Network Virtualization Convergence in Enterprise Campus
Campus networks are the backbone of enterprises providing connectivity to critical services and applications. Throughout time many of these networks were deployed with a variety of overlay technologies including technologies to accomplish the desired outcome. While these traditional overlay technologies accomplished the technical and business requirements, many of them lacked manageability and scalability introducing complexity into the network. The industry-standard BGP EVPN VXLAN is a converged overlay solution providing unified control-plane-based layer-2 extension and layer-3 segmentation over IP underlay. The purpose-built technology for Enterprise campus and datacenter addresses the well-known classic networking protocols challenges while providing L2/L3 network services with greater flexibility, mobility, and scalability.
Legacy Layer 2 Overlay Networks Departure
Enterprise campus networks have historically been deployed with several types of Layer 2 overlay network extensions as products and technologies evolved. Classic data-plane based Layer 2 extended networks built upon a flood-n-learn basis can be significantly simplified, scaled, and optimized when migrating away to next-generation BGP EVPN VXLAN solution:
- STP – Enterprise campus networks have operated spanning-tree protocol (STP) since its inception. Several enhancements and alternatives have been developed to simplify and optimize STP complexity, however, it continued to be challenging. The BGP EVPN VXLAN replaces STP with an L2 overlay enabling new possibilities to IT including controlling flood-domain size, suppressing redundant ARP/ND network traffic
,and seamless mobility while retaining the original IPv4/v6 address plan when transitioning from Distribution switch or centralized firewall gateway running over STP network. - 802.1ad – The IEEE 802.3ad (QinQ) is a common multi-tenant Layer 2 network solution. The dual-stack IEEE 802.1Q header tunnels individual tenant VLANs over limited and managed core VLANs to assist in reducing the bridging domain and overlapping tenant VLAN IDs across the core network. BGP EVPN VXLAN enables the opportunity to transform the Layer 2 backbone network with a simplified IP transport utilizing VXLAN and continue to bridge single or dual-stack IEEE 802.1Q VLAN across the fabric.
- L2TPv3 – Layer 2 Protocol Tunnel version 3 (L2TPv3) provides simple point-to-point L2 overlay extension solution over an IP core between statically paired remote network devices. Such flood-n-learn based Layer 2 overlay networks can be migrated to BGP EVPN VXLAN providing far advanced and flexible Layer 2 extension solutions across an IP core network.
- VPWS/VPLS – The standards ratified several Layer 2 network extensions as the industry evolved towards high-speed Metro-Ethernet networking across MAN/WAN. The Enterprise networks quickly evolve adopting Ethernet over MPLS (EoMPLS) or Virtual Private LAN Service (VPLS) solution operating over IP/MPLS based backbone. The Enterprise network can be simplified, optimized, and resilient with BGP EVPN VXLAN supporting flexible Layer 2 overlay topologies with control-plane based Layer 2 extensions that assist in improving end-to-end network performance and user experience.
Traditional Layer 3 Overlays Convergence
Like Layer 2 extended networks, segmented Layer 3 networks can be deployed with various overlay technologies. The parallel running protocol set with each supporting either routing or bridging may add complexity as network growth and demands expand linearly. As BGP EVPN VXLAN converges routing and bridging capabilities it assists in reducing control-plane and operational tasks resulting in simplicity, scale, and resiliency.
- Multi-VRF – A simple hop-by-hop Layer 3 virtual network segmenting Layer 3 physical interface into logical IEEE 802.Q VLAN for each virtual network small to mid-size network environments. As segmentation requirements increase, IT operational challenges and control-plane overhead to manage Multi-VRF also increase. The BGP EVPN leverages IP VRF to dynamically build a segmented routed network environment and with VXLAN the data-plane segmentation is managed at the network edge enabling simplified underlay IP core and scalable Layer 3 overlay routed network solution.
- GRE – An ideal solution for building overlay networks across IP networks without implementing hop-by-hop in the underlay network. The GRE-based overlay solution supports limited point-to-point or point-to-multipoint topologies. Following similar principles, the BGP EVPN VXLAN can simplify the network with a single control plane, dynamically build VXLAN tunnels, and supports flexible overlay routing topologies. The ECMP based underlay and overlay networks support best-in-class resiliency for mission-critical networks.
- MPLS VPN – The MP-BGP capabilities have been widely adopted in large Enterprises addressing network segmentation across self-managed IP/MPLS managed networks. The well-proven and scalable MPLS VPN in Enterprise overcomes several alternative technologies challenges using shim-layer label switching solution. The MPLS VPN enabled Enterprise networks can extend existing MP-BGP designs and transition VPNv4/VPNv6 to new L2VPN EVPN address-family supporting seamless migration. The edge-to-edge VXLAN data-plane can converge MPLS VPNs, mVPN, and VPLS overlay into a single unified control plane and enable enhanced integrated routing and bridging function. It further assists in greatly simplifying IP core network without MPLS LDP protocol dependencies across the paths.
