With the development of the Internet, the number and scale of data centers have exploded. With the increasing of data center services and the demands of users, the functions of data centers become increasingly complex , while the operation and maintenance management become more and more difficult as well.

Due to the the consideration of data disaster recovery, enterprise branches establishment, and resource utilization, a large enterprise’s information system may be deployed in multiple regions. Then, interconnecting these data center sites to reduce management costs and flexibly expand services has become an important task for enterprises.

What is EVPN-VXLAN?

Ethernet VPN -Virtual Extensible LAN (EVPN-VXLAN) offers a common protocol for large corporations to manage their campus and data center networks. The EVPN-VXLAN architecture supports Layer 2/ 3 networking with simplicity, scalability, security and agility while effectively reducing OpEx.

• EVPN or Ethernet VPN is a VPN technology that serves as an overlay control plane and offers virtual connections between different Layer 2/3 domains over an IP or MPLS network.
• VxLAN ( Virtual eXtensible Local Area Network) is a tunnel encapsulation technology. It uses the common tactic of the TCP/IP stack – encapsulation/decapsulation technology, which encapsulates Layer2 Ethernet frames into Layer4 UDP datagrams and then transmitted in the Layer 3 network. 

Why EVPN-VXLAN?

Before EVPN appeared, there were VPWS (Virtual Private Wire Service) based on LDP; VPLS (Virtual Private LAN Service) based on LDP; VPLS based on BGP.

The main limitation of VPLS technology is that it requires MPLS network between sites. Its configuration is complex and maintenance workload is large. Especially LDP neighbors must be configured on all existing PEs at the same time when the capacity needs expanded. In addition, the control plane of VPLS is established through flooding, which is inefficient and wastes WAN bandwidth.  

Then it comes to EVPN-VXLAN to instead of VPLS EVPN used for interconnection of data centers.

EVPN uses the MP-BGP mechanism. Before understanding fundamentals of EVPN-VXLAN, let’s review what is VPN.EVPN.VXLAN and why BGP-EVPN.

What is VPN, EVPN and Why BGP-EVPN

A VPN is to use a public network to set up a private network to enable communication between different sites within the same VPN, which needs a route-bearing protocol. EVPN is a L2 VPN technology, EVPN also needs a bearer protocol. EVPN is proposed based on the existing BGP VPLS solution and referring to the architecture of BGP/MPLS L3 VPN. For EVPN, the control layer is MP-BGP, and EVPN can be regarded as an application built on MP-BGP.

The bearer protocol adopted BGP, the main reasons are:

1）The number of VPN routes in the network is very large, and BGP is the only routing protocol that supports a large number of routes;

2）At the same time, BGP is based on TCP and can exchange information between routers that are not directly connected, so that the routers of the core network do not have to contain VPN routing information;

3）BGP can also carry any information attached to the route, as an optional BGP property, any BGP router that does not understand these properties will be transparent forwarding them, which makes it easy to propagate routes between PE routers;

4）The most important thing is that the biggest advantage of BGP is that it has good scalability. If you need to add new attributes, only needs to define new attributes on the basis of the original ones.

What is VXlan

VXLAN is an overlay technology that implements network virtualization. It uses the MAC in UDP tunnel encapsulation technology to expand Layer 3 data packets on a Layer 2 network.

VXLAN as an overlay technology is a core element in many software-defined network (SDN) topologies, but the control plane was not defined in the original VXLAN solution (RFC7348) .It performs VTEP discovery and MAC address learning through data plane traffic flooding, which results in many flooded traffic on the data center network.

For details about VXLAN, click  What Is VXLAN?

Independent Control Plane MP-BGP EVPN for VXLAN

In order to solve this problem, VXLAN introduces EVPN as the control plane. By exchanging BGP EVPN routes between VTEPs, the automatic discovery of VTEPs and the mutual advertisement of host information are realized, thereby avoiding unnecessary traffic flooding.

Specifically, EVPN routes through RT-3 to complete the automatic discovery of VTEP sites. Each site advertises its own VNI information, so that each VTEP device has the VXLAN information of the entire network and the relationship between VXLAN and the next hop. VTEP devices automatically build VXLAN tunnels with the next jump that has the same VXLAN as themselves，and associate this VXLAN tunnel with these same VXLANs.

In summary, EVPN – VXLAN combined data center network architecture, control plane uses MP-BGP to advertise EVPN routing information, data plane adopts VXLAN encapsulation to forward packets.

As a control plane for VXLAN, the network not only inherits the advantages of MP-BGP and VXLAN, but also addresses the problems faced by VXLAN virtual networks in the data center:

• It can realize automatic discovery of VTEP, automatic establishment of VXLAN tunnel, with no manual configuration, reducing network deployment and operational complexity, increasing network scalability;

• EVPN can automatically synchronize the MAC and IP addresses of virtual machines and VTEPs , and MAC and IP can be released at the same time, reducing the broadcast flooding traffic of VTEP discovery and MAC address learning in the network, increasing network scalability;

• EVPN-VXLAN enables enterprises to connect geographically dispersed locations using Layer 2 virtual bridges. EVPN-VXLAN provides the scale required by cloud service providers and is often the preferred technology for data center interconnection.

More Advantages about EVPN-VXLAN

• Open standards-based network architecture and programmability makes you automate easily.
• Efficient Layer 2/Layer 3 connectivity with control plane-based learning.
• MAC address mobility offers flexible and simple deployment capabilities.
• EVPN-VXLAN based architecture enables enterprises to easily add new switches without redesigning the underlying network, easily expanding the network according to business needs.
• Evpn-vxlan supports multiple protocols and shares common architectural elements with other common network services, such as VPN, making it easy to integrate into existing networks.  
• Finer segmentation makes IT to restrict traffic between every connected element of the network, strengthening the security posture and limiting the blast radius of an attack.
• Latency between network devices is more predictable, especially in spine-and-leaf architectures, where failure of a single spine-leaf or leaf node has less of an impact on overall fabric performance.

EVPN-VXLAN and Asterfusion Enterprise SONiC –AsterNOS

Positioning AsterNOS as an enterprise-level SONiC, AsterNOS has been leading the development in its feature enhancement. In 2018, Asterfusion supported the REST API before the community and subsequently realized the integration with the community mgmt-framework, providing the switch full-featured programmable API as the same management interface as the traditional command line to the automated operation and maintenance tools. AsterNOS has successively enhanced the community SONiC in terms of VXLAN, ARP Host Routing, BGP EVPN, and VLAG.

Regarding Asterfusion SONiC based AsterNOS Enhanced EVPN-VXLAN Features are as follow:

1.Support for multitenancy
2.Layer 2 and 3 integrated routing and bridging (IRB)
*>Centralized VxLAN Routing with EVPN
*>Distributed VxLAN Routing with EVPN
3.Multihoming
4.ARP/ND Suppression
5.MAC mobility (simplified VM migration)
6.Inter-tenant Route Leaking

Asterfusion SONiC based EVPN-VXLAN Switch

Based on the overlay of VXLAN – EVPN control plane, Asterfusion provides a solution for evolving campuses and secure automated data centers,which is an efficient and scalable way to build and connect multiple campuses and data centers.  

By implementing powerful BGP/EVPN on Teralynx-based CX-N series cloud switches, Asterfusion provides optimized, seamless, and standard Layer 2/ 3 connectivity within today’s growing campuses and data centers . Asterfusion is taking full advantage of the potential EVPN-VXLAN technology to help enterprise to reduce OpEx.

Related Product