Ethernet Virtual Private Network (EVPN) isa Layer 2 VPN technology that provides both Layer 2 and Layer 3 connectivitybetween distant network sites across an IP or MPLS network. EVPN uses MP-BGP inthe control plane and Virtual eXtensible LAN (VXLAN) or MPLS in the data plane.EVPN is typically used in data centers for multitenant services.
EVPN supports advertising private routes ofVPN instances in an MPLS L3VPN network. For more information, see"Configuring EVPN L3VPN."
EVPN solutions
EVPN provides the EVPN VXLAN, EVPN VirtualPrivate Wire Service (VPWS), and EVPN Virtual Private LAN Service (VPLS)solutions.
EVPN VXLAN
As shown in Figure 1, EVPNVXLAN uses the VXLAN technology for traffic forwarding in the data plane. Thetransport edge devices assign VMs to different VXLANs, and then forward trafficat Layer 2 between sites for VMs by using VXLAN tunnels. The transport edgedevices are VXLAN tunnel endpoints (VTEPs). All EVPN VXLAN processing isperformed on VTEPs
To provide Layer 3 connectivity betweensubnets of a tenant and between the EVPN VXLAN network and external networks,you can deploy EVPN gateways.
For more information about EVPN VXLAN, see"Configuring EVPN VXLAN."
Figure 1 EVPN VXLAN network model
EVPN VPWS
As shown in Figure 2, EVPNVPWS is a Layer 2 VPN technology that uses EVPN for PW establishment in thecontrol plane and MPLS for forwarding in the data plane. EVPN VPWS providespoint-to-point forwarding services for users by using ACs and PWs associatedwith cross-connects without MAC address table lookup.
For more information about EVPN VPWS, see"Configuring EVPN VPWS."
Figure 2 EVPN VPWS network model
EVPN VPLS
As shown in Figure 3, EVPNVPLS is a Layer 2 VPN technology that uses EVPN for PW establishment in thecontrol plane and MPLS for forwarding in the data plane. EVPN VPLS providespoint-to-multipoint forwarding services for users by using the MAC addresstable.
For more information about EVPN VPLS, see"Configuring EVPN VPLS."
Figure 3 EVPN VPLS network model
EVPN benefits
EVPN provides the following benefits:
·Configuration automation—MP-BGP automates VTEP/PE discovery, VXLAN tunnel/PW establishment,and VXLAN tunnel assignment to ease deployment.
·Separation of the controlplane and the data plane—EVPN uses MP-BGP to advertisehost reachability information in the control plane and uses VXLAN or MPLS toforward traffic in the data plane.
·Integrated routing and bridging(IRB)—MP-BGP advertises both Layer 2 and Layer 3host reachability information to provide optimal forwarding paths and minimizeflooding in an EVPN VXLAN network.
·Point-to-point and point-to-multipointconnection—Layer 2 frames are transmitted transparently across the IPor MPLS transport network between sites after they are encapsulated into VXLANpackets or MPLS packets.
Layered transport network
As shown in Figure 4,typically the EVPN transport network uses a layered structure. On the transportnetwork, leaf nodes act as VTEPs or PEs to provide VXLAN or MPLS services, andspine nodes perform forwarding for VXLAN or MPLS traffic based on the outer IPheader. If all VTEPs or PEs and transport network devices of an EVPN networkbelong to the same AS, the spine nodes can act as route reflectors (RRs) to reflectroutes between the VTEPs or PEs. In this scenario, the spine nodes advertiseand receive BGP EVPN routes, but do not perform VXLAN or MPLS encapsulation andde-encapsulation.
Figure 4 Layered transport network
MP-BGP extension for EVPN
To support EVPN, MP-BGP introduces the EVPNsubsequent address family under the L2VPN address family and the following networklayer reachability information (BGP EVPN routes):
·Ethernet auto-discovery route—Advertises ES and service ID information in multihomed sites andadvertises service ID information in an EVPN VPWS network.
·MAC/IP advertisem*nt route—Advertises MAC reachability information and host route information(host ARP or ND information).
·Inclusive multicast Ethernettag (IMET) route—Advertises VTEP and VXLANmappings for automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnelassignment in an EVPN VXLAN network. Advertises PE information for automatingPE discovery and PW establishmentin an EVPN VPLS network.
·Ethernet segment (ES) route—Advertises ES and VTEP/PE mappings.
·IP prefix advertisem*ntroute—Advertises BGP IPv4 or IPv6 unicast routesas IP prefixes.
MP-BGP uses the route distinguisher (RD)field to differentiate BGP EVPN routes of different VSIs or cross-connectgroups and uses route targets to control the advertisem*nt and acceptance of BGPEVPN routes.
MP-BGP supports the following types ofroute targets:
·Export targets—A VTEP or PE sets the export targets for BGP EVPN routes learnedfrom the local site before advertising them to remote VTEPs or PEs.
·Import targets—A VTEP or PE checks the export targets of BGP EVPN routes receivedfrom remote VTEPs or PEs. The VTEP or PE imports the BGP EVPN routes only whentheir export targets match the local import targets.
RD and route target selection of BGP EVPN routes
As shown in Table 1, youcan configure RDs and route targets for BGP EVPN routes in multiple views.
Table 1 Supported views for RD and routetarget configuration
| Item | Views |
| RD | ·VSI EVPN instance view ·VPN instance view ·Public instance view ·Cross-connect group EVPN instance view |
| Route targets | ·VSI EVPN instance view ·VPN instance view ·VPN instance IPv4 address family view ·VPN instance IPv6 address family view ·VPN instance EVPN view ·Public instance view ·Public instance IPv4 address family view ·Public instance IPv6 address family view ·Public instance EVPN view ·Cross-connect group EVPN instance view NOTE: Route targets configured in VPN instance view apply to IPv4 VPN, IPv6 VPN, and EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN. Route targets configured in IPv6 address family view apply only to IPv6 VPN. Route targets configured in VPN instance EVPN view apply only to EVPN. Route targets configured in IPv4 address family view, IPv6 address family view, or VPN instance EVPN view take precedence over those in VPN instance view. The precedence order for different views of a VPN instance also applies to the views of the public instance. |
The device selects RDs and route targetsfor BGP EVPN routes by using the following rules:
·Ethernet auto-discovery routes—The device uses the RD and route targets configured in EVPNinstance view of a VSI or cross-connect group when advertising the routes. Thedevice uses the route targets configured in EVPN instance view of a VSI orcross-connect group when accepting the routes.
·IMET routes and MAC/IPadvertisem*nt routes that contain only MAC addresses—The device uses the RD and route targets configured in VSI EVPNinstance view when advertising and accepting the routes.
·MAC/IP advertisem*nt routesthat contain ARP or ND information—The deviceuses the following settings when advertising the routes:
¡RDand export route targets configured in VSI EVPN instance view.
¡Exportroute targets configured for EVPN on a VPN instance or the public instance (VPNinstance view, EVPN view of a VPN instance or the public instance, and publicinstance view).
The device uses the import route targetsconfigured for the EVPN instance on a VSI and EVPN on a VPN instance or thepublic instance when accepting the routes.
·ES routes—The device uses the RD and export route targets configured for anEVPN instance on a VSI or cross-connect group when advertising the routes. Thedevice uses the import route targets configured for an EVPN instance on a VSIor cross-connect group when accepting the routes.
·IP prefix advertisem*ntroutes—The device uses the route targetsconfigured for IPv4 or IPv6 VPN on a VPN instance or the public instance whenadvertising and accepting the routes.
