Ethernet VPN (EVPN) for integrated layer 2-3 services
THE EVPN MODEL
Ethernet VPN (EVPN) introduces a new model for Ethernet services delivery. With EVPN, service providers can meet evolving demands for higher speeds, sophisticated QoS and guaranteed SLAs. EVPN can support the requirements driven by new applications in a way that existing technologies can’t.
EVPN enables integrated Layer 2 and Layer 3 services over Ethernet with multihoming. The control plane approach hasn’t changed for proven solutions like MPLS/VPLS and PBB. These technologies still rely on Layer 2 flooding and learning to build the forwarding database.
EVPN inherits over a decade of operational experience with VPLS in production networks, and incorporates flexibility for service delivery over Layer 3 networks. In EVPN:
- The control plane and data plane are abstracted and separated
- A multiprotocol BGP (MP-BGP) control plane protocol carries MAC/IP routing information
- Several choices are provided for the data plane encapsulation
EVPN also builds on consensus and cooperation between router vendors and service providers working together on a simple and interoperable technology. VPLS, for example, has several different operating modes. This makes it complicated and introduces interoperability issues. EVPN enables network operators to meet emerging needs in their networks with a single VPN technology, such as:
- Data center interconnect
- Cloud and virtualization services
- Integrated Layer 2 and Layer 3 VPN services
- Overlay technologies that simplify topologies, and tunnels services over an IP infrastructure
KEY EVPN BENEFITS
EVPN lets service providers simplify their networks and offer advanced Ethernet services.
Integrated Services Delivering Layer 2 and Layer 3 services over the same interface has been cumbersome until now. Offering services with VPLS and L3VPNs requires multiple technologies and multiple customer service interfaces. L3VPN-like operation with MP-BGP as the control plane protocol offers more scalability and control over learning and flooding.
Network Efficiency Multihoming with all-active forwarding and load balancing between provider edge routers is key to providing redundant and efficient services. All-active forwarding means that all links are active and used in the network. There is no wasted idle capacity for standby links. More efficient hybrid service can be delivered over a single interface or VLAN, instead of using multiple interfaces or VLANs for multiple services.
Design Flexibility Since the control plane and data plane are separated, several MPLS or IP data plane encapsulation choices are available to meet core network requirements. Provisioning and management using a single VPN technology rather than both Layer 2 and Layer 3 is simpler.
Greater Control MAC/IP provisioning from a network management system database enables programmatic network control. Control plane signaling maintains a consistent signaled forwarding database instead of flooding and learning in the data plane. Proxy ARP/ND functionality allows PEs to respond to ARP/ND requests locally, which reduces or eliminates flooding.
EVPN DEVELOPMENT OVERVIEW
While EVPN is the hot new technology in the IETF L2VPN WG, it’s also mature. There are a few mature base internet drafts (I-Ds) as well as over 20 new I-Ds that extend EVPN functionality. No more changes are expected on the base specification, and there are several shipping EVPN implementations. The authors of the EVPN requirements and base specification I-Ds come from a diverse set of router vendors (Alcatel-Lucent, Cisco, Juniper) and network operators (Arktan, AT&T, Bloomberg, Verizon). EVPN is a collaboration among vendors and operators working together to define this new technology.
Separating the Control and Data Planes EVPN introduces the concept of a separate control plane and data plane, as shown in Figure 1.
Here IP/MAC learning is performed in the control plane instead of the data plane. MP-BGP is used as the control plane protocol. This brings proven and inherent BGP control plane scalability to MAC routes, and can even be extended with hierarchy and route reflection. Using control plane learning provides a consistent signaled forwarding database in any size network instead of relying on flooding and learning. Control plane learning also offers greater control over MAC learning, what is signaled, from where and to whom, and maintains virtualization and isolation of EVPN instances. MP-BGP advertises MACs and IPs for next hop resolution with an EVPN NLRI, which fully supports IPv4 and IPv6 in the control and data plane. IPv6 is completely integrated and supported just like IPv4 from the very beginning. Several I-Ds for data plane encapsulation are mature, with shipping implementations. They are summarized in the following sections. Since the data plane is separated from the control plane, EVPN functionality is the same over any data plane encapsulation.
