cool hit counter An article that gives you an idea of what EVPN is_Intefrankly

An article that gives you an idea of what EVPN is


1.Why you need EVPN

EVPN is a technology that has suddenly made headlines in the past two years, and before we talk about EVPN, there is a brief history of Ethernet development that must be understood.

Traditional Ethernet uses ARP broadcast to find the destination address for the initial small-scale L2 network and uses STP protocol for ring prevention to expand the network scale, but it wastes too much bandwidth on the one hand, and on the other hand, the convergence time becomes abnormally slow when the network scale is slightly larger (50-100 switch devices), which makes the criticism that the bandwidth utilization is not high magnified, so STP networking is limited to a limited scale of local networking.

Figure 1: Schematic representation of the learning process of an L2 switch

Later, the concept of IP layer routing was proposed to prevent loops through TTL, and ECMP etc. was proposed to let the same device flow through multi-path forwarding to improve link utilization and link redundancy, and various routing protocols such as RIP/OSPF/BGP were proposed to make large-scale networking through the device itself to publish in the forwarding table entries it has, providing the basis for the emergence of the Internet.

IP networks analyze the IP header every hop, which is inefficient, QoS is difficult to deploy, all routers have to know all routes in the routing domain network they are in, and hop-by-hop forwarding of IP, where the longest match lookup of the routing table must be performed (possibly multiple times) at each hop passed, is slow.

Figure 2 Forwarding principle of IP network

The technology further innovated and evolved into the MPLS label distribution era, where the MPLS architecture consists of a Control Plane and a Forwarding Plane. The control level adheres to the flexibility of IP, and the forwarding level adheres to the reliability of ATM. The intermediate network is invisible to the service and only does label distribution of LSPs, and MPLS distinguishes the service as L2VPN, L3VPN

Figure 3: Architecture of MPLS

Now EVPN is continuing along these lines, in a new scenario where an increasing number of large customer operations (offices or data centers where the business is located) are distributed in different regions of the world and need to communicate data, especially with the emergence of cloud computing business models. With the growth of network scale and the application of new network technologies, the traditional data center network is facing unprecedented pressure in terms of management operation and maintenance, resource utilization, and flexibility to meet the changing needs of today's business.

The technology has evolved to the point where, in summary, the following points have become bottlenecks.

1. non-uniform implementation of traditional MPLS fall L2VPN and L3VPN.

2. Deficiencies in VPLS technology: for example, the control plane and forwarding plane cannot be separated, the protection switching performance is low, the cross-domain protection configuration is complicated and practical engineering is difficult to deploy.

3, the difficulty of changing the network equipment: the traditional deployment method network side of the fully connected configuration, new sites or delete sites is very difficult.

4. Failure to centralize control and evolution to SDN and NFV.

5. Scalability: to be able to meet the needs of large-scale data centers and virtual machine migration.

2.What is EVPN

2.1 Introduction to EVPN

The full name of EVPN is Ethernet VPN, most originally defined by RFC7432:BGP MPLS-Based Ethernet VPN, which by name is an L2 VPN based on BGP and MPLS. While this is an RFC that was only numbered in 2015, many vendors were already implementing EVPN when it was a draft.

The EVPN problem solving scenario is the dynamic notification of MAC addresses at each local point when customers communicate under the WAN, which is mainly proposed for the defects of L2VPN (VPLS, Virtual Private LAN Service) (e.g., unable to support MP2MP, unable to support multi-link full live forwarding, etc.); its problem areas include: multi-link simultaneous load, flow-based load balancing, flow-based multi-path, multi-PE node redundancy across geographic domains, traffic forwarding optimization, multicast optimization, broadcast suppression, fast convergence (limited by the number of MAC addresses of PEs, etc.), etc.

For mature schemes like MPLS/VPLS and PBB, the control plane has not changed much. These techniques still rely on L2 flooding and learning to build forwarding databases.

EVPN inherits over a decade of VPLS experience in existing network operations and includes the flexibility to target service deployments on L3 networks. In EVPN: The control plane is abstracted and isolated from the data plane. the multiprotocol BGP (MP-BGP) control plane carries MAC/IP routing information. there are several options for encapsulation of the data plane.