Cisco Catalyst 9000 – Seamless and Flexible BGP EVPN VXLAN Transition
Transitioning from classic products and technologies has never been an easier task, especially when mission-critical downtime is practically impossible. The Cisco Catalyst 9000 combined with 30+ years of software innovation with the industry’s most sophisticated network operating system Cisco IOS-XE® provides great levels of flexibility to seamlessly adapt BGP EVPN VXLAN for Enterprise customers as part of an existing operation or planning to begin a new networking journey while maintaining full-backward compatibility with classic products and overlays networks supporting non-stop business communications.
The end-to-end network and rich feature integration can be enabled independent of how underlying network infrastructure is built as illustrated above.
Layer 3 Access | Cisco StackWise Virtual | ESI Layer 2 Multihome | |
---|---|---|---|
Leaf Layer | Access | Distribution | Distribution |
Spine Layer | Core or other | ||
Border Layer | Data Center ACI, WAN, DMZ or more | ||
Overlay Network Type Support | Layer 3 Routed, Distributed AnyCast Gateway (Symmetric IRB), Centralized Gateway (Asymmetric IRB) Layer 2 Cross-Connect |
||
Overlay Unicast Support | IPv4 and IPv6 Unicast | ||
Overlay Multicast Support | IPv4 and IPv6 – Tenant Routed Multicast | ||
Wireless Network Integration | Local Mode – Central Switching FlexConnect Mode – Central and Distributed Local Switching |
||
Data Center Integration | BGP EVPN VXLAN – Common EN/DC Fabric Cisco ACI – Nexus 9000 Border Layer 3 Handoff |
||
Multi-site EVPN Domain | Campus Catalyst 9000 switches extending fabric with Nexus 9000 Multi-site Border Gateway integration | ||
External Domain Handoff | L2: Untag, 802.1Q, 802.1ad, EoMPLS, VPLS L3: Multi-VRF, MPLS VPN, SD-WAN, GRE |
||
Data Plane load sharing | L3: ECMP | L2: Per flow Port-Channel Hash L3: ECMP Multicast:S, G + Next Hop |
L2: Per Port-VLAN Load Balancing L3: EMCP Multicast: S, G + Next Hop |
System Resiliency | Cisco StackWise-1T Cisco StackWise-480 Cisco StackPower Fast Reload Stateful Switchover (SSO) Ext. Fast Software Upgrade In-Service Software Upgrade (ISSU) |
Cisco StackWise Virtual Stateful Switchover (SSO) In-Service Software Upgrade (ISSU) |
Stateful Switchover (SSO) In-Service Software Upgrade (ISSU) |
Network Resiliency | BFD (Single/Multi-Hop) Graceful Restart Graceful Insertion |
L2: EtherChannel, UDLD, etc. BFD (Single/Multi-Hop) Graceful Restart Graceful Insertion |
L2: UDLD, etc. BFD (Single/Multi-Hop) Graceful Restart Graceful Insertion |
Scalable Architecture Matters
IT organizations adopting the BGP EVPN VXLAN solution must consider how to scale multi-dimensionally when building large-scale fabrics. This demands call-to-action to design the right architecture based on proven principles in the networking world. Regardless of physical or virtual networking, it shall be designed with an appropriate level of hierarchy to support the best-in-class scalable solution supporting a large enterprise network. The smaller fault domains and condensed network topologies in core-layer enable resilient networks are well-known benefits of hierarchical networking.
As the number of EVPN leaf nodes increases overlay prefixes and the blast radius in the network grows. The network architects shall consider building a structured Multi-Site overlay networking solution allowing Enterprise campus to grow by dividing fabric domains in different boundaries and using fabric border gateways to interconnect all together.
Stay tuned we’ll share more thoughts on how Cisco Catalyst 9000 and Nexus 9000 can bring next-generation BGP EVPN VXLAN with Multi-site solutions. And as always, if you are already on the journey to design and build a scalable end-to-end BGP EVPN VXLAN campus network, then simply reach out to your Cisco sales team to partner with you and enable the vision.
Learn more about the Cisco Catalyst 9000 Switch Family
Additional Resources:
Cisco IOS XE BGP EVPN VXLAN Software Guide
Automate BGP EVPN VXLAN using Ansible Playbook
Choosing the Best Overlay Routing Architecture for EVPN
CONNECT WITH US