Building Blocks in EVPN VXLAN for Multi-Service Fabrics. Aldrin Isaac Co-author RFC7432 Juniper Networks
|
|
- Stephany Coleen Haynes
- 5 years ago
- Views:
Transcription
1 Building Blocks in EVPN VXLAN for Multi-Service Fabrics Aldrin Isaac Co-author RFC7432 Juniper Networks
2 Network Subsystems Network Virtualization Bandwidth Broker TE LAN Fabric WAN Fabric LAN WAN
3 EVPN for Network Virtualization EVPN Bandwidth Broker TE LAN Fabric WAN Fabric LAN WAN
4 EVPN in the LAN Fabric = The Multi-Service Fabric EVPN LAN Fabric LAN
5 Agenda Quick recap of EVPN fundamentals (5 slides) EVPN overlay options for intra-tenant east-west traffic (16 slides) Examples: interesting use cases with EVPN (7 slides) North-south traffic through EVPN based service chains (14 slides) Efficient replication options in EVPN (8 slides)
6 Things to note about this tutorial Is about native EVPN building blocks that are compliant with RFCs or standardstrack drafts. No proprietary technology Is about what has been implemented or is possible to implement on network SW/HW today Will not go into route and tunnel header gory details Is based on EVPN VLAN-Aware bridging model (vs VLAN-based) As we move forward, we will move faster.
7 Network Virtualization Overlay Reference Model for this Tutorial E1 E2 VLAN1 E3 E4 Tenant 1 VLAN2 SF E5 VLAN3 E6 E7 Tenant 2 VLAN4 E8 For this tutorial, tenants are groups of locationindependent endpoints where: Groups manifest as subnets that are routed to other groups of the same tenant (i.e. east-west) via a distributed routing function Tenants are routed to other tenants and to external destinations (i.e. north-south) through service function chains BGP Route Reflectors Tenants and groups are implemented as IP and Ethernet overlay virtual networks Overlay Edge VRF1 VXLAN overlay data plane VRF2 VRF2 VRF1 VRF1 VRF2 NVE VTEP PE The network virtualization edge (NVE) function may be implemented on ToR switch: to support physical end-systems Virtual routers: to support virtual end-points VLAN2 VLAN3 VLAN4 VLAN1 VLAN3 VLAN4 VLAN1 VLAN2 E3 E5 E6 E7 E1 E2 E4 E8 Note: NVE are also referred to as PE in SP networks, or VTEP in VXLAN networks. 7
8 EVPN Parallels with Classical Networks IP Fabric Multi-Tenant EVPN Network Single-Tenant Classical Network VTEP NVE / PE Virtual Router aka VRF IP EVPN Physical Router Physical Router Physical Router Virtual Switch aka MAC-VRF IRB Interfaces VLAN Table z Ethernet EVPN aka EVI Broadcast Domain EVPN Tag VXLAN VNI Physical zswitch VLAN Table VLAN Table VLAN Table Broadcast Domain EVPN Tag VXLAN VNI Physical Switch Physical Switch VLAN Table VLAN Table VLAN Table VLAN Table RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
9 BGP-based VPNs Overview IP Fabric MP-BGP Route Reflector VTEP 3 VTEP 2 VTEP 1 L3 Routes VRF-A MP-BGP EVPN VRF-A BGP Policy Route export with Extended Community RT 1111:1111 Route import with Extended Community RT 1111:1111 IPVPN-A Tunnels EVI-A MAC-VRF-A VLAN 10 EVPN Tag 100 VXLAN VNI 100 VLAN 20 EVPN Tag 200 VXLAN VNI 200 L2 Routes L1 Routes MAC-VRF-A BGP Policy Route export with Extended Community RT 2222:2222 Route import with Extended Community RT 2222:2222 Broadcast Domain EVPN Tag VXLAN VNI Broadcast Domain EVPN Tag VXLAN VNI RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
10 EVPN Route Types By Layer L3: IP Routing Type-5 IP Prefix Route MAC-VRF IP forwarding Type-5 VRF-to-VRF IP Prefix Route VRF IP forwarding L2: Ethernet Bridging Type-2 MAC/IP route MAC-Only MAC unicast forwarding MAC + IP ARP Proxy Type-3 Inclusive Multicast Ethernet Tag (IMET) Route BUM forwarding Type-6 Selective Multicast Ethernet Tag (SMET) Route Selective IP multicast forwarding L1: Ethernet Multi-Homing Type-4 Ethernet Segment (ES) Route Designated Forwarder (DF) election Type-1 Ethernet A-D Route Per ES Split horizon, Fast convergence Per EVI (ES:Tag) Aliasing Type-7 Multicast Join Sync Route Selective IP multicast support Type-8 Multicast Leave Sync Route Selective IP multicast support Layer 2.5 Includes ESI only Includes Tag only Includes Tag & ESI 10
11 EVPN Route Types By Unicast-related Vs Replication-related Unicast L1: Type-1 Ethernet A-D Route per ES Fast convergence L1: Type-1 Ethernet A-D Route per EVI Aliasing L2: Type-2 MAC/IP route MAC unicast forwarding, ARP Proxy ** L3: Type-5 Prefix Route Route IP forwarding BUM and IP Multicast L1: Type-1 Ethernet A-D Route per ES Split horizon L1: Type-4 Ethernet Segment (ES) Route Designated Forwarder (DF) election L1: Type-7 Multicast Join Sync Route Selective IP multicast support L1: Type-8 Multicast Leave Sync Route Selective IP multicast support L2: Type-3 Inclusive Multicast Ethernet Tag (IMET) Route BUM forwarding L2: Type-6 Selective Multicast Ethernet Tag (SMET) Route ** Selective IP multicast forwarding 11
12 Intra-Tenant (EAST-WEST) Overlay Service Models
13 1. Pure Bridging Overlay
14 Bridging Overlay Spine Unicast MAC forwarding EVPN Type-2 MAC-only route Routes generated from locally learned MACs in local VLAN table Bridging Only External Gateway NVE VLAN1 VLAN2 VLAN1 VLAN2 VRF1 WAN VLAN1 VLAN2 VLAN1 VLAN2 VRF1 L2VNs VLAN1 VLAN2 VLAN2 NVE Bridging Only BUM forwarding Type-3 Inclusive Multicast Ethernet Tag (IMET) route Ingress replicated by default Overlay transport VXLAN tunnels are marked with the VNI of a transported broadcast domain. Like Ethernet trunks between physical switches VXLAN VNI is carried in Label and Tag field of EVPN NLRI ARP suppression Add Type-2 MAC+IP route RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay 14
15 Bridging Overlay Detail Type-2 MAC, Type-3 IMET Leaf1 Leaf2 MAC-VRF-T MAC-VRF-T VLAN1 VLAN2 MAC VLAN2 VLAN1 L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement 15
16 ARP Proxy
17 EVPN ARP Proxy -- Synchronization and Suppression Leaf 1 Flow 1 Gateway ARP Synchronization VRF1 VRF1 ARP request 2 4 MAC/IP Route 3 ARP response 5 Flow Original ARP response 2 MAC/IP Route Leaf1 H1 ARP Suppression ARP request Leaf2 H2 Generated ARP response 4 ARP request Leaf3 Subnet 1 Subnet 1 Subnet 1 H3 Generated ARP response ARP synchronization keeps the per-subnet ARP tables of tenant VRFs synchronized MAC-to-IP bindings are learned by Leaf VTEP from the Sender field of local ARP request and reply packets and advertised as Type-2 MAC+IP routes MAC-to-IP bindings can be learned and advertised by Leaf VTEP with or without local VRF RFC/Drafts: RFC7432, draft-ietf-bess-evpn-proxy-arp-nd With distributed ARP broadcast suppression, Leaf VTEP will proxy respond to local ARP requests using the same synchronized MAC-to-IP bindings Reduces the impact of ARP broadcast on routers and hosts MAC-to-IP bindings may be learned from DHCP messages and coupled with sticky MAC procedures to safeguard against IP spoofing, ARP poisoning and duplicate detection 17
