BGP EVPN Basic Principles

Introduction

Ethernet virtual private network (EVPN) is a VPN technology used for Layer 2 internetworking. EVPN is similar to BGP/MPLS IP VPN. EVPN defines a new type of BGP network layer reachability information (NLRI), called the EVPN NLRI. The EVPN NLRI defines new BGP EVPN routes to implement MAC address learning and advertisement between Layer 2 networks at different sites.

VXLAN does not provide the control plane, and VTEP discovery and host information (IP and MAC addresses, VNIs, and gateway VTEP IP address) learning are implemented by traffic flooding on the data plane, resulting in high traffic volumes on VXLAN networks. To address this problem, VXLAN uses EVPN as the control plane. EVPN allows VTEPs to exchange BGP EVPN routes to implement automatic VTEP discovery and host information advertisement, preventing unnecessary traffic flooding.

EVPN uses extended BGP and defines new BGP EVPN routes to transmit VTEP addresses and host information. As such, the application of EVPN on VXLANs moves VTEP discovery and host information learning from the data plane to the control plane.

BGP EVPN Routes

EVPN NLRI defines the following BGP EVPN route types applicable to the VXLAN control plane:

Type 2 route—MAC/IP route

The following figure shows the format of MAC/IP routes.

Figure 1 MAC/IP route

The following table describes the fields.

Field	Description
Route Distinguisher	RD value of an EVPN instance
Ethernet Segment Identifier	Unique ID for defining the connection between local and remote devices
Ethernet Tag ID	VLAN ID configured on the device
MAC Address Length	Length of the host MAC address carried in the route
MAC Address	Host MAC address carried in the route
IP Address Length	Mask length of the host IP address carried in the route
IP Address	Host IP address carried in the route
MPLS Label1	Layer 2 VNI carried in the route
MPLS Label2	Layer 3 VNI carried in the route

MAC/IP routes function as follows on the VXLAN control plane:

MAC address advertisement

To implement Layer 2 communication between intra-subnet hosts, the source and remote VTEPs must learn the MAC addresses of the hosts. The VTEPs function as BGP EVPN peers to exchange MAC/IP routes so that they can obtain the host MAC addresses. The MAC Address Length and MAC Address fields identify the MAC address of a host.
ARP advertisement

A MAC/IP route can carry both the MAC and IP addresses of a host, and therefore can be used to advertise ARP entries between VTEPs. The MAC Address and MAC Address Length fields identify the MAC address of the host, whereas the IP Address and IP Address Length fields identify the IP address of the host. This type of MAC/IP route is called the ARP route. ARP advertisement applies to the following scenarios:
1. ARP broadcast suppression. After a Layer 3 gateway learns the ARP entries of a host, it generates host information that contains the host IP and MAC addresses, Layer 2 VNI, and gateway's VTEP IP address. The Layer 3 gateway then transmits an ARP route carrying the host information to a Layer 2 gateway. When the Layer 2 gateway receives an ARP request, it checks whether it has the host information corresponding to the destination IP address of the packet. If such host information exists, the Layer 2 gateway replaces the broadcast MAC address in the ARP request with the destination unicast MAC address and unicasts the packet. This implementation suppresses ARP broadcast packets.
2. VM migration in distributed gateway scenarios. After a VM migrates from one gateway to another, the new gateway learns the ARP entry of the VM (after the VM sends gratuitous ARP packets) and generates host information that contains the host IP and MAC addresses, Layer 2 VNI, and gateway's VTEP IP address. The new gateway then transmits an ARP route carrying the host information to the original gateway. After the original gateway receives the ARP route, it detects a VM location change and triggers ARP probe. If ARP probe fails, the original gateway withdraws the ARP and host routes of the VM.
IP route advertisement

In distributed VXLAN gateway scenarios, to implement Layer 3 communication between inter-subnet hosts, the source and remote VTEPs that function as Layer 3 gateways must learn the host IP routes. The VTEPs function as BGP EVPN peers to exchange MAC/IP routes so that they can obtain the host IP routes. The IP Address Length and IP Address fields identify the destination address of the IP route. In addition, the MPLS Label2 field must carry the Layer 3 VNI. This type of MAC/IP route is called the integrated routing and bridging (IRB) route.

