The decision about choosing the right fa bric needs to be made by factoring in several aspects including both the Underlay and Overlay aspects of the fabric which need to be examined in terms of their capabilities, scale, functionality, performance, operational maintenance, industry and multi-vendor adoption, and its deployment reach and pervasiveness. In this blog, we look at two candidates for an enterprise fabric:
IETF Ethernet VPN (EVPN) with VxLAN encapsulation and
IEEE Shortest Path Bridging (SPB).
Both of these technologies are standards – EVPN consists of series of IETF RFCs starting with RFC7432 and SPB is IEEE 802.1aq that got amended into IEEE 802.1Q 2013. I know a thing or two about these technologies/solutions as I have been working in this area for past twenty years and I was one of contributors for SPB (more specifically SPB-V) and 802.1Qbp (SPB w/ ECMP). I am also the primary author for majority of EVPN RFCs and drafts including RFC 7432, RFC 7623, and RFC 8365.
Underlay Aspects of Fabric
Let’s first look at the underlay aspects for SPB and EVPN. EVPN underlay is based on IP fabric (v4 or v6) which has been around for a long time and its base characteristics are shortest-path forwarding for unicast traffic, Equal Cost Multi-Pathing (ECMP), transient loop mitigation using TTL, and route summarization to name a few. This enables an EVPN underlay to scale very well. SPB (IEEE 802.1aq) on the other hand was initiated to primarily address shortest-path forwarding. And although the introduction of IEEE 802.1Qbp (SPB w/ ECMP) added ECMP and transient loop mitigation capabilities to SPB (and more specifically to SPB-M) such that it inherited some IP capabilities in the underlay, a pure IP underlay network has enjoyed continuous incremental enhancements in several active IETF working groups (e.g., LSR, IDR) which continue to still going strong. Furthermore IP-based fabric is capable of network partitioning via areas and route summarization that don’t exist in SPB w/ ECMP, although one can argue that for small to medium size Enterprise networks, network partitioning may not be required. However, when talking about larger networks and integration/interoperability among different networks (e.g., Campus/Branch, DC, SD-WAN, DCI, Public/Private Cloud) having a common fabric technology can certainly be advantageous.
Overlay Aspects of Fabric
Now, let’s look at overlay capabilities of these two technologies. In general, there are two ways to provide overlay network virtualization:
Via data plane learning:
This has been around for quite some time. It started with Virtual Private LAN Service (VPLS – RFC 4761 & 4762) in 2000 and then re-introduced via VxLAN (RFC 7348) around 2010. SPB w/ ECMP uses this method for overlay network virtualization.
Via control plane learning such as BGP or LISP
This was born as the result of short-comings of the first method to address customer needs that could not be addressed via data-plane learning. The control plane method turned out to be very extensible and flexible, and although EVPN started as layer-2 network virtualization overlay (e.g., layer-2 address learning in control plane), it expanded into many other areas. These areas include a) point-to-point service for traffic backhauling from customer site to public/private DC network with built-in multi-chassis LAG redundancy, b) micro segmentation of hosts in DC & Enterprise networks, c) IP connectivity among end users (e.g., IP VPN), d) efficient and optimum multicast service for layer-2 and/or layer-3 hosts, e) SD-WAN, f) Data Center Interconnect (DCI), etc.
A control plane like EVPN or LISP provides a comprehensive and unified solution for all the above use cases which previously could not even be supported by multiple technologies and solutions. Having a single solution (and control plane) that covers all these applications is attractive enough to many service providers who ask for EVPN as their overlay solution; however, the strength of EVPN is that it not only provides a single solution in lieu of many disparate solutions but also for any given application, it provides additional features and capabilities that could not have been delivered before because of incapability of other solutions/technologies. Here is a sample of such capabilities:
For example, EVPN provides layer-2 connectivity and backhauling with flexible multi-homing that allows a host to be multi-homed to any number of provider edge (PE) or ToR devices so that all links from the host to the network can be utilized on a per-flow basis. Such capability didn’t exist before and is not supported by SPB.
For micro segmentation of hosts, a control plane allows for filtering of traffic at the ingress PE for optimized core BW utilization. Again, this capability didn’t exist before and it is not supported by SPB.
EVPN provides full cross-sectional bandwidth utilization of the fabric by employing all the following features simultaneously: a) All-Active multi-homing, b) Aliasing, c) overlay BGP multi-pathing, and d) underlay IGP ECMP. Once again, such capability didn’t exist before EVPN. SPB w/ ECMP can only provide part (d) which does not result in full cross-sectional bandwidth utilization.
For other use cases such as L2+L3 VPN (aka Integrated Routing and Bridging – IRB), EVPN provides such service with enhanced capabilities including distributed anycast gateway which allows for flexible workload placement, optimum L2 and L3 packet forwarding, and extensible workload mobility functionality. Again, such services and capabilities didn’t exist before EVPN. IRB service is used extensively in DC and Campus networks in order to provide optimum forwarding for both Intra-subnet (bridged) traffic as well as inter-subnet (routed) traffic – i.e., to avoid hair-pinning of L3 traffic from edge nodes (e.g., leaf nodes) to the gateway and back. Furthermore, L3 and IRB multicast overlay services are also used extensively in DC and Campus networks. However, none of L3 and IRB services (both unicast and multicast) are supported in SPB since it is only intended for L2 traffic.
Therefore, it can be seen that EVPN not only supports L2 services that SPB and VPLS can also support, but it supports these L2 services with additional capabilities that are beyond SPB and VPLS. Furthermore, EVPN supports layer-3 and Integrated Routing and Bridging (IRB) services that are simply not supported in SPB and VPLS. Because of extensible control plane for overlay, EVPN is continuously evolving and more recently, it is being positioned as secured VPN over untrusted network for SD-WAN and secured Data Center Interconnect (DCI) applications. It should also be noted that EVPN can support many different encapsulations such as VxLAN, GENEVE, MPLS, Segment Routing, etc. Similar to EVPN, LISP is another extensible control plane gaining momentum in campus networks for both wired and wireless access. LISP provides optimizations such that it can run on low end, constrained switches as well.
In summary, SPB with ECMP is a major improvement over legacy Spanning Tree Protocol (e.g., MSTP) as it offers shortest path forwarding with ECMP (along with congruency for unicast and multicast data frames). SPB with ECMP is a layer-2 overlay solution with data-plane learning similar to VPLS, native VxLAN, and TRILL. Layer-2 overlay with data-plane learning can be considered as the genesis for network virtualization overlay. It got started with VPLS in early 2000, and then with VxLAN, TRILL, and SPB in early 2010. However to address some shortcoming of overlay data-plane learning, solutions such as EVPN and LISP with extensible control plane were initiated. The flexible control plane provided a platform for evolution of EVPN into other areas such as layer-3, IRB overlay, L3& IRB multicast VPN used in today’s DC and Campus networks as well as SD-WAN and DCI. The use of extensible control plane also enables EVPN to carry application and policy related information and thus applying and enforcing policy (including security policy) at different level of granularity to all the endpoints consistently. That’s why the applications of control-based overlay (i.e., EVPN) are becoming so prevalent in today's Enterprise networks - i.e., Campus/Branch, DC, DCI, and SD-WAN.
... View more