18 EVPN ARP suppression (cont d) Gratuitous ARP Proxy 1 GARP 2 MAC/IP Route Leaf1 Leaf2 Regenerated GARP Leaf3 Subnet 1 Subnet 1 Subnet 1 H1 H2 3 3 H3 Regenerated GARP GARP proxy is a feature of EVPN ARP suppression used to avoid data-plane flooding of GARPs. MAC-to-IP bindings are learned from Sender field of local GARP and advertised as Type-2 MAC+IP routes VTEP regenerate GARP to local end systems when they receive new remote MAC-to-IP bindings via Type-2 MAC+IP routes Example scenarios: VIP mobility for active-standby firewall Mobility in bridged mode WIFI VM mobility RFC/Drafts: RFC7432, draft-ietf-bess-evpn-proxy-arp-nd 18
19 2. Centrally Routed Bridging Overlay
20 Centrally Routed Bridging (CRB) Overlay IP routing is performed with IRB at central gateway VTEP. All default gateways for a subnet should share same MAC and IP. CRB gateway role can be placed at spine, leaf or anywhere else CRB access role at Leaf VTEPs only perform bridging CRB Border Gateway VRF1 VRF1 WAN L2VNs VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 CRB Access Host packets addressed to IRB MAC are forwarded to CRB gateway for routing. Other MACs are forwarded directly between Leaf. Type-2 MAC+IP route provides ARP synchronization between central gateways T2 MAC+IP also supports ARP suppression at leaf VTEP without need for local VRF Typical use case: where CRB gateway supports advanced functions, such as high ACL scale, stateful FW, NAT, etc vs CRB access RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay 20
21 Centrally Routed Bridging Detail CRB Gateway Gateway1 VRF-T Type-2 MAC, Type-3 IMET Type-2 MAC, MAC+IP Type-2 MAC, MAC+IP MAC-VRF-T VLAN1 VLAN2 Leaf1 MAC/IP MAC/IP Leaf2 CRB Access MAC-VRF-T VLAN1 VLAN2 MAC/IP VLAN2 MAC-VRF-T VLAN1 CRB Access L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement 21
22 3. Edge Routed Bridging Overlay
23 Edge Routed Bridging (ERB) Overlay Both intra and inter subnet IP forwarding are performed at Leaf VTEP with IRB. All gateways for a subnet must share same MAC and IP. Asymmetric ERB: Same route types as CRB Inter-subnet forwarding relies on ARP table synchronization using Type-2 MAC+IP route Drawback: All VLANs of tenant must be provisioned at all the VTEP where the tenant VRF is present Type-5 based Symmetric ERB (recommended): IP Border Gateway VRF1 WAN VRF1 L3VNs L2VNs VRF1 VRF1 VLAN1 VLAN2 VLAN2 ERB Uses Type-5 Prefix Route to exchange IP host routes for inter-subnet forwarding carries VRF VNI Locally learned ARP entries are imported into RIB and advertised as Type-5 host routes Type-2 MAC+IP route is used for distributed ARP suppression Advantages: L2VN/VLAN need to only be provisioned on the VTEP that have locally attached members of that VN. So has improved scaling over asymmetric model RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
24 Edge Routed Bridging Detail Type-2 MAC, Type-3 IMET Local, Type-2 MAC, MAC+IP Type-5 IP Host Leaf1 VRF-T IP EVPN Host IP Leaf2 VRF-T MAC-VRF-T MAC-VRF-T VLAN2 VLAN1 VLAN2 MAC/IP VLAN1 L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
25 4. IP Routed Overlay
26 IP Routed Overlay IPVPN for LAN using EVPN and VXLAN. No Ethernet Bridging. IP overlays are useful for North-south traffic flows ( service chaining ) Tenants that have no need for Ethernet bridging Uses only EVPN Type-5 Prefix route Requires BGP to host for IP address mobility IP Border Gateway L3VNs VRF1 VRF1 VRF1 WAN VRF1 IP Only May be useful for cloud fabrics as well: Lean core option for SaaS fabrics Or lightweight network-level multi-tenancy option for SaaS operators (Ex: production and development on same fabric) Additionally, overlay tunnels can enable useful functions such as in-situ OAM and GBP RFC/Drafts: draft-ietf-bess-evpn-prefix-advertisement section 5.4.1
27 Full Mesh IP EVPN Leaf3 VRF-T Import RT-T Export RT-T Type-5 Leaf1 Import RT-T Export RT-T T i T k Tk X j Import RT-T Export RT-T Leaf2 VRF-T X i X j VRF-T RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
28 Hub-and-spoke IP EVPN Border VRF-G Import RT-X Export RT-G Leaf1 VRF-X Import RT-G Export RT-X X i G G Type-5 X j Import RT-G Export RT-X VRF-X Leaf2 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
29 Edge Routed Bridging with IP Border Gateway (N-S) Function Detail Aggregates Border VRF-G Type-2 MAC, Type-3 IMET Local Type-5 IP Host Type-5 IP Prefix Leaf1 VRF-T Host IP Default IP EVPN Host IP Default Host IP VRF-T Leaf2 MAC-VRF-T MAC-VRF-T VLAN1 VLAN2 MAC/IP VLAN2 VLAN1 L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
30 IP Routed Overlay with Host Mobility L3VPN VRF1 VRF1 VRF1 VRF1 Gateway VLAN1 VLAN2 VLAN2 IP Border WAN IP Only Mobility Like ERB, but with no bridging overlay. Mobility here means a host IP can only be at one VTEP or another, not both. This is typical for Ethernet bridging, but not typical for IP routing. ARP entries from local VLAN are imported to RIB and exported as mobile Type-5 host routes. Uses Mobility Extended Community with Type-5 routes like with Type-2 routes. VTEPs with nonhighest sequence number must clear their local ARP entry and withdraw their advertisement. Requires IP-move suppression like with MAC-move suppression Supports subnets stretched across multiple VTEP. Classical proxy ARP used for non-local members of subnet Broadcasts and multicast are local-only All gateways for a distributed subnet must share same MAC and IP for workload mobility Caveat: No Ethernet multi-homing RFC/Drafts: draft-ietf-bess-evpn-prefix-advertisement, RFC7814, draft-malhotra-bess-evpn-irb-extended-mobility-04#section-8
31 IP Routed Overlay with Host Mobility Classical Proxy ARP and Type-5 Host with Mobility Type-5 IP Host with Mobility Local Leaf1 VRF-T IP EVPN Host IP Leaf2 VRF-T VLAN1 VLAN2 VLAN2 VLAN1 H1 H2 H3 H4 RFC/Drafts: draft-ietf-bess-evpn-prefix-advertisement, RFC7814, draft-malhotra-bess-evpn-irb-extended-mobility-04#section-8
