- Over the next five years (Network 2025), migration will be top of mind for IP Architects and Engineers, as many networks transition to Segment Routing (SR) for MPLS (SR MPLS), Segment Routing for IPv6 (SRv6), IPv6 (without segment routing), and other migration scenarios in between.
- BGP-based VPNs support numerous forwarding/data planes, enabling the basic VPN approach to remain similar, if not constant, as forwarding/data plane migrations occur, in addition to being able to add new forwarding/data planes, for example Ethernet and VXLAN.
- Moving L2/Ethernet and L3/IP VPN to a common approach, BGP, will likely lead to both operations synergies in the short-term and a simpler migration from one forwarding/data plane to another over the next five years. The L2/Ethernet VPN service will also provide better policy, other new capabilities, and better redundancy/resiliency options.
- While there are approaches to LDP interworking with SR, and other migration options, moving VPWS/VPLS to EVPN maybe the better option. There are already implementations in the market that claim to support moving a LDP routers one by one to EVPN, without have to cut over all of them at the same time.
As the industry embarks on the journey to move from IP/MPLS to SR MPLS, SRv6, and for some, IPv6 without segment routing, all this movement in the forwarding plane, with its corresponding control plane changes, will be change enough, without complicating service migration.
BGP-based Ethernet VPN (EVPN) is now gaining momentum as the industry direction for L2/Ethernet VPN services. BGP-based L3/IPVPNs are already widely deployed. BGP-based L2/Ethernet VPN and L3/IP VPN provide a common approach to delivering services as networks migrate from one forwarding/data plane to another.
The momentum behind EVPN makes an IP Architects life a little easier:
- BGP provides additional capabilities compared to MPLS LDP-based VPLS
- Having L2/Ethernet and L3/IP VPN services based on the same protocol drives operational commonalities and leverage
- Having L2/Ethernet and L3/IP VPN services based on BGP will make for an easier transition to Segment Routing (SR) that does not use/require LDP.
- There is the potential of offering L2/Ethernet and L3/IP VPN services from EVPN alone, though this is a point of differing perspectives, today.
BGP: Swiss Army Knife or Kitchen Sink?
It is probably 15-20 years since complaints were first heard that the industry is using BGP for too much. Since then, the use of BGP has increased dramatically. Designed initially as a protocol for connecting IP networks administered by different entities, it evolved with a robust policy engine, which is beneficial in edge applications. BGP is also viewed as being more scalable than other routing protocols, and it has evolved to support multiple and overlapping address families. There are many considerations to whether an IP architect should use BGP for so many control plane tasks, not the least of which is the quality of available implementations, that themselves support greater scale over time, as routing engine capacity expands, and software/chip architectures evolve. This will remain an area of debate and this article recognizes this debate. This article puts aside that debate, to focus on the benefits of BGP for L2/Ethernet and L3/IP VPN services.
Benefits of BGP-based EVPN
Summary of benefits claimed by EVPN vendors:
Above image source: Nokia Networks, EVPN adoption accelerates
- Simplification: Unified control plane for many forwarding plane encapsulations
- All-Active multi-homing (dual-homing, triple-homing, quad-homing,..)
- Auto-discover access devices, type of network attached, and provider edge (PEs)
- Broadcast and multicast traffic is sent using a shared multicast tree
- Control plane learning: MAC address learning requires the flooding of unknown unicast and ARP frames, whereas IP address learning does not.
- Aliasing: per-flow load-balancing to all multi-homing PE devices, even if a specific MAC/IP address is learned by only one of the multi-homing PEs.
- Fast convergence through mass MAC address withdraw, realized through route withdrawal, and transition to another PE.
- Optimum forwarding: intra and inter-subnet
- Loop prevention for single and multi-homed devices
- Support for Anycast
Migrating from IP/MPLS to Segment Routing
If (Virtual Private LAN Service) based on LDP, has been deployed that creates a discontinuity when the network moves to segment routing, because LDP is not used in the segment routing architecture. There are of course migration strategies that include running both, interworking, mapping servers, running LDP over SR etc. So it is not so much this level of the migration referred to here. It is more the long term simplification of the network through SR end to end.
For sure, there will be configuration changes required when moving service edge VPNs from IP/MPLS to SR MPLS / SRv6. A quick glance at router vendor configuration guides illuminates that issue. However, much of the BGP configuration will be familiar, even if some of the values are different, and a new approach to layer 2 ethernet services does not need to be learned during migration from one forwarding plane to the next.
EVPN for L2/Ethernet and L3/IP VPNs
EVPN has the ability to communicate IP prefixes without any associated MAC addresses and therefore supports the creation of IP VPN topologies and constructs. This is not surprising as BGP is commonly used for IP VPNs today. There may be good applicability for this in data center and SP infrastructure use cases. Whether IP VPNs via EVPN has the feature maturity and underlying architecture to be used for Enterprise Business Services is a matter of debate at this time. Certainly, the possibility of one approach, EVPN, for L2/Ethernet and L3/Ethernet is intriguing.
While this article focuses on BGP for VPN services, it goes without saying there is much more going on in the world of BGP, including BGP as a routing protocol for CLOS networks in data centers and BGP transporting link-state information (Link state Vector Protocol). BGP, especially in hyperscaler data centers, is becoming THE control plane for everything. Will BGP become THE control plane for everything in WAN networks? That seems very unlikely in the next 1-3 years, however, it is an interesting trend to watch. Yes, BGP and Link-State IGP protocols have different characteristics, but datacenter deployments are showing that BGP use of BFD and a few timer/configuration adjustments, makes those differences perhaps smaller than what has been traditionally perceived when compared to a BGP configured to increase stability and reduce flapping in an EBGP Internet role. No doubt this will remain an area of industry discussion, with differing perspectives being voiced.
There are certainly many approaches to using LDP-based services/VPNs on a Segment Routed network. Interworking, tunneling, ships in the night, all have their pros & cons, especially if they delay investment in new routers. However, they all have their complications and tradeoffs. If it is practical to move to EVPN for L2/Ethernet VPN services, it may make the journey a little easier over the coming years, as networks migrate to SR MPLS, SRv6, and IPv6. Certainly, the L2/Ethernet VPN’s with have expanded capabilities and resiliency.