In modern network architecture, VLAN (Virtual Local Area Network) and VXLAN (Virtual Extended Local Area Network) are the two most common network virtualization technologies. They may seem similar, but there are actually a number of key differences.
VLAN (Virtual Local Area Network)
VLAN is Virtual Local Area Network (Virtual local area network) abbreviation. It is a technique that divides the physical devices in a LAN into several subnets according to logical relationships. VLAN is configured on network switches to divide network devices into different logical groups. Even though these devices may be physically located in different places, VLAN enables them to logically belong to the same network, enabling flexible management and isolation.
The core of VLAN technology lies in the division of switch ports. Switches manage traffic based on the VLAN ID (VLAN identifier). VLAN ids range from 1 to 4095 and are typically 12 binary digits (i.e., the range 0 to 4095), which means that a switch can support up to 4,096 VLans.
Workflow
○ VLAN Identification: When a packet enters a switch, the switch decides to which VLAN the packet should be forwarded based on the VLAN ID information in the packet. Typically, the IEEE 802.1Q protocol is used to VLAN tag the data frame.
○ VLAN Broadcast Domain: Each VLAN is an independent broadcast domain. Even if multiple VLans are on the same physical switch, their broadcasts are isolated from each other, reducing unnecessary broadcast traffic.
○ Data Forwarding: The switch forwards the data packet to the corresponding port according to the different VLAN tags. If the devices between different VLans need to communicate, they must be forwarded through layer 3 devices, such as routers.
Suppose you have a company with multiple departments, each of which uses a different VLAN. With the switch, you can divide all devices in the finance department into VLAN 10, those in the sales department into VLAN 20, and those in the technical department into VLAN 30. In this way, the network between departments is completely isolated.
Advantages
○ Improved Security: VLAN can effectively prevent unauthorized access between different VLans by dividing different services into different networks.
○ Network Traffic Management: By allocating VLans, broadcast storms can be avoided and the network can be more efficient. Broadcast packets will only be propagated within the VLAN, reducing bandwidth usage.
○ Network Flexibility: VLAN can flexibly divide the network according to the business needs. For example, devices in the finance department can be assigned to the same VLAN even if they are physically located on different floors.
Limitations
○ Limited Scalability: As VLans rely on traditional switches and support up to 4096 VLans, this can become a bottleneck for large networks or large-scale virtualized environments.
○ Cross-domain Connection Problem: VLAN is a local network, cross-VLAN communication needs to be carried out through the three layer switch or router, which may increase the complexity of the network.
Application Scenario
○ Isolation and Security in Enterprise Networks: VLans are widely used in enterprise networks, especially in large organizations or cross-departmental environments. The security and access control of the network can be ensured by dividing different departments or business systems through VLAN. For example, the finance department will often be in a different VLAN from the R&D department to avoid unauthorized access.
○ Reduce Broadcast Storm: VLAN helps to limit broadcast traffic. Normally, the broadcast packets will be spread throughout the network, but in the VLAN environment, the broadcast traffic will only be spread within the VLAN, which effectively reduces the network burden caused by the broadcast storm.
○ Small or Medium-sized Local Area Network: For some small and medium-sized enterprises, VLAN provides a simple and effective way to build a logically isolated network, making network management more flexible.
VXLAN (Virtual Extended Local Area Network)
VXLAN (Virtual Extensible LAN) is a new technology proposed to solve the limitations of traditional VLAN in large-scale data center and virtualization environment. It uses encapsulation technology to transfer layer 2 (L2) data packets through the existing Layer 3 (L3) network, which breaks through the scalability limitation of VLAN.
Through tunneling technology and encapsulation mechanism, VXLAN "wraps" the original layer 2 data packets in layer 3 IP data packets, so that the data packets can be transmitted in the existing IP network. The core of VXLAN lies in its encapsulation and unencapsulation mechanism, that is, the traditional L2 data frame is encapsulated by UDP protocol and transmitted through IP network.
Workflow
○ VXLAN Header Encapsulation: In the implementation of VXLAN, each layer 2 packet will be encapsulated as a UDP packet. VXLAN encapsulation includes: VXLAN network identifier (VNI), UDP header, IP header and other information.
○ Tunnel Terminal (VTEP) : VXLAN uses tunneling technology and packets are encapsulated and unencapsulated through a pair of VTEP devices. VTEP, VXLAN Tunnel Endpoint, is the bridge connecting VLAN and VXLAN. The VTEP encapsulates the received L2 packets as VXLAN packets and sends them to the destination VTEP, which in turn unencapsulates the encapsulated packets into the original L2 packets.
○ Encapsulation Process of VXLAN: After attaching the VXLAN header to the original data packet, the data packet will be transmitted to the destination VTEP through the IP network. The destination VTEP decapsulates the packet and forwards it to the correct receiver based on the VNI information.
