In the second of our two-part series on EVPN, Cumulus Networks Chief Scientist Dinesh Dutt dives into more technical details of network routing, EVPN use cases, and best practices for operationalizing EVPN in the data center.
To view the recording of this webinar, visit http://go.cumulusnetworks.com/l/32472/2017-09-23/95t7xh
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
This slide contains concept about MPLS_VPNs specially L3_VPN protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
In the next slide, i prepare title about MPLS L3_VPN Services and VPLS (MPLS L2_VPN)
VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to
co-exist within the same router at the same time. This increases functionality by allowing network paths
to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also
increases network security and can eliminate the need for encryption and authentication. Internet
service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs)
for customers; thus the technology is also referred to as VPN routing and forwarding. Because the
routing instances are independent, the same or overlapping IP addresses can be used without
conflicting with each other.
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
Mike Herbet, Principal Engineer, Cisco, Dave Cole, Consulting Systems Engineer, Cisco, Sean Comrie, Technical Solutions Architect, Cisco focused on the application centric infrastructure (ACI) at Cisco Connect Toronto.
this slide contains fundamental concept about VPLS protocol, according to the latest version of Cisco books and i taught it at IRAN TIC company.in the next slide, i upload attractive advanced feature about VPLS.
(Some of the pictures in this slide are borrowed from the wonderful site of my good friend Gokhan Kosem)
(www.ipcisco.com)
This slide contains concept about MPLS_VPNs specially L3_VPN protocol, according to the latest version of Cisco books(SP and R&S) and i taught it at IRAN TIC company.
In the next slide, i prepare title about MPLS L3_VPN Services and VPLS (MPLS L2_VPN)
VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to
co-exist within the same router at the same time. This increases functionality by allowing network paths
to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also
increases network security and can eliminate the need for encryption and authentication. Internet
service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs)
for customers; thus the technology is also referred to as VPN routing and forwarding. Because the
routing instances are independent, the same or overlapping IP addresses can be used without
conflicting with each other.
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
Mike Herbet, Principal Engineer, Cisco, Dave Cole, Consulting Systems Engineer, Cisco, Sean Comrie, Technical Solutions Architect, Cisco focused on the application centric infrastructure (ACI) at Cisco Connect Toronto.
this slide contains fundamental concept about VPLS protocol, according to the latest version of Cisco books and i taught it at IRAN TIC company.in the next slide, i upload attractive advanced feature about VPLS.
(Some of the pictures in this slide are borrowed from the wonderful site of my good friend Gokhan Kosem)
(www.ipcisco.com)
L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-NetzwerkstackMaximilan Wilhelm
Der Switch in meinem Linux-Rechner - was ist eine Bridge und wie benutze ich sie? Was sind VLANs und gar vlan-aware-Bridges? Fesselspiele mit Netzwerkkabeln - Bonding/Channel/Trunks mit und ohne LACP.
Auf Layer 3 tauchen wir ab in die Routingtabellen jedes Linux-Systems (derer gibt’s immer mindestens 3) sowie fortschrittlichere Magie wie policy-based Routing, VRFs und Network Namespaces; Beispiele aus dem echten Leben zeigen, wozu das alles gut ist und wie man damit arbeitet.
Switching – A Process of using the MAC address on LAN is called Layer 2 Switching.
Layer 2 Switching is the process of using hardware address of devices on a LAN to segment a network.
Switching breaks up large collision domains into smaller ones and that a collision domain is a network
segment with two or more devices sharing the same bandwidth.
Slides for lecturing in Alpha Networks Inc.
Introduce the routing mechanism in Trellis, namely Segment Routing, from the upper side of application design
and ONOS core functions, to the lower side of fabric pipelines and flows on OFDPA.
VXLAN is a point to point, UDP-based "tunneling" protocol, that enables L2 encapsulation over an L3 "undernet", while also allowing up to 16 million Virtual Networks. One challenge with deploying VXLAN is that by default VXLAN requires multicast support for Broadcast, Unknown and Multi-cast packets. Often this is not possible in customer networks. An alternative approach is to use the Service Node concept where dedicated node(s)/process(es) are responsible for flooding Broadcast, Unknown, and Multicast packets throughout a network.
