EVPN Overview
An Ethernet VPN (EVPN) enables you to connect dispersed customer sites using a Layer 2 virtual bridge. As with other types of VPNs, an EVPN consists of customer edge (CE) devices (host, router, or switch) connected to provider edge (PE) routers. The PE routers can include an MPLS edge switch (MES) that acts at the edge of the MPLS infrastructure. Either an MX Series 5G Universal Routing Platform or a standalone switch can be configured to act as an MES. You can deploy multiple EVPNs within a service provider network, each providing network connectivity to a customer while ensuring that the traffic sharing on that network remains private. Figure 1 illustrates a typical EVPN deployment. Traffic from Data Center 1 is transported over the service provider’s network through MES1 to MES2 and then onto Data Center 2. DCS1, DCS2, DCS3, and DCS4 are the data center switches.
The MESs are interconnected within the service provider’s network using label-switched paths (LSPs). The MPLS infrastructure allows you to take advantage of the MPLS functionality provided by the Junos OS, including fast reroute, node and link protection, and standby secondary paths. For EVPNs, learning between MESs takes place in the control plane rather than in the data plane (as is the case with traditional network bridging). The control plane provides greater control over the learning process, allowing you to restrict which devices discover information about the network. You can also apply policies on the MESs, allowing you to carefully control how network information is distributed and processed. EVPNs utilize the BGP control plane infrastructure, providing greater scale and the ability to isolate groups of devices (hosts, servers, virtual machines, and so on) from each other.
The MESs attach an MPLS label to each MAC address learned from the CE devices. This label and MAC address combination is advertised to the other MESs in the control plane. Control plane learning enables load balancing and improves convergence times in the event of certain types of network failures. The learning process between the MESs and the CE devices is completed using the method best suited to each CE device (data plane learning, IEEE 802.1, LLDP, 802.1aq, and so on).
The policy attributes of an EVPN are similar to an IP VPN (for example, Layer 3 VPNs). Each EVPN routing instance requires that you configure a route distinguisher (RD) and one or more route targets (RTs). A CE device attaches to an EVPN routing instance on an MES through an Ethernet interface that might be configured for one or more VLANs.
The following features are available for EVPNs:
Ethernet connectivity between data centers spanning metropolitan area networks (MANs) and WANs
One VLAN for each MAC VPN
Automatic RDs
Dual-homed EVPN connection with active/standby multihoming
The following Juniper Networks devices support active/active multihoming:
Starting in Junos OS Releases 14.2R6 and 16.1R1, MX Series routers. It is not supported in Junos OS Release 15.1.
Starting in Junos OS Releases 16.1R4 and 16.2R2, EX9200 switches.
Ethernet VPN (EVPN) support, including EVPN-MPLS, EVPN + VXLAN, and PBB EVPN, has been extended to logical systems running only on MX devices. The same EVPN options and performance that are available in the default EVPN instance are available in a logical system. Configure EVPN on a logical system under the
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols evpn]
hierarchy.
The following feature is not supported for EVPNs:
Graceful restart, graceful Routing Engine switchover (GRES), and nonstop active routing (NSR) is not supported in releases prior to Junos OS Release 16.1.
EVPN MPLS Features Supported by QFX10000 Switches
Starting in Junos OS 17.4R1, QFX10000 switches support EVPN with MPLS as its data plane, as defined in RFC 7432. The following features are supported:
Layer 2 VLANs using the default-switch routing instance. An EVPN instance (EVI) is not supported.
EVPN MPLS mulithoming active-active support
VLAN-aware bundle service interface without translation (support is limited to 4K VLANs as only the default-switching instance is supported)
Ingress multicast replication
Mac mobility
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
evpn]
hierarchy.