Advantages
○ Scalable: VXLAN supports up to 16 million virtual Networks (VNI), much more than VLAN's 4096 identifiers, making it ideal for large-scale data centers and cloud environments.
○ Cross-data Center Support: VXLAN can extend the virtual network between multiple data centers in different geographical locations, breaking the limitations of traditional VLAN, and is suitable for modern cloud computing and virtualization environments.
○ Simplify Data Center Network: Through VXLAN, hardware devices from different manufacturers can be interoperable, support multi-tenant environments, and simplify the network design of large-scale data centers.
Limitations
○ High Complexity: The configuration of VXLAN is relatively complex, involving tunnel encapsulation, VTEP configuration, etc., which requires additional technical stack support and increases the complexity of operation and maintenance.
○ Network Latency: Due to the additional processing required by the process of encapsulation and unencapsulation, VXLAN may introduce some network latency, although this latency is usually small, but still needs to be noted in high performance demanding environments.
VXLAN Application Scenario
○ Data Center Network Virtualization: VXLAN is widely used in large-scale data centers. Servers in the data center usually use virtualization technology, VXLAN can help to create a virtual network between different physical servers, avoiding the limitation of VLAN in scalability.
○ Multi-tenant Cloud Environment: In a public or private cloud, VXLAN can provide an independent virtual network for each tenant and identify each tenant's virtual network by VNI. This feature of VXLAN is well suited for modern cloud computing and multi-tenant environments.
○ Network Scaling Across Data Centers: VXLAN is particularly suitable for scenarios where virtual networks need to be deployed across multiple data centers or geographies. Because VXLAN uses IP networks for encapsulation, it is able to easily span different data centers and geographical locations to achieve virtual network expansion on a global scale.
VLAN vs VxLAN
VLAN and VXLAN are both network virtualization technologies, but they are suitable for different application scenarios. VLAN is suitable for small or medium scale network environment, and can provide basic network isolation and security. Its strength lies in its simplicity, ease of configuration, and wide support.
VXLAN is a technology designed to cope with the need for large-scale network expansion in modern data centers and cloud computing environments. The strength of VXLAN lies in its ability to support millions of virtual networks, making it suitable for deploying virtualized networks across data centers. It breaks through the limitation of VLAN in scalability, and is suitable for more complex network design.
Although the name of VXLAN seems to be an extension protocol of VLAN, in fact, VXLAN has been substantially different from VLAN by its ability to build virtual tunnels. The main differences between them are as follows:
Feature |
VLAN |
VXLAN |
|---|---|---|
| Standard | IEEE 802.1Q | RFC 7348 (IETF) |
| Layer | Layer 2 (Data Link) | Layer 2 over Layer 3 (L2oL3) |
| Encapsulation | 802.1Q Ethernet header | MAC-in-UDP (encapsulated in IP) |
| ID Size | 12-bit (0-4095 VLANs) | 24-bit (16.7 million VNIs) |
| Scalability | Limited (4094 usable VLANs) | Highly scalable (supports multi-tenant clouds) |
| Broadcast Handling | Traditional flooding (within VLAN) | Uses IP multicast or head-end replication |
| Overhead | Low (4-byte VLAN tag) | High (~50 bytes: UDP + IP + VXLAN headers) |
| Traffic Isolation | Yes (per VLAN) | Yes (per VNI) |
| Tunneling | No tunneling (flat L2) | Uses VTEPs (VXLAN Tunnel Endpoints) |
| Use Cases | Small/medium LANs, enterprise networks | Cloud data centers, SDN, VMware NSX, Cisco ACI |
| Spanning Tree (STP) Dependency | Yes (to prevent loops) | No (uses Layer 3 routing, avoids STP issues) |
| Hardware Support | Supported on all switches | Requires VXLAN-capable switches/NICs (or software VTEPs) |
| Mobility Support | Limited (within same L2 domain) | Better (VMs can move across subnets) |
What can Mylinking™ Network Packet Broker do for Network Virtual Technology?
VLAN Tagged, VLAN Untagged, VLAN Replaced:
Supported the matching of any key field in the first 128 bytes of a packet. The user can customize the offset value and key field length and content, and determine the traffic output policy according to the user configuration.
Tunnel Encapsulation Stripping:
Supported the VxLAN, VLAN, GRE, GTP, MPLS, IPIP header stripped in the original data packet and forwarded output.
Tunneling Protocol Identification
Supported automatically identify various tunneling protocols such as GTP / GRE / PPTP / L2TP / PPPOE/IPIP. According to the user configuration, the traffic output strategy can be implemented according to the inner or outer layer of the tunnel
You can check here for more details about the related Network Packet Broker.
Post time: Jun-25-2025
