No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of VXLANs

Overview of VXLANs


As defined by RFC, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses the MAC in User Datagram Protocol (MAC-in-UDP) mode to encapsulate packets.


Cloud computing has become the new trend in enterprise IT construction with its features such as high system utilization, low manpower and management costs, flexibility, and strong scalability. As a core technology of cloud computing, server virtualization has a wide range of applications.

For detailed description about server virtualization, see Server Virtualization.

The wide application of server virtualization technology greatly increases computing density in a data center. In addition, VMs need to freely migrate on the network to meet service change requirements. These bring challenges to traditional data center networks of the Layer 2 + Layer 3 architecture.
  • VM scale limited by network devices' table entry capacities

    On a traditional Layer 2 network, data packets are forwarded at Layer 2 based on the MAC address table. Server virtualization leads to an exponential growth of the number of VMs and the number of MAC addresses of the VM network interface cards (NICs). However, the MAC address table size of a Layer 2 device at the access side is incapable to meet this change.

  • Insufficient network isolation capabilities

    While VLAN is the most commonly used network isolation technology, it has its own limitations. The VLAN field in packets is only 12 bits long, which means that at most 4096 VLANs can be used on a network. In public cloud or other cloud computing scenarios involving tens of thousands or even more tenants, VLAN technology can no longer meet network isolation requirements.


    A tenant is a complete collection of logical resources deployed on a data center network, including network resources such as VLANs and IP address pools, as well as computing resources such as physical servers and virtual machines (VMs). Each tenant has its own tenant administrator to orchestrate and deploy network services.

  • Limited VM migration scope

    VMs on a data center network frequently migrate due to server resource issues, such as high CPU usage and insufficient memory.

    VM migration is a process in which a VM moves from one physical server to another. To ensure uninterrupted services during VM migration, the IP and MAC addresses of VMs must remain unchanged. To meet this requirement, server migration must occur in a Layer 2 network. However, a traditional Layer 2 network limits the VM migration scope.

VXLAN addresses the preceding problems:
  • For VM scale limitations imposed by table entry capacities

    VXLAN encapsulates original data packets sent from VMs in the same region into UDP packets, with the IP and MAC addresses used on the physical network in outer headers. The network is only aware of the encapsulated parameters. This greatly reduces the number of MAC address entries required on large Layer 2 networks.

  • For limited network isolation capabilities

    VXLAN uses a VXLAN Network Identifier (VNI) field similar to the VLAN ID field to identify users. The VNI field has 24 bits and can identify up to 16M VXLAN segments, effectively isolating massive tenants in cloud computing scenarios.

  • For limited VM migration scope

    VXLAN encapsulates original packets sent by VMs over a VXLAN tunnel. VMs at two ends of a VXLAN tunnel do not need to know the physical architecture of the transmission network. In this way, VMs using IP addresses in the same network segment are in a Layer 2 domain logically, even if they are on different physical Layer 2 networks. VXLAN technology constructs a virtual large Layer 2 network over a Layer 3 network, so that VMs are on the same large Layer 2 network so long as there are reachable routes between them. The virtual large Layer 2 network enlarges the VM migration scope.

    For detailed description about large Layer 2 network, see Large Layer 2 Network.


VXLAN is developed to implement server virtualization and free VM migration on data center networks. As a VPN technology, VXLAN can also be used on campus networks to provide Layer 2 interconnection between dispersed physical sites and Layer 3 interconnection between sites.

Currently, related devices and multiple Layer 2 and Layer 3 network technologies need to be deployed on campus networks to implement Layer 2 and Layer 3 interconnection between tenant sites. Overlay-based VXLAN technology establishes Layer 2 virtual networks between any networks with reachable routes to implement Layer 2 interconnection. Layer 3 interconnection is implemented between sites by VXLAN Layer 3 gateway at the same time. In all, VXLAN realizes faster and more flexible site interconnection.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144300

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next