For whatever reason, Easy Virtual Network (EVN), a configuration sugar-glaze on top of VRF-lite (oops, multi-VRF) that has been lurking in the shadows for the last 18 months erupted into the twittersphere after Cisco’s latest switching launch. I can’t possibly understand why the implementation of a decade-old technology on mature platform (Catalyst 4500 and Catalyst 6500) makes news at the time when 40GE and 100GE interfaces were launched, but the intricacies of marketing always somehow escaped me.
2012-02-08: Based on feedback from Andy Kessler (thank you!) I updated the post to include two facts I didn't notice before: EVN treats the global routing table like any VRF and it includes enhanced traceroute that displays VLAN tags and VRF names
Before going into the details, let’s clear the confusion created by people who don’t have the time to read the configuration guides:
- EVN is not new. It’s been available on ASR 1000 for almost 18 months.
- EVN is not an alternative to MPLS. VRF-lite has existed since the earliest days of MPLS/VPN (ok, OSPF was broken in the first release).
- EVN is not proprietary. It’s VRF-lite over VLAN point-to-point subinterfaces. You can connect a Juniper or an HP box to the other end of the link and they'll work just fine.
- EVN is not a technology (apart from route leaking between VRFs which happens within the router anyway). There's no new encapsulation scheme, packet format or protocol ().
- EVN is not Cisco’s evasive maneuver from the MPLS world. The design is old, the only new functionality is the simplified configuration CLI .
I will not do a deep dive into EVN (unless there’s an outcry in the comments ;). The EVN whitepaper is pretty good, Q&A document gives you some more details, and the IOS XE configuration guide explains all the details.
Those of you who happen to have my first MPLS/VPN book can look up the technology behind the EVN configuration façade at page 158 (Figure 8-5). Replace “Frame Relay” with “Ethernet/VLAN” and that 11-year-old diagram matches almost exactly Figure 3 from Cisco’s EVN White Paper.
I created an almost identical slide for the Enterprise MPLS/VPN Deployment webinar (included below). Notice the title: Multi-VRF Does Not Scale. A few reasons are given on the slide; you’ll find more of them in the book I already mentioned on page 157. Nothing fundamental has changed in the meantime. The CPUs are faster, but Multi-VRF still doesn’t scale (but since EVN is limited to 32 VRFs, I don’t really care).
If you need layer-3 path isolation for a few logical IP networks (VRFs) and are willing to run multiple copies of OSPF or EIGRP in your network (one per VRF), EVN just might be for you – it’s configuration is way less repetitive than traditional multi-VRF configuration, and it can import/export routes between VRFs without going through BGP (which is a major bonus).
Just remember what all those routing protocols do after every core link failure: each per-VRF routing protocol instance on every L3 switch in your EVN network will frantically chat, exchange data with its neighbors and try to recalculate the topology, even though all of them share the same physical topology.