VXLAN Modes Overview

Each switch and/or router in A network that participates in VXLAN has at least one virtual tunnel endpoint (VTEP) where the packets may be encapsulated or decpasulated. This forms the gateway border between the bare metal network and the VXLAN overlay network. Packets arriving at the gateway from the bare-metal network always have a VLAN association, either explicitly (tagged), implicitly(untagged), or by other policy, ACL, or authentication-based means. If the VLAN has been mapped to a virtual network identifier (VNI) and if the ultimate destination is not locally attached to the VLAN, it may reside across the VXLAN overlay network. If that is the case, the gateway encapsulates the packet and forwards it to the ultimate destination. The gateway decapsulates VXLAN packets arriving from the overlay when the destination IP in the VXLAN header matches the local VTEP IP. Once decapsulated, the gateway looks up the VLAN which was mapped to the VNI found in the header and the switches or routes the inner packet based upon that VLAN in the usual way.

There are two distinct configuration and operational modes: