Data centers often operate hosting components, such as data servers, for multiple tenants. The push for elastic provisioning of resources required by cloud computing systems and the general push toward virtualization for efficient use of resources often require that multiple tenants be hosted on a single hosting component. For security reasons, data centers use various techniques to isolate network traffic to ensure that one tenant does not have access to another tenant's data. Data centers with layer 2, data link layer, and/or routing systems often use virtual local area networks (VLANs) to isolate network traffic. VLAN solutions proved to be problematic for large data centers because VLAN provides 12-bit identifiers (IDs), allowing only 4094 unique VLANs to operate in a data center system. Data centers also use layer 3, network layer, and/or routing systems to allow multiple tenants to share the same set of layer 3 addresses within their networks and require that a data center employ additional forms of isolation.
Virtual Extensible Local Area Network (VxLAN) provides VLAN functionality over a hybrid layer 2 layer 3 network. Components on a VxLAN may send a layer 2 VLAN packet to a VxLAN tunnel endpoint (VTEP). The VTEP may encapsulate the VLAN packet in a VxLAN packet and transmit the resulting VxLAN packet over a layer 3 network. A VTEP in the destination network may receive the VxLAN packet, decapsulate the packet to obtain the original VLAN packet, and forward the VLAN packet over the layer 2 network. This system allows VLAN components in a layer 2 network to reach layer 2 components in a different layer 2 network. VLAN provides 24-bit IDs, allowing over 16 million unique VxLANs to operate in a data center system.