With the rapid growth of cloud computing and virtualization, traditional enterprise networks are showing limitations in scalability, flexibility, and reliability. To overcome these challenges, overlay networks emerged, allowing logical networks to be built over physical infrastructure.
Among these technologies, VXLAN (Virtual Extensible LAN) has become widely adopted for its scalability and isolation. However, VXLAN alone lacks a proper control plane, relying instead on inefficient flood-and-learn behavior. This is why EVPN (Ethernet VPN) is essential—it provides the intelligence VXLAN needs for modern data centers.
Traditional Enterprise Network Design #
Historically, many enterprise networks have used a three-tier architecture: access, aggregation, and core. Smaller sites sometimes simplify this into a two-tier design. While functional, these networks face challenges:
- Not all links forward traffic due to Spanning Tree Protocol (STP).
- Lack of Equal-Cost Multi-Path (ECMP).
- Bridging loops remain a risk.
- STP design requires BPDU Guard, Root Guard, and PortFast.
- Convergence can be slow.
- VLAN and STP scalability limits.
- Redundancy depends on FHRP protocols like HSRP/VRRP.
- Troubleshooting is complex.
Some links are L2 (red) while others are L3 (green). The result: blocked paths and wasted bandwidth.
In the above topology, DS01 is the root bridge, which forces the link to DS02 into a blocking state. With classic 802.1D STP, convergence could take 30–50 seconds, while 802.1w Rapid STP improves this to sub-second. Still, for large-scale data centers, this is not enough.
The Rise of VXLAN #
VXLAN, defined in RFC 7348 (2014), was designed to solve scalability and multi-tenancy challenges in modern data centers.
Key VXLAN benefits:
- Scalability: 24-bit VNI field supports up to 16 million logical networks (vs. only 4096 VLANs).
- ECMP and fast convergence: Works over a fully routed L3 underlay, eliminating STP limitations.
- Multi-tenancy support: Enables logical tenant isolation at scale.
In this leaf-spine VXLAN design, all links are active L3 paths. Routing protocols such as OSPF or IS-IS typically provide connectivity between VTEPs (VXLAN Tunnel Endpoints).
VXLAN Encapsulation Overhead #
VXLAN encapsulates Ethernet frames inside UDP packets, adding 50–54 bytes of overhead.
- VXLAN header includes the VNI for tenant identification.
- The original 802.1Q tag is often stripped.
- A new CRC is computed.
- UDP header adds entropy for ECMP.
- Outer IP header defines source/destination VTEPs.
- Ethernet header enables hop-by-hop forwarding.
VXLAN Limitation Without EVPN #
Without EVPN, VXLAN relies on flood-and-learn—unknown MACs are flooded across the network. This wastes bandwidth and complicates operations. Enter EVPN.
The Introduction of EVPN #
EVPN (Ethernet VPN) is a BGP-based control plane designed to complement VXLAN. Instead of relying on flooding, EVPN allows VTEPs to exchange information using BGP EVPN routes.
Advantages of VXLAN with EVPN:
- Secure VTEP discovery via BGP messages.
- Efficient MAC/IP distribution without flooding.
- ARP suppression to reduce broadcast traffic.
- Control-plane intelligence for scalability.
Common EVPN Route Types #
Examples include:
- Type 2: MAC/IP Advertisement Route.
- Type 3: Inclusive Multicast Ethernet Tag Route.
- Type 5: IP Prefix Route.
By distributing MAC and IP information through BGP, EVPN eliminates the need for VXLAN’s inefficient flood-and-learn.
Conclusion #
Traditional three-tier enterprise networks are limited in scalability and convergence. VXLAN addresses many of these issues with overlay networking, but without a control plane, it still falls short.
By integrating VXLAN with EVPN, enterprises gain:
- Scalable multi-tenant overlays
- Fast convergence with ECMP
- Reduced broadcast traffic
- Better security and automation
For modern data centers, VXLAN + EVPN is the de-facto standard architecture—delivering scalability, flexibility, and resilience for cloud-scale environments.