Cloud-based data centers may use Virtual Extensible Local Area Networks (VxLANs) to extend L2 networks across L3 networks. VxLAN Tunnel Endpoints (VTEPs) encapsulate Ethernet frames from local endpoint systems served by the VTEPs to form VxLAN-encapsulated packets (herein “VxLAN packets”). The VTEPs tunnel the VxLAN-encapsulated packets to peer VTEPs across an Internet Protocol (IP)-based network, such as the Internet.
Network attackers may inject malicious VxLAN packets into the network targeting the VTEPs. The VTEPs are not equipped to detect the malicious VxLAN packets and, therefore, process the packets as if they were valid. This may cause network congestion and other deleterious effects both at the VTEPs and the endpoint systems.