50 likes | 268 Views
E-VPN for NVO. Use of Ethernet Virtual Private Network (E-VPN) as the carrier-grade control plane for NVO with support for heterogeneous data plane encapsulations (MPLS, VXLAN, NVGRE,…). E-VPN Attributes. Designed for scalability and ease of deployment Control plane learning using BGP
E N D
E-VPN for NVO • Use of Ethernet Virtual Private Network (E-VPN) as the carrier-grade control plane for NVO with support for heterogeneous data plane encapsulations (MPLS, VXLAN, NVGRE,…)
E-VPN Attributes • Designed for scalability and ease of deployment • Control plane learning using BGP • VPN and Virtual LAN auto-discovery • ARP flood optimization • Control-plane scaling using Route Reflectors, RT Constrain, ESI, MAC aggregation • Control & data plane traffic for VPNs only sent to PE with active VPN members • Scalable fast convergence using Block MAC address withdrawal • Support for MAC prefixes (ex: default MAC route) • Broadcast & Multicast traffic over multicast trees or ingress replication • Active/active multi-homing • CE sees LAG, PEs see Ethernet Segment (ES – set of attachments to same CE) • 4B tenant VPNs, 4B virtual LANs per tenant VPN. • Supports locally significant context ID • Operator defined networks
E-VPN Routes • MAC Advertisement Route • Distributes MAC & IP address to PE & MPLS label binding • Per EVI Ethernet AD Route • Distributes Ethernet Segment to PE & MPLS label binding • Used in active/active multi-homing • Both carry a 24 bit MPLS label field • Use of MPLS label is very similar to VNID but supports local significance • Distribute VNID in MPLS label field • Either global or local significance • Local significance allows it to represent EVI, Port, MAC address, or MAC address range • Data plane encapsulation specified using Tunnel Encapsulation attribute (RFC 5512) • Distributed with both of the above routes
Interworking Capability • A given EVI supports multiple data plane encapsulations • Ingress PE uses encapsulation advertised by egress PE • Allows different encapsulations for different MAC addresses or Ethernet Segments • Allows interworking between VXLAN, NVGRE, & E-VPN networks • Also allows interworking with L3 VPNs • Separate multicast trees for each encapsulation type
Active/Active Multi-homing • A broadcast or multicast packet needs two labels • One identifies the EVI for which it is intended • One identifies the ES from which it was received by ingress PE - Split Horizon label • Split Horizon label prevents egress PEs on same ES from sending packet back to client • Prevents loops • No place for Split Horizon label in VXLAN or NVGRE header • Use source MAC address instead