Tuesday, January 20, 2026

VxLAN Explained: Extending Layer 2 for the Modern, Scalable Network

Virtual Extensible LAN (VXLAN) is one of the most important technologies enabling modern data center and cloud networking. As organizations moved from small, static networks to highly virtualized, software-defined, and cloud-scale environments, traditional networking constructs—especially VLANs—began to show their limits. VXLAN was designed specifically to overcome those limitations while preserving familiar Layer 2 semantics.

This article provides a comprehensive overview of VXLAN: what it is, why it exists, how it works at the packet level, and how it compares to traditional VLANs. The goal is to demystify VXLAN while maintaining the technical rigor expected by networking and cybersecurity professionals.

What Is VXLAN?

VXLAN (Virtual Extensible LAN) is a Layer 2 overlay technology that allows Ethernet frames to be encapsulated inside Layer 3 packets. In practical terms, VXLAN enables devices that behave as if they are on the same local Ethernet segment—even when they are separated by routed IP networks.

VXLAN is defined in RFC 7348 and is widely implemented across data center switches, hypervisors, and cloud platforms. It is a foundational technology for modern data center fabrics, software-defined networking (SDN), and multi-tenant cloud infrastructure.

At its core, VXLAN solves a scalability problem: how to extend Layer 2 networks across large, distributed Layer 3 infrastructures without the operational and architectural drawbacks of traditional Layer 2 extension mechanisms.

 Why VXLAN Exists: The Limitations of VLANs

VLAN Scalability Constraints

VLANs use a 12-bit VLAN ID, which limits the number of unique VLANs to 4,096. While sufficient for small and medium environments, this becomes a hard ceiling in:

  • Large enterprise data centers
  • Multi-tenant cloud environments
  • Service provider networks
  • Containerized and microservices-based architectures

In environments where thousands of tenants, applications, or security zones are required, VLAN exhaustion becomes inevitable.

Layer 2 Sprawl and Instability

Traditional VLAN-based networks rely heavily on Layer 2 constructs such as:

  • Spanning Tree Protocol (STP)
  • Broadcast and unknown unicast flooding
  • MAC address learning across the fabric

As Layer 2 domains grow, they become increasingly fragile, difficult to troubleshoot, and prone to large blast-radius failures.

The Need for Layer 2 Mobility Over Layer 3

Virtualization introduced a new requirement: workload mobility. Virtual machines and containers often need to move between hosts or data centers without changing IP addresses. VLANs struggle to provide this flexibility across routed networks without complex designs or proprietary extensions.

VXLAN was created to address all of these issues.

VXLAN as an Overlay Network

VXLAN is best understood as an overlay network built on top of an existing IP underlay network.

  • Underlay: A standard Layer 3 IP network that provides basic IP connectivity (routing, ECMP, resiliency).
  • Overlay: VXLAN tunnels that carry Layer 2 Ethernet frames across the IP underlay.

This separation of concerns is deliberate:

  • The underlay focuses on fast, stable IP routing.
  • The overlay provides logical Layer 2 connectivity and tenant isolation.

Key VXLAN Components

VXLAN Network Identifier (VNI)

Instead of a 12-bit VLAN ID, VXLAN uses a 24-bit VXLAN Network Identifier (VNI).

  • Maximum VNIs: ~16 million
  • Each VNI represents a logical Layer 2 segment
  • Multiple VNIs can coexist over the same physical infrastructure

This is the primary reason VXLAN scales so well compared to VLANs.

VXLAN Tunnel Endpoints (VTEPs)

A VTEP is the device that performs VXLAN encapsulation and decapsulation. VTEPs can be:

  • Physical switches
  • Virtual switches (e.g., in hypervisors)
  • Software routers or gateways

Each VTEP has:

  • One or more IP addresses on the underlay network
  • Knowledge of which local MAC addresses belong to which VNI

How VXLAN Works: Packet Encapsulation in Detail

One of the most important aspects of VXLAN is how it encapsulates data. Understanding this process clarifies both its power and its overhead.

Key VxLAN Components

 

Step-by-Step Encapsulation

  1. Original Ethernet Frame
    • Source MAC
    • Destination MAC
    • EtherType
    • Payload (e.g., IP, TCP, application data)
  2. VXLAN Header
    • 8 bytes in length
    • Contains the 24-bit VNI
    • Includes flags indicating a valid VXLAN packet
  3. UDP Header
    • Destination port: UDP 4789 (standard VXLAN port)
    • Source port: dynamically chosen (used for ECMP hashing)
  4. Outer IP Header
    • Source IP: VTEP IP address
    • Destination IP: remote VTEP IP address
    • Enables routing across the underlay network
  5. Outer Ethernet Header
    • Source and destination MAC addresses for the physical next hop

 

VxLAN Encapsulation and Headers

 

The result is a fully routable IP packet that can traverse any IP network, while still carrying an intact Layer 2 frame inside.