32 Multi-homing
33 Ethernet Multihoming EVPN supports N-way Ethernet multihoming where N can be greater than 2 No ICL link required Uses EVPN Type-1 and Type-4 routes Adds EVPN Type-7 and Type-8 routes for selective multicast Multi-homed end-systems are identified in the overlay by unique Ethernet Segment ID (ESI). ESI identify unique split horizon boundary. Only one member link of an ESI is allowed to forward BUM packets. This member is known as the Designated Forwarder (DF) ESI may be at the granularity of physical port or at the granularity of logical interface (VLAN ID) EVPN Auto-ESI -- ESI generated automatically from LACP system-id or from BPDU root bridge snooping VRF1 VRF1 VRF1 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 ESI-1 ESI-2 ESI-1 ESI-2 LAG Trunk LAG VLAN1 VLAN2 ESI-1 ESI-2 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay 33
34 IP Multihoming Ethernet-connected IP-connected VRF1 VRF1 VRF1 VLAN1 VLAN2 VLAN3 ebgp Leaf Ethernet port IP port ebgp VRF1 VRF1 VRF1 Leaf IP port Routed BMS / H-visor / NF Routed NF End-system IP ports connect Ethernet ports into local subnet on each leaf Routed via a local IRB on each local subnet Less address management -- well suited for server attachment Floating IP, loopback and other routes advertised into overlay via ebgp peering between end-system and leaf IRB interface Routed IP interface on either side of the link No VLANs or IRB interfaces required at the leaf Better for network functions, like routers ebgp for advertising routes into overlay
35 Special Use Case Examples (with EVPN-native multi-homing support)
36 Example 1 Underlay Routed Overlay Subnets
37 GRT-based Edge Routed Bridging Single-tenant variant of symmetric ERB where IP routing is performed in the global routing table. No network virtualization and tunneling for IP. Basic use case is EVPN-based Ethernet multihoming for a GRT-routed end-system instead of MC-LAG inet.0 inet.0 L2VNs inet.0 inet.0 VLAN1 VLAN2 VLAN1 VLAN2 GRT ERB Expanded use case allows a subnet to exist across any number of leaf, with routing performed in the global routing table WAN Supports ARP suppression RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay
38 Example 2 Legacy Access Switch on EVPN
39 Legacy Access Switch Support Collapsed Spine ERB VRF1 VRF1 VRF1 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 L3VNs L2VNs EVPN ESI MC-LAG Access Switch VLAN1 VLAN2 VLAN1 VLAN2 VRF1 VRF1 VRF1 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 Bridged H-visor / NF Bridged BMS / NF Form of ERB where legacy Ethernet access switches (vs endsystems) are multihomed to a set of leaf VTEP Leaf VTEP may advertise subnet routes instead of host routes if subnet is not distributed EVPN multihoming down and proprietary MC-LAG up Great example of EVPN N-way multi-homing Collapsed spine pod may be part of a larger IP fabric Typical use case: transitional step from traditional MC- LAG model to a full overlay model with support for existing access switches from any vendor
40 Example 3 BUM-free Subnets
41 Bum-free Subnet (Only Known MAC Unicast and IP Unicast) 1 GARP 2 MAC, MAC/IP Route Leaf1 Leaf2 BUM X Leaf3 Subnet 1 Subnet 1 Subnet 1 H1 Regenerated GARP 3 H2 4 Generated ARP Response 5 ARP Request H3 Regenerated GARP 3 Problem Statement Some Ethernet services are unicast-only, but unfortunately still need BUM support for ARP Operators of these services do not want any packet replication on their network (ex: IX, CX, Hosting, IaaS, etc) Solution Enable ARP suppression with GARP support Do not import/export BUM and IP Multicast route types 3 (IMET) and 6/7/8 (SMET). Benefits No BUM = no loop issues No flood list state and related scale issues IPVPN-like with Ethernet plug-and-play Note Requires GARP from host on startup ( arping -A -c 4 - I eth0 in dhcpcd-run-hooks ) and whenever MAC/IP binding changes or endpoint moves. RFC/Drafts: RFC7432, draft-ietf-bess-evpn-proxy-arp-nd 41
42 Example 4 PVLAN Emulation
43 PVLAN Emulation using ERB with A/S Gateway With support for A/A multihoming Different subnet from Group A & B DHCP Located in underlay Supports option-82 ERB Tenant-A VRF-A, VNI-A IRB IP /24 DHCP Relay for ERB IRB filters for PVLAN ERB Tenant-G VRF-G, VNI-G GW IP /29 FW-VIP FW1a FW1b Routing table filter Default E1 E3 Group-A Community Gateway FW1a FW1b Hub-and-Spoke IP EVPN Host IP Static route 0/0 FW-VIP E2 E4 Group-B Isolated Problem statement: Subnet /24 must be shared without overlap across two server groups, A & B Servers in group A and servers in group B must not be reachable to one another Servers within group A must be reachable to other servers within group A ( community ) Servers in group-b must not be reachable to other servers in Group-B ( isolated ) Both group A & B servers must share a common active-standby firewall gateway pair, FW1, to communicate with external endpoints ERB Tenant-B VRF-B, VNI-B IRB IP /24 DHCP Relay for ERB IRB filters for PVLAN Port filters for Isolated PVLAN Caveats: Need logical VRF per group No north-south multicast yet Same as Group-A
44 PVLAN Emulation with ERB Server Group A & B Detail (5) ADD Hub-Spoke IP EVPN Host IP Default VRF-A Hub-and-Spoke IP EVPN Import RT-G (Default) Export RT-AB (Host) Default Host IP VRF-B DHCP Located in underlay For opt82 remote-id =.*: pool = /24 DHCP Relay VRF-B MAC-VRF-B VLAN-B as VNI-B Anycast IRB IP /24 Anycast IRB MAC xe:xx:xx:xx:xx:xx DHCP Relay: remote-id = <IRB>: source & giaddr = underlay loopback IP (1) ERB All server groups in a PVLAN use same subnet and same DHCP pool (2) ADD DHCP for ERB MAX-VRF-A VNI-A MAC-VRF-B VNI-B IRB Input Filter deny src deny src except /24 deny dst /24 except IRB Output Filter deny dst except /24 deny src /24 except (3) ADD IRB filters for PVLAN E1 E3 E2 E4 Port Input Filter: deny src Anycast-IRB-MAC Port Output Filter: deny src except Anycast-IRB-MAC (4) ADD port filters for Isolated PVLAN
45 Example 5 VXLAN / MPLS / SRv6 Coexistence
