EVPN-VXLAN

Chapter Overview

This section explores advanced VXLAN deployments using EVPN (Ethernet VPN) as the control plane. Learn about EVPN route types, advanced features, and best practices for large-scale deployments.

EVPN-VXLAN Overview

EVPN-VXLAN combines the scalability of VXLAN with the control plane sophistication of EVPN, providing an optimal solution for modern data center networking.

EVPN Benefits
  • Eliminates multicast dependency
  • Provides optimal forwarding
  • Enables advanced services
  • Supports multi-tenancy
  • Facilitates multi-homing
VXLAN Benefits
  • Layer 2 extension over IP
  • Massive scale (16M VNIs)
  • Vendor interoperability
  • Efficient encapsulation
  • Hardware acceleration

EVPN Route Types

EVPN defines several route types for different purposes:

Route Type Description Purpose VXLAN Usage
Type 1 Ethernet Auto-Discovery Multi-homing Ethernet Segment identification
Type 2 MAC/IP Advertisement MAC/IP learning Host reachability
Type 3 Inclusive Multicast BUM traffic VTEP discovery
Type 4 Ethernet Segment Multi-homing Designated Forwarder election
Type 5 IP Prefix Inter-subnet routing L3VNI routing

EVPN-VXLAN Architecture

Typical EVPN-VXLAN deployment architecture:

Architecture Components

  • Leaf Switches: VTEP endpoints with host connectivity
  • Spine Switches: IP fabric providing underlay connectivity
  • Route Reflectors: BGP EVPN route reflection
  • Border Leaf: External connectivity and DCI
  • Anycast Gateway: Distributed L3 gateway

L2VNI Configuration

Layer 2 VNI configuration for EVPN-VXLAN:

L2VNI EVPN Configuration

# Cisco NX-OS Configuration
feature bgp
feature vn-segment-vlan-based
feature nv overlay

# Configure BGP for EVPN
router bgp 65001
  router-id 192.168.1.1
  neighbor 192.168.1.100 remote-as 65001
  neighbor 192.168.1.100 update-source loopback0
  address-family l2vpn evpn
    neighbor 192.168.1.100 activate
    neighbor 192.168.1.100 send-community extended

# Configure L2VNI
evpn
  vni 10100 l2
    route-distinguisher 192.168.1.1:100
    route-target import 1:10100
    route-target export 1:10100

# Configure VXLAN interface
interface nve1
  source-interface loopback0
  member vni 10100
    suppress-arp
    ingress-replication protocol bgp

# Configure VLAN
vlan 100
  vn-segment 10100
Previous: Verification Commands Next: Multi-Tenancy

Multi-Tenancy

Chapter Overview

This section covers multi-tenant VXLAN deployments, including VRF implementation, tenant isolation, and service chaining for cloud and service provider environments.

Multi-Tenancy Overview

Multi-tenancy in VXLAN networks enables multiple isolated virtual networks to coexist on the same physical infrastructure while maintaining complete separation and security.

Isolation
  • Traffic separation
  • Address space isolation
  • Policy enforcement
  • Security boundaries
Scalability
  • Thousands of tenants
  • Flexible resource allocation
  • Dynamic provisioning
  • Elastic scaling
Services
  • Per-tenant services
  • Service chaining
  • QoS policies
  • Security services

VRF-Based Multi-Tenancy

VRF (Virtual Routing and Forwarding) provides the foundation for multi-tenant isolation:

Basic VRF Configuration

# Configure multiple VRFs
vrf context TENANT-A
  vni 50100
  address-family ipv4 unicast
    route-target import 1:50100
    route-target export 1:50100

vrf context TENANT-B
  vni 50200
  address-family ipv4 unicast
    route-target import 1:50200
    route-target export 1:50200
Previous: EVPN-VXLAN Next: Data Center Interconnect

Data Center Interconnect

Chapter Overview

This section covers VXLAN Data Center Interconnect (DCI) for extending VXLAN networks across multiple data centers, including WAN integration and multi-site deployments.

DCI Overview

Data Center Interconnect extends VXLAN networks across multiple geographical locations while maintaining seamless connectivity and consistent policies.

Layer 2 Extension
  • VM mobility between sites
  • Consistent IP addressing
  • Seamless failover
  • Stretched VLANs
Resilience
  • Disaster recovery
  • Business continuity
  • Geographic redundancy
  • Load distribution
Scalability
  • Multi-site deployments
  • Elastic capacity
  • Global load balancing
  • Workload distribution

DCI Architecture Models

Different approaches to implementing VXLAN DCI:

Model Description Use Case Complexity
Stretched VXLAN Direct VXLAN tunnels over WAN High-bandwidth DCI Low
BGP EVPN DCI BGP EVPN control plane across WAN Multi-site EVPN Medium
MPLS L2VPN VXLAN to MPLS translation Service provider WAN High
VXLAN Gateway Border gateway translation Hybrid deployments Medium
Previous: Multi-Tenancy Next: Anycast Gateway

Anycast Gateway

Chapter Overview

This section covers VXLAN anycast gateway implementation, providing distributed default gateway functionality for optimal traffic flow and high availability.

Anycast Gateway Overview

Anycast gateway provides a distributed default gateway service where multiple leaf switches share the same gateway IP and MAC address, enabling optimal traffic flow and seamless host mobility.

Traffic Optimization
  • Local gateway forwarding
  • Reduced traffic tromboning
  • Optimal path selection
  • Minimal latency
High Availability
  • Distributed architecture
  • No single point of failure
  • Seamless failover
  • Active-active design

Basic Anycast Gateway Configuration

Configure anycast gateway on Cisco Nexus switches:

Cisco Anycast Gateway Configuration

# Configure anycast gateway MAC address
fabric forwarding anycast-gateway-mac 0000.1111.2222

# Configure SVIs with anycast gateway
interface vlan100
  description "Tenant-A Web Tier"
  vrf member TENANT-A
  ip address 192.168.100.1/24
  fabric forwarding mode anycast-gateway

# Verify anycast gateway configuration
show fabric forwarding anycast-gateway-mac
show fabric forwarding
Previous: Data Center Interconnect Next: Integration with SDN

Integration with SDN

Chapter Overview

This section covers VXLAN integration with Software-Defined Networking (SDN) platforms, including OpenFlow, OpenStack, VMware NSX, and cloud orchestration platforms.

SDN Integration Overview

VXLAN integration with SDN platforms provides centralized management, automated provisioning, and programmable network services.

Automation
  • Automated provisioning
  • Policy enforcement
  • Dynamic scaling
  • Self-healing networks
Visibility
  • Centralized monitoring
  • Traffic analytics
  • Performance insights
  • Troubleshooting tools
Orchestration
  • Service chaining
  • Multi-cloud connectivity
  • Workload mobility
  • API-driven operations

OpenStack Integration

Integrate VXLAN with OpenStack cloud platform:

OpenStack Neutron Configuration

# /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = vxlan,vlan,flat
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

[ml2_type_vxlan]
vni_ranges = 1000:2000
vxlan_group = 239.1.1.1

[ovs]
local_ip = 192.168.1.10
bridge_mappings = external:br-ex
tunnel_bridge = br-tun

SDN Integration Best Practices

  • Use infrastructure as code principles
  • Implement proper API versioning
  • Monitor integration performance
  • Maintain configuration consistency
  • Document integration workflows
  • Test integrations thoroughly
Previous: Anycast Gateway Next: VXLAN Troubleshooting