Ethernet VPN (EVPN)-based VXLAN overview

Ethernet VPN (EVPN) is a standards-based BGP control plane to advertise MAC addresses, MAC and IP bindings, IP Prefixes, etc. The initial EVPN standard RFC 7432 defined the BGP EVPN control plane and specifies an MPLS data-plane. The control plane with an MPLS data plane was extended to consider additional data plane encapsulations models including VXLAN, NVGRE, and MPLS over GRE which is detailed in RFC 8365. This section focuses on EVPN and its operation with a VXLAN data plane for building overlay networks.

Static VXLAN uses flood and learn (or ingress replication) to learn the MACs of the remote host, which involves manual configurations of remote VTEPs in the flood list. MP-BGP EVPN is used to discover remote VTEPs and advertise MAC address and MAC/IP bindings in the VXLAN overlay, thus eliminating the flood and learn. MP-BGP supports a new EVPN Network Layer Reachability Information (NLRI) carried in BGP using Multiprotocol BGP Extensions with a newly defined Address Family Identifier (AFI) and Subsequent Address Family Identifier (SAFI). Route Distinguisher (RD) is a unique number prepended to the advertised address within the VRF, ensuring support for overlapping IP addresses and MACs across different tenants. Routes can be selectively imported and exported across VLANs/VRFs using a BGP extended community called Route Target (RT) that are advertised along with the EVPN routes.

Configuring static VTEPs is not supported when EVPN is enabled to learn VTEPs dynamically.

NSX/HSC and EVPN are mutually exclusive and should not be configured together.

Ethernet VPN (EVPN)-based VXLAN is supported on the 8325, 6300, and 6400 switches only.

For more details on BGP configurations, see Border Gateway Protocol (BGP).

For more details on VXLAN configurations, see the VXLAN Guide.