EVPN is a way for router vendors and carriers to work together to achieve a simple and interoperable technology, and for routers and carriers to agree and work together. For example, VPLS has several different operating models, which makes it more complex and introduces problems with interoperability.

Figure 4: Protocol model of EVPN

The current EVPN protocol has formal RFCs and related drafts, and due to the effective separation of the data plane from the control plane, EVPN defines a common set of control planes, but the data plane can use different encapsulation techniques, and three data planes have been standardized: MPLS encapsulation, PBB encapsulation, and NVO encapsulation (VxLAN, NVGRE, MPLSoE).

2.2 Key terms related to EVPN

EVPN Instance (EVI): an EVI is an EVPN instance, and each EVI represents a VPN on the PE device, acting similarly to an L3 VPN route forwarding entry (VRF).

Figure 5 Elemental composition relationship of EVPN

Ethernet Segment (ES): Ethernet Segment refers to the concept of a "node" connection and represents the device/network on the CE side. Each ES is typically identified using an Ethernet Segment ID (ESI), with a one-to-one correspondence to a physical or logical interface on the CE side. Each ES network can connect multiple PE devices in the EVPN/MPLS core network to provide access redundancy, thus allowing for primary redundancy and multiple master requirements for PE devices.

Ethernet Tag (ET): Each EVI can form one or more Layer 2 networks. When the EVI contains multiple Layer 2 networks, these Layer 2 networks are distinguished by the Ethernet Tag. If we think of a Layer 2 network as a Broadcast Domain, then ETs are used to distinguish between different broadcast domains.

EVPN BGP Routing and Extended Group Attributes.

EVPN identifies and learns MAC addresses or IP subnets in the core network via the BGP protocol, so a new BGP address family and extended attributes are defined in the MP BGP protocol family: AFI = 25 (L2VPN), SAFI = 70 (EVPN), and the EVPN NLRI (Network Layer Reachability Information) used by this address family enables PE devices to propagate and learn MAC addresses and ES information, whereas in existing VPLS solutions only the data plane must be relied on heavily for learning.

2.3EVPN service model

As mentioned earlier, each EVI, is able to connect to one or more groups of networks. This is related to the three service models of EVPN.

VLAN-Based Service Interface

In this mode, there is only one broadcast domain per EVI, connecting a set of user networks. As shown in the figure below.

This model isolates best, with each group of networks being independent, the disadvantage is that it is too EVI intensive, for example, a user who needs 10 groups of L2 VPN networks will need 10 EVIs, and there is usually a limit to the number of EVIs an SP can provide. This mode is similar to a FLAT network within the EVI. There is only one MAC forwarding table in each MAC-VRF.

VLAN Bundle Service Interface

An EVI has multiple broadcast domains that connect multiple groups of user networks, but the multiple user networks share MAC forwarding tables. As shown in the figure below.

This mode, within EVI, is similar to VLAN with SVL (Shared VLAN learning). In effect the broadcast domain is still one, distinguishing different VLANs by logical grouping. In this mode, there is only one MAC forwarding table per MAC-VRF, but the forwarding table is similar to the one shown in the following figure.

The CE connected to port 5 corresponds to three user VLANs. Since multiple groups of user networks share MAC forwarding tables and actually make forwarding decisions by MAC address, this model requires that the MAC address be unique across all networks. And, the VLAN IDs of the user networks connected by EVPN must be the same (as shown in the figure). As an example, the network on the right VID11 has a forwarding message sent to the left, and the left can only open the forwarding message to a particular ingress network in order to achieve multi-tenant isolation, and since there is only one forwarding table, the EVI (or more precisely the MAC-VRF) can only allow the ingress network of VID11 to use this forwarding message.

VLAN-Aware Bundle Service Interface

An EVI has multiple broadcast domains that connect multiple groups of user networks, but each group of user networks has its own separate MAC forwarding table. As shown in the figure below.

