EVPN or Ethernet VPN is a BGP based mostly management aircraft mechanism for VXLAN to promote the MAC addresses, MAC-IP bindings & IP Prefixes. Aside from EVPN, there are a number of management aircraft mechanisms that exist at the moment for VXLAN i.e. Multicast, Head Finish Replication & Controller-Primarily based mechanisms.
Associated – What’s VXLAN
Multicast & HER are the static management aircraft mechanism which function on the flood and study mechanism i.e. MACs are learnt by way of the flooding.
Multicast:
You’ll study the MACs in underlay by way of the flooding to a Multicast group. With different management aircraft mechanisms obtainable, this methodology at the moment has turn into out of date and is never used.
Head-Finish-Replication:
On this methodology you’ll have to manually outline the distant VTEPs beneath the VXLAN tunnel configuration. The BUM (Broadcast, Unknown Unicast and Multicast) visitors will solely be despatched to these VTEPs that are configured manually.
EVPN (Controller-Primarily based mechanism):
On this management aircraft methodology, we use the MP-BGP to dynamically populate the flood-list for BUM visitors and put up dynamic discovery then promote the MAC addresses, MAC-IP bindings and IP prefixes. MAC addresses will not be learnt by way of Flood and Be taught mechanism and therefore this methodology is much less BW intensive however on the identical time is complicated to configure and troubleshoot.
Associated – High VXLAN Interview Questions
EVPN Terminologies:
Community Virtualization Overlay (NVO): Overlay community for delivering layer2 and layer 3 VPN companies. Instance: VXLAN area having a number of VNIs to hold the appliance/person visitors over widespread underlay IP material.
Community Virtualization Finish-Level: The nodes in NVO surroundings used to encapsulate the visitors within the overlay community. Analogous to VTEP in VXLAN area.
EVPN Occasion: Logical Change inside the EVPN area to attach a number of VTEPs offering the L2 and L3 connectivity.
MAC-VRF: VRF conscious MAC desk to retailer the MAC addresses on a VTEP for a selected Tenant.
Understanding the Idea of Ethernet VPN
In EVPN surroundings a brand new BGP NLRI message is carried utilizing MP-BGP utilizing newly outlined deal with household EVPN. AFI (25) & SAFI (70).
In DC surroundings we regularly want multi-tenancy assist the place visitors from a number of tenants will traverse the identical NVEP, therefore to maintain visitors segregated from a number of tenants we use MAC VRF and IP VRFs. You may think about it to be just like service supplier surroundings the place a number of CEs connect with Service Supplier PE routers and visitors for every buyer is saved segregated with the assistance of VRFs on PE.
EVPN Route Sorts:
Kind 1: Ethernet A-D (Auto Uncover) route is used to announce the reachability of the Multi-homes Ethernet Section. For this to be marketed the ESI (Ethernet Section Identifier must be the identical). It’s used for fast-convergence, advertises the Cut up Horizon Label and likewise is called Mass Withdraw route.
Kind 2: It’s used to promote the MAC addresses or MAC-IP bindings (non-obligatory). We are able to obtain ARP suppression when utilizing the MAC-IP commercial.
Kind 3: This route permits for the dynamic discovery of the distant VTEPs for BUM visitors flooding.
Kind 4: The route is used to find VTEPs that are connected to the identical shared Ethernet Section. Moreover, this route sort is used within the Designated Forwarder (DF) election course of
Kind 5: It’s used to promote the IP prefixes from the distant VTEPs and supply the L3 VPN topologies.
Benefits of EVPN
- Flexibility: As a result of EVPN-VXLAN is a multi-protocol know-how, it’s easy to combine into present networks. Moreover, EVPN-VXLAN shares widespread architectural parts with different widespread community companies equivalent to VPNs, making it straightforward to implement.
- Scalability: Enterprises could scale up their networks by including new switches with none redesigning of the underlay community. Including new switches with none redesigning of the underlay community is less complicated due to the EVPN-VXLAN-based structure.
- Enhanced Safety: The high-quality segmentation of the community makes it harder for hackers to inflict harm. It additionally enhances safety by proscribing visitors circulation between all related units within the community, in addition to proscribing the blast radius of assaults.
- Higher Resilience: Backbone-leaf architectures have much less of an affect on material efficiency on account of decrease latencies between units.