EVPN-VXLAN What is EVPN-VXLAN?
EVPN-VXLAN is a network fabric that extends layer 2 connectivity as a network overlay over an existing physical network. It is an open standards technology that creates more agile, secure, and scalable networks in campuses and data centers.
- EVPN-VXLAN explained
- How does EVPN-VXLAN work?
- Why EVPN-VXLAN now?
- Building an EVPN-VXLAN fabric overlay with HPE Aruba Networking
- HPE Aruba Networking CX switches that support EVPN-VXLAN
- Network overlay-based automation
EVPN-VXLAN explained
EVPN-VXLAN is an open standards technology that solves the limitations of traditional VLAN-based networks by creating a network fabric that extends layer 2 connectivity as a network overlay over an existing physical network. EVPN-VXLAN consists of:
- Ethernet VPN (EVPN) which is used as the overlay control plane and provides virtual connectivity between different layer 2/3 domains over an IP or MPLS network.
- Virtual extensible LANs (VXLAN), a common network virtualization overlay protocol that expands the layer 2 network address space from 4,000 to 16 million.
How does EVPN-VXLAN work?
EVPN-VXLAN enables businesses to connect geographically dispersed locations using layer 2 virtual bridging. EVPN-VXLAN provides the scale required by cloud service providers and is often the preferred technology for data center interconnections.
EVPN, as an overlay, supports multi-tenancy and is highly extensible, often using resources from different data centers to deliver a single service. It can provide layer 2 connectivity over physical infrastructure for devices in a virtual network or enable layer 3 routing.
Because it serves as a MAC address learning control plane for overlay networks, EVPN can support different data plane encapsulation technologies. This flexibility is especially appealing for network fabrics that aren’t strictly based on MPLS.
VXLAN encapsulates layer 2 Ethernet frames in layer 3 UDP packets, meaning virtual layer 2 subnets can span underlying layer 3 networks. A VXLAN network identifier (VNI) is used to segment each layer 2 subnet similarly to traditional VLAN IDs.
A VXLAN tunnel endpoint (VTEP) is a VXLAN-capable device that encapsulates and de-encapsulates packets. In the physical network, a switch typically functions as a layer 2 or layer 3 VXLAN gateway and is considered a hardware VTEP. The virtual network equivalents are known as software VTEPs, which are hosted in hypervisors such as VMware ESXi or vSphere.
Why EVPN-VXLAN now?
EVPN-VXLAN has emerged as a popular networking framework largely due to the limitations of traditional VLAN-based networks.
Within campus environments, the proliferation of endpoints due to BYOD, workplace mobility, and IoT is driving a need for more fine-grained segmentation strategies to separate different profiles of users, devices, and traffic.
It’s a similar story in data centers, where more and more workloads are being deployed to support digital transformation. IT needs to protect and manage workloads on an individual basis while preventing hackers from moving laterally from server to server if a breach occurs.
Building an EVPN-VXLAN fabric overlay with HPE Aruba Networking
The HPE Aruba Networking CX portfolio of network switches is designed for the evolving, complex demands of modern campus and data center networks, including EVPN-VXLAN-based fabrics. Based on a distributed, non-blocking architecture and powered by AOS-CX, HPE Aruba Networking CX switches deliver enhanced IT operational efficiency and high availability from the access layer, to aggregation, to core, and to the data center.
HPE Aruba Networking CX switches that support EVPN-VXLAN
- HPE Aruba Networking CX 6300: Stackable access and aggregation switches with 10/25GbE uplinks (50GbE DAC) and support for Smart Rate and high power PoE
- HPE Aruba Networking CX 6400: High-availability modular switches for versatile edge access to data center deployments with up to 28Tbps capacity
- HPE Aruba Networking CX 8325: Compact switches with 1/10/25/40/100GbE connectivity ideal for leaf and spine use cases
- HPE Aruba Networking CX 8360: High-performance 1/10/25/40/100GbE connectivity in a compact 1U form factor
- HPE Aruba Networking CX 8400: Highly resilient 8-slot modular switch with up to 19.2Tbps capacity ideal for campus core
- HPE Aruba Networking CX 9300: High performance 400GbE data center switch with 32-ports of 100/200/400GbE
- HPE Aruba Networking CX 10000: 800G of distributed stateful firewall for east-west traffic, zero-trust segmentation, and pervasive telemetry
- HPE Aruba Networking CX 6200: (Static VXLAN only): Layer 3 stackable access switches with PoE and 10 Gigabit uplinks
Network overlay-based automation
HPE Aruba Networking Central NetConductor is the next generation solution for increasingly complex networks, enabling organizations of all types and sizes to automatically configure LAN, WLAN, and WAN infrastructure to deliver optimal network performance while enforcing granular access control security policies that are the foundation of Zero Trust and SASE architectures.
Central NetConductor uses widely adopted protocols, such as EVPN/VXLAN, to produce an intelligent network overlay suitable for rapid enterprise network deployment and massive scalability. It comprises cloud-native services delivered by HPE Aruba Networking Central, a cloud-native platform that is the foundation of the HPE Aruba Networking Edge Services Platform (ESP), and can be deployed without a rip-and-replace of current network infrastructure.
What are the benefits of EVPN-VXLAN?
EVPN-VXLAN has become a popular technology and there’s a reason, enterprises gain advantages as shown in the following table.
Benefit | How EVPN-VXLAN helps |
Flexibility | EVPN-VXLAN supports multiple protocols and shares common architectural elements with other common network services like VPNs, making it easy to integrate into existing networks. |
Greater scalability | An EVPN-VXLAN-based architecture enables enterprises to easily add new switches without requiring any redesigns of the underlay network. |
Enhanced security | Finer segmentation allows IT to restrict traffic flows between every connected element in the network, hardening security postures and limiting the blast radius of attacks. |
Better performance and resiliency | Latency between network devices is more predictable, especially in spine-leaf architectures, and failure of a single spine or leaf doesn’t have as large an impact on overall fabric performance. |