Multiprotocol Label Switching (MPLS)
The original EVPN solution in the base specification is EVPN over an MPLS data plane. It provides all-active multihoming for E-LAN services, and new I-Ds have been proposed for E-Line and E-Tree services. The core network supports all the MPLS features including advances in MPLS transport technology such as segment routing. This architecture requires an IGP, RSVP-TE or LDP for MPLS, and BGP for EVPN. MPLS runs in the core network’s control plane and data plane. This topology provides a simple way to deploy EVPN over an existing MPLS core.
Provider Backbone Bridges (PBB)
PBB-EVPN combines IEEE 802.1ah provider backbone bridges (PBB) with EVPN functionality for scaling very large networks with all-active multihoming over MPLS. It reduces the number of MACs in EVPN by aggregating customer MACs with backbone MACs, similar to route aggregation in IP. The backbone edge bridge (BEB) PEs only advertise the backbone MACs with BGP. Customer MAC and backbone MAC mapping is learned in the data plane at the PE. MPLS runs in the core network’s control plane and data plane. This architecture can be deployed over an existing MPLS network for higher MAC scalability, or to hide customer MACs from the backbone.
Network Virtualization Overlay (NVO)
EVPN over NVO tunnels (VXLAN, NVGRE, MPLSoGRE) provides Layer 2 and Layer 3 DCI, and flexible topologies over simple IP networks. EVPN-VXLAN uses EVPN over a virtual extensible LAN (VXLAN) data plane, which is a simple alternative when MPLS is unavailable or unwanted in the core network. The VXLAN data plane uses UDP to encapsulate the VXLAN header and Layer 2 frame which provides the topology over IP, and EVPN uses the BGP control plane for MAC route advertisements. The VTEPs (VXLAN tunnel end points) can be on network equipment or computing infrastructure. A VPN could even terminate on a hypervisor attached to a VM. This architecture can be deployed over an existing IP network, without the requirement for MPLS.
The advantages and disadvantages of data plane encapsulation options will be discussed in a future article. Meanwhile, here’s a brief look at what can be done with EVPN and what services can be offered today.
Layer 2 or Layer 3 Data Center Interconnect
This DCI application enables scalable Layer 2 or Layer 3 services over EVPN-VXLAN for virtualized data centers with control plane signaling of IP/MAC mobility for VMs that move between data centers. Local DC gateways at each PE optimize routing, so that external traffic is sent to the closest exit. Integrated Layer 2 switching and Layer 3 routing over the same interface or VLAN enables flexible service delivery to VMs.
Business Services and Infrastructure Networks
EVPN enables service providers to offer integrated Layer 2 and Layer 3 services on a single interface and single VLAN to customers. There’s only one network technology for both services, and no need for multiple VPN protocols. All-active or single-active PE to CE connections can be supported depending on the requirements for redundancy and load-balancing. The EVPN services can be provided over any core network: MPLS cores can use EVPN-MPLS, and IP cores can use EVPN-VXLAN.
Site to Site Networks Over IP
EVPN-VXLAN works over any IP network to provide a flexible Layer 2 and Layer 3 VPN for businesses to connect sites. This application just requires IP connectivity between sites. No MPLS or any special configuration by the IP service provider is needed. There could even be several different IP networks in the path -- for example if a network operator bought IP service from different providers at different locations. The service provider network is completely transparent to EVPN, and the EVPN topology is completely transparent to service providers. It’s just IP traffic. Routing and MAC/IP advertisement within EVPN are controlled via IBGP between PEs.
Relevant I-Ds from the IETF Layer 2 Virtual Private Networks (l2vpn) Working Group:
Requirements for Ethernet VPN (EVPN): RFC 7209
BGP MPLS Based Ethernet VPN: draft-ietf-l2vpn-evpn (the base specification)
Usage and applicability of BGP MPLS based Ethernet VPN: draft-rp-l2vpn-evpn-usage
Blog post from Aldrin Isaac: “The bumpy road to E-VPN”
EVPN overview presentation
To contact the author or request additional information, please send an email to firstname.lastname@example.org.