Traditionally, data centers used lots of Layer 2 links that spanned entire racks, rows, cages, and floors. These large L2 domains were not ideal for a data center, due to the slow convergence, unnecessary broadcasts, and difficulty in administering. L2 protocols like VLANs and Spanning Tree are used to provide scale and prevent loops but can be slow to converge and also cause broadcast storms. There have been several protocols that have attempted to address these issues. Virtual Extensible LAN (VXLAN), as an overlay technology, has emerged and begun to see rapid adoption in modern data centers for scaling and stretching Layer 2 networks over Layer 3 because of the scalability and agility it provides.
Multi-Vendor EVPN-VXLAN Network Automation
Modernizing campus and data center networks
Introduction to EVPN
VXLAN is a standards-based (RFC 7348) tunneling mechanism that can take a Layer 2 frame or a Layer 3 packet, encapsulate it with an IP header and route it to some other VXLAN Tunnel Endpoint (VTEP) for decapsulation. VXLAN is often referred to as MAC-in-IP because fundamentally it is putting a MAC frame inside of an IP packet. The VXLAN header includes a 24-bit field called the VXLAN Network Identifier (VNI), which allows us to have up to 16 million layer 2 domain, significantly higher than the 4096 limit with classic VLANs.
MP-BGP Ethernet VPNs (EVPN) is a standards-based (RFC 7432) extension for BGP that provides a control plane for VXLAN (amongst other things) to deliver Layer 2 and Layer 3 VPN services. Using BGP as the control plane for VXLAN a single routing protocol with familiar concepts to manage new capabilities such as MAC address learning and VRF multi-tenancy while providing optimized equal-cost multi-path (ECMP) across data centers and within the enterprise.
EVPN-VXLAN offers the benefits of supporting traditional L2 based applications while offering the scale and efficiency of an L3 network. Running L2 virtual networks, known as overlays, over L3 physical networks can offer a way to modernize while still supporting legacy applications. While this technology offers the ability to support legacy applications and scale, it introduces significant management challenges to configure and maintain the underlay and overlay networks. Gluware’s intelligent network automation provides the power and flexibility to automate the entire deployment or just the components a customer requires. Having a management platform that provides centralized control is critical for scale and success.
Example EVPN Network using VXLAN Overlay in a Data Center
What does Gluware do for EVPN?
EVPN-VXLAN is beginning to be widely adopted by large enterprises. Gluware’s Intelligent Network Automation platform benefits enterprises at any stage in the network automation journey. From initial deployment to automating specific processes on top of existing deployments, Gluware can automate any deployment model. With support for standard-based leaf-level routing implementations from Arista, Cisco and Juniper Networks including Juniper specific Centrally-Routed Bridging (CRB) or spine-level routing, Gluware supports the needs of the IT team.
Configuring and managing an EVPN-VXLAN network can quickly become complicated as engineers have to deal with the underlay network, the overlay network and the constructs to enable VXLAN including VLANs, VXLANs, VRFs, SVIs, IRBs and switch ports.
Users will be at different stages of adoption and have unique challenges to address in their implementation. Some customers do not want automation of the underlay and very limited automation of the overlay. Gluware is able to address the specific pain point which can be just automating the addition of new VLANs on the fabric. Customers choose Gluware for the flexibility to automate their existing network, without redeployment and just automate the components they are looking for.
Traditional automation approaches involve templating configurations, however, in the case of EVPN-VXLAN it requires knowledge of all the other devices (spine and leaf switches) and how they are already configured. The automation solution needs the ability to understand the context and how the existing network is configured. Gluware has the ability to define data-models to store all the data related to the EVPN-VXLAN fabric and how it is configured. This includes the underlay, overlay, addressing and more. Gluware’s ability to provide constructs that store and share all the data with all nodes in the domain is critical. Using Gluware’s declarative capabilities users are able to only provision what is required and not touch the other existing configuration, including existing VLANs.