This removes the need for multi-cast, and greatly simplifies network configuration. However, it does require a scalable, and highly available implementation.
A novel way of creating overlay networks for OpenNebula is presented here. Using BGP Ethernet VPN (EVPN) with VXLAN data-plane encapsulation. This provides scalable Layer 2 over IP networks.
Learn how Outbrain, the world's leading discovery platform, broke their network and found their way to a disaggregated model. Using Cumulus Linux, they architected an open network built for performance, scalability and automation. To see the full recorded webinar, visit https://cumulusnetworks.com/lp/cumulus-outbrain-webinar/
Slides from our Demystifying Networking web series. Take a look and learn why multipathing, Network virtualization, microservices and other data center realities are making troubleshooting more challenging. Traceroute and other troubleshooting "solutions" are often ineffectual and time consuming. Learn what new tools and technologies are available to network operators for fast, effective troubleshooting.
This webinar presentation from July 2017 talks about the challenges that network operators and IT folks face after the network is configured. How do you handle changes after the initial configuration? What about rolling in new racks or DCs? Learn how DevOps can help with validation, troubleshooting, and life cycle management. Full recording of webinar can be accessed at http://go.cumulusnetworks.com/l/32472/2017-05-04/91sy7b
In episode 1 of our 2 part webinar series, Cumulus Networks Chief Scientist Dinesh Dutt walks our audience through the drivers behind the industry movement towards web-scale networking. We then go into the fundamentals of network automation and best practices for using tools like Puppet, Chef, Ansible and more to simplify network automation.
How deep is your buffer – Demystifying buffers and application performanceCumulus Networks
Packet buffer memory is among the oldest topics in networking, and yet it never seems to fade in popularity. Starting from the days of buffers sized by the bandwidth delay product to what is now called "buffer bloat", from the days of 10Mbps to 100Gbps, the discussion around how deep should the buffers be never ceases to evoke opinionated responses.
In this webinar we will be joined by JR Rivers, co-founder and CTO of Cumulus Networks, a man who has designed many ultra-successful switching chips, switch products, and compute platforms, to discuss the innards of buffering. This webinar will cover data path theory, tools to evaluate network data path behavior, and the configuration variations that affect application visible outcomes.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Watch this presentation and learn about Kubernetes Networking:
How to build applications without knowing subnets & IP addresses and build modern cloud-friendly applications in an agile fashion.
OpenStack is a great way to build public, private and hybrid clouds,but deploying it at scale can be challenging. Watch this presentation to learn how:
*To install and configure your switches using the same tools used for your OpenStack servers.
*Akanda provides advanced layer 3-7 services to OpenStack VMs.
*To use OpenStack Neutron to configure VXLAN overlays for virtual layer 2 networking.
BGP is a popular routing protocol used in the Data Center (DC). But as the protocol that powers the Internet, it also comes armed with a lot of sophistication that scares many who think a CCIE or CCNA is required to even understand it.
Watch this presentation and learn:
*How BGP fits in the DC with specific use cases
*How to configure and manage BGP traditionally and via new methods
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Operationalizing EVPN in the Data Center: Part 2
1. 1
Nov 1, 2017
Dinesh G Dutt, Vivek Venkataraman | Cumulus Networks
Part 2: Routing, Deployment Use Cases & Best Practices
Operationalizing EVPN in the DC
3. 3Cumulus Networks
Key Takeaways
• EVPN supports routing as well as bridging
• Since L2 is no longer behind a single rack, multiple routing
models are possible
▪ VRF is supported in all models
• Pick right routing model based on use case
• FRR/Cumulus continues the simple configuration model
even with EVPN routing
4. 4Cumulus Networks
The Story So Far
• Designed to address the twin issues of:
▪ Multi-tenancy over an L3 network
▪ Allow disjointed L2 segments over an L3 network
• Dataplane:
▪ Supports multiple encapsulations: MPLS, VxLAN, NVGRE…
▪ VxLAN is the common choice within the data center
• Control plane is BGP
• Standards-based
▪ IETF original draft for MPLS: RFC 7432
▪ IETF draft for support with VxLAN: draft-ietf-bess-evpn-overlay
5. 5Cumulus Networks
Why Now ?
