EVI technology for data center integration

Traditionally, L3 technologies were used to combine several data center sites. With the widespread adoption of virtualization, users are increasingly using technologies such as vMotion, which require the L2 environment to work. EVI technology implements a simple way to integrate data centers on the second level and reduces the cost and complexity of traditional solutions in this area.

EVI works over IP and can “stretch” an L2 domain via a WAN network between several data center sites (Data Center). This is the technology of the so-called “L2 routing”, which allows using VID links and GRE tunnels to forward VLANs between different sites. Each EVI network has a unique identifier and a divided control and data transmission plane.

The EVI control plane is responsible for detecting and establishing communication with them, as well as the process of learning and announcing MAC addresses. The first part is performed by the EVI Neighbor Discovery Protocol (ENDP) protocol, which can operate in two modes: a server responsible for registering connection requests, maintaining a customer database, etc. and a client interacting with the server (or servers) to establish and maintain an EVI connection.


')
The second part of the work is the responsibility of the EVI IS-IS process, which deals with the annotation of the MAC addresses existing at the sites and the study of the MAC tables from other sites. At the same time, the traditional MAC learning process is not affected in any way; EVI MAC learning occurs autonomously and in parallel. IS-IS protocol with special added TLVs is used to spread information between sites. EVI MAC Learning works like this:

1. Site 1 learns about the existence of MAC1 and MAC2 in VLAN 100
2. EVI IS-IS creates a Link State Packet LSP that contains information about these MAC addresses and VLANs
3. EVI IS-IS sends this information to all neighbors.
4. Neighbors enter information from this LSP into a table; locally, it looks like the address has been learned on the tunnel interface. When the switch receives a packet with that destination address, it forwards it to the appropriate EVI tunnel.
5. EVI IS-IS can also form LSP with addresses that should be removed from the table (aged addresses)

EVI is configured very simply, in just 5 steps:

1. Allow EVI on the interface
2. Configure EVI Tunnel
3. Configure EVI network ID
4. Configure VLANs that will be transferred between sites
5. Configure ENDP

The EVI configuration on the switch looks like this:

[HP] interface Tunnel1 mode evi
[HP] evi extend-vlan 111 to 150
[HP] source Loopback0
[HP] evi network-id 125
[HP] evi neighbor-discovery server enable
[HP] evi neighbor-discovery client enable 192.168.101.129

Once the configuration is completed, EVI starts working as follows:

1. The EVI server process is started on the data center core switches.
2. If a new site is added, the work of the EVI client must be configured on the switches of this site
3. New sites send requests to the ENDP server
4. The server responds to them, they exchange the necessary data and establish an EVI connection.
5. Through the established connection begins to go user traffic

The data transfer plane in EVI works as follows:

1. EVI does not participate in the transfer of local packages and does not change them.
2. If the packet is intended for a remote site, it is encapsulated in a GRE and transmitted through an established EVI tunnel. At the remote site, the switch removes the encapsulating header and forwards the packet to the appropriate local port.
3. Unknown unicast and multicast are not transmitted by default via EVI links for obvious reasons, which can be changed using a special mechanism (Selective Flooding) and cause the switch to transmit certain Unknown MACs via an EVI tunnel.
4. The split-horizon principle works in EVI, and packets that come from the tunnel interface are not transferred back to the transport layer (EVI links).
5. The STP domain is limited locally and all changes that occur in the local STP domain are not translated via EVI.

In addition, EVI has a built-in VRRP Isolation mechanism, which prohibits broadcasting of VRRP keep-alive via EVI links. This allows each site data center to have a local active L3 gateway, optimizes traffic.

Another mechanism built into EVI that reduces the number of broadcasts passing through the EVI network is called ARP Flooding Protection. In essence, it caches ARP responses and responds locally to the next such request.

In general, EVI technology makes it very simple and efficient to manage an L2 domain that is “stretched” between several sites, which ultimately reduces the operating costs of managing a network compared to traditional methods, such as VPLS.