Example EVPN-VXLAN Data-Model Gluware Uses to Automate Juniper CRB
The Gluware network automation platform can address any deployment model, delivering for standards-based leaf-level and the Juniper Centrally-Routed Bridging (CRB) option. Most vendors implement standards-based EVPN uses leaf-level routing which can simplify the configuration but does not leverage the power of the spine devices besides IP routing. The Juniper solution includes an additional architecture using CRB provides more flexibility and takes a lot of the packet processing burden off of the leaf devices, but does increase the configuration complexity involving changes to both spine and leaf nodes when making changes. If performed manually, adding a VLAN could require dozens of lines of CLI per related spine and 10-15 lines per each leaf device.
With existing networks, there are often other existing components in the management plane which include monitoring, ticketing, resource management and more. Gluware is able to integrate with external systems via REST API, like an external IP Address Management (IPAM) solution which is used to manage IP address assignment, VLAN assignments and more. The Gluware REST API can be used to feed in the required variables, then applying them to the data-model and dynamically generating the required commands (CLI) for configuration on each device when provisioning a new VLAN. Since Gluare is able to aggregate all of the required data for the EVPN-VXLAN deployment it becomes the source of truth (SoT).
Gluware Automating Spine and Leaf Devices in an EVPN-VXLAN Data Center
Gluware Intelligent Network Automation Solution for EVPN-VXLAN
- Gluware Control base package includes Device Manager Application
- Gluware Config Modeling Application
- EVPN-VXLAN Reference Design feature package
- Multi-vendor including support for Arista, Cisco and Juniper implementations (can add additional per customer requests)
- Global settings for the EVPN domain
- Spine nodes, leaf nodes
- Underlay and overlay (BGP/OSPF protocols, ASNs, Areas, RRs…)
- IP address management and assignment (offsets, model-based reservations planning, pools…)
- Multicast groups, RPs,…
- Anycast gateway MAC
- Tenant settings for the VTEP domains
- Tenant VRFs
- Tenant VLANs
- Additional optional components include: Config Drift and Audit App, OS Manager App, Workflows.
Leverage the Gluware EVPN Domain data-model to automate from day 0 to day N:
- Add Leaf devices
- Add Spine devices
- Add tenant VRFs
- Add tenant VLANs
- Automatically update and synchronize all the devices in the fabric
- Gluware manages and understands the interdependency of each construct
Features of Automating EVPN-VXLAN with Gluware
- Intent-based, data-model driven and declarative Gluware automation ensuring each configuration change results in the intended state
- Gluware provides an EVPN-VXLAN reference design that is flexible to be adapted to any implementation.
- Brownfield and greenfield deployments are supported including the ability to automate without disrupting the existing network.
- Using a REST-based API, Gluware can be fed external data and be run headless to implement network changes.
- The Gluware application suite offers device inventory, config drift, config audit, OS management, workflows in addition to intent-based configuration management
Key Benefits of Gluware
- Rapidly onboard current configs and enable policy-based management to standardize or enable new features
- No new hardware or complex network redeployment
- Intelligent, data-model driven platform enabling edit-once, cascade-to-many unique device types, instead of static template-based approach
- Network features can be defined with static CLI and also support variables and conditionals
- Device interface abstraction support simplifies platform replacement and upgrade when needed
No Programming Required
- No programming or scripting required, allowing network engineers to implement functionality themselves
- Resource effectiveness reduces time to value
- Integrate (optional) state assessments by defining ‘show’ commands and regex for the output, with integrated regex editor
- Provisioning preview to see what commands will be created to ensure network devices reach the desired state
- Detailed logging including all CLI interaction is provided
- Scheduling available for changes at a specific time
Optimized for Brownfield
- Modular template approach to automate common features across hundreds or thousands of network nodes
- Network feature policies are defined with native vendor CLI, which network operators know, supporting static CLI, user input variables or dynamically discovered variables
- Ability to onboard existing configuration into network policy leveraging the Gluware Intelligent Model Discovery workflow