• Adoption of leaf-spine based IP fabrics to build data centers
• Rise of switching silicon that supports VxLAN routing
• Multi-vendor support for EVPN
▪ Lack of widespread adoption of controller-based overlays
6. 6Cumulus Networks
The Next Chapter
• EVPN is more than just multi-tenancy L2:
▪ supports routing, multicast handling, MAC/VM mobility etc.
• This part will cover these other aspects
• Plus, deployment models
7. 7Cumulus Networks
VXLAN Summary
• UDP/IP based encapsulation carrying L2 payloads
▪ RFC 7438
• Source port hashing allows fine-grained traffic spreading of
overlay traffic without requiring deep packet parsing
• 24-bit Virtual Network Identifier (VNI) identifies the VPN
• Tunnel ingress and egress are called VTEP (VXLAN Tunnel
Endpoint)
8. 8Cumulus Networks
• Protocol aspects based on BGP-based MPLS VPNs:
▪ Routes of a tenant kept separate with Route Distinguisher (RD)
▪ Routes contain Route Targets (RTs) to identify the VPN (L2 and/or L3 )
▪ Uses MP-BGP AFI L2VPN (25) SAFI EVPN (70)
▪ Various new BGP attributes (extended communities) - MAC Mobility,
Default Gateway, Encapsulation, Router MAC etc.
• Multiple pieces of information exchanged in EVPN:
▪ Another level of encoding, called route types, to identify the information
carried
EVPN Summary: Protocol
9. 9Cumulus Networks
EVPN Summary - key route types
Route
Type
Name Usage
RT-2 MAC/IP Advertisement Route Advertise MACs and/or MACIPs
RT-3 Inclusive Multicast Ethernet Tag
Route
Advertise VNI membership (primarily to prune
recipients of BUM traffic)
RT-5 IP Prefix Route Advertise routes to subnet prefixes
RT-1 Ethernet AutoDiscovery (A-D) Route For multi-homing, used to let remote VTEPs
know about connectivity to an Ethernet
Segment and VLANs reachable on it.
RT-4 Ethernet Segment Route For designated forwarder (DF) election for
BUM traffic handling in multi-homing scenarios.
RT-6 Selective Multicast Ethernet Tag
Route
To carry IGMP multicast group membership
information for a tenant using EVPN.
Route/VNI
info
Dual attach
support
Multicast
Info
13. 13Cumulus Networks
Regular Routing (H11 -> H12), No VxLAN: Case 1
50.1.1.11 (VLAN 100) 50.1.2.22 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H12
1. H11 bridges to L1, default
gateway
2. L1:
a. routes to Blue subnet
b. L1 identifies Blue subnet
as being local
c. L1 does neighbor lookup
on H12
3. L1 bridges to H12
1
2
14. 14Cumulus Networks
Regular Routing (H11 -> H42), No VxLAN: Case 2
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
L1 and L4 have exchanged
subnet routes
1. H11 bridges to L1, default
gateway
2. L1 routes to next hop S1 (or
S2)
3. S1 (or S2) routes to L4
4. On L4, destination is on a
local subnet. L4 does
neighbor lookup and
bridges to H42
1
2 3
4
15. 15Cumulus Networks
Routing (H11 -> H42) with VxLAN
• Where is H11’s (and H42’s)
default router ?
• If L1 is the default router, what
happens after initial routing?
▪ Bridge to H42 (case 1) ?
▪ Routing at next hop L4 (case
2)?