This mode, within EVI, is similar to VLAN with IVL (Independent VLAN learning). Each MAC-VRF has multiple MAC forwarding tables, with each MAC forwarding table corresponding to one user network. Both MAC address and ET are used to make forwarding decisions, locating the MAC forwarding table by ET, and then addressing it within the forwarding table by MAC address. This mode allows duplicate MAC addresses to exist between multiple groups of user networks and the VLAN IDs of each group of networks can be inconsistent. For example, the forwarding information for VID 12 on the left can be sent directly to the MAC-VRF corresponding to VID 11. This pattern solves the problems of the two patterns above, but is just relatively more complex to implement.

2.4 BGP EVPN Message Types

EVPN uses MP-BGP as the routing/signaling protocol and defines a new address family: AFI = 25 (L2VPN), SAFI = 70 (EVPN), the NLRI (Network Layer Reachability Information) used by this address family is called EVPN NLRI, EVPN NLRI currently has 5 subroutes, the first 4 routes are defined in RFC7432, which are sufficient for pure Layer 2 EVPN applications.

Figure 6: Message types for EVPN

Better support for Layer 2 and 3 VPN bridging scenarios is defined in the EVPN IP Prefix draft with RT_5 routing again.

The so-called basic unicast route, as the name implies, is the most basic route for EVPN unicast services, and its basicity is reflected in two aspects: first, in the case that no ES multi-homing is involved, only this kind of route is completely sufficient for EVPN unicast services; second, this kind of route is required for all unicast services, regardless of whether the ES is unicast or multi-homing, and regardless of whether it is to be bridged or not.

The term redundant unicast routes also has two meanings: first, that such routes are not necessary for EVPN unicast services, and second, that such routes are necessary for EVPN unicast services whenever CE multi-homing (i.e., redundancy) situations are involved.

The so-called basic multicast routing emphasizes that it is a kind of unaware multicast routing, and this kind of multicast routing cannot build different multicast trees for different, in fact, EVPN does not define the based multicast routing yet, in this point is obviously [VPLS-MCAST] ahead of EVPN, [VPLS-MCAST] calls the based multicast tree "Selective PMSI Tree", for the service instance based (unaware) multicast tree, [VPLS-MCAST] is called "Inclusive Multicast Tree".

The main purpose of DF election is to prevent multiple copies of multicast messages coming from the remote PE from being forwarded to the same Segment.

2.5 BGP EVPN Label Description

The most intuitive difference between MPLS EVPN and VPLS is the absence of pseudowire P2P labels in MPLS EVPN, which are replaced by MP2P unicast labels, and MP2P multicast labels (ingress replication) or P2MP multicast labels (hop-by-hop replication).

Unicast and multicast in EVPN use different labels for forwarding; in other words, it is straightforward to conclude from the EVPN label forwarding table whether the type of message is unicast or multicast, and to put it another way, the protocol says that only multicast applies, which is usually understood to mean that it applies only when forwarded through the BUM label, and the protocol says that only unicast applies, which is usually understood to mean that it applies only when forwarded through the unicast label.

In addition, Broadcast/Unknown-unicast/Multicast are treated the same in EVPN, hence the multicast tag is also known as the BUM tag.

Both the EVPN unicast tag and the EVPN multicast tag are EVPN private network tags in nature and are forwarded with a public network tunnel tag.

There are two types of unicast labels: MAC-based unicast labels, which can only get the vpnid of the EVPN instance from the unicast label table, and MPLS-based unicast labels, which can get the complete AC-side forwarding information from the unicast label table.

2.6 Description of an application scenario

Figure 7 Cross-data center application scenario

(1) PE1 and PE2 establish TUNNEL tunnel by learning TYPE-3 route, CE1 initiates ARP request or free ARP, ARP broadcast message is sent to PE2 through tunnel and broadcast to AC to reach CE2, CE2 replies ARP reply message to CE1, CEs learn ARP to each other.

(2) When the ARP request passes through PE1, a local MAC table entry is formed and the outgoing interface is fei-0/1/0/4.1, and BGP adds the local MAC route to the routing table and advertises it to PE2:.

