VXLANs: True Statements, Exam '400-251: CCIE Security written exam', Cisco

Which three statements about VXLANs are true? (Choose three.)

Prev Question Next Question


Which three statements about VXLANs are true? (Choose three.)



Click on the arrows to vote for the correct answer

A. B. C. D. E.


VXLAN (Virtual Extensible LAN) is a network overlay technology that extends Layer 2 networks over Layer 3 networks. It is primarily used in data center environments to provide a scalable and flexible solution for network virtualization. Here are the explanations for the three true statements:

A. It requires that IP protocol 8472 be opened to allow traffic through a firewall.

  • VXLAN uses UDP (User Datagram Protocol) port 4789 to encapsulate Layer 2 frames in IP packets. Therefore, the firewall must allow traffic on this port for VXLAN to work. However, there is no IP protocol 8472 in VXLAN.

B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.

  • VXLAN encapsulates Layer 2 frames in IP packets with a VXLAN header that includes a 24-bit VXLAN Network Identifier (VNI) field. The VNI identifies the VXLAN segment to which the frame belongs, allowing multiple virtual networks to coexist on the same physical network infrastructure.

C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.

  • VXLAN gateway is a device that connects VXLAN networks to non-VXLAN networks, such as VLAN-based networks. The VXLAN gateway maps VXLAN IDs to VLAN IDs, allowing communication between virtual and physical networks.

D. IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.

  • VXLAN uses multicast to provide broadcast and unknown unicast traffic forwarding across the virtual network. IGMP (Internet Group Management Protocol) join messages are sent by new VMs to join the multicast group for the VXLAN segment they belong to. The VXLAN gateway then uses this information to forward multicast traffic to the appropriate VXLAN segment.

E. A VXLAN ID is a 32-bit value.

  • The VXLAN Network Identifier (VNI) field in the VXLAN header is a 24-bit value, which can support up to 16 million virtual networks. The remaining 8 bits in the VXLAN header are used for other purposes, such as flags and reserved fields.