Juniper Networks – Confidential (under NDA) Copyright 2009 1
EVPN Next Generation of L2 VPNs
Legal Disclaimer: This statement of product direction sets forth Juniper Networks‘ current intention, and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.
Jack W. Parks, IV
Advanced Technologies
Juniper Networks
2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Data Center Interconnect (DCI)
Data Centers are extending beyond traditional boundaries due to:
o Extending Operating System, File System clusters, Database clusters
o Virtual/Physical machine mobility due to load sharing, disaster prevention
o Legacy devices/applications with embedded IP addressing
o Time to deployment and operational reasons
o Extend DC to solve power/heat/space limitations
Ethernet Emulation Service L2
L2
Main Data Center
Backup Data Center
Storage Storage
IP Routed Service
DWDM/CWDM
L3 L3
SAN SAN
L2 L2
FC FC
3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
SRX
DCI VPLS DEPLOYMENT OPTIONS
NAT
FW
LB
IPSec
SRX
Switch
MX Series
NAT
FW
LB
IPSec
Switch
MX Series
MC-LAG
NAT
FW
LB
IPSec
SRX
Switch
MX Series
LAG
VC
LAG LAG
IP, MPLS IP, MPLS IP, MPLS
LAG LAG
>1 VPLS devices
VPLS controlled Active-Standby
Per VLAN
A A A A S S
>1 VPLS devices
MC-LAG controlled Active-Standby on LAN
Per VLAN
One VPLS device
Active forwarding through all links of LAG
LAG
4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN Overview
5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
NEW TERMS
EVI: An EVPN instance spanning across the PEs participating in
that VPN
MAC-VRF: A Virtual Routing and Forwarding table for MAC
addresses on a PE for an EVI
Ethernet Segment Identifier (ESI): If a CE is multi-homed to
two or more PEs, the set of Ethernet links that attaches the CE
to the PEs is an 'Ethernet segment'. Ethernet segments MUST
have a unique non-zero identifier, the 'Ethernet Segment
Identifier’.
Ethernet A-D: Ethernet Auto-Discovery Route is a specific
EVPN NLRI.
6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN provides VLAN Extension over a shared IP/MPLS network.
Improves on VPLS
EVPN REQUIREMENTS
All-Active Multi-Homing
Better Control Over MAC Learning
ARP/ND Flooding Minimization
L3 Egress Traffic Forwarding Optimization
Reducing Unknown Unicast Flooding
All available paths should be used (CE-PE, PE-PE)
MAC learning happens in control plane
Additional attributes added during MAC advertisement
Usage of Default Gateway Extended Community
By using MAC learning in control plane
7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ADVANTAGES OF EVPN
NAT
FW
LB
IPSec
SRX
Switch
Network
MX Series
MX Series
NAT
FW
LB
IPSec
SRX
MPLS or IP
LAG LAG
Switch
Network
detours
detours All Active forwarding
links on WAN and LAN
(LAG)
Traffic Engineering,
HA, fast recovery
(transport)
Control Plane based information exchange / control
(policy based control)
High scale multi-tenancy
across common transport
(service tag)
8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN FORWARDING OVERVIEW
MX Series
MX Series
MPLS or IP
detours
detours
MPLS transport label(s) including detour or IP
transport label
Service label
Ethernet Frame
P2P connections for unicast traffic
P2MP connections for
multicast or unknown traffic
BGP Control Plane based learning on WAN DP learning
over LAN
DP learning over LAN
LA
G L
AG
Hash based LB on
Ethernet switch
MAC1…….……...LAN Ports
MAC11………MPLS nexthop
VLAN 1
MAC1
VLAN 2
MAC2
VLAN 1
MAC11
VLAN 2
MAC22
MAC2…….……...LAN Ports
MAC22….……MPLS nexthop
MAC2……..….MPLS nexthop
MAC22….……..…LAN ports
MAC1…………MPLS nexthop
MAC11…………...LAN ports
9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN INFORMATION EXCHANGE OVERVIEW
MX Series
MX Series
MPLS or IP
detours
LA
G L
AG
Route Reflector
ESI
Route Distinguisher
Ethernet Tag
MAC Address
EVPN reachability advertisement
IPv4 or IPv6 Address
Service Tag
• EVPN advertises MAC (L2) and IP (ARP) bindings for each segment along with service tags
• Allowing Control Plane based L2 and ARP learning
• Minimizes flooding across WAN
• Allows proxy-ARP to respond queries locally
• IRB MAC address exchange allows same gateway MAC address across sites
• VM mobility: egress traffic optimization
VLAN 1
MAC1, IP1.1
VLAN 2
MAC2, IP2.1
VLAN 1
MAC11, IP1.11
VLAN 2
MAC22, IP2.22
10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN AUTO-DISCOVERY CAPABILITY
• EVPN has built-in auto discovery for ease of configuration
• Ethernet Segment Identifier (ESI) allows multi-homing of EVPN routers on the same site
• Built-in L2 loop prevention mechanism w/out blocking any forwarding interfaces
• Built-in Split Horizon for L2 BUM
• Auto-discovery of Ethernet Tags (VLANs) on Ethernet Segment
• A Designated Forwarder (DF) is elected (can be per VLAN)
• Other DCB becomes a backup designated forwarder (BDF)
• Required for L2 BUM
ESI
Route Distinguisher
Ethernet Tag
Service Tag
MX Series
MX Series
MPLS or IP
detours
LA
G L
AG
Route Reflector
Auto Discovery message per L2
Segment
VLAN 1 VLAN 1
VLAN 2 VLAN 2
11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN Specifics
12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ETHERNET SEGMENT IDENTIFIER (ESI)
If CE is multi-homed to two or more PEs, the set of Ethernet
links constitutes an “Ethernet Segment”.
