[aroulin]

Right. My thinking is that with VxLAN you can get each tenant in the datacenter to have its own L3 network, isolated from other tenants L3 network.

Each tenant can have multiple subnets; run BGP, etc. and the IP addresses can be re-used between different tenants.

It doesn't seem wireguard can do that with just p2p network. This was one argument I had for adding VXLAN encapsulation over IP for the above comment. You also get L2 connectivity if you want it.

[lillecarl]

Ah, yes. Well you can set up multiple tunnels for lower overhead too, all you need is an interface so you can bind it to a VRF. You save 50 bytes on every packet though in reality either way works.

As long as you're lowering MTU and not bridging your VXLAN you're fine.

You can run VXLAN over any L3 so it's versatile like that, but the benefit of VXLAN over other encap protocols is that it's simple, accelerated in a lot of hardware, integrated with BGP-EVPN to make scaling easier, more predictable and traceable.