Protocols Used by VXLAN

VXLAN intentionally leverages existing, well-understood protocols:

UDP

VXLAN uses UDP as its transport mechanism. This choice provides several advantages:

  • Compatibility with existing IP networks
  • Support for Equal-Cost Multi-Path (ECMP) routing
  • Simplified hardware offload in switches and NICs

VXLAN itself does not require TCP reliability because Ethernet already assumes an unreliable transport.

IP (IPv4 or IPv6)

The outer IP header allows VXLAN traffic to traverse any routed network, including:

  • Spine-leaf data center fabrics
  • WAN links
  • Cloud provider backbones

VXLAN works equally well over IPv4 and IPv6 underlays.

Control Plane Options

VXLAN can operate in two primary modes:

  • Flood-and-learn (data-plane learning)
  • Control-plane driven (e.g., BGP EVPN)

Modern deployments overwhelmingly favor BGP EVPN, which provides:

  • Scalable MAC and IP address distribution
  • Reduced flooding
  • Integrated Layer 2 and Layer 3 services

VXLAN vs. VLAN: Similarities and Differences

Similarities

  • Both provide Layer 2 segmentation
  • Both allow logical separation of traffic
  • Both preserve Ethernet semantics (MAC-based forwarding)
  • Both can be used for security zoning and traffic isolation

Key Differences

Comparison

VLAN

VXLAN

Identifier size

12-bit VLAN ID

24-bit VNI

Max segments

4,096

~16 million

Transport

Native Ethernet

Encapsulated over IP

Scalability

Limited

Massive

Dependency

Layer 2 adjacency

Layer 3 routed underlay

Multi-tenancy

Constrained

Designed for it

 

In short, VLANs are simple and effective for smaller, localized networks, while VXLAN is engineered for scale, resilience, and cloud-native architectures.

Why VXLAN Is Used in Modern Networks

Data Center Fabrics

VXLAN is a cornerstone of spine-leaf architectures, enabling:

  • Any-to-any connectivity
  • Large Layer 2 domains without STP
  • Predictable performance and fault isolation

Cloud and Multi-Tenant Environments

Public and private cloud providers rely on VXLAN to:

  • Isolate tenants securely
  • Provide overlapping IP address spaces
  • Rapidly provision and deprovision networks

Virtualization and Workload Mobility

VXLAN allows virtual machines and containers to move freely across hosts and racks while maintaining IP and MAC consistency—critical for application availability and disaster recovery.

VXLAN and Security Considerations

While VXLAN itself is not a security protocol, it has important security implications:

  • Segmentation: VNIs provide strong logical isolation
  • Visibility challenges: Encapsulation can obscure traffic from legacy security tools
  • Encryption: VXLAN does not encrypt payloads; IPsec or MACsec must be layered on if confidentiality is required

From a Zero Trust or modern security architecture perspective, VXLAN is often paired with identity-based controls, microsegmentation, and distributed firewalls.

VXLAN in Context: Evolution, Not Replacement

It is important to emphasize that VXLAN does not eliminate VLANs. In most real-world designs:

  • VLANs are still used locally on access ports
  • VXLAN extends those VLANs logically across routed networks
  • Gateways map VLANs to VNIs at the fabric edge

VXLAN is therefore an evolutionary technology, not a wholesale rejection of Ethernet networking principles.

Conclusion

VXLAN exists because modern networks demand scale, flexibility, and resilience that traditional Layer 2 designs cannot deliver alone. By encapsulating Ethernet frames inside IP packets and using a vastly expanded identifier space, VXLAN allows organizations to extend Layer 2 connectivity across Layer 3 infrastructures in a clean, scalable, and cloud-ready way.

Understanding VXLAN is no longer optional for networking and cybersecurity professionals. It underpins data center fabrics, cloud platforms, SDN solutions, and increasingly, enterprise campus designs. While VLANs remain foundational, VXLAN represents the logical next step in network evolution—preserving what works while removing the constraints that no longer do.

For professionals preparing for modern networking roles, certifications, or architecture design responsibilities, VXLAN is a concept worth mastering—not just as a protocol, but as a design philosophy aligned with how networks are built today.

Monday, January 5, 2026

What Is an Operating System?

Happy New Year! I wanted to start off the new year by getting back to basics with a topic that many of my students frequently ask about: operating systems. Understanding how operating systems work provides the foundation for learning networking, cybersecurity, troubleshooting, and nearly every other area of modern computing.

An Operating System (OS) is system software that manages computer hardware, software resources, and provides services for computer programs. It acts as an intermediary between applications and the hardware, ensuring that programs run correctly and efficiently while enforcing rules for resource sharing, security, and stability.

