Category: WAN
Leaf-and-Spine VXLAN/EVPN Fabric in WAN Networks
Have encountered edge fabrics that use leaf-and-spine with VXLAN/EVPN? For DC fabric we used leaf and spine, but for the edge fabrics (branches, internet, 3rd party connection, and cloud direct connect) leafs will connect to CE-routers.
On our old DC edge fabric traditionally uses core-dist, but the old DC is not multi-tenant. The edge fabric and DC fabric then will be connected through border leafs, so the DC fabric border meets border edge.
Initial Answer
Yes, I’ve seen people using VXLAN in WAN, either with static ingress replication or EVPN. You can also use EVPN with MPLS transport.
People are also extending L2 networks between data centers with VXLAN/EVPN (not necessarily a good idea, but let’s not go there). If you want to do that then it doesn’t hurt if your switches can do VXLAN-to-VXLAN bridging.
Finally, EVPN is probably mature enough to use as a pure L3VPN solution (I would run some tests first), so you could use it to build WAN multitenancy. However, you might have to figure out how to go from L2+L3 EVPN in the data center to L3-only WAN EVPN. Never tried to set that up.
Redundant VXLAN-based Data Center Interconnect
How would you implement redundant VXLAN-based Data Center Interconnect (two DCs connected via 2 links terminated by 2 VTEPs in each location).
Could you do it without EVPN-type dual homing? Some vendors are proposing VXLAN+MLAG, but MLAG is a bad kludge prone to bugs (as per your comments). Would you use VXLAN + STP?
Selecting Data Center Edge Devices
What device/technology would you select for a multi-tenant DC edge? In Cisco terms:
- Use n9k (non aci) as circuit aggr + L3 border –> connect by mpls-sr to leaf spine fabric or just integrated? (Border leaf)
- Use ASR routers (full netflow capabilities) as L3 border –> connect by mpls-sr to leaf spine fabric
Data Center Internet Edge Design
I’d be interested in seeing a updated/modernized DC internet edge design session, including some of the following topics:
- Carrier path selection and failover (AS-path based, performance/quality based, etc.)
- Path visibility (Tools like ThousandEyes, et al.)
- Public IP mobility and failover between DC’s (BGP strategy, iBGP topology and transport)
- Designing and building backbone connectivity between INET edges @ both DC’s (shared vs dedicated transport, routed vs. stretched segments, etc.)
- DDoS mitigation (BGP, DNS-based techniques, etc.)
- Impacts of IPv6 on all above topics (Design, hardware resources, platform selection, etc.)