Using VXLAN and EVPN to Build Active-Active Data Centers

Some (anti)patterns of network industry are way too predictable: every time there’s a new technology marketers start promoting it as the solution for every problem ever imagined. VXLAN was quickly touted as the solution for long-distance vMotion, and now everyone is telling you how to use VXLAN with EVPN to stretch VLANs across multiple data centers.

Does that make sense? It might… based on your requirements and features available on the devices you use to implement the VXLAN/EVPN fabric. We’ll cover the details in a day-long workshop in Zurich (Switzerland) on December 5th. There are still a few places left, register here.

11 comments:

  1. Will there be any videos or materials made available after the workshop? If not, could you recommend any webinars that might be relevant instead? This is highly relevant to my job right now, but I'm not sure I can make it to Zurich. I'm looking for something that'll teach me enough about active-active data center design that I can either tell my boss "This is how we should do it" or "This is why we shouldn't do it".
    Replies
    1. There you go: https://www.ipspace.net/Designing_Active-Active_and_Disaster_Recovery_Data_Centers

      But you would be disappointed about the answer to the problem ;)
    2. I think my boss is the one who will be disappointed ;)
    3. Thank you @anonymous.

      Spoiler alert: it works best when you have the right application architecture... and stretched VLANs make little sense if you care about reliability or availability.
    4. I think we're all on the same page there. Based on my own experience and google-/blog-acquired knowledge I have no intention of implemention anything like that (and our local government applications are... not what I'd describe as fault-tolerant or distributed in any sense of the word). But my boss keeps bringing it up, and I'm beginning to feel like my opinion is less authoritative than I'd like.

      Besides, I've been eyeing a few other webinars aswell recently, so it's about time I get myself a subscription =)
    5. Application architecture is the keyword. Never saw something like that in enterprise environments. So stretched VLANs, load balancers and firewall clusters are maybe your only possibilities. The image with the tree and the lowest branch as the network comes to mind: https://blog.ipspace.net/2013/04/this-is-what-makes-networking-so-complex.html
  2. We've build a EVPN BGP VXLAN "DCI network" connecting two data centers, but we restricted it's use to L3 devices. It's main purpose is to interconnect virtual and physical infrastructure, e.g. OpenStack to WAN, or OpenStack to vmware, nutanix. But also interconnecting two independent OpenStack clusters at two (twin) data center sites.
    L2 stretching is empathically not the use case.
  3. Addition: interconnecting "PODs" in the same datacenter was one of the main use cases (POD as in "point of delivery", as even within the same field we manage to overload acronyms, e.g. "performance optimized datacenter").
  4. Let´s talk about vendor limitations, e.g. HPE 5950 switch. You can configure distributed gateways with IP and IPv6. You can also advertise local connected /32 IP addresses into your routing protocol with command "arp route-direct advertise". But there´s no "nd route-direct advertise" available. So you are limited to IPv4 active-active DCI. This is what you learn if you have the switch locally and HPE says "no" after you raised an enhancement request to add this feature.
  5. Running VXLAN EVPN BGP control plane over IPv6 has it's limitations (unfortunately). Especially if you're using auto-RD. As always, again unfortunately, when deploying IPv6, be sure you lab everything. Or at the least, make sure your vendor has extensive documentation available that shows if and how it can be configured.
  6. Well, the VXLAN/EVPN is running over IPv4 without any problem with HPE 5950. You can configure IPv4 and IPv6 distributed gateways and for IPv4 you can automatically distribute IPv4 host routes into e.g. OSPF. IPv6 works if I Set static /128 host routes to the switches. Locally connected hosts on both 5950 switches use their local (distribute) IPv6 gateway. But I cannot distribute it automatically. What "arp route-direct advertise" does for IPv4 doesn't exist for IPv6.
Add comment
Sidebar