VyOS
Contact UsContact Support

EVPN + VxLAN

EVPN-VXLAN is a modern network overlay technology that combines Ethernet VPN (EVPN) with Virtual Extensible LAN (VXLAN) to deliver scalable, flexible, and efficient Layer 2 and Layer 3 connectivity across data centers and cloud environments. It’s the foundation for building next-generation data center fabrics, enabling seamless multi-tenancy, workload mobility, and network segmentation across large-scale infrastructures.

By decoupling the physical network from the logical topology, EVPN-VXLAN allows operators to design agile, programmable, and highly resilient architectures that are ideal for cloud-native applications, virtualization, and hybrid cloud deployments.

Key Benefits of EVPN-VxLAN

  • Quickly scale to improve performance with proximity to customers in growing metros.

    Scalability

    Supports massive growth in tenants and endpoints using VXLAN’s 24-bit VNIs, far exceeding traditional VLAN limits.

  • NAT

    Multi-Tenancy

    Isolates traffic for different customers or applications, ensuring secure segmentation in shared infrastructures.

  • Layer 2 and Layer 3 Connectivity

    Offers integrated support for both L2 bridging and L3 routing services across distributed environments.

  • Efficient MAC Learning

    Enables seamless VM or container mobility across data centers without breaking network sessions.

  • wave

    Mobility and Flexibility

    Enables seamless VM or container mobility across data centers without breaking network sessions.

  • check-box

    Resilient and Redundant

    Supports active-active multihoming and fast convergence for high availability.

How EVPN-VxLAN Works

EVPN-VXLAN overlays a virtual network on top of an IP-based underlay. VXLAN encapsulates Ethernet frames into UDP packets, enabling Layer 2 networks to be extended over Layer 3 infrastructures. Each VXLAN segment is identified by a VXLAN Network Identifier (VNI), allowing isolation between tenants or services.

The EVPN control plane, based on BGP, distributes MAC address and IP-to-MAC mapping information between network devices (usually called VXLAN Tunnel Endpoints or VTEPs). This eliminates the need for traditional flooding and learning methods, making the network more efficient and deterministic.

VTEPs encapsulate and de-encapsulate VXLAN traffic, ensuring traffic is sent only to the intended recipients. With EVPN, the network can support advanced features like IRB (Integrated Routing and Bridging), ARP suppression, and active-active multihoming, bringing cloud-scale networking capabilities to enterprise and service provider environments.

EVPN-VxLAN for Enterprise Campus

Benefits of EVPN-VxLAN for Enterprise Campus

Implementing EVPN-VxLAN in an enterprise campus transforms the traditional network architecture into a modern, scalable, and service-oriented fabric. It brings cloud-scale technologies to the campus, enabling agility, automation, and operational efficiency. Here's how enterprises benefit:

  • Unified Layer 2/Layer 3 Fabric

    EVPN-VXLAN enables a consistent, scalable Layer 2 and Layer 3 fabric across the entire campus. It simplifies network segmentation and routing, allowing seamless communication between users, devices, and applications, regardless of their physical location.

  • Secure Network Segmentation

    Through the use of VXLAN Network Identifiers (VNIs) and EVPN route types, enterprises can create isolated segments (micro-segmentation) for departments, applications, or user roles—enhancing security and reducing the attack surface.

  • Scalability and Flexibility

    VXLAN overcomes VLAN scalability limitations, supporting thousands of segments across the campus. This enables future growth and simplifies integration with data center and cloud environments.

  • Seamless User and Device Mobility

    EVPN-VXLAN supports consistent policies and connectivity for roaming users and devices across different access switches and campus buildings, thanks to distributed gateways and integrated Layer 3 routing.

  • High Availability and Fast Convergence

    With active-active multihoming, control-plane-based MAC learning, and loop-free topologies, EVPN-VXLAN delivers resilient connectivity and faster convergence during network changes or failures.

  • Network Automation and Operational Simplicity

    EVPN-VXLAN aligns with modern automation frameworks (e.g., NetConf, Ansible, Terraform), allowing enterprises to deploy and manage campus networks with greater speed, accuracy, and visibility.

  • Cloud and SDN Integration

    By adopting EVPN-VXLAN, enterprises build a campus network that is cloud-ready and compatible with software-defined networking (SDN), paving the way for future integrations with hybrid or multi-cloud strategies.

