EVPN-VXLAN for Regional ISPs: Extending Layer 2 Without Spanning Tree

by

Large VLAN domains depend on spanning tree. Every topology change triggers recalculation and temporary forwarding loss. EVPN-VXLAN replaces large Layer 2 domains with routed underlays and distributed MAC learning. Regional ISPs use this to connect data centers, IX edge infrastructure, and broadband aggregation networks without stretching spanning tree across sites

VXLAN encapsulates Ethernet frames inside UDP. EVPN distributes MAC and IP reachability using BGP. This removes the traditional flood-and-learn behavior from the fabric. This breaks when route targets or VNIs mismatch, resulting in silent MAC reachability failures between leaf switches.

Traditional Design

+--------+       +--------+
| Switch |-------| Switch |
+--------+       +--------+
     \               /
      \             /
       +-----------+
       | Spanning  |
       |   Tree    |
       +-----------+

MAC tables grow across all switches, spreading broadcast traffic everywhere. This causes instability during loops or link flaps. We see temporary packet loss during convergence events.

How EVPN-VXLAN Changes the Model

EVPN uses a routed spine-leaf fabric.

EVPN-VXLAN Fabric

           +---------+
           | Spine 1 |
           +----+----+
                |
     -----------------------
     |                     |
+----+----+         +-----+----+
| Leaf 1  |         | Leaf 2   |
+----+----+         +-----+----+
     |                     |
  Servers               IX Edge

Leaf switches terminate VXLAN tunnels. The underlay uses IP routing and ECMP to forward the traffic across all available links. This removes spanning tree blocking. Every uplink forwards traffic simultaneously, increasing available bandwidth.

Control Plane Operation

EVPN distributes endpoint information using BGP.

Example MAC Advertisement

MAC: aa:bb:cc:dd:ee:ff
VNI: 5000
Next Hop: 192.0.2.10

Each leaf advertises local MAC addresses it knows about. Remote leaves install forwarding entries without flooding unknown traffic. This reduces broadcast volume inside the fabric. This results in lower control-plane churn during VM movement or subscriber migration, such as due to a failed link.

ARP Suppression and Broadcast Reduction

Traditional VLANs flood ARP requests everywhere. This is how things are discovered.

Without EVPN

Host A -> Broadcast ARP -> Entire VLAN

With EVPN ARP Suppression

Leaf switch replies locally using EVPN database

The leaf switch answers requests from cached endpoint information. Traffic stays local when possible. This lowers broadcast utilization on edge segments which reduces CPU load on switches handling subscriber aggregation.

Multi-Homing with Ethernet Segments

EVPN supports active-active uplinks.

Example

Customer Router
     /     \
Leaf 1   Leaf 2

Both links forward simultaneously. EVPN elects a designated forwarder for BUM traffic. This avoids spanning tree failover delays. Traffic continues across the remaining path during link failure.

Failure Handling

The underlay detects failures using routing protocols and BFD.

Failure Sequence

  1. Leaf loses uplink
  2. BFD detects failure
  3. Route withdrawn from fabric
  4. ECMP recalculates paths

Convergence occurs within seconds or milliseconds depending on timers. This limits packet loss during maintenance or fiber cuts.

Operational Example for a Regional ISP

A regional ISP operates:

  • Broadband aggregation routers
  • IX edge infrastructure
  • Hosted services

The ISP extends Layer 2 services between two metro sites using EVPN.

Deployment Goals

  • Avoid spanning tree across metro transport
  • Reduce broadcast traffic
  • Enable active-active uplinks

Fabric Design

Metro A Leaf <--VXLAN--> Metro B Leaf
        \                 /
         \               /
             Spine Layer

Customer VLANs map to VNIs. BGP EVPN distributes endpoint state between sites. This allows subscriber mobility without extending physical VLAN trunks.

Configuration Example

VXLAN Interface

interface nve1
 source-interface loopback0
 member vni 5000

BGP EVPN

router bgp 64500
 address-family l2vpn evpn
  advertise-all-vni

VNIs map Layer 2 segments into the overlay. Route targets control import and export policy between leaves.

Incorrect route targets isolate segments unexpectedly. This shows up when MAC routes appear in BGP but traffic does not forward.

Monitoring and Validation

Track:

  • BGP EVPN neighbor state
  • MAC route count
  • VTEP reachability
  • BFD session state

Useful Commands

show bgp l2vpn evpn
show nve peers
show vxlan counters

Rising unknown unicast traffic usually indicates MAC learning issues. High BUM replication often indicates missing ARP suppression.

Metrics Overlay

MetricTraditional L2EVPN-VXLAN
ConvergenceSecondsSub-second
Blocked LinksYesNo
Broadcast ScopeLargeReduced
Active-Active UplinksLimitedNative
j2networks family of sites
https://j2sw.com
https://startawisp.info
https://indycolo.net
#packetsdownrange #routethelight

Discover more from Justin Wilson (j2sw)

Subscribe to get the latest posts sent to your email.

Terms and Conditions - Privacy Policy