Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) provides large enterprises a common framework for managing their campus and data center networks. An EVPN-VXLAN architecture supports efficient Layer 2 and Layer 3 network connectivity with scale, simplicity, and agility, while also reducing OpEx costs.

The rapidly growing use of mobile devices (including the growing number of Internet of Things (IoT) devices), social media, and collaboration tools adds an increasing number of endpoints to a network. To provide endpoint flexibility, EVPN-VXLAN decouples the underlay network (physical topology) from the overlay network (virtual topology). By using overlays, you gain the flexibility of providing Layer 2 and Layer 3 connectivity between endpoints across campus and data centers, while maintaining a consistent underlay architecture.


Benefits of EVPN-VXLAN

Deploying an EVPN-VXLAN framework provides the following benefits:

  • Programmability allows you to easily automate
  • Its open standards-based architecture ensures backwards and forwards interoperability
  • Integrated and efficient Layer 2 and Layer 3 connectivity with control plane-based learning
  • Easy network scalability that’s based on business needs
  • Network segmentation inside and across multiple campuses and data centers allows you to securely separate traffic
  • Minimized fault domain increases reliability of your network
  • MAC address mobility provides flexible yet simple deployment capabilities
  • Loop-free technology mitigates the need for spanning tree protocol (STP)
  • Active-active redundant links fully utilizing network bandwidth


Understanding EVPN

In traditional Layer 2 networks, reachability information is distributed in the data plane through flooding. With EVPN-VXLAN networks, this activity moves to the control plane.

EVPN is an extension to Border Gateway Protocol (BGP) that allows the network to carry endpoint reachability information such as Layer 2 MAC addresses and Layer 3 IP addresses. This control plane technology uses MP-BGP for MAC and IP address endpoint distribution, where MAC addresses are treated as routes.

EVPN also provides multipath forwarding and redundancy through an all-active multihoming model. An endpoint or device can connect to two or more upstream devices and forward traffic using all the links. If a link or device fails, traffic continues to flow using the remaining active links.

Because MAC learning is now handled in the control plane, it avoids the flooding typical with layer 2 networks. EVPN can support different data-plane encapsulation technologies between EVPN-VXLAN-enabled switches. With EVPN-VXLAN architectures, VXLAN provides the overlay data-plane encapsulation.

Network overlays are created by encapsulating traffic and tunneling it over a physical network. The VXLAN tunneling protocol encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, enabling Layer 2 virtual networks or subnets that can span the underlying physical Layer 3 network. The device that performs VXLAN encapsulation and decapsulation is called a VXLAN tunnel endpoint (VTEP). EVPN enables devices acting as VTEPs to exchange reachability information with each other about their endpoints.

In a VXLAN overlay network, each Layer 2 subnet or segment is uniquely identified by a virtual network identifier (VNI). A VNI segments traffic the same way that a VLAN ID segments traffic - endpoints within the same virtual network can communicate directly with each other, while endpoints in different virtual networks require a device that supports inter-VNI (inter-VXLAN) routing.


EVPN-VXLAN in the Enterprise

There are several benefits of a standards based EVPN-VXLAN architecture in campus:

  1. Enterprises can easily add more core, distribution, and access layer devices to a growing business without having to redesign with a new set of devices to update the architecture. By using a Layer 3 IP-based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.
  2. EVPN-VXLAN allows customers to easily configure same VLANS across buildings and different sites, thus reducing operational complexity. Same VLANs can be stretched across buildings and across sites.
  3. EVPN-VXLAN allows enterprises to make use of group-based policies to deploy a common set of policies and services across campuses. This reduces ACL/firewall filter bloat on switches across the enterprise network.
  4. Group-based policies also enable microsegmentation to provide better control to enterprise customers on which end-users or devices can talk to devices across the campus network.
Color Diagram: EVPN-VXLAN-based campus architecture

Figure 1: EVPN-VXLAN-based campus architecture

EVPN-VXLAN in the Data Center

Modern data centers running at scale typically use an IP fabric architecture with an EVPN-VXLAN overlay.

Color Diagram: Data center fabric architecture

Figure 2: Data center fabric architecture

The IP fabric enables you to collapse traditional networking layers into a two-tier spine-and-leaf architecture optimized for large-scale environments. This highly interconnected Layer 3 network acts as an underlay to provide high resiliency and low latency across your network and can easily be scaled out horizontally as needed.

The EVPN-VXLAN overlay sits on top of the IP fabric, enabling you to extend and interconnect your Layer 2 data center domains and place endpoints (such as servers or virtual machines) anywhere in the network, including across data centers.


