What is EVPN-VXLAN?
Ethernet VPN-Ethernet Virtual Extensible LAN (EVPN-VXLAN) gives large organisations a common framework used to manage their campus and data centre networks. An EVPN-VXLAN architecture supports efficient Layer 2/Layer 3 network connectivity with scale, simplicity, and agility, while also reducing OpEx.
EVPN or Ethernet VPN is an all-in-one VPN technology, offering Ethernet multipoint services over MPLS (multiple protocol label switching) or IP networks.
The ‘underlay’ and ‘overlay’ network for EVPN-VXLAN
With the growing use of mobile and IoT devices, social media and tools, the number of endpoints to a network increases. To provide flexibility, EVPN-VXLAN decouples the underlay network (physical topology) from the overlay network (virtual topology). By using overlays, organisations gain the flexibility of providing Layer 2/Layer 3 connectivity between endpoints across campus and data centres, while maintaining a consistent underlay architecture.
Enterprises use EVPN as the overlay control plane to exchange Layer 2/Layer 3 reachability information efficiently across campus and data centres using a Layer 3 underlay. With an EVPN-VXLAN-based campus architecture, enterprises easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices for the updated architecture. EVPN is a MAC address learning control plane for overlay networks that provides the foundation for EVPN’s flexibility and features. Because MAC learning is handled in the control plane, EVPN can support different data plane encapsulation technologies between the EVPN-VXLAN enabled switches.
Benefits of EVPN-VXLAN
By deploying an EVPN-VXLAN framework for their enterprise networks, service providers gain the following benefits:
- Programmable and open standards-based architecture
- Integrated and efficient Layer 2/Layer 3 connectivity with control plane-based learning
- Easy network scalability based on business needs
- Network segmentation inside, and across multiple campuses and data centres
- Minimised fault domain
- MAC address mobility
EVPN-VXLAN is a widely supported open standard that is evolving into the best way for enterprises to achieve multivendor network virtualisation.
Enterprise applications are changing with applications running in virtual machines, containers, in the cloud or in the data centre, campus or branch. For every new application being launched, many times there are dozens of older applications that are not modular and likely run on bare metal. This is why IT architects need to simultaneously prepare for the future while taking care of the present.
Networking ‘overlays’ explained
In the past, applications were designed to live in the same Layer 2 domain. This caused problems because protocols like Spanning Tree are fragile and noisy. Layer 3 protocols are increasingly popular instead, as they can scale more easily and efficiently. Running Layer 3 virtual networks on top of Layer 2 physical networks (being called ‘overlays’) brings modern technology to existing infrastructure. Overlays offer layers of abstraction on top of physical networks, so users and applications can be treated differently, in this way tailoring experience, or security, or connectivity to individual needs.
Overlays allow newer applications to run over older infrastructure, solving for both yesterday and tomorrow. While older apps still require Layer 2 connectivity, virtualisation provides these apps with their own virtual networks, using tunnels to connect them. This is what EVPN was designed to do. EVPN is made to support Layer 3 virtualisation for newer apps while providing Layer 2 connectivity for older apps. Because EVPN works with Layer 2 protocols like VXLAN (a more scalable way to segment the network) you can create virtual tunnels that encapsulate data, transport it to a destination and then decapsulate it. So even if data leaves one network and goes to another, the tunnel makes it look like it’s happening in one place.
Operators can set the policy at these tunnel endpoints. When there are just a few tunnels, it can be done manually – sometimes called controller-less overlays. When there are a lot of tunnels, you need a software-defined controller to simplify management. EVPN also acts as an open standard that works between multiple vendors. That’s why EVPN has emerged as a standard for traffic between domains, bridging the campus, branch, cloud, and data centre.
EVPN-VXLAN allows old and new applications to work side-by-side, helping enterprises to unify operations over diverse environments.
Enterprises and the EVPN-VXLAN control plane
Enterprises can use EVPN as the overlay control plane to exchange Layer 2/Layer 3 reachability information efficiently across campus and data centres using a Layer 3 underlay. With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices for the updated architecture.
EVPN is a MAC address learning control plane for overlay networks that provides the foundation for EVPN’s flexibility and features. Because MAC learning is handled in the control plane, EVPN can support different data plane encapsulation technologies between the EVPN-VXLAN enabled switches. With the EVPN-VXLAN architecture, VXLAN provides the overlay data plane encapsulation.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
SIEM or SOAR?
Do you already have a SIEM system implemented in your organisation? Does that mean SOAR is not for you? Well, no. Let's discover why.
10 key benefits of passive optical LAN for enterprise connectivity
Passive optical LAN has a lot of benefits for enterprise connectivity, speed and cost optimisation. Read the 10 benefits of passive optical LAN for enterprise connectivity.
Cemil Canturk from Nokia
The 4 key IT security assessment types
Different IT security assessment types are explained. Every day, digital attacks threaten the continuity of your business. Cybersecurity assessments accurately map out the threat.