Category: EVPN

Have encountered edge fabrics that use leaf-and-spine with VXLAN/EVPN? For DC fabric we used leaf and spine, but for the edge fabrics (branches, internet, 3rd party connection, and cloud direct connect) leafs will connect to CE-routers.

On our old DC edge fabric traditionally uses core-dist, but the old DC is not multi-tenant. The edge fabric and DC fabric then will be connected through border leafs, so the DC fabric border meets border edge.

Initial Answer

Yes, I’ve seen people using VXLAN in WAN, either with static ingress replication or EVPN. You can also use EVPN with MPLS transport.

People are also extending L2 networks between data centers with VXLAN/EVPN (not necessarily a good idea, but let’s not go there). If you want to do that then it doesn’t hurt if your switches can do VXLAN-to-VXLAN bridging.

Finally, EVPN is probably mature enough to use as a pure L3VPN solution (I would run some tests first), so you could use it to build WAN multitenancy. However, you might have to figure out how to go from L2+L3 EVPN in the data center to L3-only WAN EVPN. Never tried to set that up.

Topology: regional/metro VXLAN EVPN fabric across multiple small branch offices and a regional hub with SD-WAN at all sites, with local direct Internet/Cloud traffic breakout at SD-WAN.

Expected traffic flow: internal traffic over VXLAN/EVPN over SD-WAN with local direct Internet/Cloud access at each branch. Additionally, the VTEP function is on the access switches at each location.

Can we use VXLAN with EVPN to implement a data center interconnect (DCI) between two data centers? Can we use it to reduce the failover time to below 50 msec?

We are running a multi-tenant DC network, spanning 3 sites. The network has three layers (per site): DC-LAN, DC-EDGE and DC-WAN-CORE. DC-EDGE is used for connecting all incoming circuits (internet, all sorts of wan connections). DC-LAN is used for connecting workloads. DC-WAN-CORE connects 3 sites together.

Right now, we are using MPLS-L3VPNs between DC-LAN, DC-EDGE and DC-WAN-CORE. DC-LAN (L2 part) is a traditional network with VPC and OTV.

We want to move to VXLAN/BGP-EVPN for DC-LAN. But what to do with DC-EDGE and DC-WAN-CORE? Still use MPLS (but with SR instead of LDP) or also use VXLAN/BGP-EVPN? In the last option, we could use (Cisco) N9k only boxes. In the first option, we could also use only N9k boxes, but then using real routers in the DC-EDGE makes more sense to have more routing capabilities and insights at the border of your network.