什么是evpn-vxlan?
EVPN VXLAN Explained
EVPN-VXLAN指的是网络结构,该网络结构扩展了第2层连接,因为网络覆盖了现有物理网络。这是一种开放标准技术,可在校园和数据中心创建更敏捷,安全和可扩展的网络。EVPN-VXLAN由:
- 以太网VPN(EVPN)用作叠加控制平面,并在IP或MPLS网络上提供了不同层2/3域之间的虚拟连接。
- Virtual extensible LANs (VXLAN), a common network virtualization overlay protocol that expands the layer 2 network address space from 4,000 to 16 million.
How EVPN-VXLAN works
EVPN-VXLAN enables businesses to connect geographically dispersed locations using layer 2 virtual bridging. EVPN-VXLAN provides the scale required by cloud service providers and is often the preferred technology for data center interconnections.
EVPN, as an overlay, supports multi-tenancy and is highly extensible, often using resources from different data centers to deliver a single service. It can provide layer 2 connectivity over physical infrastructure for devices in a virtual network or enable layer 3 routing.
Because it serves as a MAC address learning control plane for overlay networks, EVPN can support different data plane encapsulation technologies. This flexibility is especially appealing for network fabrics that aren’t strictly based on MPLS.
VXLAN encapsulates layer 2 Ethernet frames in layer 3 UDP packets, meaning virtual layer 2 subnets can span underlying layer 3 networks. A VXLAN network identifier (VNI) is used to segment each layer 2 subnet similarly to traditional VLAN IDs.
VXLAN隧道端点(VTEP)是一种具有VXLAN功能的设备,可封装并解除数据包。在物理网络中,开关通常用作第2层或第3层VXLAN网关,被视为硬件VTEP。虚拟网络等效物被称为软件VTEP,该软件VTEP托管在VMware ESXI或VSPHERE等游戏中。
evpn-vxlan的兴起
EVPN-VXLAN has emerged as a popular networking framework largely due to the limitations of traditional VLAN-based networks.
在校园环境中,由于BYOD,工作场所移动性和物联网引起的端点的扩散正在推动需要更细粒度的细分策略,以分离用户,设备和流量的不同配置文件。
在数据中心,这是一个类似的故事,其中正在部署越来越多的工作量来支持数字化转型。它需要单独保护和管理工作负载,同时防止黑客在发生漏洞时横向从服务器移动。
Building an EVPN-VXLAN fabric overlay with Aruba CX
Aruba CX开关组合是为现代校园和数据中心网络(包括基于EVPN-VXLAN的织物)的不断发展,复杂需求而设计的。基于分布式,非阻滞体系结构,并由AOS-CX, Aruba CX switches deliver true wired speed performance from 1GbE to 100GbE.
支持EVPN-VXLAN的Aruba CX开关包括:
- 阿鲁巴CX 6300:内置10/25GBE UPLinks(50GBE DAC),并支持多达10人的堆叠
- 阿鲁巴CX 6400: A modular 5- or 10-slot switch with up to 28Tbps capacity
- Aruba CX 8325:具有1/10/25/40/100GBE连接的1U开关非常适合叶子或脊柱开关
- 阿鲁巴CX 8360: High-performance 1/10/25/40/100GbE connectivity in a compact 1U form factor
- Aruba CX 8400: 8-slot modular switch with up to 19.2Tbps capacity ideal for campus core
- (静态VXLAN支持CX 6200)
Aruba Central Netconductor:基于覆盖的自动化
中央NetConductor下一代solution for increasingly complex networks, enabling organizations of all types and sizes to automatically configure LAN, WLAN, and WAN infrastructure to deliver optimal network performance while enforcing granular access control security policies that are the foundation of Zero Trust and SASE architectures.
Central NetConductor uses widely adopted protocols, such as EVPN/VXLAN, to produce an intelligent network overlay suitable for rapid enterprise network deployment and massive scalability. It comprises cloud-native services delivered by阿鲁巴中央,一个云本地平台,是阿鲁巴边缘服务平台(ESP) and can be deployed without a rip-and-replace of current network infrastructure.
EVPN-VXLAN的优势
Enterprises using EVPN-VXLAN gain the following benefits:
灵活性:EVPN-VXLAN支持多个协议,并与其他通用网络服务(如VPN)共享共同的架构元素,从而易于集成到现有网络中。
更大的可伸缩性:基于EVPN-VXLAN的体系结构使企业能够轻松添加新的开关,而无需重新设计底层网络。
Enhanced security:细分细分允许它限制网络中每个连接元素之间的流量流,硬化安全姿势并限制攻击的爆炸半径。
更好的性能和弹性:网络设备之间的延迟更为可预测,尤其是在脊柱叶片建筑中,单个脊柱或叶子的故障对整体织物性能的影响并没有太大影响。
相关资源
