EVPN: Or how I learned to stop worrying and love the BGP

Slides:



Advertisements
Similar presentations
Virtual Links: VLANs and Tunneling
Advertisements

History of VPLS at IETF Ali Sajassi November 12, 2002.
Overlay Transport Virtualization (OTV)
MCT Design Options & Best Practices
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
L3 + VXLAN Made Practical
Ethernet VPN (EVPN) - Casos de Uso e Aplicação
Virtual LANs.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA
Multi-homed network in EVPN draft-hao-evpn-mhn-00 July 20131MHN in EVPN Weiguo Hao(Huawei) Yizhou Li(Huawei) Pei Xu(Huawei)
Switching & Operations. Address learning Forward/filter decision Loop avoidance Three Switch Functions.
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
Network Overlay Framework Draft-lasserre-nvo3-framework-01.
BIER Use case draft-kumar-bier-use-cases
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks
IETF-82 draft-bitar-datacenter-vpn-applicability-01.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-datacenter-vpn-applicability-01.txt.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Lucy Yong Susan Hares September 20, 2012 Boston
Draft-bitar-nvo3-vpn-applicability-00.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-nvo3-vpn-applicability-00.txt Nabil Bitar.
Virtual Subnet: A Scalable Cloud Data Center Interconnect Solution draft-xu-virtual-subnet-06 Xiaohu Xu IETF82, TAIWAN.
VXLAN – Deepdive Module 5
1 © OneCloud and/or its affiliates. All rights reserved. VXLAN Overview Module 4.
1 CSCD 433 Network Programming Fall 2011 Lecture 5 VLAN's.
Using BGP between PE and CE in EVPN draft-li-l2vpn-evpn-pe-ce-01 Zhenbin Li, Junlin Zhuang, Shunwan Zhuang (Huawei Technologies) IETF 90, Toronto, Canada.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Draft-boutros-l2vpn-evpn-vpws-00.txt Sami Boutros Ali Sajassi Samer Salam IETF 84, July 2012 Vancouver, Canada.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Switching in an Enterprise Network Introducing Routing and Switching in the.
E-VPN on UW System Network Michael Hare. Purpose of presentation A high level introduction to E-VPN A simple lab demonstration For our documentation,
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 draft-sajassi-bess-evpn-virtual-eth- segment-00.txt A. Sajassi (Cisco),
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Cisco Networking Training (CCENT/CCT/CCNA R&S) Rick Rowe Ron Giannetti.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 draft-sajassi-l2vpn-pbb-evpn-02.txt Ali Sajassi (Cisco), Nabil Bitar.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 draft-ietf-l2vpn-evpn-04.txt A. Sajassi (Cisco), R. Aggarwal (Arktan),
1 Copyright © 2009 Juniper Networks, Inc. E-VPN for NVO Use of Ethernet Virtual Private Network (E-VPN) as the carrier-grade control plane.
VS (Virtual Subnet) draft-xu-virtual-subnet-03 Xiaohu Xu IETF 79, Beijing.
Active-active access in NVO3 network draft-hao-l2vpn-evpn-nvo3-active-active-00 July 20131Active-active access in NVO3 network Weiguo Hao(Huawei) Yizhou.
XRBLOCK IETF 85 Atlanta Network Virtualization Architecture Design and Control Plane Requirements draft-fw-nvo3-server2vcenter-01 draft-wu-nvo3-nve2nve.
Multicast State Advertisement in EVPN draft-li-l2vpn-evpn-multicast-state-ad Zhenbin Li Junlin Zhang Huawei Technologies July, 2013 Berlin Germany.
VXLAN DCI Using EVPN draft-boutros-l2vpn-vxlan-evpn-01.txt Sami Boutros Ali Sajassi Samer Salam Dennis Cai IETF 86, March 2013 Orlando, Florida.
IP/MPLS VPN Protocol GAP Analysis For NVO3 draft-hy-nvo3-vpn-protocol-gap-analysis-02 Lucy Yong Susan Hares March 2013 Orlando FL.
EVPN: Or how I learned to stop worrying and love the BGP Tom Dwyer, JNCIE-ENT #424 Clay Haynes, JNCIE-SEC # 69 JNCIE-ENT # 492.
EVPN Unifying control plane
Virtual Hub & Spoke with BGP EVPNs
draft-xu-isis-nvo-cp-00 Xiaohu Xu (Huawei) Saumya Dikshit (Cisco)
Virtual Subnet : A L3VPN-based Subnet Extension Solution
Revisiting Ethernet: Plug-and-play made scalable and efficient
Hierarchical Fabric Designs
DCI using TRILL Kingston Smiler, Mohammed Umair, Shaji Ravindranathan,
TRILL MPLS-Based Ethernet VPN
Introduction to Networking
EVPN Interworking with IPVPN
Automating the DATACENTER
NTHU CS5421 Cloud Computing
draft-sajassi-bess-evpn-ip-aliasing- 00.txt
draft-sajassi-bess-evpn-vpls-all-active- 00.txt
EVPN a very short introduction
Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks
IS-IS VPLS for Data Center Network draft-xu-l2vpn-vpls-isis-02
EVPN multi-homing port-active load-balancing IETF-101 [London]
EVPN multi-homing port-active load-balancing IETF-103 [Bangkok]
Applicability of EVPN to NVO3 Networks
Multicasting Unicast.
BGP VPN service for SRv6 Plus IETF 105, Montreal
EVPN and L2 Access Protocols: Single-Flow-Active load-balancing mode
Reconciling Zero-conf with Efficiency in Enterprises
Tim Strakh CEO, IEOFIT CCIE RS, CCIE Sec CCIE Voice, CCIE DC
Presentation transcript:

