How to Set Up Windows Server 2016 VXLAN
Virtual Extensible LAN (VXLAN) is a network virtualization technology that encapsulates Layer 2 Ethernet frames within UDP packets, allowing virtual networks to be extended across Layer 3 IP boundaries. VXLAN uses a 24-bit VXLAN Network Identifier (VNI) that supports up to 16 million unique virtual networks, far exceeding the 4,096 limit of traditional VLAN tagging. This makes VXLAN ideal for large-scale datacenter environments and cloud infrastructure.
Windows Server 2016 supports VXLAN as part of its Software Defined Networking (SDN) stack and through the Hyper-V extensible switch. The implementation allows virtual machines and containers to communicate across physical hosts as if they were on the same local network, even when physically separated across routers. Network Controller, the centralized management plane of Windows Server 2016 SDN, handles VXLAN policy distribution to Hyper-V hosts.
Prerequisites
Setting up VXLAN in Windows Server 2016 requires: multiple Hyper-V hosts running Windows Server 2016, a configured Hyper-V virtual switch on each host, the Network Controller role deployed (for centralized SDN management), and the Software Load Balancer (optional but recommended for production). Physical network must support jumbo frames (MTU 1600 or higher recommended to accommodate VXLAN overhead) and multicast routing for BUM (Broadcast, Unknown unicast, Multicast) traffic, or EVPN/BGP for multicast suppression.
Step 1: Install Required Features on Hyper-V Hosts
On each Hyper-V host that will participate in VXLAN, install the following features:
Install-WindowsFeature Hyper-V, RSAT-Hyper-V-Tools -IncludeManagementToolsAlso install the Network Virtualization module:
Install-WindowsFeature NetworkVirtualizationStep 2: Create a Hyper-V Virtual Switch
Create an external virtual switch on each Hyper-V host bound to the physical NIC designated for VXLAN underlay traffic:
New-VMSwitch -Name "SDN-vSwitch" -NetAdapterName "Ethernet" -AllowManagementOS $trueEnable RDMA and SR-IOV if the hardware supports it for better performance:
Set-VMSwitch -Name "SDN-vSwitch" -EnableIov $trueStep 3: Configure Provider Address (PA) on the Host
In Windows Server 2016 SDN, each Hyper-V host has a Provider Address (PA) — the physical IP used for VXLAN encapsulation. Assign a PA to the host’s virtual switch management adapter:
New-NetIPAddress -InterfaceAlias "vEthernet (SDN-vSwitch)" -IPAddress 10.10.10.1 -PrefixLength 24This PA address is used as the outer IP header source in VXLAN-encapsulated packets.
Step 4: Deploy Network Controller
Network Controller is the SDN brain that manages VXLAN policy. Install the Network Controller role on a dedicated server or VM:
Install-WindowsFeature NetworkController -IncludeManagementToolsConfigure Network Controller using the provided deployment scripts from the Microsoft SDN GitHub repository or through System Center Virtual Machine Manager (SCVMM). The controller distributes VTEP (VXLAN Tunnel Endpoint) mappings to each host.
Step 5: Create a Virtual Network with VXLAN
Using Network Controller’s REST API or PowerShell, create a virtual network with VXLAN encapsulation. The following illustrates the PowerShell approach using the NetworkController module:
$vnet = New-Object Microsoft.Windows.NetworkController.VirtualNetwork
$vnet.ResourceId = "TenantVNet1"
$vnet.Properties = New-Object Microsoft.Windows.NetworkController.VirtualNetworkProperties
$vnet.Properties.AddressSpace = New-Object Microsoft.Windows.NetworkController.AddressSpace
$vnet.Properties.AddressSpace.AddressPrefixes = @("192.168.100.0/24")
New-NetworkControllerVirtualNetwork -ConnectionUri https://nc.domain.local -ResourceId "TenantVNet1" -Properties $vnet.PropertiesStep 6: Configure VXLAN Network Identifier
Assign a VXLAN VNI to the virtual network. This is done through Network Controller’s logical network configuration. Each virtual network gets a unique VNI from the allocated range, for example VNI 5001:
$lnet = Get-NetworkControllerLogicalNetwork -ConnectionUri https://nc.domain.local -ResourceId "HNV Provider"
$lnet.Properties.Subnets[0].Properties.VlanID = 0Step 7: Verify VXLAN Connectivity
After VMs are attached to the VXLAN-backed virtual network, verify connectivity between VMs on different hosts. From within a VM:
Test-NetConnection -ComputerName 192.168.100.20 -InformationLevel DetailedOn the Hyper-V host, you can capture VXLAN traffic to verify encapsulation is working correctly using Network Monitor or Wireshark. VXLAN traffic will appear as UDP packets on port 4789 between the host PA addresses.
netsh trace start capture=yes tracefile=C:vxlan-trace.etlMTU Considerations
VXLAN adds 50 bytes of overhead to each Ethernet frame (outer IP header, outer UDP header, and VXLAN header). Ensure physical switches support an MTU of at least 1600 bytes. Configure jumbo frames on the host NICs:
Set-NetAdapterAdvancedProperty -Name "Ethernet" -RegistryKeyword "*JumboPacket" -RegistryValue 9014VXLAN in Windows Server 2016 enables scalable, flexible multi-tenant networking that extends virtual Layer 2 segments across physical Layer 3 boundaries, forming the foundation of modern cloud datacenter networking.
