-
Notifications
You must be signed in to change notification settings - Fork 461
EVPN Overview
EVPN (Ethernet VPN) is a BGP-based Layer 2 VPN technology that enables data centers and service providers to extend Ethernet networks across IP/MPLS infrastructures. ExaBGP provides complete EVPN support per RFC 7432, allowing applications to programmatically inject and receive EVPN routes for data center fabric automation, VXLAN control plane, and multi-tenant network virtualization.
- What is EVPN?
- Why Use EVPN?
- ExaBGP EVPN Capabilities
- EVPN Route Types
- Key Concepts
- Configuration Examples
- API Examples
- Use Cases
- EVPN Attributes
- Common Errors and Solutions
- Important Considerations
- See Also
- References
EVPN (Ethernet VPN) is a standards-based BGP control plane for Layer 2 VPN services defined in RFC 7432. EVPN provides:
- MAC address learning via BGP instead of data plane flooding
- Layer 2 and Layer 3 service integration in a single protocol
- Multi-homing and redundancy for Ethernet segments
- VXLAN control plane for overlay networks (RFC 8365)
- Traffic optimization through optimal forwarding and reduced flooding
Unlike traditional VPLS (Virtual Private LAN Service) which relies on LDP or BGP for pseudowire signaling, EVPN uses MP-BGP to distribute MAC addresses, IP routes, and multicast information, enabling more efficient and scalable Layer 2 VPN deployments.
[Data Center Fabric]
┌──────────────────────────────────────────────────┐
│ BGP Route Reflector │
│ (Distributes EVPN routes via MP-BGP) │
└──────────────────────────────────────────────────┘
│ │ │
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│ VTEP 1 │ │ VTEP 2 │ │ VTEP 3 │
│ ExaBGP │ │ ExaBGP │ │ ExaBGP │
└─────────┘ └─────────┘ └─────────┘
│ │ │
[VM/Container] [VM/Container] [VM/Container]
MAC: aa:bb:cc MAC: dd:ee:ff MAC: 11:22:33
IP: 10.0.1.10 IP: 10.0.1.20 IP: 10.0.1.30
Process:
- MAC Learning: VTEP learns MAC address locally (from VM/container traffic)
- BGP Advertisement: ExaBGP announces EVPN Route Type 2 (MAC/IP) via BGP
- Route Distribution: BGP Route Reflector distributes to all VTEPs
- Forwarding: Remote VTEPs install MAC-to-VTEP mappings
- Traffic Flow: Direct VXLAN tunnels without flooding
Key Difference from Traditional L2VPN:
- ✅ Control plane MAC learning (BGP) vs. data plane flooding
- ✅ Integrated L2+L3 vs. separate protocols
- ✅ Active-active multi-homing vs. active-standby
- ✅ Optimized BUM traffic (Broadcast, Unknown unicast, Multicast)
| Feature | EVPN | Traditional VPLS |
|---|---|---|
| MAC Learning | Control plane (BGP) | Data plane (flooding) |
| Scalability | High (10,000+ MACs) | Limited (flooding overhead) |
| Multi-homing | Active-active | Active-standby |
| ARP/ND Suppression | Yes | No |
| Integrated L2+L3 | Yes | Separate protocols |
| Traffic Optimization | Optimal forwarding | Flooding required |
- Data Center Fabric: VXLAN overlay with BGP EVPN control plane
- Multi-Tenant Environments: Isolated Layer 2 domains per tenant
- VM/Container Networking: Dynamic MAC/IP advertisement for workload mobility
- DCI (Data Center Interconnect): Layer 2 stretch across data centers
- Service Provider L2VPN: Carrier Ethernet services with EVPN
ExaBGP provides full RFC 7432 EVPN implementation including:
✅ All 5 EVPN Route Types:
- Route Type 1: Ethernet Auto-Discovery
- Route Type 2: MAC/IP Advertisement
- Route Type 3: Inclusive Multicast Ethernet Tag
- Route Type 4: Ethernet Segment
- Route Type 5: IP Prefix
✅ EVPN Attributes:
- Ethernet Segment Identifier (ESI)
- Ethernet Tag ID
- MPLS labels or VXLAN VNI
- Route Distinguisher (RD)
- Route Target (RT) extended communities
- MAC Mobility extended community
✅ Protocol Features:
- Multi-homing support (ESI-based)
- ARP/ND proxy capabilities
- BUM traffic handling
- VXLAN encapsulation (via extended communities)
Implementation: src/exabgp/bgp/message/update/nlri/evpn/ (ExaBGP source)
- RFC 7432: BGP MPLS-Based Ethernet VPN (fully implemented)
- RFC 8365: VXLAN with EVPN control plane (supported)
- RFC 4360: Extended Communities for EVPN attributes
EVPN defines 5 route types for different purposes. ExaBGP supports all of them.
