Understanding EVPN

 Ethernet VPN (EVPN) is a standard technology that was created to overcome some of the limitations of a popular MPLS-based technology called Virtual Private LAN Service (VPLS), as specified in the respective IETF RFCs for MAN/WAN use. In particular, for example for data center deployments, it became imperative to address certain VPLS limitations in areas such as multihoming and redundancy, provisioning simplicity, flow-based load balancing, and multipathing.

Hence, as an evolution of VPLS, EVPN was born as a multi-protocol (MP) BGP- and MPLS-based solution in RFC 7432 (later updated by RFC 8584) to implement the requirements specified in RFC 7209.

The initial implementation of EVPN was intended to leverage the benefits of an MPLS Label Switched Path (LSP) infrastructure, such ss fast reroute, resiliency, etc. Alternatively, the EVPN RFC includes support also for an IP or IP/GRE (Generic Routing Encapsulation) tunneling infrastructure.

As a further evolution, in RFC 8365 EVPN was expanded to support various other encapsulations including a VXLAN-based transport (called overlay encapsulation type 8).

By that time VXLAN had become the prevalent transport in the data center to implement virtual Layer 2 bridged connectivity between fabric nodes. So EVPN could then be used as an MP BGP-based control plane for VXLAN, with support for specialized Network Layer Reachability Information (NLRI) to communicate both Layer 2 and Layer 3 information for forwarding and tunneling purposes.

In EVPN parlance, VXLAN is a Network Virtualization Overlay (NVO) data plane encapsulation solution with its own identifiers, the VNIs (also called NVO instance identifiers). VNIs can be mapped one-to-one or many-to-one to EVPN instances (EVIs). VNIs can be globally unique identifiers (in a typical use case), but the EVPN RFC also includes support for the case when they are used as locally significant values (to mimic MPLS labels).

In a VXLAN network using EVPN, a VTEP node is called a Network Virtualization Edge (NVE) or Provider Edge (PE) node. An NVE node may be a Top-of-Rack (ToR) switch or a virtual machine, but—as we will see below—it can also be a border node.

For more details on EVPN, refer to the following IETF standards and drafts:

  • RFC 7209 "Requirements for Ethernet VPN (EVPN)"
  • RFC 7432 "BGP MPLS-Based Ethernet VPN"
  • RFC 8365 "A Network Virtualization Overlay Solution Using Ethernet VPN (EVPN)"
  • The draft-ietf-bess-evpn-prefix-advertisement-11, “IP Prefix Advertisement in EVPN”