EVI technology for data center integration
Traditionally, L3 technologies were used to combine several data center sites. With the widespread adoption of virtualization, users are more likely to use technologies such as vMotion, which require an L2 environment. EVI technology implements a simple way to combine data centers at the second level and reduces the cost and complexity of traditional solutions in this area.
EVI works over IP and can “stretch” the L2 domain through a WAN network between several data center (Data Center) sites. This is the technology of the so-called "L2 routing", which allows using EVI links and GRE tunnels to forward VLANs between different sites. Each EVI network has a unique identifier and a separate control plane and data plane.
The EVI control plane is responsible for discovering new nodes and establishing communication with them, as well as processes for studying and announcing MAC addresses. The first part is performed by the EVI Neighbor Discovery Protocol (ENDP), which can operate in two modes: the server, which is responsible for registering connection requests, maintaining the client database, etc. and a client interacting with the server (or servers) to establish and maintain an EVI connection.
The second part of the work is the responsibility of the EVI IS-IS process, which announces existing MAC addresses on sites and examines MAC tables from other sites. At the same time, the traditional process of MAC learning is not affected in any way, EVI MAC learning occurs autonomously and in parallel. To distribute information between sites, the IS-IS protocol is used with special TLVs added. EVI MAC Learning works approximately as follows:
Configuring EVI is easy, in just 5 steps:
The EVI configuration on the switch looks something like this:
[HP] interface Tunnel1 mode evi
[HP] evi extend-vlan 111 to 150
[HP] source Loopback0
[HP] evi network-id 125
[HP] evi neighbor-discovery server enable
[HP ] evi neighbor-discovery client enable 192.168.101.129
Once the configuration is complete, EVI starts working as follows:
The data plane in EVI works as follows:
In addition, the built-in VRRP Isolation mechanism works in EVI, which prohibits the broadcast of VRRP keep-alive through EVI links. This allows each data center site to have a local active L3 gateway, optimizing traffic.
Another built-in EVI mechanism that reduces the number of Broadcasts passing through the EVI network is called ARP Flooding Protection. Essentially, it caches ARP responses and responds locally to the next such request.
In general, EVI technology allows you to very simply and efficiently manage an L2 domain “stretched” between several sites, which ultimately reduces network management operating costs compared to traditional methods such as VPLS.
EVI works over IP and can “stretch” the L2 domain through a WAN network between several data center (Data Center) sites. This is the technology of the so-called "L2 routing", which allows using EVI links and GRE tunnels to forward VLANs between different sites. Each EVI network has a unique identifier and a separate control plane and data plane.
The EVI control plane is responsible for discovering new nodes and establishing communication with them, as well as processes for studying and announcing MAC addresses. The first part is performed by the EVI Neighbor Discovery Protocol (ENDP), which can operate in two modes: the server, which is responsible for registering connection requests, maintaining the client database, etc. and a client interacting with the server (or servers) to establish and maintain an EVI connection.
The second part of the work is the responsibility of the EVI IS-IS process, which announces existing MAC addresses on sites and examines MAC tables from other sites. At the same time, the traditional process of MAC learning is not affected in any way, EVI MAC learning occurs autonomously and in parallel. To distribute information between sites, the IS-IS protocol is used with special TLVs added. EVI MAC Learning works approximately as follows:
- Site 1 learns about the existence of MAC1 and MAC2 in VLAN 100
- EVI IS-IS creates an LSP (Link State Packet) that contains information about these MAC addresses and VLANs
- EVI IS-IS sends this information to all neighbors
- Neighbors enter information from this LSP into a table; locally, it looks like the address was learned on the tunnel interface. When the switch receives a packet with that destination address, it forwards it to the corresponding EVI tunnel.
- EVI IS-IS can also form LSPs with addresses to be removed from the table (aged addresses)
Configuring EVI is easy, in just 5 steps:
- Allow EVI on the interface
- Configure EVI Tunnel
- Configure EVI network ID
- Configure VLANs to be transferred between sites
- Configure ENDP
The EVI configuration on the switch looks something like this:
[HP] interface Tunnel1 mode evi
[HP] evi extend-vlan 111 to 150
[HP] source Loopback0
[HP] evi network-id 125
[HP] evi neighbor-discovery server enable
[HP ] evi neighbor-discovery client enable 192.168.101.129
Once the configuration is complete, EVI starts working as follows:
- EVI Server Process Launches on Datacenter Core Switches
- If a new site is added, the EVI client must be configured on the switches of this site
- New sites send requests to the ENDP server
- The server answers them, they exchange the necessary data and establish an EVI connection
- Through the established connection user traffic begins to go
The data plane in EVI works as follows:
- EVI does not participate in the transfer of local packets and does not change them
- If the packet is intended for a remote site, it is encapsulated in GRE and transmitted through the installed EVI tunnel. At a remote site, the switch removes the encapsulating header and sends the packet to the appropriate local port.
- Unknown unicast and multicast are not transmitted by default via EVI links for obvious reasons, which can be changed using a special mechanism (Selective Flooding) and force the switch to transmit certain Unknown MACs through the EVI tunnel.
- The principle of splitting the horizon works in EVI, and packets that came from the tunnel interface are not transferred back to the transport layer (EVI links).
- The STP domain is limited locally and all changes that occur in the local STP domain are not broadcast via EVI
In addition, the built-in VRRP Isolation mechanism works in EVI, which prohibits the broadcast of VRRP keep-alive through EVI links. This allows each data center site to have a local active L3 gateway, optimizing traffic.
Another built-in EVI mechanism that reduces the number of Broadcasts passing through the EVI network is called ARP Flooding Protection. Essentially, it caches ARP responses and responds locally to the next such request.
In general, EVI technology allows you to very simply and efficiently manage an L2 domain “stretched” between several sites, which ultimately reduces network management operating costs compared to traditional methods such as VPLS.