EVPN-VxLAN vs. Traditional Campus Network Design

Feature
Traditional Campus Network
EVPN-VxLAN Campus Fabric
Architecture
Hierarchical (Core-Distribution-Access)
Leaf-Spine fabric or collapsed-core with overlays
Layer 2 Extension
VLAN-based, Spanning Tree Protocol (STP)
VXLAN overlay with loop-free Layer 3 underlay
Segmentation
VLANs and VRFs, limited scalability
VNIs for scalable macro/micro segmentation
Mobility
Limited; roaming users often require DHCP renewals or session reset
Seamless device/user mobility with distributed gateways
High Availability
Active/standby links, STP convergence
Active/active multihoming with fast convergence
Traffic Learning
Flood-and-learn for MAC/ARP
Control-plane learning using EVPN (BGP)
Automation
Manual configuration, CLI-based
API-driven and fully automatable (NetConf, Ansible, etc.)
Multitenancy
Complex and limited
Native support for secure multi-tenancy using EVPN
Cloud/Edge Integration
Hard to extend securely
Easily extend overlays to remote sites and cloud workloads
Security
Port ACLs, static segmentation
Fine-grained segmentation with policy-based forwarding

EVPN-VxLAN modernizes the campus network by eliminating the limitations of legacy L2 protocols, enabling faster convergence, seamless mobility, and cloud-native operations. It provides a unified architecture that bridges the gap between the enterprise campus and modern data center or cloud environments.

EVPN-VxLAN for Data Centers

Benefits of EVPN-VxLAN for Data Centers

EVPN-VxLAN has become the de facto standard for building scalable, agile, and cloud-ready data center fabrics. It addresses the limitations of traditional Layer 2 networks and provides a robust foundation for multi-tenant architectures, workload mobility, and automation-driven operations.

  • Scalable Layer 2 Over Layer 3 Fabric

    By decoupling Layer 2 connectivity from the physical topology, EVPN-VXLAN enables seamless extension of broadcast domains over a Layer 3 underlay. This supports scalable east-west traffic patterns without compromising performance or manageability.

  • Massive Multi-Tenancy Support

    Using VXLAN Network Identifiers (VNIs) and EVPN route types, data centers can support thousands of isolated tenants or services within a single fabric—ideal for service providers, cloud operators, and large enterprises.

  • Workload Mobility and Elasticity

    EVPN-VXLAN enables VMs, containers, and services to move freely across racks or sites without changing IP addresses. This ensures business continuity and simplifies disaster recovery and active-active site designs.

  • Integrated Layer 2 and Layer 3 Services

    With Integrated Routing and Bridging (IRB), EVPN-VXLAN provides efficient L2 and L3 connectivity at the network edge, reducing latency and simplifying network design while maintaining optimal traffic flow.

  • Optimized Traffic Handling

    EVPN’s control-plane-based MAC and ARP learning eliminates the need for flooding, improving bandwidth efficiency and lowering CPU usage on switches.

  • High Availability and Resilience

    With native support for active-active multihoming, fast convergence, and loop prevention, EVPN-VXLAN ensures data center services remain uninterrupted and resilient to failures or link changes.

  • Automation and SDN Readiness

    Designed for modern infrastructure, EVPN-VXLAN integrates easily with network automation tools (like Ansible, Terraform) and SDN controllers, streamlining provisioning and reducing operational errors.

  • Seamless Hybrid and Multi-Cloud Connectivity

    By extending overlay networks across physical and virtual environments, EVPN-VXLAN simplifies the integration between private data centers and public clouds—accelerating hybrid cloud adoption.

EVPN-VxLAN vs. Traditional Data Center Networks

Feature
Traditional L2/L3 Network
EVPN-VXLAN Fabric
Scalability
Limited to ~4K VLANs
Supports 16 million VNIs
Layer 2 Extension
Spanning Tree Protocol (STP), prone to loops
VXLAN tunnels with loop-free Layer 3 underlay
Traffic Learning
Flood-and-learn
Control-plane-based MAC learning (BGP EVPN)
Multitenancy
Complex with VRFs and VLANs
Simplified with EVPN route types and VNIs
Workload Mobility
Limited, breaks L3 session continuity
Seamless with distributed gateways
High Availability
Active/standby links, slower convergence
Active/active multihoming, fast convergence
Automation
Manual, CLI-driven
Fully automatable with SDN and IaC tools
Hybrid Cloud Integration
Manual setup, limited flexibility
Native overlay extension into cloud

Datacenter Interconnect

What is Data Center Interconnect (DCI)?

Data Center Interconnect (DCI) refers to the technologies and architectures used to connect two or more geographically separated data centers, allowing them to operate as a unified environment. DCI is essential for ensuring business continuity, disaster recovery, workload mobility, multi-site clustering, and hybrid/multi-cloud integration.

