Overview
This chapter contains the following topics:
About EVPN
Ethernet Virtual Private Network (EVPN) is a technology that bridges Layer 2 and routes Layer 3 VPN traffic across a shared provider environment. When extending Broadcast Domains (BDs), EVPN instances configured on Provider Edge (PE) routers act as virtual bridges, facilitating traffic between Customer Edge (CE) devices at different locations. Conversely, when connecting devices in different IP subnets, EVPN instances function as virtual routers, enabling inter-subnet forwarding for devices of the same tenant.
Essentially, PE routers exchange reachability information, encapsulate Layer 2 or Layer 3 traffic from CE devices, and forward it across the provider or data center (DC) network. EVPN is a standard technology in multi-tenant DCs (RFC 8365) and MPLS/Segment Routing networks (RFC 7432).
The SR Linux EVPN solution supports EVPN multi-tenant DCs using VXLAN as the data plane, and in service provider networks, using MPLS as the data plane.
About the service infrastructure for EVPN
The SR Linux infrastructure to support EVPN services uses
network-instances of type MAC-VRF and IP-VRF, along with IRB
interfaces. The MAC-VRF network-instance is associated with a
network-instance of type default
or
ip-vrf
via an Integrated Routing
and Bridging (IRB) interface.
The following figure shows the relationship between an IRB interface and MAC-VRF, and IP-VRF network-instance types.
See Layer 2 services infrastructure for information about MAC-VRFs, IP-VRFs, and IRB interfaces in SR Linux.
About EVPN for Layer 2
The primary usage for EVPN for Layer 2 is the extension of a BD in overlay multi-tenant DCs or service provider networks. An example of this type of topology in DCs is shown in the following figure:
SR Linux features that support this topology fall into the following categories:
-
bridged subinterfaces, including:
- default subinterfaces, configured with the parameter vlan-id optional, which capture untagged and non-explicitly configured VLAN-tagged frames on tagged subinterfaces
-
transparency of inner qtags not being used for service classification
-
EVPN control and data plane extensions, as described in RFC 8365 for VXLAN tunnels and in RFC 7432 for MPLS tunnels:
-
EVPN routes type MAC/IP and IMET (Inclusive Multicast Ethernet Tag) routes
-
VXLANv4 model for MAC-VRFs
-
MPLS model for MAC-VRFs
-
-
distributed security and protection, including:
-
an extension to the MAC duplication mechanism that can be applied to MACs received from EVPN
-
protection of static MACs
-
-
EVPN Layer 2 multihoming, including:
-
the Ethernet Segment (ES) model definition for all-active and single-active multihoming
-
interface-level reload-delay timers to avoid service impact when links recover
-
load-balancing and redundancy using aliasing, as in RFC 7432
-
SR Linux also supports static and TLDP-signaled pseudowires, which can be used on MAC-VRF and VPWS instances.
See EVPN for Layer 2 ELAN services for information about the components of EVPN Layer 2 in SR Linux.
About EVPN for Layer 3
The primary usage for EVPN for VXLAN tunnels (Layer 3) is inter-subnet-forwarding for unicast traffic within the same tenant infrastructure. This type of topology is shown in the following figure:
The primary usage for EVPN for Layer 3 is inter-subnet-forwarding for unicast traffic within the same tenant infrastructure, which can use a shared provider network or a data center. An example of this type of topology in a data center is shown in the following figure:
SR Linux features that support this topology fall into the following categories:
-
EVPN Layer 3 control plane (mostly EVPN IP prefix routes or RT5s) and data plane, as described in RFC 9136
-
EVPN Layer 3 multihoming on MAC-VRFs with IRB interfaces that use anycast gateway IP and MAC addresses in all leafs attached to the same BD
-
host route mobility procedures to allow fast mobility of hosts between leaf nodes attached to the same BD
Other supported features include:
interface-less (IFL) model interoperability with unnumbered interface-ful (IFF) model
-
ECMP over EVPN, including unequal ECMP, IP aliasing, and combined ECMP
support for interface-level OAM (ping) in anycast deployments
EVPN for Layer 3 describes the components of EVPN Layer 3 in SR Linux.
About EVPN for multicast
The primary usage for EVPN for multicast is to forward IP multicast traffic from sources to receivers in an efficient way. An example of this type of service in data centers is shown in the following figure:
SR Linux features that support this topology fall into the following categories:
- IGMP/MLD snooping on MAC-VRFs
- EVPN IGMP/MLD proxy support in MAC-VRFs, as described in RFC 9251
- EVPN multihoming support on MAC-VRFs where IGMP/MLD snooping is enabled, and synchronization of the multicast states on all the PEs attached to the same Ethernet Segment, as described in RFC 9251
EVPN for multicast describes the components of EVPN multicast in SR Linux.
About IP-VPN
IP-VPN services use a combination of MP-BGP and MPLS to distribute IPv4/v6 routing information and provide Layer 3 VPN services.
Each IP-VPN consists of a set of customer end points connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each IP-VPN instance. The PE routers exchange the routing information configured or learned from all customer sites via MP-BGP peering. Each route exchanged via the MP-BGP protocol includes a Route Distinguisher (RD), which identifies the IP-VPN association and handles any potential IP address overlap.
Multi-Protocol BGP (MP-BGP) is used to exchange the routes of a particular VPN among the PE routers that are attached to that VPN.