How EVPN Transforms VXLAN Control Plane: Types, Routing, and MAC Learning Explained

Introduction

EVPN (Ethernet VPN) is a control‑plane solution for VXLAN that builds on MP‑BGP and defines new BGP EVPN route types. It eliminates the need for manual VXLAN tunnel configuration and reduces broadcast traffic by automating VTEP discovery, MAC learning, and route distribution.

EVPN Basic Concepts

Early VXLAN (RFC7348) lacked a control plane, requiring manual tunnel configuration and causing extensive flood traffic. EVPN introduces a BGP‑based control plane that publishes MAC and IP information, enabling automatic tunnel setup and reducing flooding.

MP‑BGP Basics

MP‑BGP extends traditional BGP‑4 by adding address‑family identifiers (AFI) to support multiple network‑layer protocols (IPv6, multicast, etc.). EVPN defines a new address family (L2VPN) and introduces EVPN NLRI, which carries MAC, IP, VNI, and VRF information.

EVPN Route Types

EVPN defines five route types. Types 1‑4 are defined in RFC 7432; Type 5 is defined in later drafts. The article focuses on the most common Types 2, 3, and 5.

Type 2 – MAC/IP Route

Used to announce host MAC and IP information between VTEPs. The NLRI format is shown below.

Key fields include the host IP, MAC address, VNI, and the EVPN instance’s route‑distinguisher (RD) and route‑target (RT).

VTEP automatically discovers other VTEPs.

Both L2 MAC and L3 IP information are distributed.

Reduces broadcast traffic.

Example configuration on a leaf switch:

bridge-domain 10</code><code> vxlan vni 10    // L2 VNI</code><code> evpn</code><code>  route-distinguisher 10:1</code><code>  vpn-target 0:10 export-extcommunity    // ERT</code><code>  vpn-target 100:5000 export-extcommunity</code><code>  vpn-target 0:10 import-extcommunity</code><code>interface Nve1</code><code> source 1.1.1.1   // VTEP IP</code><code> vni 10 head‑end peer‑list protocol bgp

Type 3 – Inclusive Multicast Ethernet Tag (IMET) Route

Publishes VTEP IP and VNI information to establish head‑end replication lists and dynamically create VXLAN tunnels.

Key fields: Originating Router’s IP address and the MPLS label carrying the VNI.

Type 5 – IP Prefix Route

Used to distribute subnet routes (0‑/128 mask lengths) and can also carry host routes. It enables distributed gateways to exchange routing information.

When carrying host IP, it supports distributed gateway scenarios.

When carrying subnet prefixes, it enables inter‑subnet communication across the VXLAN fabric.

Using EVPN for MAC Learning

EVPN replaces data‑plane flooding with control‑plane MAC learning via Type 2 routes. The process:

Host connects to a leaf (VTEP) and triggers ARP/DHCP, allowing the leaf to learn the host’s MAC.

The leaf advertises a Type 2 route containing the host’s MAC, IP, VNI, and EVPN instance identifiers.

Peer leaves receive the route, learn the MAC, and update their MAC tables without flooding.

Head‑End Replication List Creation

Head‑end replication lists can be built manually or automatically via EVPN Type 3 routes. EVPN automates the process by publishing VTEP IP and VNI information, allowing peers to create replication entries for broadcast, multicast, and unknown‑unicast (BUM) traffic.

VXLAN Traffic Forwarding

The article describes three forwarding scenarios in a distributed VXLAN fabric (both underlay and overlay are IPv4):

In‑subnet known unicast: Host A sends a packet to Host B; the leaf encapsulates it in VXLAN and forwards it to the destination leaf, which decapsulates and delivers it.

In‑subnet BUM (broadcast, unknown‑unicast, multicast): The originating leaf replicates the packet to all VTEPs in the same VNI.

Cross‑subnet (inter‑VNI) forwarding: In a distributed gateway scenario, the leaf performs L3 routing, encapsulates the packet with the appropriate VNI, and forwards it to the remote leaf, which then delivers it to the destination host.

ARP Broadcast Suppression

ARP requests generate broadcast traffic that can flood a VXLAN fabric. EVPN provides two suppression mechanisms:

ARP to Unicast

Leaves learn host IP‑MAC‑VNI‑VTEP mappings and, upon receiving an ARP request, replace the broadcast MAC with the learned host MAC, converting the request to a unicast packet.

ARP Layer‑2 Proxy

In pure L2 fabrics without a three‑layer gateway, leaves can listen for ARP requests, generate suppression entries, and reply on behalf of the target host, avoiding broadcast.

These mechanisms rely on EVPN’s ability to distribute host information quickly, ensuring that ARP traffic is minimized across the data‑center network.