Juniper Networks – Confidential (under NDA) Copyright 2009 1

EVPN Next Generation of L2 VPNs

Legal Disclaimer: This statement of product direction sets forth Juniper Networks‘ current intention, and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.

Jack W. Parks, IV

Advanced Technologies

Juniper Networks

jwparks@juniper.net

2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Data Center Interconnect (DCI)

Data Centers are extending beyond traditional boundaries due to:

o Extending Operating System, File System clusters, Database clusters

o Virtual/Physical machine mobility due to load sharing, disaster prevention

o Legacy devices/applications with embedded IP addressing

o Time to deployment and operational reasons

o Extend DC to solve power/heat/space limitations

Ethernet Emulation Service L2

L2

Main Data Center

Backup Data Center

Storage Storage

IP Routed Service

DWDM/CWDM

L3 L3

SAN SAN

L2 L2

FC FC

3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

SRX

DCI VPLS DEPLOYMENT OPTIONS

NAT

FW

LB

IPSec

SRX

Switch

MX Series

NAT

FW

LB

IPSec

Switch

MX Series

MC-LAG

NAT

FW

LB

IPSec

SRX

Switch

MX Series

LAG

VC

LAG LAG

IP, MPLS IP, MPLS IP, MPLS

LAG LAG

>1 VPLS devices

VPLS controlled Active-Standby

Per VLAN

A A A A S S

>1 VPLS devices

MC-LAG controlled Active-Standby on LAN

Per VLAN

One VPLS device

Active forwarding through all links of LAG

LAG

4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN Overview

5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

NEW TERMS

EVI: An EVPN instance spanning across the PEs participating in

that VPN

MAC-VRF: A Virtual Routing and Forwarding table for MAC

addresses on a PE for an EVI

Ethernet Segment Identifier (ESI): If a CE is multi-homed to

two or more PEs, the set of Ethernet links that attaches the CE

to the PEs is an 'Ethernet segment'. Ethernet segments MUST

have a unique non-zero identifier, the 'Ethernet Segment

Identifier’.

Ethernet A-D: Ethernet Auto-Discovery Route is a specific

EVPN NLRI.

6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN provides VLAN Extension over a shared IP/MPLS network.

Improves on VPLS

EVPN REQUIREMENTS

All-Active Multi-Homing

Better Control Over MAC Learning

ARP/ND Flooding Minimization

L3 Egress Traffic Forwarding Optimization

Reducing Unknown Unicast Flooding

All available paths should be used (CE-PE, PE-PE)

MAC learning happens in control plane

Additional attributes added during MAC advertisement

Usage of Default Gateway Extended Community

By using MAC learning in control plane

7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

ADVANTAGES OF EVPN

NAT

FW

LB

IPSec

SRX

Switch

Network

MX Series

MX Series

NAT

FW

LB

IPSec

SRX

MPLS or IP

LAG LAG

Switch

Network

detours

detours All Active forwarding

links on WAN and LAN

(LAG)

Traffic Engineering,

HA, fast recovery

(transport)

Control Plane based information exchange / control

(policy based control)

High scale multi-tenancy

across common transport

(service tag)

8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN FORWARDING OVERVIEW

MX Series

MX Series

MPLS or IP

detours

detours

MPLS transport label(s) including detour or IP

transport label

Service label

Ethernet Frame

P2P connections for unicast traffic

P2MP connections for

multicast or unknown traffic

BGP Control Plane based learning on WAN DP learning

over LAN

DP learning over LAN

LA

G L

AG

Hash based LB on

Ethernet switch

MAC1…….……...LAN Ports

MAC11………MPLS nexthop

VLAN 1

MAC1

VLAN 2

MAC2

VLAN 1

MAC11

VLAN 2

MAC22

MAC2…….……...LAN Ports

MAC22….……MPLS nexthop

MAC2……..….MPLS nexthop

MAC22….……..…LAN ports

MAC1…………MPLS nexthop

MAC11…………...LAN ports

9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN INFORMATION EXCHANGE OVERVIEW

MX Series

MX Series

MPLS or IP

detours

LA

G L

AG

Route Reflector

ESI

Route Distinguisher

Ethernet Tag

MAC Address

EVPN reachability advertisement

IPv4 or IPv6 Address

Service Tag

• EVPN advertises MAC (L2) and IP (ARP) bindings for each segment along with service tags

• Allowing Control Plane based L2 and ARP learning

• Minimizes flooding across WAN

• Allows proxy-ARP to respond queries locally

• IRB MAC address exchange allows same gateway MAC address across sites

• VM mobility: egress traffic optimization

VLAN 1

MAC1, IP1.1

VLAN 2

MAC2, IP2.1

VLAN 1

MAC11, IP1.11

VLAN 2

MAC22, IP2.22

10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN AUTO-DISCOVERY CAPABILITY

• EVPN has built-in auto discovery for ease of configuration

• Ethernet Segment Identifier (ESI) allows multi-homing of EVPN routers on the same site

• Built-in L2 loop prevention mechanism w/out blocking any forwarding interfaces

• Built-in Split Horizon for L2 BUM

• Auto-discovery of Ethernet Tags (VLANs) on Ethernet Segment

• A Designated Forwarder (DF) is elected (can be per VLAN)

• Other DCB becomes a backup designated forwarder (BDF)

• Required for L2 BUM

ESI

Route Distinguisher

Ethernet Tag

Service Tag

MX Series

MX Series

MPLS or IP

detours

LA

G L

AG

Route Reflector

Auto Discovery message per L2

Segment

VLAN 1 VLAN 1

VLAN 2 VLAN 2

11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN Specifics

12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

ETHERNET SEGMENT IDENTIFIER (ESI)

If CE is multi-homed to two or more PEs, the set of Ethernet

links constitutes an “Ethernet Segment”.

