VXLAN Overhead Calculator

VXLAN Overhead & MTU Sizing

VXLAN (Virtual eXtensible LAN, RFC 7348) wraps Layer-2 Ethernet frames inside a UDP/IP underlay. Add up what encapsulation costs you and it comes to 8 (VXLAN) + 8 (UDP) + 20 (outer IPv4) + 14 (outer Ethernet) = 50 bytes. Run IPv6 in the underlay and the outer header gains another 20 bytes for a total of 70; toss an 802.1Q VLAN tag onto the outer Ethernet and that's 4 bytes on top.

If you want a full 1500-byte Ethernet payload to travel end-to-end without fragmenting, the underlay has to handle a jumbo MTU of at least 1550 bytes. In practice people just set it to 9000 (jumbo frames). The device doing the encap/decap is the VTEP (VXLAN Tunnel Endpoint), and it keeps the VNI (24-bit VXLAN Network Identifier) → MAC mappings. That 24-bit space gives you up to 16 million logical segments, where 802.1Q VLANs cap out at 4094.

Applications

Walk into any modern data center or cloud fabric and VXLAN is the overlay you'll find running things: NSX-T, Cisco ACI, Arista EVPN-VXLAN, OpenStack Neutron, and the Kubernetes CNIs (Calico, Cilium, Flannel). It's what makes DCI (Data Center Interconnect) work, lets you stretch multi-tenant L2 over an L3 underlay, moves workloads across racks and pods, and pairs with EVPN signaling (RFC 8365) so BGP-distributed MAC/IP routes replace the old flood-and-learn approach.

FAQ

Why is the underlay MTU so important? Once the underlay MTU drops below payload + 50 bytes, your packets either get fragmented or dropped outright (when the DF bit is set). That's where PMTUD black-holes come from, and the performance hit is brutal. The standard fix is jumbo frames at 9000 bytes.

What is a VTEP? Short for VXLAN Tunnel Endpoint. It's whatever originates and terminates the tunnels by tacking on or stripping off those 50 bytes of overhead, whether that's a switch, a hypervisor vSwitch, or a NIC.

How does VXLAN compare to GENEVE or NVGRE? They're all L2-over-L3 overlays. GENEVE (RFC 8926) tacks on variable-length TLV options, and NVGRE leans on GRE rather than UDP. VXLAN ended up the most widely deployed because its UDP source-port entropy plays nicely with ECMP.