Home

VTEP

A VTEP, or VXLAN Tunnel End Point, is a virtual network device that terminates a VXLAN tunnel. It encapsulates Layer 2 frames in VXLAN-encapsulated UDP packets for transport over a Layer 3 underlay network, and decapsulates received VXLAN packets back to Ethernet frames. VTEPs are deployed on hypervisor hosts, software switches, or physical switches and serve as the interface between virtual networks and the underlay network. Each VXLAN segment is identified by a VXLAN Network Identifier (VNI).

Operation: When a local host sends a frame intended for a remote VM in the same VXLAN,

Control plane: VXLAN can operate purely in the data plane, but scalable deployments use a control plane

Implementation and standards: VTEPs can be implemented in software inside hypervisors (for example, Linux VXLAN support)

the
local
VTEP
encapsulates
the
Ethernet
frame
with
a
VXLAN
header
that
carries
the
VNI,
then
adds
an
outer
IP/UDP
header
(UDP
port
4789
is
common)
and
sends
it
to
the
remote
VTEP’s
IP
address.
The
remote
VTEP
decapsulates
and
forwards
the
inner
Ethernet
frame
to
the
destination
VM
or
host
within
the
corresponding
VNI.
VTEPs
maintain
MAC
tables
per
VNI
and
learn
addresses
from
observed
traffic;
unknown
destination
MACs
may
be
flooded
within
the
VXLAN.
such
as
EVPN
(Ethernet
VPN)
over
BGP
to
advertise
reachability
and
MAC/IP
associations
between
VTEPs.
EVPN
reduces
flooding
and
enables
multi-site
L2
extension.
In
EVPN-based
deployments,
VTEPs
exchange
reachability
and
MAC
information
to
build
the
forwarding
state.
or
in
virtual
switch
hardware,
as
well
as
in
network
switches
with
VXLAN/NVGRE
capabilities.
The
VXLAN
protocol
is
defined
in
RFC
7348;
EVPN
for
control
plane
is
defined
by
RFC
8365
and
related
documents.