What is EVPN-VXLAN?
EVPN-VXLAN is a network fabric that extends layer 2 connectivity as a network overlay over an existing physical network. It is an open standards technology that creates more agile, secure, and scalable networks in campuses and data centers.
- Ethernet VPN (EVPN) which is used as the overlay control plane and provides virtual connectivity between different layer 2/3 domains over an IP or MPLS network.
- Virtual extensible LANs (VXLAN), a common network virtualization overlay protocol that expands the layer 2 network address space from 4,000 to 16 million.
How does EVPN-VXLAN work?
EVPN-VXLAN enables businesses to connect geographically dispersed locations using layer 2 virtual bridging. EVPN-VXLAN provides the scale required by cloud service providers and is often the preferred technology for data center interconnections.
EVPN, as an overlay, supports multi-tenancy and is highly extensible, often using resources from different data centers to deliver a single service. It can provide layer 2 connectivity over physical infrastructure for devices in a virtual network or enable layer 3 routing.
Because it serves as a MAC address learning control plane for overlay networks, EVPN can support different data plane encapsulation technologies. This flexibility is especially appealing for network fabrics that aren’t strictly based on MPLS.
VXLAN encapsulates layer 2 Ethernet frames in layer 3 UDP packets, meaning virtual layer 2 subnets can span underlying layer 3 networks. A VXLAN network identifier (VNI) is used to segment each layer 2 subnet similarly to traditional VLAN IDs.
A VXLAN tunnel endpoint (VTEP) is a VXLAN-capable device that encapsulates and de-encapsulates packets. In the physical network, a switch typically functions as a layer 2 or layer 3 VXLAN gateway and is considered a hardware VTEP. The virtual network equivalents are known as software VTEPs, which are hosted in hypervisors such as VMware ESXi or vSphere.
Why EVPN-VXLAN now?
EVPN-VXLAN has emerged as a popular networking framework largely due to the limitations of traditional VLAN-based networks.
Within campus environments, the proliferation of endpoints due to BYOD, workplace mobility, and IoT is driving a need for more fine-grained segmentation strategies to separate different profiles of users, devices, and traffic.
It’s a similar story in data centers, where more and more workloads are being deployed to support digital transformation. IT needs to protect and manage workloads on an individual basis while preventing hackers from moving laterally from server to server if a breach occurs.
What are the benefits of EVPN-VXLAN?
EVPN-VXLAN has become a popular technology and there’s a reason, enterprises gain advantages as shown in the following table.
|How EVPN-VXLAN helps
|EVPN-VXLAN supports multiple protocols and shares common architectural elements with other common network services like VPNs, making it easy to integrate into existing networks.
|An EVPN-VXLAN-based architecture enables enterprises to easily add new switches without requiring any redesigns of the underlay network.
|Finer segmentation allows IT to restrict traffic flows between every connected element in the network, hardening security postures and limiting the blast radius of attacks.
|Better performance and resiliency
|Latency between network devices is more predictable, especially in spine-leaf architectures, and failure of a single spine or leaf doesn’t have as large an impact on overall fabric performance.
Building an EVPN-VXLAN fabric overlay with Aruba
The Aruba CX portfolio of network switches is designed for the evolving, complex demands of modern campus and data center networks, including EVPN-VXLAN-based fabrics. Based on a distributed, non-blocking architecture and powered by AOS-CX, Aruba CX switches deliver enhanced IT operational efficiency and high availability from the access layer, to aggregation, to core, and to the data center.
Aruba CX switches that support EVPN-VXLAN include:
- Aruba CX 6300: Stackable access and aggregation switches with 10/25GbE uplinks (50GbE DAC) and support for Smart Rate and high power PoE
- Aruba CX 6400: High-availability modular switches for versatile edge access to data center deployments with up to 28Tbps capacity
- Aruba CX 8325: Compact switches with 1/10/25/40/100GbE connectivity ideal for leaf and spine use cases
- Aruba CX 8360: High-performance 1/10/25/40/100GbE connectivity in a compact 1U form factor
- Aruba CX 8400: Highly resilient 8-slot modular switch with up to 19.2Tbps capacity ideal for campus core
- Aruba CX 9300: High performance 400GbE data center switch with 32-ports of 100/200/400GbE
- Aruba CX 10000: 800G of distributed stateful firewall for east-west traffic, zero-trust segmentation, and pervasive telemetry
- Aruba CX 6200: (Static VXLAN only): Layer 3 stackable access switches with PoE and 10 Gigabit uplinks
Network overlay-based automation
Aruba Central NetConductor is the next generation solution for increasingly complex networks, enabling organizations of all types and sizes to automatically configure LAN, WLAN, and WAN infrastructure to deliver optimal network performance while enforcing granular access control security policies that are the foundation of Zero Trust and SASE architectures.
Central NetConductor uses widely adopted protocols, such as EVPN/VXLAN, to produce an intelligent network overlay suitable for rapid enterprise network deployment and massive scalability. It comprises cloud-native services delivered by Aruba Central, a cloud-native platform that is the foundation of the Aruba Edge Services Platform (ESP), and can be deployed without a rip-and-replace of current network infrastructure.