In the world of VxLAN, encapsulation plays an important role. As traffic reaches a VTEP, it will add several new headers.

We start with an ordinary layer-2 frame that a host might send. This is the Inner MAC Frame. The hosts are unaware of VxLAN, so there is nothing special about this. It’s just a normal Ethernet frame like the one shown below.

The switch will add several headers, starting with the VxLAN header. Before sending the data across the IP network, it also needs to add:

• An outer UDP header
• An outer IP header
• An Ethernet header

Aside from adding headers, this process also removes the FCS from the inner MAC frame.

Throughout this article, we will look at the headers that VxLAN uses. We’re going to assume IPv4, but the same principles apply to IPv6.

If traffic is part of a VLAN, a small field in the Ethernet frame holds the VLAN ID.

VxLAN does this a little differently. It adds a whole new header to the frame. Mostly, this is just used to hold the VNI ID.

There are four parts to the VxLAN header:

• Reserved (8 bits) – Currently unused information. This is set to zero on transmission and ignored when received
• VNI (24 bits) – The VNI ID number. 24 bits allows for about 16 million possible VNI’s
• Reserved (24 bits) – As before, this is currently unused
• Flags (8 bits) – Currently only bit 3 is used. This is the I flag, and indicates if this is a valid VNI

This adds up to an additional 8 bytes.

After the VxLAN header, the VTEP adds a UDP header. This uses a destination port of 4789, and a random source port.

The random source port adds entropy. When using ECMP, switches will allocate traffic to a particular link. The random source port helps to spread the traffic across different links.

The length field is a normal UDP field. VxLAN does not do anything specific with this field.

The checksum field must be set to zero if the destination VTEP is to accept and decapsulate the traffic. A valid checksum is not needed here anyway, as there are other error detection functions like FCS.

Next, the VTEP adds an IP header. This includes all the usual fields, but the ones we’re interested in for VxLAN are the source and destination addresses.

The source address is the IP address of the VTEP that send the packet over the transport network.

The destination address is the VTEP at the other end of the network. The destination may be a unicast or multicast address. For multicast, it will be the group address that maps to the VNI.

Finally, the switch or router adds an ethernet header. This is swapped out with every device that the traffic passes through.

Essentially, this is the normal Ethernet header that is applied to any IP traffic. VxLAN does not change any fields here.