Only A/P multi-homing is supported in 13.2R1.
A/A support is roadmap
An Ethernet Segment MUST have a non-reserved ESI that is
unique network wide. ESI can be auto-provisioned (roadmap)
CE
PE1
PE2
ESI Auto-Provisioning with MC-LAG
MPLS
System Prio System MAC Address Port Key
CE PE1
PE2
ESI Auto-Provisioning with MC-LAG
BPDU
MPLS
Bridge Prio Root Bridge MAC 0x0000
CE BPDU L2
13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN L2 LOOP ELIMINATION CAPABILITIES
EVPN provides Active-Active and Active-Standby multi-homing options
Built-in L2 Loop Prevention capabilities
Ethernet Segment Identifier (ESID)
Per VLAN / BD on the CE facing interface
Needed for all multi-homed deployments – to identify a (virtual) LAN instance
Designated Forwarder Function
DF elected for a given ESID – designated L2-BUM authority
DF generates a (Split Horizon) MPLS label and distributes to all PEs – for each
ESID
Non-DFs can send L2 BUM to MPLS network
– Using this Split Horizon MPLS label – DFs identify own ESID and drop the packet
DFs send L2 BUM to MPLS network
– Non-DFs drop the L2-BUM by default
LAG
Required for Active-Active multi-homing
CE based loop prevention, single L2-BUM packet forwarding function
14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
LOAD BALANCE TRAFFIC ACTIVE/ACTIVE PEs (roadmap)
EVPN introducing a concept of Aliasing.
Each PE signals that it has reachability to a given Ethernet
segment (using Ethernet A-D Route)
Remote PE should install all PEs as next-hop which are
attached to the same Ethernet Segment
CE1
PE1
PE2 DF
MPLS
PE3 CE2
LAG MAC1
ESI1 MAC1 -> ESI1 -> (PE1, PE2)
15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
FAST CONVERGENCE IN ACTIVE/BACKUP (Roadmap)
EVPN introducing a concept of Backup-Path.
Each PE signals that it has reachability to a given Ethernet
segment (using Ethernet A-D Route)
Remote PE should install backup paths to all further PEs which
have reachability to particular Ethernet Segment
CE1
PE1
PE2 DF
MPLS
PE3 CE2
LAG MAC1
ESI1 MAC1 -> ESI1 -> (PE1 BACKUP, PE2 ACTIVE)
16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ARP PROXY (Roadmap)
PE can snoop ARP messages for locally attached hosts.
MAC/IP binding can be then redistributed to other PEs by using
MAC Advertisement Route.
CE1 PE1
PE2 DF
MPLS
PE3 CE3
MAC1, IP1
ARP REQUEST FOR IP3
CE2 MAC2, IP2
MAC3, IP3
ARP REPLY FOR IP3
ARP REQUEST FOR IP3
ARP REPLY FOR IP3
17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
IRB support within EVPN (roadmap)
IRB allows to forward not only L2 but L3 traffic as well on the
same PE
In case of multiple locations (e.g. DC locations) it is desired to
use local forwarding for L3 traffic to avoid trombone effect
Each PE that acts as a Default GW for a given EVPN should
advertise its Default GW IP and MAC address using MAC
Advertisement Route (with Default Gateway Extended
Community).
All receiving PE should reply to all ARP requests received to
this IP address and should forward traffic destined to this MAC
address locally
18 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
VPLS VS EVPN
Desirable L2 extension attributes VPLS E- VPN
VM Mobility without renumbering L2 and L3 addresses ✔ ✔
Ability to span VLANs across racks in different locations ✔ ✔
Scale to few 100K hosts within and across multiple DCs ✔ ✔
Policy-based flexible L2 topologies similar to L3 VPNs ✔
Multiple points of attachment with ability to load-balance VLANs across them
✔ ✔
Active-Active points of attachment with ability to load-balance flows within a single VLAN
✔
Multi-tenant support (secure isolation, overlapping MAC, IP addresses)
✔ ✔
Control-Plane Based Learning ✔
Minimize or eliminate flooding of unknown unicast ✔
Fast convergence from edge failures based on local repair ✔
19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Standards Track – IETF
BGP MPLS Based Ethernet VPN
http://tools.ietf.org/html/draft-ietf-l2vpn-evpn-04
Requirements for Ethernet VPN (EVPN)
http://tools.ietf.org/html/draft-ietf-l2vpn-evpn-req-04