VXLAN and EVPN for Datacenter
VXLAN
VLAN IDs are 12-bit long, which limits the total number of VLANs to
4094. . VXLAN is often described as overlay technology. The
L2 connections are allowed to stretch over a existing L3
network by the encapsulated (tunneled) Ethernet Frames in the
VXLAN packet having IP addresses. The virtual network
identifier (VNI) used in VXLAN is 24-bit long which unlike
VLANs provides more number of identifiers to isolate the
network logically for cloud networks which are large in nature
due to the concentration of virtual machines. Virtual Tunnel
End Points (VTEPs) are those devices which support VXLANs.
A number of fields like outer IP source address, outer IP
destination address, outer MAC source address, outer MAC
destination address, outer UDP header and finally 24-bit
VXLAN network identifier (VNI), the VXLAN header are
added by VTEP for encapsulating an Ethernet Frame. The
VXLAN packet encapsulation is shown in Fig-3.
VXLAN overlays offer a number of benefits:
• Elimination of Spanning Tree Protocol (STP)
• Increased scalability
• Improved resiliency
• Fault containment and Enables you to migrate VMs between
hosts which exists in different L2 domains by way of tunneling
the traffic over the existing L3 network. This allows dynamic
allocation of resources within or among DCs and not being
restricted by L2 boundary.
EVPN
Data centers have used L2 technologies such as Spanning
Tree Protocol (STP), multichassis link aggregation group (MCLAG),
and Transparent Interconnection of Lots of Links
(TRILL) for compute and storage connectivity. Most network
designers prefer DCI over WAN be performed at L3, without
spanning L2 between DCs.
However, some application
requirements may need L2 interconnection between DCs such
as high availability clustering services, VM migration,
replication, and storage virtualization. As the design of these
data centers evolves to scale out multitenant networks, new data
center architecture is needed that creates tenant overlay network
with VXLAN over the existing underlay network. Using a
Layer-3 IP-based underlay coupled with a VXLAN-EVPN
overlay, data center and cloud operators can deploy much larger
networks than are otherwise possible with traditional L2
Ethernet-based architectures.
With overlays, endpoints (servers
or virtual machines) can be placed anywhere in the network and
remain connected to the same logical L2 network, enabling the
virtual topology to be decoupled from the physical topology.
Ethernet VPN (EVPN) started as L2 VPN solution for MPLS
core. It helps to improve network efficiency by reducing
unknown-unicast flooding due to control-plane MAC learning
and also reduce ARP flooding due to IP-to-MAC binding in
control plane. It achieves faster convergence when link to dualhomed
server fails and re-convergence when VM moves.
L2 switch (leaf switch) learns MAC address of VM attached to
it through traditional L2 learning. Optionally, it may also learn
IP-to-MAC binding through DHCP or ARP spoofing. In traditional flood-and-learn network, leaf-switch in
different Ethernet would not learn the MAC of VM until either
VM has sent traffic to it or leaf-switch has received ARP
request from leaf-switch of other Ethernet say, at different DC.
With EVPN, as soon leaf-switch locally learns VM MAC
address it immediately advertises this information via Type-2
route (IP/MAC Binding Advertisement) to all its MP-BGP
peers having same VXLAN VNID. This is primary benefit of
EVPN control plane. So, far EVPN introduced five types of
routes. We have discussed only Type-2 route, as it provides
remote MAC learning over control plane.
We assume that LS2 and LS3 have both learned host
H2’s MAC address. Leaf switch LS1 receives Type-2 route
advertisement for H2 MAC along with associated ESI as shown
in Table below.
The same advertisement for H2 is received from LS2. H2 is
reachable through both LS2 and LS3. Since, same host H2 is
connected to two leaf switches LS2 and LS3, link aggregation
is performed and single ESI is generated. ESI plays important
role in faster convergence. In DC networks the leaf switches may
contain thousands of hosts or VMs running behind it. If
link between the hostsand leaf switch LS3 goes down, LS3 will
advertise that ESI (0:1:1:1:1:1:1:1:1:1) is not reachable and LS1
will simply withdraw its route for that ESI, resulting in faster
convergence.
In brief, the benefits of using EVPN include multi-tenancy
integrated routing & bridging and support for VXLAN and
NVGRE. VXLAN is itself not designed as L2 DCI technology
but uses EVPN acts as a control plane.
EVPN as L2 solution for DCI provides faster convergence when VM moves from one
DC to another and also provides remote MAC learning which
thereby reduces unknown-unicast flooding. The MAC learning
in VXLAN is more efficient and scale well as it happens in
control plane.
Also some light has been thrown on NV & SDN which helps enterprises to separate the control plane from the
forwarding plane, in turn enabling better control of the network,
increased programmability options, and better agility and
flexibility; all this in combination leads to reduction of capital
and operating expenditure of the network. VXLAN has already
been accepted as the de-facto standard overlay technology for
deployment of next-gen DCs.
Stretching VXLAN between Data Center
Enterprises might want to stretch VXLAN tunnels between
DCs, example, for live migration of VM between DCs.
Traditionally, enterprises with multiple DCs have L3 solutions
for data center interconnectivity. EVPN provides flexibility
with easy integration of L3VPNs and L2VPNs for Data Center
Interconnect (DCI). Fig4 shows abstraction of how L2
information is learned from one DC to other using EVPN
control plane.
Stretching VXLAN across DCs
MPLS based technologies have not been conventionally
deployed in DC operational environment. The VPN
technologies described for the WAN environment could also be
used within a DC to provide Ethernet bridging and IP Virtual
Network services at scale. However, EVPN and IP-VPN data
planes are being targeted for implementation on virtual switches
in servers with GRE or VXLAN tunneling over the DC core.s
For more info follow Cisco DC site.