Tuesday, December 1, 2020

EVPN/VXLAN scalability in campus environment

Our current campus design is "MPLS PE router" at every building and each PE router (well OK L3 switch) has several different VRFs and then in the DC the VRF is connected with /29 towards the FW cluster. All traffic between VRFs goes through the DC firewall cluster which advertises default to every VRF.

Now we're starting to implement Aruba AOS-CX switches that do not support MPLS but EVPN with VXLAN. So I'm wondering how well EVPN kind of campus would scale in the future if we decided to go with that? Currently we still have our MPLS PEs at each building and the access will be AOS-CX switches, but I guess there is no point of running your own MPLS network if EVPN/VXLAN would do the same?

Not really that familar with EVPN/VXLAN stuff so I'm wondering if we can have the same situation where the building switches just advertise whole subnets, or do they need to advertise every IP/MAC address towards the DC? Can we have the /29 towards the FW or does the FW need to see all the IP/MACs?

Or any thoughts about how to configure the underlay network? Would it be too much to have something like 1500-2000 switches in the same OSPF area 0 and in the same AS BGP wise? Fiber connectivity between switches is quite stable anyways. I think we're way past the 90's "max 50 OSPF routers in one area" but how well does it scale nowadays? Or should I just have eBGP between buildings and DCs and run separate OSPF area 0's at every building?



No comments:

Post a Comment