Hi Sumesh,

On your first question, when running in NX-OS mode no an overlay such as VXLAN is not mandatory. You can configure the platform as per any other Nexus platform, i.e. you could use 802.1Q VLAN trunking between all spine and leaf switches if you wanted to.

However, if you do need layer 2 extended between leaf switches the preferred approach now would be a VXLAN overlay with BGP EVPN for the control plane. The Nexus 9000 platform can do VXLAN encap/decap at line-rate in hardware so there is no performance penalty, and you get additional features such as anycast gateway rather than relying on older tech like HSRP. You can also use the Cisco VTS management tool for provisioning of the overlay fabric, which I would highly recommend. You can see more information on VXLAN BGP EVPN at http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_0100.html

For your second question, yes if you are operating in NX-OS mode you could connect your Internet edge directly to the spine switch(es) and configure BGP. This is not a recommended approach however and you would be better served connecting external services at the leaf layer. The spine layer should not have "services" directly connected to it as it's function is a high-speed interconnect between leaf switches (equidistant bandwidth, deterministic performance etc). As the spine switches are not connected to each other, if your Internet service(s) are only connected to a subset of the spine switches you could also experience black holes under certain failure scenarios.

So to summarise - no, you don't have to run VXLAN but it is the suggested deployment method. You could connect your Internet service(s) to the spine, but this is not a recommended deployment option.

Hope that helps.