An ARP route carries host MAC and IP addresses and a Layer 2 VNI. An IRB route carries host MAC and IP addresses, a Layer 2 VNI, and a Layer 3 VNI. Therefore, IRB routes carry ARP routes and can be used to advertise IP routes as well as ARP entries.
ND entry flooding
A MAC/IP route can carry both the MAC address and IPv6 address of a host. Therefore, this type of route can be used to transmit ND entries between VTEPs, implementing ND entry advertisement. The MAC Address and MAC Address Length fields carried in a MAC/IP route indicate information about the host MAC address, and the IP Address and IP Address Length fields indicate information about the host IPv6 address. The MAC/IP route in this case is also called an ND route. ND entry flooding applies to the following scenarios:
- NS multicast suppression. After a VXLAN gateway collects information about a local IPv6 host, it generates an NS multicast suppression entry and floods the entry through a MAC/IP route. After receiving the MAC/IP route, other VXLAN gateways (BGP EVPN peers) each generate a local NS multicast suppression entry. In this manner, when a VXLAN gateway receives an NS message, it searches the local NS multicast suppression table. If an entry is hit, the VXLAN gateway directly performs multicast-to-unicast processing to reduce or suppress NS message flooding.
- IPv6 VM migration in a distributed gateway scenario. After an IPv6 VM is migrated from one gateway to another, the VM sends a gratuitous NA message. After receiving the message, the new gateway generates an ND entry and floods it to the original gateway through a MAC/IP route. After receiving the message, the original gateway detects that the location of the IPv6 VM changes and triggers NUD. When the original gateway cannot detect the IPv6 VM in the original location, it deletes its local ND entry and uses an MAC/IP route to instruct the new gateway to delete the old proxy ND entry for the IPv6 VM.
Host IPv6 route advertisement

In a distributed gateway scenario, to implement Layer 3 communication between hosts on different subnets, the VTEPs (functioning as Layer 3 gateways) must learn host IPv6 routes from each other. To achieve this, VTEPs as EVPN peers exchange MAC/IP routes to advertise host IPv6 routes to each other. The IP Address Length and IP Address fields carried in the MAC/IP routes indicate the destination addresses of host IPv6 routes, and the MPLS Label2 field must carry a Layer 3 VNI. MAC/IP routes in this case are also called IRBv6 routes.

An ND route carries the following valid information: host MAC address, host IPv6 address, and Layer 2 VNI. An IRBv6 route carries the following valid information: host MAC address, host IPv6 address, Layer 2 VNI, and Layer 3 VNI. It can be seen that an IRBv6 route includes information about an ND route and therefore can be used to advertise both a host IPv6 route and host ND entry.

Type 3 route—inclusive multicast route

An inclusive multicast route comprises a prefix and a PMSI attribute.

Figure 2 Format of an inclusive multicast route

The following table describes the fields.

Field	Description
Route Distinguisher	RD value of an EVPN instance
Ethernet Tag ID	VLAN ID The value is all 0s in this type of route.
IP Address Length	Mask length of the local VTEP's IP address carried in the route
Originating Router's IP Address	Local VTEP's IP address carried in the route
Flags	Flags indicating whether leaf node information is required for the tunnel This field is inapplicable in VXLAN scenarios.
Tunnel Type	Tunnel type carried in the route The value can only be 6, representing Ingress Replication in VXLAN scenarios. It is used for BUM packet forwarding.
MPLS Label	Layer 2 VNI carried in the route
Tunnel Identifier	Tunnel identifier carried in the route This field is the local VTEP's IP address in VXLAN scenarios.

This type of route is used on the VXLAN control plane for automatic VTEP discovery and dynamic VXLAN tunnel establishment. VTEPs that function as BGP EVPN peers exchange inclusive multicast routes to transfer Layer 2 VNIs and VTEPs' IP addresses. The Originating Router's IP Address field identifies the local VTEP's IP address; the MPLS Label field identifies a Layer 2 VNI. If the remote VTEP's IP address is reachable at Layer 3, a VXLAN tunnel to the remote VTEP is established. If the remote VNI is the same as the local VNI, an ingress replication list is created for subsequent BUM packet forwarding.

Type 5 route—IP prefix route

The following figure shows the format of IP prefix routes.

Figure 3 IP prefix route

The following table describes the fields.

Field	Description
Route Distinguisher	RD value of an EVPN instance
Ethernet Segment Identifier	Unique ID for defining the connection between local and remote devices
Ethernet Tag ID	VLAN ID configured on the device
IP Prefix Length	Length of the IP prefix carried in the route
IP Prefix	IP prefix carried in the route
GW IP Address	Default gateway address This field is inapplicable in VXLAN scenarios.
MPLS Label	Layer 3 VNI carried in the route

The IP Prefix Length and IP Prefix fields in an IP prefix route can identify a host IP address or network segment.

If the IP Prefix Length and IP Prefix fields in an IP prefix route identify a host IP address, the route is used for IP route advertisement in distributed VXLAN gateway scenarios, which functions the same as an IRB route on the VXLAN control plane.
If the IP Prefix Length and IP Prefix fields in an IP prefix route identify a network segment, the route allows external network access.