This blog post aims to break down the architecture behind a VXLAN EVPN Data Centre Fabric. By the end of this, you’ll have a clear understanding of how the components fit together, both from an underlay and overlay perspective.
Why VXLAN EVPN?
Traditional data center networks, typically based on VLANs and spanning tree protocol (STP), face challenges in scalability, redundancy, and network segmentation. As applications become more dynamic, demanding better east-west traffic handling and more flexible workload mobility, traditional Layer 2 and Layer 3 constructs start to show their limitations.
Enter VXLAN (Virtual Extensible LAN) and EVPN (Ethernet VPN), which together solve these challenges. VXLAN expands Layer 2 networks over Layer 3 boundaries, while EVPN serves as the control plane, managing MAC address learning, reducing flooding, and enabling better network segmentation.
The VXLAN EVPN Architecture
At its core, a VXLAN EVPN fabric follows a Leaf-Spine architecture, which ensures consistent high-speed performance, predictable latency, and flexibility in scaling. The architecture is split into two major layers: the underlay and the overlay.
Underlay: The Physical Foundation
The underlay is the physical network on which the VXLAN overlay is built. In a VXLAN EVPN fabric, the underlay is based on Layer 3 IP routing rather than traditional Layer 2 switching. The typical underlay consists of:
• Spine Switches: These are the backbone of the fabric. They provide interconnectivity between the leaf switches. Since all leaf switches connect to every spine, traffic can be routed efficiently with predictable latency. Spine switches don’t hold any intelligence about the endpoint devices—they just forward packets based on routing protocols.
• Leaf Switches: These are the access layer switches where hosts, servers, and virtual machines connect. In a VXLAN fabric, leaf switches handle endpoint communication, serving as the primary building blocks for service connectivity. They terminate VXLAN tunnels and communicate with the spine switches to route traffic.
• Routing Protocols: The underlay uses a routing protocol like BGP (Border Gateway Protocol) or OSPF (Open Shortest Path First) to provide reachability between the leaf and spine switches. This ensures that the IP-based underlay can forward VXLAN traffic reliably.
The underlay exists to ensure that all nodes can reach each other over Layer 3. IP addresses are assigned to each device, and routing protocols ensure there is a stable and redundant network with no loops or bottlenecks.
Overlay: Extending Layer 2 over Layer 3
While the underlay provides IP reachability, the VXLAN overlay is responsible for building the Layer 2 networks over this IP infrastructure. VXLAN (RFC 7348) encapsulates Ethernet frames into UDP packets, allowing Layer 2 segments to span across Layer 3 boundaries.
• VXLAN Tunnel Endpoints (VTEPs): Each leaf switch serves as a VTEP. VTEPs are responsible for encapsulating and decapsulating Layer 2 frames into/from VXLAN packets. When a host sends traffic to another host in a different Layer 2 domain, the VTEP on the source leaf encapsulates the traffic, forwards it across the Layer 3 underlay, and the destination VTEP decapsulates it and delivers it to the intended host.
• VXLAN Network Identifier (VNI): In VXLAN, each Layer 2 domain (akin to a VLAN) is identified by a VXLAN Network Identifier (VNI). This enables multi-tenancy and traffic separation within the data center fabric. Each VNI maps to a traditional VLAN, extending the Layer 2 segment across the entire fabric.
EVPN Control Plane
The key to making VXLAN scalable and reducing Layer 2 broadcast storms is the EVPN control plane. Unlike older VXLAN deployments that relied on flood-and-learn mechanisms, EVPN brings in a more intelligent, BGP-based control plane.
• MAC-to-IP Binding: EVPN allows the leaf switches (VTEPs) to advertise MAC and IP bindings through BGP, creating a distributed database of endpoint information. This reduces the need for flooding ARP requests throughout the fabric, as switches can query the EVPN control plane for endpoint locations.
• Layer 2 and Layer 3 Connectivity: EVPN doesn’t just handle Layer 2 traffic (MAC addresses); it can also advertise Layer 3 information (IP addresses). This means the fabric can handle both Layer 2 switching and Layer 3 routing seamlessly, making it an ideal choice for modern data centers.
Architectural Advantages
1. Scalability: The Leaf-Spine design provides non-blocking performance and predictable scaling. As you grow your network, you can simply add more leaf or spine switches without redesigning the entire network.
2. Workload Mobility: VXLAN allows workloads to be moved anywhere in the data center without changing IP addresses, thanks to the ability to extend Layer 2 domains over the Layer 3 underlay.
3. Multi-tenancy: VXLAN provides the ability to create isolated Layer 2 segments using VNIs, making it ideal for multi-tenant environments where each tenant needs its own virtualized network.
4. Efficient Traffic Flow: EVPN eliminates the need for broadcast flooding by learning MAC and IP information via BGP advertisements. This creates a more efficient fabric and improves overall network performance.
Conclusion
To recap, we’ve laid out the foundational architecture of a VXLAN EVPN data centre fabric, focusing on the Leaf-Spine topology, underlay and overlay design, and the importance of EVPN as a control plane.
No comments:
Post a Comment