Overview

About EVPN

Ethernet Virtual Private Network (EVPN) is a technology that allows Layer 2 traffic to be bridged across an IP network. EVPN instances configured on Provider Edge (PE) routers function as virtual bridges, transporting traffic between Customer Edge (CE) devices at separate locations.

At a basic level, the PE routers exchange information about reachability, encapsulate Layer 2 traffic from CE devices, and forward it across the Layer 3 network. EVPN is a standard technology in multitenant data centers (DCs).

VXLAN is a means for segmenting a LAN at a scale required by service providers. With the prevalent use of VXLAN in multitenant DCs, the EVPN control plane was adapted for VXLAN tunnels in RFC 8365.

The SR Linux EVPN-VXLAN solution supports using Layer 2 Broadcast Domains (BDs) in multitenant DCs using EVPN for the control plane and VXLAN as the data plane.

About Layer 2 services

Layer 2 services refers to the infrastructure implemented on SR Linux to support tunneling of Layer 2 traffic across an IP network, overlaying the Layer 2 network on top of the IP network.

To support this infrastructure, SR Linux uses a network instance of type MAC-VRF. The MAC-VRF network instance is associated with a network instance of type default or ip-vrf via an Integrated Routing and Bridging (IRB) interface.

The following figure shows the relationship between an IRB interface and MAC-VRF, and IP-VRF network-instance types.

Figure 1. MAC-VRF, IRB interface, and IP-VRF

See Layer 2 services infrastructure for information about Layer 2 services on SR Linux, including configuring MAC-VRFs, IP-VRFs, and IRB interfaces.

About EVPN for VXLAN tunnels (Layer 2)

The primary usage for EVPN for VXLAN tunnels (Layer 2) is the extension of a BD in overlay multitenant DCs. This type of topology is shown in the following figure:

Figure 2. BD extension in overlay DCs

SR Linux features that support this topology fall into the following categories:

  • bridged subinterface extensions, including:

    • default subinterface, which captures untagged and non-explicitly configured VLAN-tagged frames on tagged subinterfaces

    • transparency of inner qtags not being used for service classification

  • EVPN-VXLAN control and data plane extensions, as described in RFC 8365:

    • EVPN routes type MAC/IP and IMET

    • VXLANv4 model for MAC-VRFs

  • distributed security and protection, including:

    • an extension to the MAC duplication mechanism that can be applied to MACs received from EVPN

    • protection of static MACs and learned-static MACs

  • EVPN Layer 2 multihoming, including:

    • the Ethernet Segment (ES) model definition for all-active and single-active multihoming

    • interface-level reload-delay timers to avoid service impact when links recover

    • load-balancing and redundancy using aliasing

See EVPN for VXLAN tunnels for Layer 2 for information about the components of EVPN-VXLAN Layer 2 on SR Linux.

About EVPN for VXLAN tunnels (Layer 3)

The primary usage for EVPN for VXLAN tunnels (Layer 3) is inter-subnet-forwarding for unicast traffic within the same tenant infrastructure. This type of topology is shown in the following figure:

Figure 3. Inter-subnet forwarding with EVPN-VXLAN Layer 3

SR Linux features that support this topology fall into the following categories:

  • EVPN-VXLAN Layer 3 control plane (RT5) and data plane, as described in RFC 9136

  • EVPN Layer 3 multihoming on MAC-VRFs with IRB interfaces that use anycast gateway IP and MAC addresses in all leafs attached to the same BD

  • host route mobility procedures to allow fast mobility of hosts between leaf nodes attached to the same BD

Other supported features include:

  • interface-less (IFL) model interoperability with unnumbered interface-ful (IFF) model

  • ECMP over EVPN

  • support for interface-level OAM (ping) in anycast deployments

EVPN for VXLAN tunnels for Layer 3 describes the components of EVPN-VXLAN Layer 3 on SR Linux.