Only A/P multi-homing is supported in 13.2R1.

A/A support is roadmap

An Ethernet Segment MUST have a non-reserved ESI that is

unique network wide. ESI can be auto-provisioned (roadmap)

CE

PE1

PE2

ESI Auto-Provisioning with MC-LAG

MPLS

System Prio System MAC Address Port Key

CE PE1

PE2

ESI Auto-Provisioning with MC-LAG

BPDU

MPLS

Bridge Prio Root Bridge MAC 0x0000

CE BPDU L2

13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

EVPN L2 LOOP ELIMINATION CAPABILITIES

EVPN provides Active-Active and Active-Standby multi-homing options

Built-in L2 Loop Prevention capabilities

Ethernet Segment Identifier (ESID)

Per VLAN / BD on the CE facing interface

Needed for all multi-homed deployments – to identify a (virtual) LAN instance

Designated Forwarder Function

DF elected for a given ESID – designated L2-BUM authority

DF generates a (Split Horizon) MPLS label and distributes to all PEs – for each

ESID

Non-DFs can send L2 BUM to MPLS network

– Using this Split Horizon MPLS label – DFs identify own ESID and drop the packet

DFs send L2 BUM to MPLS network

– Non-DFs drop the L2-BUM by default

LAG

Required for Active-Active multi-homing

CE based loop prevention, single L2-BUM packet forwarding function

14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

LOAD BALANCE TRAFFIC ACTIVE/ACTIVE PEs (roadmap)

EVPN introducing a concept of Aliasing.

Each PE signals that it has reachability to a given Ethernet

segment (using Ethernet A-D Route)

Remote PE should install all PEs as next-hop which are

attached to the same Ethernet Segment

CE1

PE1

PE2 DF

MPLS

PE3 CE2

LAG MAC1

ESI1 MAC1 -> ESI1 -> (PE1, PE2)

15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

FAST CONVERGENCE IN ACTIVE/BACKUP (Roadmap)

EVPN introducing a concept of Backup-Path.

Each PE signals that it has reachability to a given Ethernet

segment (using Ethernet A-D Route)

Remote PE should install backup paths to all further PEs which

have reachability to particular Ethernet Segment

CE1

PE1

PE2 DF

MPLS

PE3 CE2

LAG MAC1

ESI1 MAC1 -> ESI1 -> (PE1 BACKUP, PE2 ACTIVE)

16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

ARP PROXY (Roadmap)

PE can snoop ARP messages for locally attached hosts.

MAC/IP binding can be then redistributed to other PEs by using

MAC Advertisement Route.

CE1 PE1

PE2 DF

MPLS

PE3 CE3

MAC1, IP1

ARP REQUEST FOR IP3

CE2 MAC2, IP2

MAC3, IP3

ARP REPLY FOR IP3

ARP REQUEST FOR IP3

ARP REPLY FOR IP3

17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

IRB support within EVPN (roadmap)

IRB allows to forward not only L2 but L3 traffic as well on the

same PE

In case of multiple locations (e.g. DC locations) it is desired to

use local forwarding for L3 traffic to avoid trombone effect

Each PE that acts as a Default GW for a given EVPN should

advertise its Default GW IP and MAC address using MAC

Advertisement Route (with Default Gateway Extended

Community).

All receiving PE should reply to all ARP requests received to

this IP address and should forward traffic destined to this MAC

address locally

18 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

VPLS VS EVPN

Desirable L2 extension attributes VPLS E- VPN

VM Mobility without renumbering L2 and L3 addresses ✔ ✔

Ability to span VLANs across racks in different locations ✔ ✔

Scale to few 100K hosts within and across multiple DCs ✔ ✔

Policy-based flexible L2 topologies similar to L3 VPNs ✔

Multiple points of attachment with ability to load-balance VLANs across them

✔ ✔

Active-Active points of attachment with ability to load-balance flows within a single VLAN

✔

Multi-tenant support (secure isolation, overlapping MAC, IP addresses)

✔ ✔

Control-Plane Based Learning ✔

Minimize or eliminate flooding of unknown unicast ✔

Fast convergence from edge failures based on local repair ✔

19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Standards Track – IETF

BGP MPLS Based Ethernet VPN

http://tools.ietf.org/html/draft-ietf-l2vpn-evpn-04

Requirements for Ethernet VPN (EVPN)

http://tools.ietf.org/html/draft-ietf-l2vpn-evpn-req-04