Major Components of an Operating System

An OS typically includes the following components:

  1. Kernel – The core part of the OS that directly manages hardware and system resources.
  2. Device Drivers – Specialized modules that allow the OS to communicate with hardware devices.
  3. Process Management – Controls program execution, scheduling, and multitasking.
  4. Memory Management – Allocates RAM to applications and ensures isolation between processes.
  5. File System Management – Manages how data is stored, retrieved, and organized on storage devices.
  6. I/O System – Handles communication between the OS and peripherals like keyboards, displays, printers, and storage.
  7. Security & Access Control – Ensures user authentication, permission enforcement, and system integrity.
  8. User Interface – Provides a way for humans to interact with the system (Command Line Interfaces, GUIs, APIs).

The Kernel in Detail

The kernel is the foundation of the OS. It runs in privileged mode (kernel mode), giving it unrestricted access to system resources. Applications, on the other hand, run in user mode with restricted privileges.

Core Responsibilities of the Kernel:

  1. Process Management – Creates, schedules, and terminates processes. It decides which process gets CPU time and for how long.
  2. Memory Management – Allocates memory to processes, tracks usage, handles virtual memory, and manages swapping between RAM and disk.
  3. Device Management – Interfaces with device drivers to control hardware (e.g., disk drives, network interfaces).
  4. File System Access – Provides APIs for file operations like open, read, write, and close.
  5. System Calls – Defines the interface between user applications and the OS kernel (e.g., open(), fork(), read() in Linux).
  6. Security & Protection – Enforces privilege levels, process isolation, and prevents unauthorized memory access.
  7. Networking – Manages network protocols, sockets, and packet transmission.

 

Anatomy of Linux system call in ARM64 | East River Village

 

Kernel Interaction with Other Components

  • Applications request services via system calls.
  • Kernel processes the request and interacts with hardware (via device drivers).
  • Results are returned to the application in user space.

Types of Kernels

  1. Monolithic Kernel – Large kernel where all OS services (memory, file systems, device drivers) run in kernel mode (e.g., Linux).
  2. Microkernel – Minimal kernel with only essential functions (process and memory management), while drivers and services run in user space (e.g., Minix, QNX).
  3. Hybrid Kernel – A mix of both, providing microkernel architecture but with some monolithic elements for performance (e.g., Windows NT, macOS XNU).

Kernel Comparison: Windows vs. macOS vs. Linux

1. Windows (NT Kernel)

  • Type: Hybrid kernel.
  • Architecture: Combines microkernel principles with monolithic performance.
  • Features:
    • Handles subsystems for POSIX, Win32, and .NET.
    • Uses the Hardware Abstraction Layer (HAL) for portability.
    • Strong focus on backward compatibility with legacy software.
  • Strengths: Rich driver support, backward compatibility, strong enterprise integration.
  • Weaknesses: Larger attack surface due to complexity; more closed-source.

2. macOS (XNU Kernel)

  • Type: Hybrid kernel (XNU = “X is Not Unix”).
  • Architecture: Combination of Mach (microkernel) + BSD (Unix subsystem) + Apple I/O Kit.
  • Features:
    • Mach provides inter-process communication (IPC), memory management.
    • BSD layer provides POSIX compliance, file systems, and networking.
    • I/O Kit supports modular device drivers.
  • Strengths: Unix-based stability, good memory protection, modern design.
  • Weaknesses: Limited hardware support compared to Linux/Windows.

3. Linux (Monolithic Kernel with Modular Extensions)

  • Type: Monolithic (but modular).
  • Architecture:
    • Device drivers, file systems, networking stacks all run in kernel mode.
    • Supports dynamically loadable kernel modules.
  • Features:
    • Rich system call interface.
    • Broad hardware and platform support (phones, servers, supercomputers).
    • Open source—highly customizable.
  • Strengths: High performance, flexibility, large community, transparency.
  • Weaknesses: Complexity for beginners, fragmentation across distributions.

 

A diagram of a computer system AI-generated content may be incorrect.

 

Similarities Between the Kernels

  • All manage processes, memory, file systems, devices, and networking.
  • All provide APIs/system calls for applications.
  • All enforce security boundaries between user mode and kernel mode.
  • All support multitasking and multiprocessor hardware.

Differences Between the Kernels

  • Design Philosophy:
    • Windows/macOS → hybrid (balance performance with modularity).
    • Linux → monolithic but modular (simplicity + performance).
  • Openness:
    • Windows/macOS → closed source.
    • Linux → open source.
  • Portability:
    • Linux → runs on everything from phones to supercomputers.
    • Windows/macOS → limited to vendor-supported hardware.
  • Driver Models:
    • Linux → community-driven and modular.
    • Windows → vendor-driven and highly standardized.
    • macOS → tightly controlled Apple ecosystem.

In summary:
The kernel is the “core manager” of an operating system, bridging software and hardware. While Windows NT and macOS XNU use hybrid kernel designs for flexibility and modularity, Linux uses a powerful monolithic but modular kernel for performance and openness. Despite different philosophies, they all share the same essential role: controlling hardware resources, enforcing security, and enabling applications to run smoothly.

Subscribe to: Comments (Atom)