46 Telco Cloud EVPN-VXLAN and MPLS-IPVPN Coexistence Use Case EVPN Type-2 MAC, MAC+IP Local EVPN Type-5 IP Host IPVPN-EVPN Local Chaining East-West Domain North-South Domain MPLS-VRF Leaf1 Route Leak VXLAN- VRF IP EVPN Host IP VXLAN- VRF Leaf2 Route Leak MPLS-VRF VXLAN-MAC-VRF VXLAN-MAC-VRF VLAN1 VLAN2 Host MAC/IP VLAN2 VLAN1 L2 EVPN FE1 BE1 BE2 FE2
47 Telco Cloud EVPN-VXLAN and SRv6 Coexistence Use Case EVPN Type-2 MAC, MAC+IP Local EVPN Type-5 IP Host EVPN-GRT Local Chaining SR segments pushed at FE ToR simply routes IPv6 East-West Domain North-South Domain IPv6 GRT Leaf1 Route Leak VXLAN- VRF IP EVPN Host IP VXLAN- VRF Leaf2 Route Leak IPv6 GRT VXLAN-MAC-VRF VXLAN-MAC-VRF VLAN1 VLAN2 Host MAC/IP VLAN2 VLAN1 L2 EVPN FE1 BE1 BE2 FE2
48 Service-chaining N-S Traffic
49 Service Chaining Reference Model for North South Traffic WAN SF SF Tenant 1 Tenant 2 E1 E2 BD1 E3 E4 BD2 E5 E6 BD3 E7 E8 BD4
50 We have seen this before Gateway Service Function (Stateful FW) FW1a FW1b Service Function Chain VRF-G, VNI-G GW IP /29 FW-VIP Default Host IP Static route 0/0 FW-VIP VRF-A, VNI-A GW IP /24 Hub-and-Spoke L3VN VRF-B, VNI-B GW IP /24 E1 E3 Group-A E2 E4 Group-B
51 And another SF/SFC example we have looked at Aggregates Border VRF-G Service Function (MPLS VPN Gwy) Service Function Chain Leaf1 VRF-T Host IP Default IP EVPN Host IP Default Host IP Leaf2 VRF-T MAC VRF MAC VRF VLAN1 VLAN2 Host MAC/IP VLAN2 VLAN1 L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
52 And another kind of SFC we have seen EVPN Type-2 MAC, MAC+IP Local EVPN Type-5 IPVPN-EVPN Local Chaining East-West Domain North-South Domain Service Function Chain Service Function (MPLS VPN Gwy) MPLS-VRF Leaf1 Route Leak VXLAN- VRF IP EVPN Host IP VXLAN- VRF Leaf2 Route Leak MPLS-VRF VXLAN-MAC-VRF VXLAN-MAC-VRF VLAN1 VLAN2 Host MAC/IP VLAN2 VLAN1 L2 EVPN FE1 BE1 BE2 FE2
53 BD-L1-1 BD-L1-2 BD-L2-1 BD-L2-2 8 VRF-SF1-L 9 BD-SF1-R BD-SF1-L VRF-SF1-L VRF-SF1-L VRF-SF1-L VRF-SF1-R BD-SF1-L Service Chaining Using Our Building Blocks ERB Tenant-L1 CRB Tenant-R1 SF1-L SF1a L3 SF1-R SF2-L SF2a L1 SF2-R GW1-L GW1a L3 BD-R8-FW1 VRF-R8 BD-R8-1 BD-R8-2 Tenant-L2 SF1b L3 SF2b L1 GW1b L3 Tenant-R2 BD-R9-2 ERB H & S L3VN ERB Service Function ERB H & S L3VN IP Service Function IP H & S L3VN ERB Gateway Bridged
54 Service Chains with Bi-Way Service Functions
55 VRF-R BD-L BD-R VRF-R BD-L BD-L BD-L BD-L inet.0 BD-R Playing Service Chain Lego Connector Legend Tenant Head of chain Tail of chain To left function To right function Fabric External Function Service Function Type Examples Inter VNet L1 L3 L3 VRF-T inter-tenant gateway bump-in-wire ip-forwarder l2vn-linked ip-forwarder integrated ipsec external ip links VRF-R L1 L3 L3 IPVPN L3 fabric bump-in-wire w/ external link ip-forwarder w/external link l2vn-linked ip-forwarder w/external link integrated vpn gateway external gateway RFC/Drafts: draft-ietf-bess-service-chaining
56 VRF-R Service Chains -- Bump-in-Wire Service Function L1 IP adjacency through bump-in-wire L1 D L L3VN to left SF or Tenant IP1 IP2 VRF-R D R IP2 IP1 D L L3VN to right SF or Tenant D R At head, tail or middle of chain L1 IP2 IP1 D L L1 D L L3VN to left SF or Tenant IP1 D R IP2 External Device D R At end of chain with external link RFC/Drafts: draft-ietf-bess-service-chaining
57 BD-L BD-L BD-R VRF-R Service Chains -- IP Routing Service Function IP2 L3 IP3 IP adjacency with ipforwarder L3 D L L3VN to left SF or Tenants IP1 IP4 VRF-R D R IP2 IP3 D L L3VN to right SF or Tenants D R At head or middle of chain IP2 L3 IP3 IP4 IP3 D L L3 D L L3VN to left SF or Tenants IP1 D R IP2 External Device D R At end of chain with external link RFC/Drafts: draft-ietf-bess-service-chaining
58 VRF-R VRF-R VRF-R Service Chains Service Function Scaling IP2 L3 active IP3 L3 active IP1 VRF-R IP4 D L L3VN to left SF or Tenants L3VN to right SF or Tenants D R L3 standby IP5 IP8 IP6 L3 active IP7
59 BD-L VRF-R BD-L BD-R VRF-R BD-R VRF-R BD-R Service Chains Active/Standby Redundancy VIP L IP2 L3 active IP3 VIP R L3 active VIP announcement over L2VN using GARP BD-L DR VIPL VIPR DL BD-R VRF-R D L L3VN to left SF or Tenants L2VN-L L2VN-R L3VN to right SF or Tenants D R L3 standby BD-L DR VIPL VIPR DL IP6 L3 standby IP7
60 BD-L BD-L BD-R BD-R BD-R BD-R Service Chains Multicast (L2 Linked Chains) VIP L IP2 L3 active IP3 VIP R L3 active In-band PIM DR and VIP election over L2VN BD-L BD-R D L BD-L L2VN to left SF or Tenants L2VN to right SF or Tenants D R L3 standby BD-L IP6 L3 standby IP7
61 BD-L1-1 BD-L1-2 BD-L1-1 BD-L1-2 BD-L2-1 BD-L2-2 BD-L2-1 BD-L VRF-R BD-L VRF-R BD-L BD-R VRF-R VRF-R BD-L VRF-R BD-L BD-R VRF-R BD-R VRF-R BD-R VRF-R Service Chains -- Multiple Chains Service Chain 1 SC1-Instance1 Tenant-L1 DLP L1 FW L3 Tenant-R1 BD-R1-1 BD-R1-1 DLP L1 SC1-Instance2 FW L3 VRF-R1 VRF-R1 BD-R1-2 BD-R1-2 Tenant-L2 Service Chain 2 Service Chain 3 Tenant-R2 Inter VNet Not all connectors in a parallel service chain may be active Inter VNet VRF-R2 VRF-R2 BD-R2-1 BD-R2-1 BD-R2-2 BD-R2-2 Inter VNet Inter VNet RFC/Drafts: draft-ietf-bess-service-chaining
62 BD-L3-1 BD-L3-2 BD-L4-1 BD-L4-2 BD-L5-1 BD-L VRF-R VRF-R VRF-R VRF-R Service Chains -- Branching Chains Tenant-L3 VNet-L3 Service Chain 4 LB L3 Only Service VIP is visible to external. Can be learned using BGP. Tenant address is not visible. Tenant-L4 LB L3 Service Chain 6 Service Chain 5 VRF-T VRF-T External Network Tenant-L5 FW L1 FW L1 RFC/Drafts: draft-ietf-bess-service-chaining
63 BD-L6-1 BD-L6-2 BD-L7-1 BD-L VRF-R VRF-R inet.0 inet.0 VRF-R VRF-R Service Chains -- Dependent Chains (IP/EVPN Transport) Tenant-L6 Service Chain 7 (depends on Service Chain 8) LB L3 IPVPN Tenant-L7 LB L3 IPVPN External IPVPN Service Chain 8 Fabric VRF-R VRF-R FW L1 FW L1 VRF-T VRF-T External Transport Network RFC/Drafts: draft-ietf-bess-service-chaining
64 External Gateways (i.e. N-Way IP forwarders)
65 BD-L9-1 BD-L BD-L8-FW1 BD-L8-1 BD-L8-2 BD-T-FW1 BD-L9-FW1 VRF-T External Gateway ERB Tenant-L8 External Gateway interfaces are members of tenant overlays ERB Service Chain 6 Transit Tenant-L9 FW1a L3 FW1b L3 VRF-T VRF-T External Network ERB External Gateway connected to a service chain using a transit overlay External Gateway is L3 RFC/Drafts: draft-ietf-bess-service-chaining
