Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

SD-Access VXLAN

MAC-in-UDP Encapsulation.

Extends vlans to support 16 million network segments in the same administrative domain.

VXLAN_header

Image courtesy of Lost In Transit

VXLAN is VTEP to VTEP.

  • Outer-IP-SRC, VTEP that originated the packet
  • Outer-IP-DST IP, VTEP that needs the packet.
  • Outer-MAC-SRC, VTEP that created the packet.
  • Outer-MAC-DST, the device to reach the VTEP, the gateway.

Multi-destination Support is provided by multicast.

VNI

  • Virtual Network Identifier.
  • 24 bits, 16 million segments.
  • Get mapped to multicast groups.
  • Used for macrosegmentation.

VTEP

  • Virtual Tunnel End point.
  • Originates and Terminates tunnels.
    • push and pop VXLAN headers.
  • Somitems a hypervisor (for app hosting)

VXLAN Segment

  • Only devices with the same VNI can communicate.
  • AKA Overlay Network

Layer 2 Overlay

The VNI is matched to a VLAN.

Layer 3 Overlay

The VNI is matched to a VRF.

References

RFC 7348: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks | RFC Editor

Introduction to VXLAN – Daniels Networking Blog

Cisco SD-Access Best Practices - Cisco Live 2025

Last Modified • Sunday, June 14, 2026. 9:31 pm UTC+00:00 • Commit: e0033bb