There is a nice summary and introduction to VXLAN on BORGcube. Note the system responsible for encapsulation as that is always a focus area of manipulation. Can a guest probe ARP information on another host, for example, beyond what the local host is meant to reveal?

…you can think of VXLAN as a tunneling scheme with the ESX hosts making up the VXLAN Tunnel End Points (VTEP). The VTEPs are responsible for encapsulating the virtual machine traffic in a VXLAN header as well as stripping it off and presenting the destination virtual machine with the original L2 packet.