66 BD-L9-1 BD-L BD-L8-FW1 BD-L8-1 BD-L8-2 BD-L BD-L9-FW1 BD-L BD-L BD-R BD-R L2 Linked Service Chain for Multicast Support ERB Tenant-L8 CRB Tenant-R8 FW1a L3 Bridged Transit Service Chain 9 L3 Bridged Transit FW2a L3 BD-R8-FW1 VRF-R8 BD-R8-1 BD-R8-2 Tenant-L9 FW1b L3 L3 BD-R FW2b L3 External Network Tenant-R9 BD-R9-FW1 VRF-R9 BD-R9-2 BD-R9-1 ERB Service Chain BD extended to External Gateway CRB
67 Overlay Replication
68 Pure Overlay BUM Replication (i.e Not Underlay Assisted) Overlay replication uses over-the-top signaling No hop-by-hop per-flow or per-group multicast signaling or BUM state in underlay No traditional underlay multicast protocols translates to lean core network design Multicast convergence same as unicast convergence on transit link or node failure VTEP 1 BD1 Source Stateless IP Core VTEP 2 VTEP 3 BD1 Receivers BD1 Receiver s
69 Pure Overlay Efficient Replication Capabilities in EVPN
70 Selective Multicast Replication Selective Replication IP Multicast VTEP 1 VTEP 2 VTEP 3 VLAN1 Source IP Multicast 3 2 EVPN SMET (*,G) Advertise VLAN1 Receivers SMET VLAN1 No Receivers IP Multicast EVPN SMET (*,*) Advertise VTEP 4 VLAN1 1 PIM Report Hello MRouter Ensures IP multicast flow is replicated by an ingress VTEP only to egress VTEP that have at least one active receiver for that flow Optimizes replication load on ingress edge and also prevents consuming bandwidth at an egress edge where there is no active receivers Uses EVPN Type-6 SMET route Consumes more state use policy to control which groups can participate in SMET JOIN SYNC EVPN Join Sync EVPN SMET Advertise Withdraw Join Sync EVPN Leave Sync VTEP 1 VLAN1 Join Receiver VTEP 2 DF VLAN1 5 EVPN SMET Withdraw VTEP 1 VLAN1 DF Receiver LEAVE SYNC VTEP 2 VLAN1 IGMP 1 LMQ 1 Report 3 Leave JOIN and LEAVE SYNC ensures that multicast is only forwarded to the local receivers that requested it via IGMP Required to support multihomed end-systems since IGMP PDUs sent by end-system may be hashed to non-df. Ensures DF installs appropriate forwarding state. Uses EVPN Type-7 Join Sync and Type-8 Leave Sync routes RFC/Drafts: draft-sajassi-bess-evpn-igmp-mld-proxy
71 Optimized Overlay Replication (continued) Optimized Inter-subnet Multicast Replication (OISM) Assisted BUM Replication (AR) SRC RCV VTEP1 VRF1 S-BD BD1 BD2 Replicates to S-BD if Source BD is absent OISM ensures that, for any tenant, only a single copy of an IP multicast packet is delivered to an egress VTEP, regardless of the number of subnets of the tenant at that egress VTEP with active receivers Works only with ERB Introduces distributed DR and S-BD New procedures, but no new route types VRF1 BD1 BD2 S-BD VTEP2 VTEP3 VRF1 S-BD BD2 RCV RCV RCV S-BD S-BD Assisted VRF1 VRF1 Replicators VLAN1 VLAN2 VLAN1 VLAN2 Assisted replication reduces the replication load on the ingress node using designated VNI-aware replicators Can load-balance across replicators in a replicator set Significantly reduces flood-next hop state at Leaf VTEP New procedures, new PMSI tunnel flags, no new route types Together with Selective Replication and OISM, Assisted Replication brings highly efficient replication without any need for hop-by-hop replication state RFC/Drafts: draft-lin-bess-evpn-irb-mcast, draft-ietf-bess-evpn-optimized-ir NVE
72 IP Multicast Options in Overlay Service Models
73 IP Multicast Routing with External Multicast-only Routers Operators who do not want to support IP multicast routing within the overlay network can delegate multicast routing to external multicast routers Should use incongruent multicast with MVPN based external multicast routers (such as MX) where unicast and multicast would follow different paths NVE VRF1 VRF1 BD1 BD2 BD1 BD2 BD1 VRF1 BD2 VRF1 BD2 NVE Inter-subnet multicast hairpins at external multicast routers where it is replicated into each subnet that has receivers Works with both Central and Edge Routed models BD1 BD2 MRT MR1 BD1 MRT MR2 BD2 The replication heavy-lifting is performed in the overlay. Ingress leaf perform replication to egress leaf. Egress leaf performs per-end-system replication External Multicast Routers Can be optimized with selective replication, and further optimized with assisted replication when available RFC/Drafts: draft-sajassi-bess-evpn-igmp-mld-proxy, draft-ietf-bess-evpn-optimized-ir
74 IP Multicast in CRB Overlay Classical model with PIM DR election at central gateway. Additional unique addresses are required for at gateways for PIM protocol signaling CRB Border Gateway BD1 VRF1 BD2 BD1 VRF1 BD2 BD1 BD2 BD2 CRB Access Inter-subnet multicast hairpins at a CRB gateway where it is replicated into each subnet that has receivers Multicast routing at CRB gateways with classical PIM DR election Can be optimized with selective replication, and further optimized with assisted replication RFC/Drafts: draft-sajassi-bess-evpn-igmp-mld-proxy, draft-ietf-bess-evpn-optimized-ir
75 IP Multicast in ERB Overlay (OISM) Leaf1 Leaf2 Leaf3 Multicast with external sources and receivers via border gateway VRF1 VRF1 VRF1 DR DR DR SRC RCV RCV RCV RCV RCV SBD ERB Border Gateway S-BD VRF1 S-BD VRF1 S-BD VRF1 BD1 BD2 S-BD VRF1 BD2 ERB w/ SBD Introduces distributed DR and Supplemental BD. All ERB anycast gateways act as local DRs and maintain IGMP state for local receivers across all its local subnets Ingress VTEP replicates to egress VTEP only over source subnet or S-BD (if egress VTEP does not have source subnet) IP multicast received over the source subnet is forwarded at each ERB gateway to local receivers across all local subnets Egress ERB gateways never re/forward IP multicast across core (i.e. into tunnels) A Supplemental BD is the one VLAN that must be present at all ERB VRF for a tenant. If a source subnet is not present at an egress VTEP, the ingress VTEP replicates to that VTEP on the S-BD VNI. Optimized with selective replication, and further optimized with assisted replication RFC/Drafts: draft-lin-bess-evpn-irb-mcast, draft-ietf-bess-evpn-optimized-ir
76 ERB with CRB Border Gateway Short-term solution for lack of native multicast support in ERB (i.e. OISM). Add bridging to Border Gateway East-west unicast is edge-routed CRB Border Gateway BD2 BD1 VRF1 BD2 VRF1 Multicast routing at central gateways with classical PIM DR election BD1 VRF1 VRF1 BD1 BD2 BD2 ERB North-south and east-west IP multicast forwarded at CRB Border Gateway More complex options possible where CRB gateway is not coupled with Border Gateway.