DCI enables seamless exchange of data, synchronization of applications, replication of storage, and migration of virtual machines or containers between sites with high performance and low latency.

Contact UsSee Other Use Cases

Communication Methods for DCI

Depending on the use case and network design, DCI can operate at different layers of the OSI model:

1.

LAYER 2 DCI (L2 DCI)

  1. check-icon
    Extends VLANs across sites to allow Layer 2 adjacency.
  2. check-icon
    Supports live VM migration (e.g., vMotion), MAC mobility, and broadcast domain extension.
  3. check-icon
    Technologies: VXLAN, EVPN, VPLS, OTV, QinQ.

2.

LAYER 3 DCI (L3 DCI)

  1. check-icon
    Interconnects sites via IP routing, supporting isolated domains with routed connectivity.
  2. check-icon
    Better scalability and fault isolation.
  3. check-icon
    Technologies: BGP, MPLS, Segment Routing, IPsec tunnels.

3.

HYBRID L2/L3 DCI

  1. check-icon
    Combines Layer 2 extension for some workloads with Layer 3 routing for others.
  2. check-icon
    Offers flexibility in mixed environments or during migration phases.
  3. check-icon
    Common in EVPN-based VXLAN fabrics.

Transport Options for DCI

DCI can be implemented over various physical or virtual transport networks, depending on distance, performance, security, and cost requirements:

  • Private Fiber (Dark Fiber)

    • check

      Offers full control, ultra-low latency, and high bandwidth.

    • check

      Ideal for metro or campus-level DCI.

    • check

      Can carry multiple services (e.g., DWDM, Ethernet, Fibre Channel).

  • Wavelength Services (WDM/DWDM)

    • check

      Optical multiplexing for high-capacity links.

    • check

      Provided by service providers as managed wavelength circuits.

  • MPLS (Layer 2 or Layer 3 VPNs)

    • check

      Carrier-grade transport for regional or global connectivity.

    • check

      Supports QoS, traffic engineering, and segmentation.

  • IPsec or MACsec over Internet/Public Networks

    • check

      Encrypted tunnels for secure data exchange over less trusted transport.

    • check

      Cost-effective, especially for remote or hybrid-cloud DCI.

  • Cloud Interconnect Services

    • check

      Native DCI offerings from cloud providers (e.g., AWS Direct Connect, Azure ExpressRoute, Google Cloud Interconnect).

    • check

      Used for hybrid and multi-cloud DCI strategies.

  • Carrier Ethernet / Metro Ethernet

    • check

      Ethernet-based service provided by ISPs

    • check

      Suitable for low to medium distances with predictable SLAs.

DCI Options for VxLAN with EVPN Signaling

When VXLAN is used with EVPN as the control plane, DCI can be implemented in a more scalable and structured way. The main options for interconnecting VXLAN-EVPN fabrics across data centers are:

OPTION 1

EVPN Control Plane Extension Across Sites (Global BGP EVPN)

  1. A single BGP EVPN control plane spans multiple data centers.
  2. All VTEPs from both sites participate in the same EVPN instance.
  3. Full MAC/IP mobility is supported across data centers.
  4. Requires L3 underlay connectivity between sites.
  5. Typically used when data centers are close (e.g., metro DCI with low latency).
OPTION 2

EVPN Interconnect via Route Reflectors or Border Leaf Nodes

  1. Separate EVPN domains per site, interconnected via EVPN route reflectors or inter-site gateways.
  2. Border Leaf nodes (or DCI gateways) import/export EVPN routes between fabrics.
  3. Offers more control and fault domain isolation.
  4. Supports stretched services (e.g., same VNI across sites) and L3 segmentation.
OPTION 3

EVPN Overlay with L3 Gateway at the Border

  1. Each site runs its own EVPN-VXLAN fabric.
  2. Inter-site communication happens via L3 routing (BGP/OSPF) at the fabric edge.
  3. VNI domains are independent; no L2 stretch.
  4. Best for active-active multi-site designs where L2 extension is not required.
OPTION 4

EVPN-VxLAN with MPLS DCI (EVPN-MPLS Interworking)

  1. Use EVPN over VXLAN inside the DC and EVPN over MPLS in the WAN/DCI.
  2. Border gateways perform encapsulation/decapsulation between VXLAN and MPLS.
  3. Suitable for service provider environments or large enterprises with MPLS WANs.

Resources

Here are some resources to help you learn more about VyOS, keep up with the development, and participate in it.

Book a Complimentary Consultation Today

Get The VyOS Datasheet

Still have a question?

Fill out the form to communicate with our experts
Talk to an Expert