1) VXLAN helps to carry SGT tags to enforce TrustSec in SDA
2) L2 Extension over L3 is needed for seamless wireless roaming in SDA , wireless clients are not tunneled to WLCs, instead, these are sent over the wire just like FlexConnect but using VXLAN between APs and Edges. When roaming between APs in different FEs, L2 extension removes the need of requesting DHCP again, thus reducing delays when roaming.