EVPN: Or how I learned to stop worrying and love the BGP Tom Dwyer, JNCIE-ENT #424 Clay Haynes, JNCIE-SEC # 69 JNCIE-ENT # 492

So what is EVPN? EVPN is a VPN technology that provides L2 or integrated L2+L3 VPN. EVPN uses a control plane methodology ( BGP ) for MAC learning over traditional data plane methodologies. Learning from the sins of the past. Minimizes flooding with the use of proxy arp. Supports an active/active multi-homing with load balancing. EVPN can use fast convergence for ethernet segment failures.

MPLS-Based Ethernet VPN RFC 7432

EVPN Overlay ( NVO )

BGP to the rescue MAC/IP routes are now advertised via the control plane by BGP ( PE to PE ). We use a new BGP NLRI ( AFI =25 ) and ( SAFI=70) BGP allows for greater scale ( can use route reflectors ) Supports all active multi-homing Supports ECMP MAC routes. Supports Mass withdrawal for segment failure

EVPN Terms Ethernet Segment : For multi-homed CE’s the set of Ethernet links from the PE’s to the CE’s form Ethernet Tag = identifier for a broadcast domain. Such as a VLAN. Each PE will map between the different identifiers. Ethernet Segment Identifier ( ESI) A unique nonzero identifier that represents a Ethernet segment across the network EVPN Instance ( EVI ) A routing and forwarding instance that spans across all PE routers for that VPN.

EVPN Sample Topology

MAC Advertisement Each PE will learn mac’s from the attached CE via traditional data plane methods. The MAC address is learned and is now advertised to remote PE’s as a MAC Address Route Type 2 via BGP.

Minimizes flooding across the WAN MAC Advertisement When used with Integrated Routing and Bridging ( IRB ) the MAC address route has an extended community for the Default GW. PE’s can proxy-ARP Minimizes flooding across the WAN

MAC Advertisement – Services Vlan Base Service Interface Single bridge domain per EVI 1:1 mapping between Vlan ID and EVI Ethernet tag in route update set to 0 Vlan translation can occur at Egress PE Label created per EVI Vlan Aware Bundle Multiple VLANs N:1 mapping between Vlan ID and EVI Ethernet tag in route is set to the tag value Mutiple bridge domains, one per vlan Label created per vlan

MAC Advertisement – Services Vlan Bundle Service Interface Single bridge domain per EVI Many –to-one mapping VLAN ID and EVI Ethernet tag in route update set to 0 MACs unique across VLANs Vlan translation NOT ALLOWED

EVPN Multi-homing Single—A CE connected to one PE. No Ethernet segment value is required. Active-Standby— CE is connected to more than one PE. Only of the PE’s forward traffic from that Ethernet segment. One PE is selected as the Designated Forwarder. This is a redundancy mode. Ethernet Segment Identifier is included with Ethernet Segment route with the ES-Import extended Community. DF election is based on Ethernet Segment Routes. Active-Active – CE is connected to more than one PE. All the PE routers connected to this CE are allowed to forward to and from that Ethernet segment.