Purpose: Advertise Ethernet segment membership and enable fast convergence in multi-homed scenarios.
When to Use: Multi-homing scenarios where multiple VTEPs connect to the same Ethernet segment.
Key Fields:
- ESI (Ethernet Segment Identifier): 10-byte identifier for the Ethernet segment
- Ethernet Tag ID: VLAN or service identifier
- MPLS Label: Label for the Ethernet segment
Example Use Case: Two VTEPs (VTEP-1, VTEP-2) both connect to the same server via LACP. Route Type 1 advertises this multi-homing relationship.
Text API Example:
print("announce evpn ethernet-ad "
"esi 00:11:22:33:44:55:66:77:88:99 "
"route-distinguisher 65001:100 "
"label [ 1000 ] "
"next-hop self "
"extended-community [ target:65001:100 ]")Purpose: Advertise MAC addresses and optionally IP addresses learned locally.
When to Use: Primary route type for data center EVPN deployments. Announce whenever a VM/container comes online or moves.
Key Fields:
- MAC Address: 6-byte MAC address
- IP Address: Optional IPv4/IPv6 address
- Ethernet Tag ID: VLAN or service identifier
- MPLS Label/VNI: Label or VXLAN Network Identifier
- ESI: For multi-homed hosts (optional)
Example Use Case: VXLAN VTEP learns VM MAC address aa:bb:cc:dd:ee:ff with IP 10.1.1.100 and announces it via BGP.
Text API Example (MAC only):
print("announce evpn mac-ip "
"aa:bb:cc:dd:ee:ff "
"route-distinguisher 65001:100 "
"next-hop self "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")Text API Example (MAC + IP):
print("announce evpn mac-ip "
"aa:bb:cc:dd:ee:ff 10.1.1.100 "
"route-distinguisher 65001:100 "
"next-hop self "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")JSON Example:
{
"exabgp": "5.0",
"type": "update",
"neighbor": {
"address": {"local": "192.0.2.1", "peer": "192.0.2.2"},
"message": {
"update": {
"announce": {
"evpn mac-ip": {
"aa:bb:cc:dd:ee:ff 10.1.1.100": {
"attributes": {
"route-distinguisher": "65001:100",
"next-hop": "192.0.2.1",
"label": [10000],
"extended-community": ["target:65001:100"]
}
}
}
}
}
}
}
}Purpose: Advertise VTEP's willingness to receive BUM (Broadcast, Unknown unicast, Multicast) traffic for a given VLAN/VNI.
When to Use: Required for all EVPN VTEPs to establish multicast tunnels or ingress replication for BUM traffic.
Key Fields:
- Ethernet Tag ID: VLAN or service identifier
- Originating Router IP: VTEP IP address
- MPLS Label/VNI: Label or VXLAN Network Identifier
Example Use Case: VTEP announces it can receive BUM traffic for VNI 10000 at IP address 192.0.2.1.
Text API Example:
print("announce evpn multicast "
"192.0.2.1 "
"route-distinguisher 65001:100 "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")Purpose: Advertise the IP address of the VTEP for a given Ethernet Segment (used in multi-homing).
When to Use: Multi-homing scenarios where multiple VTEPs share the same ESI.
Key Fields:
- ESI (Ethernet Segment Identifier): 10-byte identifier
- Originating Router IP: VTEP IP address
Example Use Case: Two VTEPs in a redundant pair announce they both serve the same Ethernet segment.
Text API Example:
print("announce evpn segment "
"esi 00:11:22:33:44:55:66:77:88:99 "
"192.0.2.1 "
"route-distinguisher 65001:100 "
"extended-community [ target:65001:100 ]")Purpose: Advertise IP prefixes (subnets) for routing between EVPN instances or to external networks.
When to Use: Inter-subnet routing (EVPN IRB - Integrated Routing and Bridging) or advertising external routes into EVPN.
Key Fields:
- IP Prefix: IPv4 or IPv6 subnet
- Gateway IP: Next-hop IP address
- ESI: For multi-homed gateways (optional)
- MPLS Label/VNI: Label or VXLAN Network Identifier
Example Use Case: EVPN gateway advertises subnet 10.1.1.0/24 for inter-VLAN routing.