EVPN-VXLAN and Juniper Networks

Juniper’s solutions for evolved campus and secure and automated data centers, based on a VXLAN overlay with EVPN control plane, are an efficient and scalable way to build and interconnect multiple campuses and data centers. With a robust BGP/EVPN implementation on all platforms—QFX Series switches, EX Series switches, and MX Series routers—Juniper is uniquely positioned to harness the full potential EVPN technology by providing optimized, seamless, and standards-compliant Layer 2 or Layer 3 connectivity, both within and across today’s evolving campuses and data centers.


Why is EVPN-VXLAN becoming popular?

EVPN and VXLAN work together to create highly scalable, efficient, and agile campus and data center networks. EVPN-VXLAN decouples the network infrastructure from the services and applications germane to each department or each customer. This concept of network virtualization provides native traffic isolation and the ability to extend services to any part of the network without introducing costly operational methods such as plumbing VLANs.

What is EVPN technology?

Traditional networks require the use of switching hardware to learn and maintain MAC addresses as devices move across a network. Broadcasts are required to update all devices in the same VLAN or broadcast domain each time a new MAC address is learned or withdrawn; irrespective of where the devices are located. Extending VLANs across a network also requires loop avoidance which is supported by protocols like Spanning Tree. Loop avoidance requires the network to operate at 50 percent efficiency by blocking ports on each device. Vendors have also implemented proprietary technologies to mitigate the need for loop avoidance protocols. However, this introduces vendor lock-in through a lack of standards.

These inefficiencies create challenges for customers who plan on growth and service expansion.

Ethernet VPN or EVPN addresses these issues through standards-based MP-BGP. EVPN supports MAC learning and withdrawal through BGP without the need to broadcast across the network. EVPN supports active-active multi-homing mitigating loop avoidance or proprietary vendor lock-in mechanisms.

Where is EVPN used?

Modern data centers running at scale typically use an IP Fabric architecture with EVPN-VXLAN.

Enterprise networks that require scalability without having to redesign with a new set of devices leverage EVPN-VXLAN.

Enterprises that require common sets of policies and services across campuses deploy EVPN-VXLAN. This allows network operators to deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based architectures.

Service providers have been migrating from virtual private LAN service (VPLS) to EVPN to take advantage of EVPN’s native support of active-active multihoming, reduced Address Resolution Protocol (ARP) and MAC flooding, and greater network efficiency.

What is the difference between VPLS and EVPN?

Control-based protocols like EVPN, VPLS, and even L2VPN solve the legacy flood-and-learn problem; however, they have predominantly been MPLS driven. Given the advent of VXLAN as an overlay protocol of choice for IP fabrics, EVPN breaks away from the traditional MPLS transport requirement by using VXLAN as the transport.

EVPN’s advantages over VPLS include:

  • Improved network efficiency
  • Reduced unknown-unicast flooding due to control-plane MAC learning
  • Reduced ARP flooding due to MAC-to-IP binding in the control plane
  • Multipath traffic over multiple spine switches (VXLAN entropy)
  • Multipath traffic to active-active dual-homed server
  • Distributed Layer 3 gateway: VMTO fast convergence
  • Faster reconvergence when linked to dual-homed server fails (aliasing)
  • Faster reconvergence when a VM moves scalability
  • Very scalable BGP-based control plane flexibility
  • Easy integration with L3VPNs and L2VPNs for Data Center Interconnect (DCI)
  • BGP-based control plane that provides the ability to apply fine-grained policies

What is the difference between VPN and EVPN?

VPN technologies have been deployed in service provider networks to allow multiple customers or tenants the ability to share a single network infrastructure using virtual networks for logical traffic separation requirements. BGP is used to separate virtual networks into Virtual Route Forwarders (VRFs) while the underlying transport has been MPLS.

Service providers continue to use MPLS as they tend to own the large section of network infrastructure their customers’ leverage. This allows for end-to-end QoS and stringent network policy to be controlled by each service provider, respectively. Hence, service providers offer L2VPN and L3VPN as services to customers with the assumption of MPLS transport.

In the case of data centers and enterprise networks, QoS and network policy control are critical and best served internally rather than by a third-party entity such as a service provider. Layer 2 extensibility and cloud accessibility are other factors that require data centers and enterprises to leverage a native IP transport.

VXLAN is a standard tunneling protocol that allows Layer 2 traffic to flow on top of any IP network. VXLAN also supports up to 16 million logical networks while allowing Layer 2 adjacency through IP networks. VXLAN has been adopted by data center and enterprise networks for these reasons, as well as the ability to control their QoS and network policies without third-party dependance.

