What is EVPN-VXLAN?
Ethernet VPN-Ethernet Virtual Extensible LAN (EVPN-VXLAN) gives large organisations a common framework used to manage their campus and data centre networks. An EVPN-VXLAN architecture supports efficient Layer 2/Layer 3 network connectivity with scale, simplicity, and agility, while also reducing OpEx.
EVPN or Ethernet VPN is an all-in-one VPN technology, offering Ethernet multipoint services over MPLS (multiple protocol label switching) or IP networks.
The ‘underlay’ and ‘overlay’ network for EVPN-VXLAN
With the growing use of mobile and IoT devices, social media and tools, the number of endpoints to a network increases. To provide flexibility, EVPN-VXLAN decouples the underlay network (physical topology) from the overlay network (virtual topology). By using overlays, organisations gain the flexibility of providing Layer 2/Layer 3 connectivity between endpoints across campus and data centres, while maintaining a consistent underlay architecture.
Enterprises use EVPN as the overlay control plane to exchange Layer 2/Layer 3 reachability information efficiently across campus and data centres using a Layer 3 underlay. With an EVPN-VXLAN-based campus architecture, enterprises easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices for the updated architecture. EVPN is a MAC address learning control plane for overlay networks that provides the foundation for EVPN’s flexibility and features. Because MAC learning is handled in the control plane, EVPN can support different data plane encapsulation technologies between the EVPN-VXLAN enabled switches.
Benefits of EVPN-VXLAN
By deploying an EVPN-VXLAN framework for their enterprise networks, service providers gain the following benefits:
- Programmable and open standards-based architecture
- Integrated and efficient Layer 2/Layer 3 connectivity with control plane-based learning
- Easy network scalability based on business needs
- Network segmentation inside, and across multiple campuses and data centres
- Minimised fault domain
- MAC address mobility
EVPN-VXLAN is a widely supported open standard that is evolving into the best way for enterprises to achieve multivendor network virtualisation.
Enterprise applications are changing with applications running in virtual machines, containers, in the cloud or in the data centre, campus or branch. For every new application being launched, many times there are dozens of older applications that are not modular and likely run on bare metal. This is why IT architects need to simultaneously prepare for the future while taking care of the present.
Networking ‘overlays’ explained
In the past, applications were designed to live in the same Layer 2 domain. This caused problems because protocols like Spanning Tree are fragile and noisy. Layer 3 protocols are increasingly popular instead, as they can scale more easily and efficiently. Running Layer 3 virtual networks on top of Layer 2 physical networks (being called ‘overlays’) brings modern technology to existing infrastructure. Overlays offer layers of abstraction on top of physical networks, so users and applications can be treated differently, in this way tailoring experience, or security, or connectivity to individual needs.
Overlays allow newer applications to run over older infrastructure, solving for both yesterday and tomorrow. While older apps still require Layer 2 connectivity, virtualisation provides these apps with their own virtual networks, using tunnels to connect them. This is what EVPN was designed to do. EVPN is made to support Layer 3 virtualisation for newer apps while providing Layer 2 connectivity for older apps. Because EVPN works with Layer 2 protocols like VXLAN (a more scalable way to segment the network) you can create virtual tunnels that encapsulate data, transport it to a destination and then decapsulate it. So even if data leaves one network and goes to another, the tunnel makes it look like it’s happening in one place.
Operators can set the policy at these tunnel endpoints. When there are just a few tunnels, it can be done manually – sometimes called controller-less overlays. When there are a lot of tunnels, you need a software-defined controller to simplify management. EVPN also acts as an open standard that works between multiple vendors. That’s why EVPN has emerged as a standard for traffic between domains, bridging the campus, branch, cloud, and data centre.
EVPN-VXLAN allows old and new applications to work side-by-side, helping enterprises to unify operations over diverse environments.
Enterprises and the EVPN-VXLAN control plane
Enterprises can use EVPN as the overlay control plane to exchange Layer 2/Layer 3 reachability information efficiently across campus and data centres using a Layer 3 underlay. With an EVPN-VXLAN-based campus architecture, enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices for the updated architecture.
EVPN is a MAC address learning control plane for overlay networks that provides the foundation for EVPN’s flexibility and features. Because MAC learning is handled in the control plane, EVPN can support different data plane encapsulation technologies between the EVPN-VXLAN enabled switches. With the EVPN-VXLAN architecture, VXLAN provides the overlay data plane encapsulation.
Additionally, enterprises can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
Zero-Trust Palo Alto Networks
Why Zero Trust is essential in a post-pandemic world
The rapid transformation to hybrid work and hybrid networks/clouds has exposed weaknesses in the first ZTNA approaches in this post-pandemic world.
Kumar Ramachandran from Palo Alto
OT security Fortinet
Global OT and cybersecurity report outlines key challenges for industrial organisations
Fortinet released the 2022 State of Operational Technology and Cybersecurity Report. The global report highlights the current state of OT security and provides a roadmap to better secure OT organisations.
Mist AI Enterprise networking
Back to the office with a strong Wi-Fi connection
With hybrid working, the use of workstations is becoming increasingly flexible. One consequence is that the existing Wi-Fi network is more heavily loaded than before. Is the network ready for this?