TechLeague

    Networking

    VTEP and VNI explained: the building blocks of VXLAN

    TechLeague EditorialΒ·Β·4 min read

    Two terms confuse every new EVPN-VXLAN engineer: VTEP and VNI. They are the building blocks of every overlay.

    VTEP: where the overlay starts and ends

    • VTEP = VXLAN Tunnel Endpoint. The device that encapsulates and decapsulates VXLAN.
    • In a spine-leaf fabric, the leaf switches are the VTEPs. Spines stay pure IP forwarders.
    • Each VTEP has a unique IP (the loopback) β€” that IP is the source/destination of every VXLAN packet.

    VNI: the tenant identifier

    • VNI = VXLAN Network Identifier. 24-bit field in the VXLAN header (16 million values vs 4096 for VLAN).
    • One VNI β‰ˆ one broadcast domain (L2 VNI) or one VRF (L3 VNI).
    • VNI is what lets you carry thousands of tenants over the same underlay.

    How VTEP and VNI work together

    • Host sends Ethernet frame β†’ ingress VTEP looks up destination β†’ wraps in VXLAN with the correct VNI.
    • Outer IP header: source = ingress VTEP loopback, dest = egress VTEP loopback.
    • Egress VTEP strips VXLAN, looks at VNI β†’ places frame in the right tenant VLAN/VRF.

    Hardware vs software VTEPs

    • Hardware VTEP: ASIC encap/decap at line rate β€” Cisco N9K, Arista 7050X, Juniper QFX5120.
    • Software VTEP: hypervisor (NSX, OVS) β€” flexible but CPU-bound.
    • Mixed deployments work via EVPN β€” both sides advertise via BGP.

    Sizing limits

    • VNI space: 16M theoretical, ~1K-4K practical per fabric (driven by MAC/ARP table size).
    • VTEPs per fabric: hundreds to low thousands, depending on BGP route-reflector design.

    Drill VTEP/VNI scenarios in a TechLeague tournament.

    Related reading