Category: Tags

ChatGPT trying (and failing) to explain EVPN

What Is EVPN?

Before going into the technical details, let’s start with the basics: What is EVPN, how does it work, and where can you use it?

• What Is EVPN?
• EVPN: The Great Unifying Theory of VPN Control Planes?
• EVPN Is More than VPLS on Steroids
• BGP, EVPN, VXLAN, or SRv6?
• Multivendor EVPN Just Works
• Why Are We Using EVPN Instead of SPB or TRILL?
• VXLAN Broadcast Domain Size Limitations
• Active-Active Data Centers with VXLAN and EVPN
• Comparing EVPN with Flood-and-Learn Fabrics
• Studying EVPN to Prepare for a Job Interview
• Is Dynamic MAC Learning Better Than EVPN?
• Dataplane MAC Learning with EVPN

EVPN Designs

EVPN was designed to be used in an IBGP environment on top of an IGP. With the eruption of EBGP as better IGP hype, many vendors tried to adapt EVPN to an environment running EBGP instead of OSPF. We covered some of the typical EVPN designs in these blog posts:

• BGP in EVPN-Based Data Center Fabrics
• Using EVPN in Very Small Data Center Fabrics
• Pragmatic EVPN Designs
• VXLAN Leaf-and-Spine Fabric
• IBGP Full Mesh Between Leaf Switches
• BGP Route Reflectors Considered Harmful
• Scaling IBGP with Route Reflectors
• EBGP Everywhere
• EVPN EBGP over IPv4 EBGP
• EVPN IBGP over IPv4 EBGP
• Layer-3 Inter-AS Option A
• Multi-Pod Fabrics
• Inter-AS Option C (IP-only WAN routers)

Other blog posts focus on various design details:

• BGP in EVPN-Based Data Center Fabrics (Updated)
• Scaling EVPN BGP Routing Designs
• Implications of Valley-Free Routing in Data Center Fabrics
• VXLAN and EVPN on Hypervisor Hosts
• When EVPN EBGP Session between Loopbacks Makes Sense
• BGP AS Numbers on MLAG Members
• EVPN/VXLAN or Bridged Data Center Fabric?
• Multi-Vendor EVPN Fabrics
• Layer-3 WAN Handoff (L3Out) in VXLAN/EVPN Fabrics
• VXLAN/EVPN Layer-3 Handoff (L3Out) on Arista EOS

Finally, several blog posts describe various EVPN VPN topologies:

• Simple EVPN/VXLAN Bridging
• Building Layer-3-Only EVPN Lab
• Layer-3-Only EVPN: Behind the Scenes
• Common Services VRF with EVPN Control Plane
• Hub-and-Spoke VPN Topology
• EVPN Hub-and-Spoke Layer-3 VPN

EVPN Implementation Details

There are tons of tiny little things that can go wrong when you try to deploy EVPN. I documented them as I stumbled upon them:

• EVPN Route Target Considerations in EBGP Environment
• Using 4-Byte BGP AS Numbers With EVPN on Junos
• Dissecting IBGP+EBGP Junos Configuration
• Private VLANs With VXLAN
• VMware NSX Killed My EVPN Fabric
• EVPN Route Targets, Route Distinguishers, and VXLAN Network IDs
• EVPN Auto-Rd and Duplicate MAC Addresses
• Next-Hop and VTEP Reachability in EVPN Networks
• Duplicate ARP Replies with Anycast Gateways
• More Arista EOS BGP Route Reflector Woes
• Using EVPN/VXLAN with MLAG Clusters
• DHCP Relaying in EVPN VRFs
• Silent Hosts in EVPN Fabrics
• Repost: Campus-Wide Wireless Roaming with EVPN
• Using Multiple Transit VNIs per EVPN VRF
• ARP Challenges in EVPN/VXLAN Symmetric IRB
• EVPN on Cisco IOS/XE: Configuration Notes
• EVPN IP-VRFs on Cisco IOS/XE: Configuration Notes
• The Tale of Two EVPN/MPLS Encapsulations

Troubleshooting EVPN

• Troubleshooting Multi-Pod EVPN: Overview
• Multi-Pod EVPN: Fixing Next Hops
• Multi-Pod EVPN: Route Targets
• Multi-Pod EVPN: Extended BGP Communities

Beyond VXLAN

While EVPN is often used with VXLAN today, it was designed to work with the MPLS data plane, resulting in a few quirks:

• EVPN With MPLS Data Plane in Data Centers
• Q-in-Q Support in Multi-Site EVPN
• EVPN/MPLS Bridging Forwarding Model
• EVPN VLAN-Aware Bundle Service
• Does EVPN/VXLAN over SD-WAN Make Sense?
• Per-Prefix and Per-VRF MPLS/VPN and EVPN Labels/VNIs

Getting Your Hands Dirty

I launched a series of free and open-source VXLAN/EVPN labs in late 2025; this is how far I got:

• Extend a Single VLAN Segment with VXLAN
• More Complex VXLAN Deployment Scenario
• VXLAN Bridging with EVPN Control Plane
• Routing Between VXLAN Segments
• More Complex EVPN/VXLAN Bridging Scenario
• Anycast Gateways on VXLAN Segments

EVPN Rants

Some vendors’ marketing engineers (or Senior Directors) can’t stand anyone telling them their implementation might be suboptimal, going to great lengths to prove to themselves they’re right, and generating beautiful fodder for rants.

• Don’t Sugarcoat the Challenges You Have
• The EVPN Dilemma
• The EVPN/EBGP Saga Continues
• EVPN Control Plane in Infrastructure Cloud Networking
• EVPN/VXLAN Complexity
• On the Viability of EVPN
• Multi-Vendor EVPN Fabrics
• LISP vs EVPN: Mobility in Campus Networks
• Dear Vendors, EVPN Route Attributes Matter

Videos

You can watch numerous videos from the EVPN Technical Deep Dive webinar without an ipSpace.net account:

• EVPN Multihoming Taxonomy and Overview
• EVPN Multihoming Deep Dive
• MLAG with EVPN
• vPC Fabric Peering with EVPN Multihoming
• Advantages and Drawbacks of EVPN-based Multihoming

What Others Wrote About EVPN

• EVPN in Data Center
• Arista EVPN-Based Automation Virtual Lab
• Switching to IP fabrics
• ARP Problems in EVPN
• EVPN/VXLAN with FRR on Linux Hosts
• Troubleshooting EVPN Control Plane
• Introduction of EVPN at DE-CIX

The netlab tool will help you be more proficient once you decide to drop GUI-based network simulators and build your labs using CLI and infrastructure-as-code principles.

You can also use netlab (potentially together with GitHub Codespaces) to build online, easy-to-consume, hands-on training solutions. I used that approach to build the BGP labs and IS-IS labs.

Software-Defined WAN (SD-WAN) is the second “software-defined” marketing attempt (after the original SDN) to dress a conglomerate of old technologies into shiny new clothes. Even Wikipedia article promotes some of the usual software-defined hype, quoting Network World claim that:

SD-WAN simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism. This concept is similar to how software-defined networking implements virtualization technology to improve data center management and operation.

Is It Real?

Want to know how real those claims are? Start the journey with this series of myth-busting blog posts:

• Software-Defined WAN:Well-Orchestrated Duct Tape? (2015)
• Routing Protocols and SD-WAN: Apples and Furbies (2015)
• Do Enterprises Need MPLS? (2016)
• Lack of Fast Convergence in SD-WAN Products (2018)
• Lock-In and SD-WAN: a Match Made in Heaven (2019)
• Impact of Controller Failures in Software-Defined Networks (2019)
• Fast Failover in SD-WAN Networks (2020)

Does SD-WAN make sense? Sure:

• Business Case for SD-WAN (2015)
• Reliability of SD-WAN and Hybrid WAN Solutions (2015)

Need More Details?

I covered the basics of SD-WAN in Choose the Optimal VPN Service and SDN Use Cases webinars.

Pradosh Mohapatra described the basics of SD-WAN and its typical components and architectures:

• What Is SD-WAN?
• SD-WAN Reference Design
• SD-WAN Backend Architecture
• SD-WAN CPE Architecture
• Security Aspects of SD-WAN

Want to know more about Cisco’s SD-WAN solution (formerly known as Viptela)? Enjoy David Peñaloza Seijas’ deep dive into its architecture and implementation details:

• Going Beneath the Cisco SD-WAN Surface
• Cisco SD-WAN Fundamentals and Definitions
• Cisco SD-WAN Solution Architecture and Components
• Cisco SD-WAN Routing Goodness
• Cisco SD-WAN Onboarding Process
• Cisco SD-WAN Policies and Centralized Magic
• Cisco SD-WAN Policies Review
• Cisco SD-WAN Routing Design
• Cisco SD-WAN Site Design
• Cisco SD-WAN Policy Design
• Automating netlab-Based Cisco SD-WAN Deployment

Real-Life SD-WAN

SD-WAN sounds great, but does it work as expected? Maybe not:

• SDN, SD-WAN and FCoE on Gartner Networking Hype Cycle (2015)
• SD-WAN Reality Gap (2019)
• Real-Life SD-WAN Experience (2019)
• Worth Reading: SD-WAN Scalability Challenges (2020)
• Feedback from Another SD-WAN Fan (2020)

Is it secure? Some products seem to be nothing more than a bunch of open-source component glued together with clueless Python code:

• Security Aspects of SD-WAN Solutions (2018)
• SD-WAN Security Under the Hood (2019)
• SD-WAN Security: A Product Liability Insurance Law Would Certainly Help (2020)
• Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface (2021)

Some service providers want to use SD-WAN to offer managed services. Not surprisingly, some people¹ don’t find that a good idea:

• SD-WAN: A Service Provider Perspective (2020)
• Managed SD-WAN Services (2022)
• Challenges of Managed SD-WAN Services (2022)

Then there are some technical details vendors love to gloss over:

• Does Unequal-Cost Multipathing Make Sense? (2021)
• Topology- and Congestion-Driven Load Balancing (2021)

Does it work within a public cloud? Yeah, sort of… with a few challenges:

• Azure Route Server: The Challenge (2021)
• Azure Route Server: Behind the Scenes (2021)

Want Even More?

Love marketing-related rants? Here are a few:

• Some Ridiculous SD-WAN Claims (2015)
• What Is Software-Defined Security? (2016)
• This Is Why I’m Not Doing SD-WAN Webinars (2016)
• The Ever-Increasing Complexity (2017)
• SD-WAN Vendor Landscape (2019)

Last, but definitely not least, you might enjoy these (more esoteric) solutions:

• DLSP – QoS-Aware Routing Protocol on Software Gone Wild (2015)
• Changing Cisco IOS BGP Policies Based on IP SLA Measurements (2019)
• Overlay Networking with Ouroboros on Software Gone Wild (2020)
• Scalable Policy Routing (2021)

Blog Posts I Forgot to Categorize

• Does EVPN/VXLAN over SD-WAN Make Sense?