Text API Example:
print("announce evpn prefix "
"10.1.1.0/24 "
"route-distinguisher 65001:100 "
"next-hop 192.0.2.1 "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")The Route Distinguisher makes each EVPN route unique in the BGP routing table, similar to L3VPN.
Format: ASN:Value or IP:Value
- Example:
65001:100,192.0.2.1:100
Purpose: Allows the same MAC address to exist in different VRFs or tenants without conflict.
The Route Target extended community controls route import/export between EVPN instances.
Format: target:ASN:Value
- Example:
target:65001:100
Purpose: Multi-tenancy and VRF isolation. Only routes with matching RT are imported.
The ESI uniquely identifies an Ethernet segment that is multi-homed to multiple VTEPs.
Format: 10-byte value (various types defined in RFC 7432)
- Type 0: Arbitrary 9-byte value
- Type 1: LACP-based (from LACP System ID)
- Type 3: MAC-based
- Type 5: AS-based
Example: 00:11:22:33:44:55:66:77:88:99
Purpose: Enables all-active multi-homing, fast convergence, and loop prevention.
EVPN can use either:
- MPLS Labels: In MPLS-based data centers
- VXLAN VNI: In VXLAN overlay networks (most common today)
ExaBGP uses the label field for both MPLS labels and VXLAN VNIs.
Example: label [ 10000 ] represents VNI 10000 in VXLAN environments.
The Ethernet Tag ID identifies a VLAN or broadcast domain within an EVPN instance.
Common Values:
-
0: Default (VLAN-unaware/VLAN-bundle) -
1-4094: Specific VLAN ID (VLAN-aware)
# /etc/exabgp/evpn.conf
neighbor 192.0.2.2 {
router-id 192.0.2.1;
local-address 192.0.2.1;
local-as 65001;
peer-as 65001;
# Enable EVPN address family
family {
evpn;
}
# API process for dynamic EVPN announcements
api {
processes [ evpn-controller ];
}
}
process evpn-controller {
run python3 /etc/exabgp/evpn-announce.py;
encoder json;
}#!/usr/bin/env python3
# /etc/exabgp/evpn-announce.py
import sys
import time
# Announce MAC/IP when VM comes online
def announce_mac_ip(mac, ip, vni, rd, rt):
print(f"announce evpn mac-ip "
f"{mac} {ip} "
f"route-distinguisher {rd} "
f"next-hop self "
f"label [ {vni} ] "
f"extended-community [ target:{rt} ]")
sys.stdout.flush()
# Withdraw MAC/IP when VM goes offline
def withdraw_mac_ip(mac, ip, vni, rd, rt):
print(f"withdraw evpn mac-ip "
f"{mac} {ip} "
f"route-distinguisher {rd} "
f"next-hop self "
f"label [ {vni} ] "
f"extended-community [ target:{rt} ]")
sys.stdout.flush()
# Example: Announce VM MAC/IP
announce_mac_ip(
mac="aa:bb:cc:dd:ee:ff",
ip="10.1.1.100",
vni=10000,
rd="65001:100",
rt="65001:100"
)
# Keep process running
while True:
time.sleep(60)Text API:
print("announce evpn mac-ip "
"aa:bb:cc:dd:ee:ff 10.1.1.100 "
"route-distinguisher 65001:100 "
"next-hop self "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")
sys.stdout.flush()JSON API:
{
"exabgp": "5.0",
"type": "update",
"neighbor": {
"address": {"local": "192.0.2.1", "peer": "192.0.2.2"},
"message": {
"update": {
"announce": {
"evpn mac-ip": {
"aa:bb:cc:dd:ee:ff 10.1.1.100": {
"attributes": {
"route-distinguisher": "65001:100",
"next-hop": "192.0.2.1",
"label": [10000],
"extended-community": ["target:65001:100"]
}
}
}
}
}
}
}
}print("announce evpn multicast "
"192.0.2.1 "
"route-distinguisher 65001:100 "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")
sys.stdout.flush()print("withdraw evpn mac-ip "
"aa:bb:cc:dd:ee:ff 10.1.1.100 "
"route-distinguisher 65001:100 "
"next-hop self "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")
sys.stdout.flush()Scenario: Data center fabric with VXLAN overlay, using BGP EVPN for control plane.