• L1 and L4 always encapsulate
and decapsulate VXLAN
packet
• Spines only route encapsulated
packets
50.1.1.11 (VL 100) 50.1.2.42 (VL 110)
L1
L2 L3
L4
S1 S2
H11 H42
16. 16Cumulus Networks
The Rise of the Routing Models
• Where is H11’s (and H42’s) default router ?
▪ Specific per-VNI (or all VNI) gateways (Centralized routing)
▪ All ingress VTEPs are gateways (Distributed routing)
• So, what happens after the initial routing ?
▪ Bridge (case 1): Asymmetric Routing
▪ Route (case 2): Symmetric Routing
17. 17Cumulus Networks
Asymmetric vs Symmetric: Observations
• Asymmetric Model assumes all subnets are locally attached
• Symmetric model assumes all subnets are NOT locally
attached
• This choice plays a role in what’s suitable for what
deployment
19. 19Cumulus Networks
Asymmetric Routing H11 -> H42: Step by Step
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. H11 sends unencapsulated to L1
a. DMAC = L1’s MAC, DIP = H42’s IP
2. L1:
a. routes the packet (in tenant’s VRF) to
blue subnet
b. identifies it is a local subnet and does a
neighbor lookup to get H42’s MAC*
c. Determines H42’s MAC is behind L4
d. L1 encapsulates the packet with VxLAN
header:
i. Payload: DMAC = H42’s MAC.
SMAC = L1’s MAC
ii. DIP = L4’s VTEP, SIP = L1’s
VTEP, VNI = Blue
iii. DMAC = S1’s MAC, SMAC = L1’s
MAC
1
2
20. 20Cumulus Networks
Asymmetric Routing H11 -> H42: Step by Step
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. H11 sends unencapsulated to L1
a. DMAC = L1’s MAC, DIP = H42’s IP
2. L1:
a. routes the packet (in tenant’s VRF) to
blue subnet
b. identifies it is a local subnet and does a
neighbor lookup to get H42’s MAC*
c. Determines H42’s MAC is behind L4
d. L1 encapsulates the packet with VxLAN
header:
i. Payload: DMAC = H42’s MAC.
SMAC = L1’s MAC
ii. DIP = L4’s VTEP, SIP = L1’s
VTEP, VNI = Blue
iii. DMAC = S1’s MAC, SMAC = L1’s
MAC
3. S1 routes to L4
4. L4:
a. decapsulates the packet; VNI = Blue
b. Looks up DMAC of H42 on
corresponding VLAN, bridges out port
1
2 3
4
21. 21Cumulus Networks
Asymmetric Routing: Putting It All Together
1. Host sends packet to gateway router
2. Ingress VTEP (GW):
a. Routes
b. Bridges
c. Encapsulates
3. Spine switches (underlay) route
4. Egress VTEP:
a. Decapsulates
b. Bridges to end host
Packets are transported through the fabric in the final
destination VNI
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1
2 3
4
23. 23Cumulus Networks
Symmetric Routing H11 -> H42: Step by Step
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. H11 sends unencapsulated to L1
a. DMAC = L1’s MAC, DIP = H42’s IP
2. L1:
a. routes the packet (/32 route) to next hop
L4 - DMAC is L4’s Router MAC
b. L1 encapsulates the packet with VxLAN
header:
i. Payload: DMAC = L4’s Router
MAC. SMAC = L1’s MAC
ii. DIP = L4’s VTEP, SIP = L1’s
VTEP, VNI = ??
iii. DMAC = S1’s MAC, SMAC = L1’s
MAC
1
2
24. 24Cumulus Networks
Symmetric Routing H11 -> H42: Step by Step
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. H11 sends unencapsulated to L1
a. DMAC = L1’s MAC, DIP = H42’s IP
2. L1:
a. routes the packet (/32 route) to next hop
L4 - DMAC is L4’s Router MAC
b. L1 encapsulates the packet with VxLAN
header:
i. Payload: DMAC = L4’s Router
MAC. SMAC = L1’s MAC
ii. DIP = L4’s VTEP, SIP = L1’s
VTEP, VNI = ??
iii. DMAC = S1’s MAC, SMAC = L1’s
MAC
Question: What VNI to use to transport the frame to
L4 ?