77 ERB with CRB Border Gateway Multicast Aggregates VRF-G MAC-VRF-T VLAN1 VLAN2 Border Type-2 MAC, Type-3 IMET Local Type-5 IP Host Type-5 IP Prefix Type-3 IMET, Type-6 SMET Default Default Leaf1 VRF-T SMET Host IP Host IP IP EVPN Host IP SMET VRF-T Leaf2 MAC-VRF-T MAC-VRF-T VLAN1 VLAN2 MAC/IP VLAN2 VLAN1 L2 EVPN H1 H2 H3 H4 RFC/Drafts: RFC7432, draft-ietf-bess-evpn-overlay, draft-ietf-bess-evpn-prefix-advertisement
78 RECAP EVPN overlay types for intra-tenant east-west networking Service chain concepts for extra-tenant north-south networking using EVPN VXLAN Optimized replication options for different overlay service models in EVPN VXLAN EVPN based networks are only as complex as they need to be Most use cases can be satisfied with only a few key building blocks Complexity is proportional to the functionality required EVPN VXLAN is an open standard. Equivalent proprietary technology is not any simpler. 78
79 The End
Building Blocks for Cloud Networks
Building Blocks for Cloud Networks Aldrin Isaac, Cross Portfolio Architecture, Juniper SPLM December 12, 2017 This presentation is an overview of the key network building blocks for multi-service cloud
More informationBESS work on control planes for DC overlay networks A short overview
BESS work on control planes for DC overlay networks A short overview Jorge Rabadan IETF99, July 2017 Prague 1 Agenda EVPN in a nutshell BESS work on EVPN for NVO3 networks EVPN in the industry today Future
More informationHierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017
Hierarchical Fabric Designs The Journey to Multisite Lukas Krattiger Principal Engineer September 2017 A Single Fabric, a Single Data Center External Layer-3 Network Pod 1 Leaf/ Topologies (aka Folded
More informationEVPN Multicast. Disha Chopra
EVPN Multicast Disha Chopra Agenda EVPN Multicast Optimizations Introduction to EVPN Multicast (BUM) IGMP Join/Leave Sync Routes Selective Multicast Ethernet Tag Route Use Case 2 EVPN BUM Traffic Basics
More informationIP Fabric Reference Architecture
IP Fabric Reference Architecture Technical Deep Dive jammon@brocade.com Feng Shui of Data Center Design 1. Follow KISS Principle Keep It Simple 2. Minimal features 3. Minimal configuration 4. Configuration
More informationEthernet VPN (EVPN) in Data Center
Ethernet VPN (EVPN) in Data Center Description and Design considerations Vasilis Stavropoulos Sparkle GR EVPN in Data Center The necessity for EVPN (what it is, which problems it solves) EVPN with MPLS
More informationContents. EVPN overview 1
Contents EVPN overview 1 EVPN network model 1 MP-BGP extension for EVPN 2 Configuration automation 3 Assignment of traffic to VXLANs 3 Traffic from the local site to a remote site 3 Traffic from a remote
More informationInternet Engineering Task Force (IETF) Request for Comments: N. Bitar Nokia R. Shekhar. Juniper. J. Uttaro AT&T W. Henderickx Nokia March 2018
Internet Engineering Task Force (IETF) Request for Comments: 8365 Category: Standards Track ISSN: 2070-1721 A. Sajassi, Ed. Cisco J. Drake, Ed. Juniper N. Bitar Nokia R. Shekhar Juniper J. Uttaro AT&T
More informationSolution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.
Solution Guide Infrastructure as a Service: EVPN and VXLAN Modified: 2016-10-16 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights reserved.
More informationDesigning Mul+- Tenant Data Centers using EVPN- IRB. Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke<ng Engineer, Cisco
Designing Mul+- Tenant Data Centers using EVPN- IRB Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke
More informationHPE FlexFabric 5940 Switch Series
HPE FlexFabric 5940 Switch Series EVPN Configuration Guide Part number: 5200-2002b Software version: Release 25xx Document version: 6W102-20170830 Copyright 2017 Hewlett Packard Enterprise Development
More informationEthernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note
White Paper Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services Introduction and Application Note Last Updated: 5/2014 Ethernet VPN (EVPN)
More informationVXLAN EVPN Multihoming with Cisco Nexus 9000 Series Switches
White Paper VXLAN EVPN Multihoming with Cisco Nexus 9000 Series Switches 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 27 Contents Introduction...
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, on page 1 Licensing Requirements for VXLAN EVPN Multi-Site, on page 2 Guidelines and Limitations for VXLAN EVPN Multi-Site, on
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, page 1 Guidelines and Limitations for VXLAN EVPN Multi-Site, page 2 Enabling VXLAN EVPN Multi-Site, page 2 Configuring VNI Dual
More informationVirtual Extensible LAN and Ethernet Virtual Private Network
Virtual Extensible LAN and Ethernet Virtual Private Network Contents Introduction Prerequisites Requirements Components Used Background Information Why you need a new extension for VLAN? Why do you chose
More informationH3C S6520XE-HI Switch Series
H3C S6520XE-HI Switch Series EVPN Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: Release 1108 Document version: 6W100-20171228 Copyright 2017, New H3C Technologies
More informationCloud Data Center Architecture Guide
Cloud Data Center Architecture Guide Modified: 2018-08-21 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks
More informationHuawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 06 Date 2016-07-28 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationInternet Engineering Task Force (IETF) ISSN: A. Sajassi Cisco J. Uttaro AT&T May 2018
Internet Engineering Task Force (IETF) Request for Comments: 8388 Category: Informational ISSN: 2070-1721 J. Rabadan, Ed. S. Palislamovic W. Henderickx Nokia A. Sajassi Cisco J. Uttaro AT&T May 2018 Usage
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, page 1 Licensing Requirements for VXLAN EVPN Multi-Site, page 2 Guidelines and Limitations for VXLAN EVPN Multi-Site, page 2 Enabling
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More informationOptimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)
White Paper Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric) What You Will Learn This document describes how to achieve a VXLAN EVPN multifabric design by integrating Virtual
More informationIntroduction to External Connectivity
Before you begin Ensure you know about Programmable Fabric. Conceptual information is covered in the Introduction to Cisco Programmable Fabric and Introducing Cisco Programmable Fabric (VXLAN/EVPN) chapters.
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationIntended status: Standards Track. Cisco Systems October 22, 2018
BESS WorkGroup Internet-Draft Intended status: Standards Track Expires: April 25, 2019 Ali. Sajassi Mankamana. Mishra Samir. Thoria Patrice. Brissette Cisco Systems October 22, 2018 AC-Aware Bundling Service
More informationTraffic Load Balancing in EVPN/VXLAN Networks. Tech Note
Traffic Load Balancing in EVPN/VXLAN Networks Tech Note December 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks assumes no
More informationProvisioning Overlay Networks
This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 4 Creating Subnetwork using VMware, page 4 Creating Routers
More informationSpirent TestCenter EVPN and PBB-EVPN AppNote
Spirent TestCenter EVPN and PBB-EVPN AppNote Executive summary 2 Overview of EVPN 2 Relevant standards 3 Test case: Single Home Test Scenario for EVPN 4 Overview 4 Objective 4 Topology 4 Step-by-step instructions
More informationNetwork Virtualization in IP Fabric with BGP EVPN
EXTREME VALIDATED DESIGN Network Virtualization in IP Fabric with BGP EVPN Network Virtualization in IP Fabric with BGP EVPN Version 2.0 9035383 February 2018 2018, Extreme Networks, Inc. All Rights Reserved.
More informationVXLAN Design with Cisco Nexus 9300 Platform Switches
Guide VXLAN Design with Cisco Nexus 9300 Platform Switches Guide October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 39 Contents What
More informationUnicast Forwarding. Unicast. Unicast Forwarding Flows Overview. Intra Subnet Forwarding (Bridging) Unicast, on page 1
Unicast, on page 1 Unicast Flows Overview Intra and inter subnet forwarding are the possible unicast forwarding flows in the VXLAN BGP EVPN fabric, between leaf/tor switch VTEPs. They are explained in
More informationMulti-site Datacenter Network Infrastructures
Multi-site Datacenter Network Infrastructures Petr Grygárek rek 2009 Petr Grygarek, Advanced Computer Networks Technologies 1 Why Multisite Datacenters? Resiliency against large-scale site failures (geodiversity)
More informationVirtual Hub & Spoke with BGP EVPNs
Virtual Hub & Spoke with BGP EVPNs draft-keyupate-evpn-virtual-hub-00 Keyur Patel, Ali Sajassi, John Drake, Wim Henderickx IETF 94, November 2015, Yokohama, Japan Presentation_ID 2009 Cisco Systems, Inc.
