VXLAN with BGP EVPN

(不支持6200开关系列。)

Ethernet VPN (EVPN) is used as the overlay control plane to exchange layer 2 and layer 3 connectivity information between different layer 2/3 domains over an IP or IP/MPLS underlay network.

The initial EVPN standard RFC 7432 defined the BGP EVPN control plane and specifies an MPLS data-plane. The control plane with an MPLS data plane was extended to consider additional data plane encapsulations models. These models include VXLAN, NVGRE, and MPLS over GRE which is detailed in RFC 8365. This section focuses on EVPN and its operation with a VXLAN data plane for building overlay networks.

EVPN, as an overlay, supports multi-tenancy and is highly extensible, often using resources from different overlay fabric networks (like data centers) to deliver a single service. It can provide layer 2 connectivity over physical infrastructure for devices in a virtual network, or enable layer 3 routing.

In a Clos topology (leaf-spine) deployment of a Vxlan fabric, leaf nodes are configured as VTEPs to provide VXLAN services and spine nodes perform layer-3 routing on the outer headers IP/UDP encapsulation. If all VTEPs and underlay network devices of an EVPN network belong to the same AS, the spine nodes can act as route reflectors (RRs) to reflect routes between the VTEPs. In this scenario, the spine nodes receive and advertise BGP EVPN routes, but do not perform VXLAN encapsulation and de-encapsulation. If eBGP is used, the spines will forward the routes from one leaf to the other as inherent functionality of eBGP.

The IETF specifies two methods for supporting inter-subnet routing with EVPN: symmetric and asymmetric integrated routing and bridging (IRB). The main difference between the two methods is that the symmetric method supports both routing and bridged on both the ingress and egress VTEPs, where the asymmetric method supports routing on the ingress, but only bridging on the egress.

AOS-CX supports Centralized L3 gateways and Symmetric IRB Distributed L3 gateways.