1. Brown (ingress VNI)
2. Blue (egress VNI, but how do I know ?)
3. Some other VNI
1
2
25. 25Cumulus Networks
Symmetric Routing H11 -> H42: Step by Step
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. H11 sends unencapsulated to L1
a. DMAC = L1’s MAC, DIP = H42’s IP
2. L1:
a. routes the packet (/32 route) to next hop
L4 - DMAC is L4’s Router MAC
b. L1 encapsulates the packet with VxLAN
header:
i. Payload: DMAC = L4’s Router
MAC. SMAC = L1’s MAC
ii. DIP = L4’s VTEP, SIP = L1’s
VTEP, VNI = per-tenant L3
transport VNI
iii. DMAC = S1’s MAC, SMAC = L1’s
MAC
3. S1 routes to L4
4. L4:
a. decapsulates the packet. VNI is the L3
VNI - identifies the VRF.
b. Looks up the DIP in VRF and routes to
local subnet
c. Looks up neighbor table for H42
d. Bridges to H42
1
2 3
4
26. 26Cumulus Networks
Symmetric Routing: Putting It All Together
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. Host sends packet to gateway router
2. Ingress VTEP (GW):
a. Routes to egress VTEP
b. Encapsulates
3. Spine switches (underlay) route
4. Egress VTEP:
a. Decapsulates
b. Routes to local subnet
c. Bridges to end host
Packets are transported through the fabric in a
per-tenant L3 VNI.
1
2 3
4
27. 27Cumulus Networks
• L3 VNI - configured and exchanged in control plane and carried in
routed packets.
▪ Additional configuration
▪ Corresponds to VRF associated with the L2 VNI(s)
▪ Different number space from L2 VNI
• Router MAC - Automatically derived (in Cumulus Linux/FRR) and
exchanged in the control plane. Used in routed packets to indicate
packet should be routed by egress VTEP (next hop)
Symmetric routing - L3 Transport VNI and Router MAC
29. 29Cumulus Networks
Asymmetric vs Symmetric: Forwarding Tables View
Asymmetric Symmetric
MAC Table All end stations End stations in all locally known
subnets plus remote VTEPs
Neighbor Table All end stations End stations in all locally known
subnets*
plus remote VTEPs
Route Table Locally attached prefixes All end stations plus local subnets
VNIs All VNIs in fabric Locally attached VNIs plus L3
transport VNIs
* - Needed for ARP Suppression
30. 30Cumulus Networks
Asymmetric vs Symmetric: Configuration View
Asymmetric Symmetric
Uniform configuration Yes No, since not all VNIs are
present everywhere
Need Orchestrator No Most likely, since VNIs and their
VLAN mappings will need to be
configured or torn down as
hosts/VMs move
Scaling Yes, breaking mobility up
into pods
Yes
Miscellaneous Need configuring and mapping
additional L3 transport VNIs
31. 31Cumulus Networks
Asymmetric vs Symmetric: Vendor Interop View
Aymmetric Symmetric
Arista X
Cisco X
Juniper X
Cumulus/FRR X X*
* - Supported in upcoming 3.5 release of Cumulus Linux
32. 32Cumulus Networks
Distributed Routing Model
• Since end station IP/MAC is spread throughout the network,
no specific first hop router can be first hop router
• Distributed model assumes every ToR switch is the first hop
router for all locally attached subnets
▪ Anycast IP and anycast MAC model
▪ Similar to VRR used today (VARP in Arista lingo)
• Most common deployed: when used to replace existing
VLAN-based access-agg-core networks with VXLAN-based
Clos networks
33. 33Cumulus Networks
Centralized Routing Model
• Encapsulated packets bridged to a designated first hop
router
• Packets are routed by this router
• Encapsulated packets bridged to final destination by this
router
• Primary switching silicon requirement:
▪ To decapsulate, route, bridge, encapsulate, route on underlay
header
• Most commonly deployed: when EVPN is used for
multi-tenancy in cloud-like environments
34. 34Cumulus Networks
Centralized Routing H11 -> H42: Sample Packet Flow
50.1.1.11 (VLAN 100) 50.1.2.42 (VLAN 110)
L1
L2 L3
L4
S1 S2
H11 H42
1. Host sends packet to gateway router (L2)
2. Ingress VTEP (GW):
a. Bridges to egress VTEP/router L2
b. Encapsulates packet & sends out
3. Spine switches (underlay) route
4. Gateway VTEP:
a. Decapsulates
b. Routes to local subnet
c. Bridges to end host
d. Encapsulates packet & sends out
5. Spine switches (underlay) route
6. Egress VTEP:
a. Decapsulates
b. Bridges to end host
Packets are transported through the fabric in the
bridge VNI.
