My POV on VXLAN EVPN implementation/Migration challenges !!!

Home, SDN

I am not talking about rich features  because we have seen hell lot of articles on the VXLAN EVPN  topic!!

I want to talk about challenges, based on my work experience with ACI and VXLAN EPVN and provided the information

We have seen MP-BGP l2vpn address families but this address family little crazy with excellent features

Agile implementation  – NO

Simple explanation:

In legacy model if we want create  vlan and inter vlan routing , it’s so easy that can be done with few commands  and boom you are ready!!

In VXLAN world, number of steps increases (from 5 to 50 ?). Here is my simple calculation. Just to configure VLAN/VXLAN and enable inter VLAN/VXLAN routing…

First you have to focus on two things “UNDERLAY and OVERLAY” setup

  • Create VLAN and map to VNID
  • if you decided to use VPC(little tricky)
  • Configure VXLAN tunnel interface (nve) , associate l2vni and enable bgp for host reachability
  • EVPN  stuff  configuration in MP-BGP
  • Same configuration will be applied on all leafs (off course, it depends), but in virtualization world we require VM mobility obviously, will end up with configuring  on all leafs.
  • On top of that you have to ensure all features are enabled on switch to support VXLAN EVPN

Hold on!! so far we have configured VLAN/VXLAN bridging. Need to enable inter VLAN/VXLAN routing 🙂

  • Create a separate VLAN and map to VNID (if you are using multiple tenants, again you to follow all the steps 🙂 )
  • SVI for l3vni  and associate with vrf
  • Associate with nve
  • Enable evpn in mp-bgp

Ohh!!!  I am done  with VLNA/VXLAN creation and inter vlan routing

Complex: Partially YES

Obviously, by looking at above  do you think its easy to troubleshoot

Missing important  item , as all we know that VXLAN EVPN technology is very good at handling BUM traffic… yes, to handle this traffic need to configure Multicast( Sometimes troubleshooting multicast is Nightmare)

Cost effective: NO

  • Again hardware based solution ??  yes, we need to go for  switches which supports this technology(cisco/Arista)  Training to Operations team  and so on…!!!
  • More Time consumption for break fix

Trouble shoot:  Difficult

Off course, type of issue but remember  need to keep eye on all these areas.

Underlay, overlay and multicast.

Verify BGP process, l2vpn,nve peers and so on.. if look at the below route table for one IP, you have to study so much of stuff to understand why the IP/MAC  is not reachable.

vxlan epvn

 

Source : Above pic is from cisco

Off course, Cisco has couple of tools for  automation NFM,DCNM and OAM(feature on switch) but not sure how it’s really useful in day-to-day operations.

My suggestion, Look at any SDN products(ACI/NSX/Nuage…) which can do this stuff for you  without much manual intervention and ZERO touch provision…  because  world is moving towards SD**

In my next article, will come up with how to build nexus 9k  virtual lab on Vmware  ( you can build VXLAN EVPN on virtual switches on your own)

I wrote this article my keeping operations team in mind as well!!

Looking for more comments/inputs that can help others !!!

Leave a Reply

Your email address will not be published.