Architecture:
[Spine Switches - BGP Route Reflectors]
│
┌─────┴─────┬──────────┬─────────┐
▼ ▼ ▼ ▼
[VTEP 1] [VTEP 2] [VTEP 3] [VTEP 4]
ExaBGP ExaBGP ExaBGP ExaBGP
│ │ │ │
[VMs] [VMs] [VMs] [VMs]
How ExaBGP Helps:
- Announces MAC/IP when VMs are created (Route Type 2)
- Announces multicast tunnels (Route Type 3)
- Withdraws routes when VMs are deleted
- Integrates with orchestration (OpenStack, Kubernetes)
Example Integration: OpenStack Neutron with ExaBGP as BGP speaker for EVPN control plane.
Scenario: Cloud provider with multiple tenants requiring isolated Layer 2 networks.
How EVPN Helps:
- Each tenant gets unique Route Distinguisher (RD)
- Route Targets (RT) control route import/export
- Complete isolation between tenants
- Efficient MAC learning without flooding
ExaBGP Role:
- Announces tenant-specific MAC/IP routes
- Applies correct RD/RT per tenant
- Programmatic control via API
Scenario: VMs or containers migrate between hosts, requiring MAC/IP to follow.
Traditional Problem: Layer 2 flooding, ARP storms, slow convergence.
EVPN Solution:
- Old VTEP withdraws MAC/IP route
- New VTEP announces MAC/IP route
- BGP convergence (typically < 1 second)
- MAC Mobility extended community tracks moves
ExaBGP Role:
- Integration with hypervisor/orchestrator
- Automatic route updates on VM migration
- Fast convergence without data plane flooding
Scenario: Stretch Layer 2 network across two data centers for disaster recovery.
EVPN Solution:
- EVPN instances span data centers
- Optimal routing between sites
- Multi-homing for redundancy
ExaBGP Role:
- Announces routes in both data centers
- Handles multi-homing with ESI
- Integrates with DCI transport (MPLS, dark fiber, etc.)
Every EVPN route must include:
-
Route Distinguisher (RD): Makes route unique in BGP table
route-distinguisher 65001:100
-
Next-Hop: BGP next-hop (typically the VTEP IP)
-
next-hop selfornext-hop 192.0.2.1
-
-
Extended Community (Route Target): Controls route import/export
extended-community [ target:65001:100 ]
-
MPLS Label/VNI: Layer 2 VNI or MPLS label
label [ 10000 ]
-
ESI (Ethernet Segment Identifier): For multi-homing
esi 00:11:22:33:44:55:66:77:88:99
-
MAC Mobility: Extended community tracking MAC moves
extended-community [ mac-mobility:1:100 ]
-
Communities: Standard BGP communities for policy
community [ 65001:100 ]
Cause: Peer does not have EVPN address family enabled.
Solution: Ensure both neighbors have family { evpn; } configured.
neighbor 192.0.2.2 {
family {
evpn; # Enable EVPN address family
}
}Cause: EVPN routes must include a Route Distinguisher.
Solution: Always specify route-distinguisher in announcements.
print("announce evpn mac-ip "
"aa:bb:cc:dd:ee:ff "
"route-distinguisher 65001:100 " # Required
"next-hop self "
"label [ 10000 ] "
"extended-community [ target:65001:100 ]")Cause: Route Target controls route distribution. Without it, routes may not be imported.
Solution: Always include at least one Route Target.
extended-community [ target:65001:100 ] # Required for import/exportCause: Same MAC announced from multiple VTEPs without proper ESI configuration.
Solution: In multi-homing scenarios, configure the same ESI on all VTEPs serving the Ethernet segment.
# Both VTEP-1 and VTEP-2 should use the same ESI
esi 00:11:22:33:44:55:66:77:88:99Cause: EVPN routes typically require an MPLS label or VNI.
Solution: Include label [ VNI ] in announcements.
label [ 10000 ] # VNI for VXLANCause: ExaBGP does NOT install EVPN routes in the FIB. External software must handle VXLAN/MPLS encapsulation.
Solution: Use ExaBGP only for BGP control plane. Pair with:
- Linux kernel VXLAN + bridge
- Open vSwitch (OVS) with VXLAN
- Hardware VTEP
- Custom forwarding software
Remember: ExaBGP announces routes via BGP but does NOT create VXLAN tunnels or forward traffic.
