The world of data center networks is evolving at an ever-increasing pace. Businesses are being faced with the growing complexity of scaling data center fabrics, while also ensuring the isolation and security of customer data. Fundamental to this isolation of customer traffic is network virtualization, of which Cisco has been a constant innovator. Over the recent years, VXLAN with BGP EVPN has emerged as the de-facto industry standard for network virtualization.
For as long as networks and virtualized networks have existed, the manageability and observability of these fabrics, have been critical concerns for network operators.
Standardization across platforms and vendors is critical to enabling network operators to achieve these goals. SNMP and syslogs have been widely used to gather data, to monitor and manage network devices. However, SNMP lacks the ability to capture the fidelity of data that operators require. Syslogs are unstructured and while easily human readable, are not easily interpreted by automation and monitoring systems.
Besides being at the cutting edge of architecting network fabrics and network overlays, Cisco has also been an innovator in open and programmable networks. The open NX-OS philosophy began with the ability to run on-switch applications, natively in NX-OS or in the isolated Guestshell environment, later adding off-switch automation solutions such as Puppet and Ansible which have seen widespread adoption. More recently industry standard APIs, models, and transports such OpenConfig, NETCONF, RESTCONF, and gNMI have become a core part of the open NX-OS strategy.
These two areas that Cisco has long been an innovator in, namely network virtualization and open programmable interfaces, came together in the most recent enhancements to the OpenConfig models, which now support VXLAN EVPN and as part of our most recent NX-OS 10.3(1)F release. Cisco built these enhancements in conjunction with industry partners, to provide simplified monitoring and automation capabilities to our customers.
EVPN: A brief explainer
In the context of an EVPN overlay, an EVPN Instance (EVI) is a Virtual Private Network (VPN). With the Cisco NX-OS VLAN-based approach to EVPN, this results in a single broadcast domain per EVI, and with this VLAN-based approach, the tenant VLAN is mapped to a single EVI. With this 1:1 mapping, the single broadcast domain or tenant is represented by a VLAN or a VNI. The VLAN/VNI is associated with an EVI which provides the most granular control for importing routes.
What is OpenConfig?
OpenConfig is an informal working group of vendors and network operators collaborating together, to define declarative model-driven solutions for the management, monitoring and operation of networking devices. A core tenant of OpenConfig is focused on defining vendor-agnostic YANG models based to deliver a programmatic interface to achieve these goals.
EVPN with OpenConfig
Within the existing OpenConfig network-instances model, an EVI and associated constructs are now part of the existing network-instance/fdb hierarchy. The enhancements Cisco contributed to the l2rib container consists of a new container within the parent Forwarding Database (FDB) container. The L2RIB has 2 primary containers, the MAC table and the MAC-IP table as shown in Figure 1.
The MAC table represents the operational state for MAC address information, pertaining to each domain of the L2RIB. This consists of stateful leaves such as the MAC address, VLAN, EVI, and L2-VNI for a locally significant broadcast domain as well as the next hop data, such as an interface, or sub-interface.
The second container within the new L2RIB is the MAC-IP table, which consists of remote MACs learned via the control plane. Like the MAC table, it has stateful leaves such as MAC address, VLAN, EVI, and L2-VNI, but in addition, it also contains an L3-VNI and host-IP for the MAC-IP entries as shown below. This L3-VNI is used solely in the context of inter-subnet routing.
In addition to these enhancements within the L2RIB, there are also additional enhancements within the L2VPN container of the BGP Address Family Indicator/ Subsequent Address Family Indicator (AFI/SAFI) network instance, which together provide deep visibility into the overall state and routing of a Cisco NX-OS BGP EVPN fabric.
Better Together: NX-OS with OpenConfig
Cisco is excited to announce new capabilities within its VXLAN BGP EVPN solution with contributions to an opensource and industry standard solution such as OpenConfig. Cisco has a long-standing focus on industry standards and openness in mind. Together, Cisco NX-OS tied with these OpenConfig enhancements, provide deep visibility into both the routing and forwarding of an NX-OS VXLAN fabric and the applications that the fabric supports. These innovations and expanded capabilities are just the first set of results based on our contributions to OpenConfig. With many more exciting capabilities to come, I look forward to sharing them with you in my future blogs.
YANG Suite: https://developer.cisco.com/yangsuite/
Cisco NX-OS YANG Models: https://github.com/YangModels/yang/tree/main/vendor/cisco/nx/10.3-1