More informationEXTREME VALIDATED DESIGN. Network Virtualization in IP Fabric with BGP EVPN
EXTREME VALIDATED DESIGN Network Virtualization in IP Fabric with BGP EVPN 53-1004308-07 April 2018 2018, Extreme Networks, Inc. All Rights Reserved. Extreme Networks and the Extreme Networks logo are
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationBuilding Data Center Networks with VXLAN EVPN Overlays Part I
BRKDCT-2949 Building Data Center Networks with VXLAN EVPN Overlays Part I Lukas Krattiger, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationH3C S7500E-X Switch Series
H3C S7500E-X Switch Series EVPN Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S7500EX-CMW710-R7523P01 Document version: 6W100-20160830 Copyright 2016, Hangzhou
More informationConfiguring VXLAN Multihoming
VXLAN EVPN Multihoming Overview, page 1 Configuring VXLAN EVPN Multihoming, page 4 Configuring Layer 2 Gateway STP, page 7 Configuring VXLAN EVPN Multihoming Traffic Flows, page 11 Configuring VLAN Consistency
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationMulti-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service
Cisco ACI Multi-Site Service Integration, on page 1 Cisco ACI Multi-Site Back-to-Back Spine Connectivity Across Sites Without IPN, on page 8 Bridge Domain with Layer 2 Broadcast Extension, on page 9 Bridge
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationVXLAN Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Presentation ID 1 Virtual Overlay Encapsulations and Forwarding Ethernet Frames are encapsulated into an IP frame format New control logic for learning and mapping VM identity (MAC address) to Host
More informationConfigure EVPN IRB EVPN IRB
This chapter introduces you to Ethernet VPN (EVPN) Integrated Routing and Bridging (IRB) feature and describe how you can configure the EVPN IRB feature. EVPN IRB, page 1 EVPN Single-Homing Access Gateway,
More informationEVPN for VXLAN Tunnels (Layer 3)
EVPN for VXLAN Tunnels (Layer 3) In This Chapter This section provides information about EVPN for VXLAN tunnels (Layer 3). Topics in this section include: Applicability on page 312 Overview on page 313
More informationCisco ACI Multi-Pod and Service Node Integration
White Paper Cisco ACI Multi-Pod and Service Node Integration 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 68 Contents Introduction... 3 Prerequisites...
More informationVXLAN EVPN Multi-Site Design and Deployment
White Paper VXLAN EVPN Multi-Site Design and Deployment 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 55 Contents What you will learn... 4
More informationAttilla de Groot Attilla de Groot Sr. Systems Engineer, HCIE #3494 Cumulus Networks
EVPN to the host Host multitenancy Attilla de Groot Attilla de Groot Sr. Systems Engineer, HCIE #3494 Cumulus Networks 1 Agenda EVPN to the Host Multi tenancy use cases Deployment issues Host integration
More informationVPLS, PPB, EVPN and VxLAN Diagrams
VLS, B, EVN and VxLAN Diagrams Contents 1. VLS Signalling: An overview of how VLS is signalled to create the pseudowires and how the different labels are chosen. This based on the following document: VLS
More informationLARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF
LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF MODULE 07 - MPLS BASED LAYER 2 SERVICES 1 by Xantaro MPLS BASED LAYER 2 VPNS USING MPLS FOR POINT-TO-POINT LAYER 2 SERVICES 2 by Xantaro Why are Layer-2
More informationHochverfügbarkeit in Campusnetzen
Hochverfügbarkeit in Campusnetzen Für die deutsche Airheads Community 04. Juli 2017, Tino H. Seifert, System Engineer Aruba Differences between Campus Edge and Campus Core Campus Edge In many cases no
More informationMPLS design. Massimiliano Sbaraglia
MPLS design Massimiliano Sbaraglia - MPLS layer 2 VPN diagram flowchart - MPLS layer 2 VPN pseudowire VPWS diagram - MPLS layer 2 VPN VPLS diagram - MPLS layer 2 EVPN diagram - MPLS layer 3 VPN diagram
More informationCreating and Managing Admin Domains
This chapter has the following sections: Admin Domain Overview, page 1 Viewing Admin Domain, page 2 Creating an Admin Domain, page 2 Creating DCI Interconnect Profiles, page 6 Admin Domain Overview The
More informationEVPN Command Reference
EVPN Command Reference EVPN Command Reference Command Hierarchies vpls service-id [customer customer-id] [vpn vpn-id] [m-vpls] [b-vpls i-vpls] [create] no vpls service-id bgp route-distinguisher [ip-addr:comm-val
More informationCisco Dynamic Fabric Automation Architecture. Miroslav Brzek, Systems Engineer
Cisco Dynamic Fabric Automation Architecture Miroslav Brzek, Systems Engineer mibrzek@cisco.com Agenda DFA Overview Optimized Networking Fabric Properties Control Plane Forwarding Plane Virtual Fabrics
More informationPluribus Data Center Interconnect Validated
Design Guide Pluribus Data Center Interconnect Validated Design Guide www.pluribusnetworks.com Terminology Reference This is a glossary of acronyms and terms used throughout this document. AS BFD BGP L2VPN
More informationPassTorrent. Pass your actual test with our latest and valid practice torrent at once
PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version
More informationVirtual Subnet (VS): A Scalable Data Center Interconnection Solution
Virtual Subnet (VS): A Scalable Data Center Interconnection Solution draft-xu-virtual-subnet-05 Xiaohu Xu (xuxh@huawei.com) NANOG52, Denver Requirements for Data Center Interconnection To interconnect
More informationWAN. Core Routing Module. Data Cente r LAB. Internet. Today: MPLS, OSPF, BGP Future: OSPF, BGP. Today: L2VPN, L3VPN. Future: VXLAN
150000 100000 50000 0 Trident+ Trident II NG 300 200 100 IPv4 FIB LPM IPv6 FIB LPM 0 Trident+ Trident II or + NG LAB Data Cente r Internet WAN Bandwidth in 10G Increment 40GE Ports 10GE Ports 100GE Ports
More informationMPLS VPN. 5 ian 2010
MPLS VPN 5 ian 2010 What this lecture is about: IP CEF MPLS architecture What is MPLS? MPLS labels Packet forwarding in MPLS MPLS VPNs 3 IP CEF & MPLS Overview How does a router forward packets? Process
More informationVXLAN Deployment Use Cases and Best Practices
VXLAN Deployment Use Cases and Best Practices Azeem Suleman Solutions Architect Cisco Advanced Services Contributions Thanks to the team: Abhishek Saxena Mehak Mahajan Lilian Quan Bradley Wong Mike Herbert
More informationScaling bridge forwarding database. Roopa Prabhu, Nikolay Aleksandrov
Scaling bridge forwarding database Roopa Prabhu, Nikolay Aleksandrov Agenda Linux bridge forwarding database (FDB): quick overview Linux bridge deployments at scale: focus on multihoming Scaling bridge
More informationInternet Engineering Task Force (IETF) Category: Standards Track. T. Morin France Telecom - Orange Y. Rekhter. Juniper Networks.
Internet Engineering Task Force (IETF) Request for Comments: 6514 Category: Standards Track ISSN: 2070-1721 R. Aggarwal Juniper Networks E. Rosen Cisco Systems, Inc. T. Morin France Telecom - Orange Y.
More informationCisco Nexus 7000 Series NX-OS VXLAN Configuration Guide
First Published: 2015-05-07 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 2016
More informationdraft-rabadan-sajassi-bess-evpn-ipvpn-interworking-00
Interworking with draft-rabadan-sajassi-bess-evpn-ipvpn-interworking-00 Jorge Rabadan (Nokia) Ali Sajassi (Cisco) Eric Rosen (Juniper) John Drake (Juniper) Wen Lin (Juniper) Jim Uttaro (AT&T) Adam Simpson
More informationCCIE R&S LAB CFG H2/A5 (Jacob s & Jameson s)
Contents Section 1 Layer 2 Technologies... 2 1.1 Jameson s Datacenter: Access port... 2 1.2 Jameson s Datacenter: Trunk ports... 4 1.3 Jameson s Datacenter: Link bundling... 5 1.4 Jameson s Branch Offices...
More informationTechnical Brief. Achieving a Scale-Out IP Fabric with the Adaptive Cloud Fabric Architecture.