1
2 3 4 5
6
35. 35Cumulus Networks
How do I talk to the outside world?
• Routing/Packet Forwarding was all based on /32 routes or neighbor
entries.
• To route to external networks, we need to route to prefixes.
▪ Enter EVPN type-5 routes (RT-5).
• RT-5 allows an IP prefix to be advertised, not just MAC+IP.
▪ For the common scenario of connecting to another subnet or external
network, the advertising VTEP is itself the next hop. RT-5 contains the
Router MAC of this VTEP.
▪ Specified in draft-ietf-bess-evpn-prefix-advertisement
36. 36Cumulus Networks
Control Plane Illustration for External Routing
L1
L2 L3
L4
S1 S2
● Per-tenant VRF peering
between Border Leaf BL1 and
WAN edge router R1
● R1 advertises prefixes relevant
to a tenant (e.g., default route)
on corresponding peering.
● BLs are typically deployed in
pairs for redundancy.
● For internal destinations to be
reachable, BLs will advertise
corresponding subnets to R1.
BL1
R1
WAN
37. 37Cumulus Networks
Control Plane Illustration for External Routing
L1
L2 L3
L4
S1 S2
● Per-tenant VRF peering
between Border Leaf BL1 and
WAN edge router R1
● R1 advertises prefixes relevant
to a tenant (e.g., default route)
on corresponding peering.
● BLs are typically deployed in
pairs for redundancy.
● For internal destinations to be
reachable, BLs will advertise
corresponding subnets to R1.
BL1
● BL1 installs routes in VRF
routing table
● BL1 exports these routes into
EVPN as RT-5.
● RT-5 advertised to other VTEPs
with L3 VNI of associated VRF.
Next hop is BL1..
R1
WAN
38. 38Cumulus Networks
Control Plane Illustration for External Routing
L1
L2 L3
L4
S1 S2
Receiving VTEPs (L1, …) install
routes into VRF routing table -
next hop is BL1, MAC is BL1’s
RMAC
● Per-tenant VRF peering
between Border Leaf BL1 and
WAN edge router R1
● R1 advertises prefixes relevant
to a tenant (e.g., default route)
on corresponding peering.
● BLs are typically deployed in
pairs for redundancy.
● For internal destinations to be
reachable, BLs will advertise
corresponding subnets to R1.
BL1
● BL1 installs routes in VRF
routing table
● BL1 exports these routes into
EVPN as RT-5.
● RT-5 advertised to other VTEPs
with L3 VNI of associated VRF.
Next hop is BL1..
R1
WAN
Note: This is for illustration
purposes, a real deployment is
likely to have NAT, FW etc.
