Follow me: https://www.linkedin.com/in/mohsinccie

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech