Enterprise Cloud and Transformation
DmitriK , New User
Enterprise Cloud and Transformation
EVPN: A Path to Migration
May 14, 2019

The Need for Infrastructure Change

Modern enterprises participating in the Application Economy compete with one another through the capabilities of their business applications—mobile and web-based, business to consumer and business to business. The rapid pace of innovation and deployment in the application economy puts pressure on IT infrastructure teams because they are expected to keep pace with the needs of developers creating and iteratively updating these applications driven by customers’ needs.


Back in the day, IT operations were looking after the applications that were deployed and updated perhaps once a year. This cadence worked well paired with a project-based approach, where all needs of an installation or upgrade were considered, planned and implemented over several weeks or months.


This approach does not work when an application, that IT operations are still expected to keep available, performant and secure, needs to be updated much more often - in some cases several times a day!


The nature of modern applications and their agile development process often call for on-demand expansion and decommissioning of capacity to the compute platforms that support them or whole new instances of these platforms, driven by the dev/test pipeline. This means automatically creating a full set of underlying networking connectivity services that the application platform needs.


This is where EVPN comes in: to provide underlying networking services for application platforms themselves and connecting those platforms to one another and to networks where applications’ users are.

What is EVPN?

EVPN stands for “Ethernet VPN”, or “Ethernet Virtual Private Network”. It is a set of standards that define how one or more network devices, such as data center switches, can support a large number of Virtual Private Networks (VPNs) as an overlay over a data underlay network. Each VPN can be one of several possible flavors of L2 or L3, operating completely independently of any other VPNs sharing the same physical network devices. EVPN can operate on top of either MPLS or just plain IP networks, which makes it possible to use inside the DC, WAN and Campus networks.

Why do I need Network Virtualization?

In context of this discussion, the main benefit of virtualized L2 or L3 network connectivity services, enabled by EVPN, is the ability to separate operational concerns. This allows IT operations to set itself up as an internal Service Provider (SP), supplying its business customers with a set of standardized network connectivity options designed to match the needs of common use cases, operating those services to their SLA and technical specifications.


In this mode, IT ops looks after the “transport” infrastructure comprised of the physical devices and links, and lets its customers provision virtual networking connectivity services on top.


This arrangement delivers the following benefits which are tightly aligned with the business needs of agility, availability and security:


  • Predictability: business users know exactly what they will get, since all standard services have strict definitions. This helps during application planning and design phases.
  • Fungibility: when a business user requests a standard service, they always get the same outcome. This helps with building modular, repeatable application architectures.
  • Isolation: due to virtual nature of connectivity services, whatever happens inside one such service does not impact others that run on top of the same transport. This helps improve security posture and application availability.
  • Supportability: a standardized service means standardized monitoring, troubleshooting, and recovery procedures, all with high degree of automatability. This translates to increased service availability, supporting that of the applications that use it.
  • Easily Consumable: standardized services are natural fit for self-service consumption models because of inherently lower risk associated with their change cycle due to their isolated nature. This greatly reduces the service lead times, otherwise impacted by change approval process, and plays hand in hand with the practices of Continuous Integration/Continuous Delivery.


Even in cases where the “customer” is the IT infrastructure team itself, such as when using EVPN services for DC interconnect, or to provide segmented access in Campus, the benefits above still apply.


Last but not least, shifting to standardized services can decrease operational load on IT infrastructure teams, enabling them to engage with the application developers. Networking and security expertise that IT infra team brings to the table can add significant benefits through applications that are designed for better availability, resiliency and security from the start.

What’s so special about EVPN?

No need for MPLS (and licenses)

The VPN flavors appropriate for use in the Enterprise DC, namely multipoint to multipoint L3 and L2, traditionally required use of MPLS, which limited their adoption in the DC. EVPN addresses this through the use of VXLAN.


With EVPN VXLAN it is now possible to create isolated, ubiquitous, secure L2 and L3 network connectivity services on top of simple, highly robust and scalable L3 leaf-and-spine architectures. In the business sense, removing the need for MPLS can provide significant savings both in CAPEX through cheaper networking software licenses and OPEX through reduced operational complexity associated with running MPLS networks.


Learn more here: Understanding EVPN with VXLAN Data Plane Encapsulation

Reduced complexity through a unified protocol

As we mentioned earlier, EVPN can support all types of L2 (Ethernet) and L3 (IPv4 and IPv6) VPNs at high scale. This makes it a very good overall match to Enterprise’s needs, which range from application platforms’ connectivity inside the DC, to DC interconnect, to Enterprise WAN and Campus.


Consolidating on one protocol across most use cases reduces overall complexity in networking infrastructure. This in turn makes it easier to train the IT ops staff, streamlines support processes and ultimately provides higher networking service and business application availability.

Better resource utilization

EVPN is designed for of Broadcast, Unknown Unicast and Multicast (BUM) traffic and includes ARP suppression. This saves the networking capacity and eliminates unnecessary “network noise” that would otherwise skew the operational telemetry and serve as distraction during troubleshooting. Removal of such noise helps improve service availability through potentially quicker fault resolution.


Additionally, EVPN can send data over multiple available equal paths to the same destination, a common case in modern DC fabric architectures. This means no idle paths in the network fabric, in contrast to some of the older technologies that require use of loop prevention protocols that lead to certain amounts of stranded capacity.

Advanced multi-homing for better service availability

In many cases devices such as servers, non-EVPN switches and routers and other hardware appliances need more than one connection to the network. This is done for variety of reasons, most commonly to increase the capacity, provide connectivity redundancy or both.


EVPN was designed with a range of improvements over older technologies, bringing support for more flexible connection topologies and improving failure recovery speed. The result is more efficient use of resources through elimination of standby links and removal of the need for Multi-chassis LAG protocols, leading to better ROI and higher service availability.

Where do I begin?

Depending on the IT organization’s needs, operational readiness and current projects, an EVPN-based solution can be introduced in a number of ways, ranging from a pair of devices to a full-blown leaf-and-spine DC fabric.


Closer to the lower end of this spectrum, there is the option of introducing 2-4 EVPN-capable devices interconnected to form a ring topology. This EVPN “island” would then serve as a “core” that provides L2 and/or L3 connectivity services between its ports.


Typically this new “core” would be built next to an existing two-tier DC fabric that requires either more capacity or better flexibility. Old leaf nodes are then migrated from old network topology to the EVPN, as shown in the following diagram:





This approach allows gradual introduction of EVPN technology into an existing infrastructure stack, giving IT networking operations opportunity to build up the necessary skills and practices.


Once the team is comfortable with the technology, they can proceed to building service-based offerings with lifecycle automation and iterate on that to an eventual full self-service capability.


Companies competing in the Application Economy achieve success through two key factors: focus on their customers’ needs and agility of their application development process in reacting to those needs before competitors.


Evolution of IT infrastructure’s capabilities to support such agile processes does not happen overnight. Juniper Networks has developed the 5-step migration framework, designed to help organizations orient themselves and chart their path to the future. Network connectivity virtualization solutions based on EVPN are one of the fundamental enablers of this migration and should be considered early in the process.


For more information on EVPN, please watch the Get Smart: EVPN series on SDxCentral or read the corresponding blogs:


Givers vs. Takers: Separating the Leaders from the Followers in Networking

EVPN and the Future of Data Centers

When Operations Drive Architecture-- A Missive on EVPN



Top Kudoed Members