EVPN Multi-homing Single—A CE connected to one PE. No Ethernet segment value is required.

EVPN Multi-homing Active-Standby— CE is connected to more than one PE. Only of the PE’s forward traffic from that Ethernet segment. One PE is selected as the Designated Forwarder. This is a redundancy mode.

EVPN Multi-homing Active-Active – CE is connected to more than one PE. All the PE routers connected to this CE are allowed to forward to and from that Ethernet segment. BUM traffic is blocked to the CE from non-DF PE’s

EVPN MAC Mass withdrawal When an ESI link failure occurs, the PE will withdraw the Auto Discovery route Next Hops are removed or updated from the associated PEs for MAC/IP routes. Per ESI and EVI instead of per mac address

So how do we deal with ARP? What if none of the PE’s know about it? Unknowns and ARP So how do we deal with ARP? EVPN uses Proxy-ARP. The PE will respond to all arp requests it knows about. Will proxy arp for remote hosts locally. What if none of the PE’s know about it? We drop the trafffic. Limiting flooding. Each PE will learn the MAC or ARP entry before we allow the traffic to pass.

EVPN MAC Mobility During VMotions the PE may not detect the move and may not withdraw the mac route. MAC routes have an extended community with a MAC mobility sequence number. The new PE will see the new mac address being advertised locally and will advertise it with a MAC mobility sequence number. The remote PE’s will see this advertisement with the higher sequence number and will prune the mac route replacing the old one with the new one. The original PE will see the new route and will withdraw the old route.

VXLAN : Building blocks VM1 VM2 VM3 Bridge Domain 1 VNI : 100 Bridge Domain 2 VNI : 200 vSwitch (Virtual Switch) Virtual Tunnel End Point (VTEP, lo0) Technical details: 1- Move from data plane to control plane learning 2- BGP in control plane 3- Concept of ESI. 10 octect globally unique identifier that enables multihoming 4 EVPN advantages apply to all domains 1- Active-Active Multihoming or Load balancing 2- L3 Integration 3- Faster error recovery 4- Finer grain policy control due to BGP 5- VM Mobility Kernel IP Stack vServer 24 bits = 16 M VNIs IP Network 19

VXLAN – Putting it Together VTEP: Virtual Tunnel End Point A B Routers VXLAN tunnels TOR Switches A B C D E F Things to highlight – VTEPs are on both servers and network gear alike LHS shows typical DC clos architecture. RHS shows logical and physical overlay/underlay for the same DC. A Vrouter maps the overlay to underlay. VTEP tunnel is typically linked to lo0. So you have one VTEP tunnel for many VMs. Servers A B C D E F

Why VXLAN/EVPN? Limited hardware specs GRE hashing across WAN limits IP Fabrics are becoming more popular In enterprise, MPLS is really HARD! …Or so they say VXLAN in DC: TORs do not have label processing capabilities. Hence IP is preferred. MPLS-phobia inside DCs: Cost and (perceived) complexity VXLAN in WAN: Source port is hash of 5 tuple. This UDP port is used for load balancing. Extra label pop, i.e entropy label is not needed to load balance for VXLAN 2 use cases; first is OTT and the second is extending SP reach where it does not have presence. National Archives image (208-N-43888)

VXLAN Deployment Options Data plane Based Control Plane Based Virtual Networks created using Multicast (PIM) groups. Susceptible to data trombone effects across DC’s Virtual Networks created using 3rd party controllers Virtual Networks with benefits such as VM traffic optimization PIM creates fully meshed P2P tunnels for known unicast PIM creates multicast tunnels for L2 BUM Virtual Network IDs (VNID) communicated using EVPN Fully meshed VXLAN tunnels forward traffic

Lab Layout

Boston Chicago

Boston Chicago

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.