- Install EVPN routes in the Linux kernel
- Create VXLAN tunnels
- Configure bridge interfaces
- Forward EVPN traffic
What ExaBGP DOES:
- ✅ Send/receive EVPN routes via BGP
- ✅ Provide API for external applications to control routes
- ✅ Handle BGP session management
External Software Required:
- VXLAN Forwarding: Linux kernel VXLAN, Open vSwitch, hardware VTEP
- Route Installation: Your application must parse ExaBGP JSON/text output and configure forwarding plane
- Traffic Handling: Separate software handles VXLAN encapsulation/decapsulation
Typical Architecture:
[Your Application]
│
├─→ [ExaBGP] ─── BGP ───→ [Network]
│ (Control Plane)
│
└─→ [VXLAN/OVS] ────────→ [Traffic Forwarding]
(Data Plane)
| Feature | EVPN | L3VPN |
|---|---|---|
| Layer | Layer 2 (MAC learning) | Layer 3 (IP routing) |
| Use Case | VXLAN, L2 stretch | MPLS VPN, IP VPN |
| Learning | MAC addresses via BGP | IP prefixes via BGP |
| Multi-homing | Active-active (ESI) | Active-standby |
| Address Family | EVPN (AFI 25, SAFI 70) | IPv4/IPv6 VPN (SAFI 128/129) |
When to Use EVPN: Data center fabrics, VXLAN overlays, VM mobility, Layer 2 services.
When to Use L3VPN: MPLS-based IP VPNs, service provider networks, Layer 3 isolation.
- MAC Scale: EVPN can support 10,000+ MACs per VNI (hardware-dependent)
- Route Updates: ExaBGP handles thousands of updates per second
- BGP Convergence: Typically < 1 second for MAC/IP route updates
- BUM Traffic: Use ingress replication or multicast tunnels (Route Type 3)
Best Practices:
- Use Route Reflectors for large fabrics (avoid full mesh)
- Implement ARP suppression to reduce BUM traffic
- Configure BGP timers for fast convergence (hold-time 9, keepalive 3)
- Monitor BGP session stability
- EVPN Configuration - Detailed configuration syntax
- Text API Reference - Text API commands for EVPN
- JSON API Reference - JSON message format
- L3VPN Overview - Layer 3 VPN comparison
- Data Center Fabrics - VXLAN with EVPN control plane
- Multi-Tenant Networking - Tenant isolation with EVPN
- Debugging - Troubleshooting EVPN issues
- Monitoring - Monitoring EVPN routes
- First BGP Session - Basic BGP setup
- Quick Start - 5-minute tutorial
-
RFC 7432: BGP MPLS-Based Ethernet VPN
- Full EVPN specification
- Route types 1-5 definitions
- ESI, multi-homing, MAC mobility
- https://datatracker.ietf.org/doc/html/rfc7432
-
RFC 8365: A Network Virtualization Overlay Solution Using Ethernet VPN (EVPN)
- VXLAN with EVPN control plane
- Integration with NVO3 architectures
- https://datatracker.ietf.org/doc/html/rfc8365
-
RFC 4360: BGP Extended Communities Attribute
- Route Target and extended community format
- https://datatracker.ietf.org/doc/html/rfc4360
-
RFC 4761: Virtual Private LAN Service (VPLS) Using BGP
- Predecessor to EVPN for L2VPN
- https://datatracker.ietf.org/doc/html/rfc4761
- ExaBGP GitHub: https://github.com/Exa-Networks/exabgp
- RFC Implementation: RFC-Information.md
-
Source Code:
src/exabgp/bgp/message/update/nlri/evpn/(route type implementations)
- EVPN Introduction: https://www.juniper.net/documentation/evpn
- VXLAN EVPN: Data center fabric architectures with VXLAN and EVPN
Getting Started
Configuration
- Configuration Syntax
- Neighbor Configuration
- Directives A-Z
- Templates
- Environment Variables
- Process Configuration
API
- API Overview
- Text API Reference
- JSON API Reference
- API Commands
- Writing API Programs
- Error Handling
- Production Best Practices
Address Families
- Overview
- IPv4 Unicast
- IPv6 Unicast
- FlowSpec
- EVPN
- L3VPN
- BGP-LS
- VPLS
- SRv6 / MUP
- Multicast
- RT Constraint
Features
Use Cases
Tools
Operations
Reference
- Architecture
- Design
- Attribute Reference
- Command Reference
- BGP State Machine
- Capabilities
- Communities
- Examples Index
- Glossary
- RFC Support
Integration
Migration
Community
External