(3) The MAC route received from PE1 announcement on PE2 is synchronized to the MAC to form a MAC entry, and the outgoing interface is the outgoing interface evpn-tunnel

(4) CE2 can see the ARP entries learned from PE2.

3.Application scenarios for EVPN

3.1 Data Centre Interconnection DCI

As cloud computing grows in popularity and traffic between data centers explodes, DCI (Data Center Interconnect) networks have become the focus of carrier data center development. DCI scenarios are tenant service turn-ups across DCs (data centers) that enable hierarchical control and service orchestration across geographies as well as combined differentiated services and traffic tuning for DCI networks.

The DCI network utilizes existing mature MPLS/VPLS technologies, combined with innovative and flexible control-plane EVPN technology, which adds another layer of Layer 2 message headers to the original messages, thus enabling large Layer 2 forwarding of messages, realizing that data flows can interoperate freely among all data centers, and building a high-speed and optimized DCI network.

The IP/MAC mobility control plane signaling available in these data centers serves virtual machine migration between data centers; while local DC gateways on each PE optimize routes so that external traffic is sent to the nearest egress; and L2 switching and L3 routing integrated on the same interface or VLAN enable flexible service deployment on virtual machines.

3.2 Integrated L2/L3 services

EVPN technology enables operators to deliver integrated L2 and L3 services to customers on a single interface and VLAN, with the advantage that operators can perform multi-service convergence with only one network technology enabled, without the need for multiple VPN protocols, making service deployment simple and easy, while effectively reducing the difficulty of network planning and operations and maintenance.

For example, EVPN-VXLAN works on top of any IP network, providing enterprises with flexible L2 and L3 VPNs for site interconnection at the same time. This application scenario only requires inter-site IP interworking, regardless of passing through multiple network providers' IP networks in between, without the need to deploy MPLS or other special configuration requirements; routing and MAC/IP announcements in the EVPN are controlled by IBGP between PEs; the operator's network is completely transparent to the EVPN, and the EVPN topology is completely transparent to the operator; all that can be seen in the WAN is IP traffic.

EVPN enables operators to deliver integrated L2 and L3 services to customers on a single interface and VLAN. For both services, there is only one network technology and no need for multiple VPN protocols. Depending on the redundancy and load balancing requirements, the PE to CE connection can be either fully primary or single primary. The EVPN service can be deployed on any core network: the MPLS core can use EVPN-MPLS and the IP core can use EVPN-VXLAN.

4. concluding remarks

The popularity of EVPN lies not only in the improvements it brings to L2 VPNs, but also in the fact that EVPN provides a control layer for Layer 2 networks. In particular, the following points can be summarized.

1.Reachable information for L2 and L3 can be learned through the control layer. The traditional control layer only has reachable information for L3.

2.Reduce network broadcasts with MAC/IP routes and ARP proxies.

3.Complete definition of multi-connectivity scenarios.

4.A complete definition of optimization of BUM data sending.

5.Support for MAC migration.

6.Supports topology self-discovery.

7.Multi-tenant support.

As it evolved, EVPN began to support more scenarios, with the addition of Route type 5 to EVPN for transporting IP prefix routing information; as a control layer for overlay networks, such as VXLAN; for applications such as data center interconnect scenarios. Technology selection involves more than just technical feasibility or merit, more importantly, many times network equipment vendors, Internet data centers and operators for the choice of technology, and more based on their own interests, the current state of development of SDN is sufficient to illustrate these; may also be similar to MPLS, with the intention of planting flowers, no doubt in the willow.

EVPN technology is valuable for customers and requires some investment for operators, and with the impact of architectures like SDN, it will be interesting to see if the reliance on forwarding-plane control signaling to synchronize forwarding entries will continue to be favored in the future.

Focus on information industry and communication technology, welcome to follow the public number: seven signaling


Recommended>>
1、No need to rush your data may be saved
2、AI Sleep Tracking Software Development Analysis
3、Automatic braking is no longer advanced this car 52 meters long only sold A4 price running highway can be automatic driving
4、Chinas first quantum computer control system is born to join forces with AI to create new wonders
5、The principle of displaying websites in the browser

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号