Layer 3 VPNs (L3VPN)

A. EVN is an IP-based network virtualization solution designed to help enable network managers to provide traffic separation and path isolation on a shared network infrastructure. EVN has three major benefits:

A. The current Virtual Route Forwarding (VRF)-Lite solution requires manual configuration of one subinterface per VRF, and when a new VRF is provisioned, operators need to configure a new subinterface on all routers and switches throughout the network. With EVN, VRF subinterfaces are automatically created when a new VRF is configured, saving operational provisioning costs.

A. Another problem EVN solves is shared services support. Multiple EVN users may require common sets of services such as Internet connectivity, email, video, Dynamic Host Configuration Protocol (DHCP), or Domain Name System (DNS). EVN's route replication feature helps simplify this by not relying on the Border Gateway Protocol (BGP) import/export feature, instead allowing each virtual network to have access directly to the Routing Information Base (RIB), saving both configuration, memory, and CPU cycles.

A. EVN enhances network virtualization troubleshooting by making VRF-Lite easier to deploy, operate, and scale. A routing context command mode allows network operators to perform troubleshooting issues that pertain specifically within a VRF without specifying the VRF name in every command. For example, after entering a routing context, operators can perform these actions:

A. Cisco offers both Layer 2 and Layer 3 VPN solutions today. Some of the Layer 2 technologies include Any Transport over MPLS (AToM) or Ethernet over MPLS (EoMPLS) and Virtual Private LAN Service (VPLS). Multiprotocol Label Switching (MPLS) VPNs over MPLS core, MPLS VPNs over mGRE (IP) core, Dynamic Multipoint VPN (DMVPN), and VRF-Lite are some of the Layer 3 network virtualization technologies. EVN is a Layer 3 technology based on VRF-Lite, with simpler configuration and management.

A. EVN is backward compatible with VRF-Lite. The two technologies can be deployed in the same network for a smooth transition to EVN. Make sure the EVN "vnet tag" value matches the 802.1Q VLAN ID on the VRF-Lite device.

A. EVN in the campus is completely compatible with the WAN solutions MPLS-VPN, MPLS-VPN over mGRE, and DMVPN.

A. Today 32 virtual networks are supported per platform. This may be increased in the future.

A. The 802.1X protocol and other IBNS technologies can be used to authenticate users and place them in the correct VLAN. The VLAN is then mapped to a VRF that is configured for EVN.

A. IP multicast is supported in each of the virtual networks created with EVN. IP multicast routing must be enabled in each VRF, and Protocol Independent Multicast (PIM) sparse mode must be enabled on the VNET trunks. Shared services for IP multicast are supported with route replication. Shared services will allow a multicast source to flow toward receivers in many VRFs.

A. EVN supports Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP).

A. The EVN trunk is located on the core-facing interface between two EVN devices.

A. Yes. VRF is not automatically applied to user user-facing interfaces. In a typical Layer 2 access deployment, this is an example configuration:

A. Yes. Automatically generated VRF subinterfaces inherit behavior from the main interface. VRF parameters can be customized through an override inheritance feature.

A. Yes. EVN can be deployed in conjunction with other VPN solutions.

A. If an MPLS VPN service provider is using an ASR 1000 Series Router with a Cisco IOS® Software image that supports EVN functionality, EVN can be deployed on a CE-PE link.

A. EVN is shipping today on the ASR 1000 Series in Cisco IOS XE Software Release 3.2S, Catalyst 6500 on the release 15.0(1)SY1 and Catalyst 4500 on the releases 15.1(1)SG and IOS XE 3.3.0SG. Support for other platforms are planned for the near future.

A. Visit the EVN product information page at http://www.cisco.com/go/evn.