Given the advent of VXLAN as an overlay protocol of choice for IP fabrics, EVPN breaks away from the traditional MPLS transport requirement by using VXLAN as the transport. The following illustrate the advantages of EVPN in data center and campus deployments and the differences from MPLS-based deployments:

  • Improved network efficiency
  • Reduced unknown-unicast flooding due to control-plane MAC learning
  • Reduced ARP flooding due to MAC-to-IP binding in the control plane
  • Multipath traffic over multiple spine switches (VXLAN entropy)
  • Multipath traffic to active-active dual-homed server
  • Distributed Layer 3 gateway: Virtual Machine Traffic Optimization (VMTO)
  • Fast convergence
  • Faster reconvergence when link to dual-homed server fails (aliasing)
  • Faster reconvergence when a VM moves
  • Scalability
  • Very scalable BGP-based control plane
  •  Flexibility
  • Easy integration with L3VPNs and L2VPNs for DCI
  • BGP-based control plane that provides ability to apply fine-grained policies

EVPN is the only completely standards-based solution that offers these benefits for a data center and campus control plane protocol.

What is VXLAN?

VXLAN is a standards-based IP tunneling protocol for VLAN extension across a network without the need to plumb VLANs from one end of the network to the other. The network infrastructure routes each IP packet leveraging ECMP or equal cost multipath features found in most routing protocols. VXLAN supports up to 16 million VLANs, allowing for multi-tenancy and scale not found in traditional 802.1q/VLAN networks

Why is a VXLAN overlay used?

VXLAN enables network administrators to create logical Layer 2 networks across different Layer 3 networks. VXLAN has a 24-bit Virtual Network ID (VNID) space, which allows for 16 million logical networks. Implemented in hardware, VXLAN supports transport of native Ethernet packets inside a tunnel encapsulation. VXLAN has become the de facto standard for overlays terminated on physical switches and is supported in Juniper Networks Campus and Data Center switching platforms.

VXLAN overlays offer several benefits:

  • Elimination of Spanning Tree Protocol (STP)
  • Increased scalability
  • Improved resiliency
  • Fault containment/traffic isolation 

How does EVPN-VXLAN work?

EVPN-VXLAN supports flexible topologies, such as IP Fabric for most data center and campus requirements. The IP Fabric model provides an architecture that enables deterministic latency and horizontal scale at the core, aggregation, and access layers. An interior gateway protocol (IGP) such as OSPF or BGP can be used as the underlay routing protocol in support of device loopback reachability.

This creates a network architecture that provides high-speed transport for which various services can be used in a secure manner. Services such as VoIP, Video, ERP can be realized anywhere across this network architecture without the need to plumb end-to-end VLANs or deploy proprietary vendor lock-in mechanisms. Each application or service can be isolated using virtual routing capabilities widely deployed in various networking models. 

What EVPN-VXLAN technology, solutions, or products does Juniper offer?

Juniper’s Campus Fabric solution decouples the overlay network from the underlay with EVPN-VXLAN technology. EVPN-VXLAN addresses the needs of the modern enterprise network by allowing network administrators to create logical Layer 2 networks across a Layer 3 network.

Juniper supports various EVPN-VXLAN based campus fabric architectures, including:

  • EVPN multihoming: on collapsed core or distribution
  • Campus fabric: core distribution
  • Campus fabric: IP Clos

An IP Clos EVPN-VXLAN architecture lets you manage your campus and data center as a single IP fabric, with over-the-top (OTT) policy and control provided by Juniper. Any number of switches can be connected in a Clos network or IP fabric, with an EVPN control plane used to extend the overlay between enterprise locations, while VXLAN tunnels are used to stretch Layer 2 between the network endpoints. An IP Clos network between the distribution and the core layers can operate in two modes: 1) the centrally-routed bridging (CRB) or 2) edge-routed bridging (ERB) overlay modes.

For more information, please visit our Campus Design Center webpage.

Aside from EVPN-VXLAN based architectures, Juniper also supports virtual chassis technology, allowing up to 10 interconnected switches to operate as a single, logical device with a single management IP address. Highly desirable in a campus/branch architecture, virtual chassis technology enables enterprises to separate their physical topology from their logical groupings of endpoints, ensuring efficient resource utilization.


Simplified: Why EVPN/VXLAN?

EVPN-VXLAN started out as a proprietary set of vendor-specific solutions and evolved into a standard to address several enterprise business challenges.