39. 39Cumulus Networks
External Routing: Packet Flow
L1
L2 L3
L4
S1 S2
BL1
R1
WAN
50.1.1.11 (VL 100)
H11
201.11.1.45
H100
H11 sends the packet
for H100 to L1 - its
default GW
40. 40Cumulus Networks
External Routing: Packet Flow
L1
L2 L3
L4
S1 S2
BL1
R1
WAN
50.1.1.11 (VL 100)
H11
201.11.1.45
H100
H11 sends the packet
for H100 to L1 - its
default GW
● L1 matches packet against external
route (default or prefix advertised
by BL1) and routes to next hop
VTEP BL1.
● Packet routed over core with DMAC
= BL1’s Router MAC. VNI is the L3
VNI for this VRF.
41. 41Cumulus Networks
External Routing: Packet Flow
L1
L2 L3
L4
S1 S2
BL1 terminates the VxLAN tunnel and
routes the packet in the tenant VRF -
on to R1.
.
BL1
R1
WAN
50.1.1.11 (VL 100)
H11
201.11.1.45
H100
H11 sends the packet
for H100 to L1 - its
default GW
● L1 matches packet against external
route (default or prefix advertised
by BL1) and routes to next hop
VTEP BL1.
● Packet routed over core with DMAC
= BL1’s Router MAC. VNI is the L3
VNI for this VRF.
42. 42Cumulus Networks
Wait...Is RT-5 used only for external connectivity?
• No! RT-5 can also be used for inter-POD and inter-DC
communication.
• It really depends on how the subnets have been provisioned i.e.,
contained within a POD or DC.
• Cumulus Linux (and FRR) supports RT-5 for external and
inter-POD/inter-DC communication - available in upcoming release.
44. 44Cumulus Networks
Configuration Steps: Asymmetric Routing
• Provision VLANs and VNIs on all leaves
• Provision subnets for all relevant VLANs (SVIs)
• Map SVIs to appropriate VRF
• Configure eBGP between leaf and spine
• Activate and advertise information about all locally active
VNIs
45. 45Cumulus Networks
Configuration Steps: Symmetric Routing
• Provision relevant locally attached VLANs and VNIs on the
leaves (dynamic, non-uniform compared to asymmetric)
• Provision subnets for all locally attached VLANs (SVIs)
• Map SVIs to appropriate VRF
• For each VRF, provision an L3 VNI (additional step
compared to asymmetric)
• Configure eBGP between leaf and spine
• Activate and advertise information about all locally active
VNIs
47. 47Cumulus Networks
Centralized routing
• Fundamental configuration on
Gateway VTEP(s) is same as
in the distributed case.
• Gateway VTEP(s) need to be
configured to advertise their
own MACIP.
# BGP/EVPN configuration
router bgp 65456
bgp router-id 110.0.0.5
neighbor fabric peer-group
neighbor fabric remote-as external
neighbor uplink-1 interface peer-group
fabric
neighbor uplink-2 interface peer-group
fabric
address-family ipv4 unicast
neighbor fabric activate
redistribute connected
address-family l2vpn evpn
neighbor fabric activate
advertise-all-vni
advertise-default-gw
48. 48Cumulus Networks
Switching Silicon Support
• Considering only native, single-pass support for VxLAN
routing
• Cavium and Barefoot chipsets are supposed to have
support for all modes
T2 T2+ T3 Tomahawk
family
Spectrum/
A0
Spectrum
/A1
Spectrum2
Asymmetric - X X - X X X
Symmetric - X X - X X X
Centralized - X X - - X X
50. 50Cumulus Networks
The jury is still out
• Multicast routing in EVPN is still evolving.
• There are at least two key aspects:
▪ Optimized intra-subnet multicast (only to VTEPs behind which
interested receivers are present)
▪ Optimized inter-subnet multicast - local/distributed routing wherever
possible
• There are multiple proposals being discussed - including leveraging
MVPN and VPLS Multicast.
• Stay tuned for a future update on this topic!
51. 51Cumulus Networks
Summary
• EVPN supports routing besides bridging
• Due to the distributed nature of L2 in EVPN, several routing
models are possible
• Choose the right model based on deployment use case
▪ Choose wisely
• Cumulus/FRR supports (or will shortly support) all of the
routing models, including interop with other vendors
▪ Most other vendors support only a subset of these
• Cumulus/FRR provides a radically simplified config for
EVPN routing
53. 53Cumulus Networks
Flood multicast only where there are receivers
• Basic BUM handling will flood to all remote VTEPs.
