BGP EVPN

In the initial VXLAN solution (RFC 7348), the control plane is not defined. Instead, VXLAN tunnels require manual configuration and host MAC addresses need to be learned through traffic flooding. Although the flood-and-learn approach is much simpler, it causes a large amount of flooded traffic on the network and makes the network difficult to expand.

To address these problems, Ethernet Virtual Private Network (EVPN) is introduced as the VXLAN control plane. EVPN relies on the Border Gateway Protocol (BGP)/MPLS IP VPN mechanism. By extending BGP, EVPN defines three new types of BGP EVPN routes to implement VTEP auto-discovery and host MAC address learning. Using EVPN as the control plane offers the following advantages:

• VTEPs can be automatically discovered and VXLAN tunnels can be automatically established, simplifying network deployment and expansion.
• EVPN can advertise both Layer 2 MAC addresses and Layer 3 routing information.

• Flooding traffic is reduced on the network.

EVPN defines three new types of BGP EVPN routes to transmit VTEP addresses and host information by extending BGP. As such, the applications of EVPN on VXLAN move VTEP auto-discovery and host MAC address learning from the data plane to the control plane. The functions of the control-plane routes are as follows:

• Type 2 route (MAC/IP route): used to advertise host MAC addresses, host Address Resolution Protocol (ARP) entries, and host route information.
• Type 3 route (inclusive multicast route): used to automatically discover VTEPs and dynamically establish VXLAN tunnels.
• Type 5 route (IP prefix route): used to advertise the imported external routes and host route information.

Dynamic VXLAN Tunnel Establishment

The following example illustrates how to use BGP EVPN to dynamically establish a VXLAN tunnel between VTEP 2 and VTEP 3, as shown in Figure 1-6.

Figure 1-6 Dynamic VXLAN tunnel establishment

VTEP 2 and VTEP 3 first establish a BGP EVPN peer relationship. Then, Layer 2 broadcast domains are created on VTEP 2 and VTEP 3, and VNIs are bound to the Layer 2 broadcast domains. Next, an EVPN instance is configured in each Layer 2 broadcast domain, and an RD, an export VPN target (ERT), and an import VPN target (IRT) are configured for the EVPN instance. After IP addresses are configured on VTEP 2 and VTEP 3, they generate a BGP EVPN route and advertise it to each other. The BGP EVPN route carries the ERT list of the local EVPN instance and an inclusive multicast route (Type 3 route defined in BGP EVPN).

When VTEP 2 and VTEP 3 receive a BGP EVPN route from each other, they match the ERT list of the remote EVPN instance carried in the route against the IRT list of the local EVPN instance. If a match is found, the route is accepted. If no match is found, the route is discarded. If the route is accepted, VTEP 2 and VTEP 3 obtain each other's IP address and VNI carried in the route. If the IP addresses are reachable at Layer 3, the VTEPs establish a VXLAN tunnel. If the remote VNI is the same as the local VNI, an ingress replication list is created to forward subsequent BUM packets.

The process of dynamically establishing a VXLAN tunnel between VTEP 2 and VTEP 1 and between VTEP 3 and VTEP 1 using BGP EVPN is the same as that between VTEP 2 and VTEP 3.