EVPN over VXLAN
Ethernet VPN (RFC 7432) running on a VXLAN data plane (RFC 7348) — the current standard for multi-tenant DC fabric overlays, DCI, and large-scale L2VPN on open hardware.
EVPN-VXLAN Fabric
A two-spine, three-leaf fabric with VXLAN tunnels between leaf VTEPs. The right-most leaf pair is bonded into one ESI for all-active multi-homing to a dual-attached CE.
What EVPN-VXLAN Is
EVPN (RFC 7432) is a BGP address family (L2VPN EVPN, AFI 25, SAFI 70) that carries MAC and IP reachability information using a set of route types. Originally designed for MPLS transport, EVPN was extended to VXLAN in RFC 8365, making it the dominant control plane for modern DC fabric overlays.
VXLAN (RFC 7348) encapsulates L2 frames in a UDP/IP header, enabling L2 domain extension across L3 infrastructure. VTEPs (VXLAN Tunnel End Points) originate and terminate encapsulation. With EVPN as the control plane, VTEP discovery and MAC distribution are handled through BGP rather than data-plane flooding, eliminating the scale issues of legacy VXLAN deployments.
EVPN Type-2 routes carry MAC/IP bindings for host reachability within a VNI. Type-5 routes carry IP prefixes for inter-subnet and external routing — this is the key mechanism for data center interconnect (DCI) across VXLAN domains, defined in RFC 9135.
Multi-homing and IRB
EVPN All-Active multi-homing (RFC 7432 §8) allows a CE device to connect to multiple PEs simultaneously with load sharing. Designated Forwarder (DF) election prevents BUM traffic duplication. Integrated Routing and Bridging (IRB) on the leaf nodes enables L3 gateway functionality at the access layer — traffic is routed locally at the first-hop VTEP, eliminating unnecessary hairpinning through a central gateway.
OcNOS Implementation
OcNOS-DC implements EVPN-VXLAN on Broadcom Trident 3/4 and Tomahawk 2–5 platforms. OcNOS-SP adds DCI support on Qumran-class hardware.
EVPN Route Types
Type-2 (MAC/IP), Type-3 (Inclusive Multicast), Type-4 (ES), Type-5 (IP Prefix). Selective multi-homing per EVI. Per-VNI route target import/export policy.
Multi-homing
All-Active and Single-Active multi-homing. LACP-based ESI auto-derivation. DF election per RFC 8584. Mass withdrawal on upstream failure.
IRB / Anycast GW
Symmetric and asymmetric IRB modes. Distributed anycast gateway — same MAC/IP on all leaf VTEPs. GARP suppression. ARP/ND proxy at the leaf.
VXLAN Data Plane
Hardware-offloaded VTEP encap/decap. Inner L2 and L3 lookup at line rate. ECMP across multiple VTEPs. UDP source port entropy for spine load distribution.
DCI — Type-5
RFC 9135 Type-5 IP prefix routes for inter-DC routing. EVPN gateway function with route leaking between L3VNIs. Supports stretched L2 and routed DCI modes.
BFD Integration
BFD for VTEP reachability detection. BGP BFD for fast peer failure. Sub-second convergence triggering EVPN withdraw and re-advertisement.
QoS — PFC/DCB
DSCP remarking inside VXLAN tunnel. PFC propagation for lossless storage and RoCEv2 traffic across VXLAN fabric. Per-VNI QoS policy support.
OpenConfig Telemetry
EVPN BGP RIB streaming via gNMI. Per-VNI MAC/IP count and VTEP utilization. OpenConfig L2VPN EVPN YANG model (OC 3.x).
OcNOS-Validated Hardware
For reference only. The platforms below are a representative subset of EVPN-VXLAN-validated hardware. The complete, current list of qualified platforms — with ASIC, port density, and version coverage — is maintained in the OcNOS Hardware Compatibility List.