Technical Brief Achieving a Scale-Out IP Fabric with the Adaptive Cloud Fabric Architecture www.pluribusnetworks.com Terminology Reference This is a glossary of acronyms and terms used throughout this
More informationEVPN Overview. Cloud and services virtualization. Remove protocols and network simplification. Integration of L2 and L3 services over the same VPN
Ethernet VPN (EVPN) is a next generation solution that provides Ethernet multipoint services over MPLS networks. EVPN operates in contrast to the existing Virtual Private LAN Service (VPLS) by enabling
More informationBorder Provisioning Use Case in VXLAN BGP EVPN Fabrics - Multi-Site
Border Provisioning Use Case in VXLAN BGP EVPN Fabrics - Multi-Site This chapter explains LAN Fabric border provisioning using EVPN Multi-Site feature. Overview, page 1 Prerequisites, page 1 Limitations,
More informationImplementing DCI VXLAN Layer 3 Gateway
This chapter module provides conceptual and configuration information for Data Center Interconnect (DCI) VXLAN Layer 3 Gateway on Cisco ASR 9000 Series Router. Release Modification Release 5.3.2 This feature
More informationSecurizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN
Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN MPLS VPN 5-ian-2010 What this lecture is about: IP
More informationVXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites
White Paper VXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites May 17, 2016 Authors Max Ardica, Principal Engineer INSBU Patrice Bellagamba, Distinguish System Engineer
More informationBESS WG. Prague IETF 104 March Chairs: Stephane Litkowski Matthew Bocci
BESS WG Prague IETF 104 March 2019 Chairs: Stephane Litkowski stephane.litkowski@orange.com Matthew Bocci matthew.bocci@nokia.com Secretary: Mankamana Mishra mankamis@cisco.com Note Well This is a reminder
More informationExtreme Networks How to Build Scalable and Resilient Fabric Networks
Extreme Networks How to Build Scalable and Resilient Fabric Networks Mikael Holmberg Distinguished Systems Engineer Fabrics MLAG IETF TRILL Cisco FabricPath Extreme (Brocade) VCS Juniper QFabric IEEE Fabric
More informationDeploying Next-Generation Multicast VPN. Emil Gągała PLNOG, Warsaw,
Deploying Next-Generation Multicast VPN Emil Gągała PLNOG, Warsaw, 5.03.2010 Agenda Introduction to Next-Generation Multicast VPN (NG-MVPN) How to migrate smoothly from draft-rosen to NG-MVPN IPTV NG-MVPN
More informationH3C S6520XE-HI Switch Series
H3C S6520XE-HI Switch Series EVPN Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: Release 1108 Document version: 6W100-20171228 Copyright 2017, New H3C Technologies
More informationProvisioning Overlay Networks
This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 3 Creating Subnetwork using VMware, page 4 Creating Routers
More informationSP Datacenter fabric technologies. Brian Kvisgaard System Engineer CCIE SP #41039
SP Datacenter fabric technologies Brian Kvisgaard System Engineer CCIE SP #41039 VMDC 2.1 DC Container Architecture Simplified architecture Services on the stick design modification (Core/Agg handoff)
More informationQuestion: 1 Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.)
Volume: 217 Questions Question: 1 Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.) A. the process ID B. the hello interval C. the subnet mask D. authentication E.
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationInternet Engineering Task Force (IETF) Request for Comments: 7024 Category: Standards Track
Internet Engineering Task Force (IETF) Request for Comments: 7024 Category: Standards Track ISSN: 2070-1721 H. Jeng J. Uttaro AT&T L. Jalil Verizon B. Decraene Orange Y. Rekhter Juniper Networks R. Aggarwal
More informationCisco CSR 1000V VxLAN Support 2
Cisco CSR 1000V VxLAN Support Cisco CSR 1000V VxLAN Support 2 Finding Feature Information 2 Introduction 2 Prerequisites for Cisco CSR 1000V VxLAN Support 2 Configuring the Cisco CSR 1000V as a VxLAN Layer
More informationENTERPRISE MPLS. Kireeti Kompella
ENTERPRISE MPLS Kireeti Kompella AGENDA The New VLAN Protocol Suite Signaling Labels Hierarchy Signaling Advanced Topics Layer 2 or Layer 3? Resilience and End-to-end Service Restoration Multicast ECMP
More informationIP fabrics - reloaded
IP fabrics - reloaded Joerg Ammon Senior Principal Systems Engineer 2017-11-09 2017 Extreme Networks, Inc. All rights reserved Extreme Networks Acquisition update Oct 30, 2017:
More informationMX ALS DATACENTER EDGE
JUNIPER 5 DAAGSE MX ALS DATACENTER EDGE Rick Mur SENIOR SYSTEM ENGINEER JUNIPER NETWORKS JNCIE-SP #851, JNCIE-ENT #456, CCIE4 #21946 LEGAL DISCLAIMER This statement of direction sets forth Juniper Networks
More informationForwarding Within the ACI Fabric
This chapter contains the following sections: About, page 1 ACI Fabric Optimizes Modern Data Center Traffic Flows, page 2 VXLAN in ACI, page 3 Layer 3 VNIDs Facilitate Transporting Inter-subnet Tenant
More informationEVPN Routing Policy. EVPN Routing Policy
This chapter describes how routing protocols make decisions to advertise, aggregate, discard, distribute, export, hold, import, redistribute and modify the routes based on configured routing policy., page
More informationDCI. DataCenter Interconnection / Infrastructure. Arnaud Fenioux
DCI DataCenter Interconnection / Infrastructure Arnaud Fenioux What is DCI? DataCenter Interconnection Or DataCenter Infrastructure? 2 From interconnection to infrastructure Interconnection Dark fiber
More informationImplementing IEEE 802.1ah Provider Backbone Bridge
Implementing IEEE 802.1ah Provider Backbone Bridge This module provides conceptual and configuration information for IEEE 802.1ah Provider Backbone Bridge on Cisco ASR 9000 Series Routers. The IEEE 802.1ah
More informationEvolved Campus Core: An EVPN Framework for Campus Networks. Vincent Celindro JNCIE #69 / CCIE #8630
Evolved Campus Core: An EVPN Framework for Campus Networks Vincent Celindro JNCIE #69 / CCIE #8630 This statement of direction sets forth Juniper Networks current intention and is subject to change at
More informationConfiguring Virtual Private LAN Services
Virtual Private LAN Services (VPLS) enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their service provider. This module explains VPLS
More informationDemand-Based Control Planes for Switching Fabrics
Demand-Based Control Planes for Switching Fabrics Modern switching fabrics use virtual network overlays to support mobility, segmentation, and programmability at very large scale. Overlays are a key enabler
More informationReal4Test. Real IT Certification Exam Study materials/braindumps
Real4Test http://www.real4test.com Real IT Certification Exam Study materials/braindumps Exam : 400-101 Title : CCIE Routing and Switching Written Exam v5.1 Vendor : Cisco Version : DEMO Get Latest & Valid
More informationBraindumpsQA. IT Exam Study materials / Braindumps
BraindumpsQA http://www.braindumpsqa.com IT Exam Study materials / Braindumps Exam : JN0-660 Title : Service Provider Routing and Switching, Professional (JNCIP-SP) Vendor : Juniper Version : DEMO 1 /
More informationDHCP Relay in VXLAN BGP EVPN
Overview, on page 1 Guidelines and Limitations for DHCP Relay, on page 2 Example, on page 2 Configuring VPC Peers Example, on page 19 vpc VTEP DHCP Relay Configuration Example, on page 21 Overview DHCP
More informationHigher scalability to address more Layer 2 segments: up to 16 million VXLAN segments.
This chapter tells how to configure Virtual extensible LAN (VXLAN) interfaces. VXLANs act as Layer 2 virtual networks over Layer 3 physical networks to stretch Layer 2 networks. About VXLAN Encapsulation
More informationCisco ACI Multi-Pod Design and Deployment
Cisco ACI Multi-Pod Design and Deployment John Weston Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationContents. Introduction. Prerequisites. Requirements. Components Used
Contents Introduction Prerequisites Requirements Components Used Background Information Terminology What is VXLAN? Why VXLAN? Configure Network Diagram Configurations 3172-A 9396-A 9396-B Verify Example
More information