Ethernet VPN (EVPN)
Module Introduction
This module provides an generic introduction into Ethernet VPN (EVPN) and explains the terminology and the basic mechanism. The configuration of the services is then described in the next module.
|
As of RBFS version 24.8.1, only EVPN pseudowire service are supported. |
Ethernet VPN (EVPN) Overview
BGP/MPLS Ethernet VPN (EVPN) is a Layer 2 VPN technology designed to carry Ethernet traffic over an MPLS network. It provides more scalable and flexible services compared to traditional L2VPNs like VPLS (Virtual Private LAN Service). In traditional Layer-2 VPNs (L2VPNs), MAC address learning is exclusively done on the forwarding plane. The drawback of this approach is that it does not support multi-homing of different sites and traffic load balancing. EVPN uses BGP to distribute MAC address reachability.
In case of EVPN, a VPN instance is called a EVPN Instance (EVI), which is a set of one or more Ethernet segments that belong to the same customer. EVIs are implemented on provider edge (PE) routers that represent the boundary between customer site and MPLS backbone network. A customer site is connected to the PE router via an Ethernet Segment that is represented by an 10-octet Ethernet Segment Identifier (EVI). A segment can be multihomed to one or more PE routers. If the Ethernet segment is single-homed, the ESI has the value of 00.00.00.00.00.00.00.00.00.00. An EVPN instance can consists of multiple broadcast domains (e.g., VLANs). Each broadcast domain is identified by an Ethernet Tag (ET).
EVPN control plane is encoded in BGP using multiprotocol extensions (MP_REACH_NLRI) with AFI=25 and SAFI=70. In order to exchange EVPN information across the network, five different route types are used:
-
Ethernet Auto-Discovery (type-1) is used to signal the presence of an Ethernet segment and to advertise information about multi-homed customer sites.
-
MAC/IP Advertisement (type-2) advertises MAC addresses and optionally IP addresses of hosts within an EVPN instance.
-
Inclusive Multicast Ethernet Tag (type-3) is used to signal that a PE is part of a specific multicast group for a given EVI. This enables the PE to participate in broadcast, unknown unuicast and multicast (BUM) traffic distribution.
-
Ethernet Segment (type-4) advertises multi-homed Ethernet segments and is used to synchronize the state between PEs connected to the same customer site. It helps manage load balancing and redundancy.
-
IP Prefix Advertisement (type-5) advertises IP addresses or prefixes instead of MAC addresses, enabling the support of Layer 3 VPNs over EVPN.
EVPN Operation
For the sake of better understanding these components, let’s walk through the EVPN control plane flow step by step.
When a PE router receives an Ethernet frame on an interface that is associated with an Ethernet VPN instance, it learns the MAC address like a traditional layer-2 device and stores it in a local MAC-VRF, i.e., a virtual routing and forwarding table for MAC addresses. In addition, it generates a BGP message containing a EVPN route of route type 2 (MAC/IP Advertisement) and sends it to all other PEs in the EVPN instance. The route import and export is controlled by route target extended community attributes. The MAC/IP Advertisement message contains the MAC address, Ethernet tag, and MPLS labels. Optionally, it may contain the IP address of the received frame as well.
The remote PE router receives the message and installs the MAC address into its local forwarding table, associating it with the corresponding MPLS label, i.e., in contrast to traditional layer-2 devices, the MAC learning happens via control plane.
EVPN supports all-active multi-homing, allowing a customer site to be connected to multiple PE routers. This provides load balancing and failover redundancy. The PEs exchange BGP Route Route Type 1 (Ethernet Auto-Discovery) and Type 4 (Ethernet Segment Route) messages to coordinate multi-homing. When BUM traffic is generated, the PE sends Route Type 3 (Inclusive Multicast) messages to indicate participation in the distribution of such traffic.