• What if there is real multicast traffic (i.e., non link-local) for a tenant
- e.g., system monitoring, discovery, data dissemination using
Pub/Sub etc? Receivers may be dispersed in the DC.
▪ Enter Selective Multicast and EVPN Type-6 (RT-6) routes
▪ IGMP/MLD state on attachment circuits (ACs) conveyed using EVPN
RT-6 to remote VTEPs
▪ Receiving VTEPs generate proxy reports on their ACs
▪ Receiving VTEPs also build state indicating which VTEPs need traffic
for a particular (C-*, C-G) or (C-S, C-G)
54. 54Cumulus Networks
Distributed multicast routing
• When multicast sources and receivers are on different subnets, the
(inter-subnet) multicast routing can get hairy:
▪ Only one VTEP can be the Designated Router (DR) on a subnet, so
even for local receivers on a different subnet from source, packet may
have to be routed by a remote VTEP.
▪ A VTEP could get multiple copies of the packet, one for each subnet
• Distributed multicast routing is the solution. In one proposal:
▪ Each VTEP routes to local receivers on all subnets.
▪ Only one copy sent to remote VTEPs - on source subnet
▪ Receivers will receive on a special broadcast domain if they don’t have
the source subnet.
55. 55Cumulus Networks
Symmetric routing - sample topology
50.1.1.11 (VL 100)
50.1.4.44 (VL 130)
L1
L2 L3
L4
S1 S2
H11
50.1.2.12 (VL 110)
H12
50.1.3.43 (VL 120)
H43
VL 130
H44
● Tenant has 4 VLANs:
○ VL 100 - 50.1.1.x/24
○ VL 110 - 50.1.2.x/24
○ VL 120 - 50.1.3.x/24
○ VL 130 - 50.1.4.x/24
● VLANs 100 and 110 (and
corresponding SVIs) are
provisioned on {L1, L2} and
VLANs 120 and 130 on {L3, L4}
● Anycast GW IP is 50.1.x.250 -
provisioned on all Leafs.
● VLAN - VNI mappings:
○ VL 100 - VNI 10100
○ VL 110 - VNI 10110
○ VL 120 - VNI 10120
○ VL 130 - VNI 10130
● L3 VLAN and VNI for tenant are
4001 and 104001 respectively
56. 56Cumulus Networks
Symmetric routing - sample interface configuration (L1)
# VxLAN interfaces and VLAN-VNI mappings (local ones)
auto vxlan100
iface vxlan100
vxlan-id 10100
vxlan-local-tunnelip 110.0.0.1
bridge-learning off
bridge-access 100
bridge-arp-nd-suppress on
# VxLAN interface and VLAN-VNI mapping for the L3VNI
auto vxlan4001
iface vxlan4001
vxlan-id 104001
vxlan-local-tunnelip 110.0.0.1
bridge-learning off
bridge-access 4001
# Bridge with member ports (VLAN-aware)
auto br0
iface br0
bridge-vlan-aware yes
bridge-ports swp3 swp4 swp5 swp6 vxlan100 vxlan110
vxlan4001
bridge-stp on
bridge-vids 100 110 4001
# Tenant VRF configuration - if multiple tenants exist
auto vrf-tenant1
iface vrf-tenant1
vrf-table auto
# SVI with anycast GW IP (for local tenant subnets)
auto vlan100
iface vlan100
address 50.1.1.1/24
vlan-id 100
vlan-raw-device br0
address-virtual 00:00:5e:00:01:01 50.1.1.250/24
vrf vrf-tenant1
# L3 VLAN interface per tenant (for L3 VNI)
auto vlan4001
iface vlan4001
vlan-id 4001
vlan-raw-device br0
vrf vrf-tenant1