VXLAN for WAN Pseudowires?

Sean Pedersen spedersen.lists at gmail.com
Thu Jul 20 16:14:37 CST 2017


Been there, got the t-shirt ...

VXLAN was not designed to be a direct replacement for L2VPN. It was built to
scale L2 broadcast domains. With Cisco, L2 control protocols like STP are
not supported. Can't speak for other vendors. So what someone would
typically expect from EoMPLS and L2 protocol tunneling, they're not going to
get with a VXLAN substitute. 

If all you're looking to do is create a virtual Ethernet cable between two
L3 interfaces with absolutely no L2 protocol tunneling involved, it works
like a champ. We use them for that purpose, building virtual cross-connects
between routers, as well as in a few virtual environments to overlay L2
networks across a BGP CLOS. 

I would not recommend VXLAN to replace L2VPNs unless you plan to wait for /
hope for L2 protocol tunneling support. You would not get a direct
replacement for your current VPLS circuits. Segment routing is in the same
boat - no L2VPN support until next year, and then it's supposed to be
limited to -EX and -FX Nexus chassis.

I can't speak on the subject of using it across a WAN; we dump our VXLAN
tunnels to ASR9Ks at the edge where traditional MPLS takes over. Generally,
it's not recommended to try and extend a LAN-based protocol across a WAN.
While it's L3 traffic once the VXLAN overlay takes over, I would look into
the control plane requirements, overhead, etc. before even considering it.

NCS is what Cisco currently recommends for a scalable MPLS fabric. There's
also the ASR9000V, which acts as a satellite / remote line card of larger
ASR9K routers, but you'd still want some kind of aggregation in there to
scale or your ASR9K port cost is going to start to hurt.

Hit me up off-list if you want to know a little more in detail.

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Simon Lockhart
Sent: Thursday, July 20, 2017 2:12 AM
To: nanog at nanog.org
Subject: VXLAN for WAN Pseudowires?

All,

I'm currently going through a network design for an upgrade for one of the
networks I run. Much of the wide-area traffic on the network is used purely
to transport Ethernet tail circuits back from an edge PoP to a core PoP. 
Currently we're using Extreme X460 and X670 switches to achieve this,
carrying the tail circuits within VPLS.

Two things are making me look at a change of solution for this - firstly
Extreme have stated that they're not interested in the service provider
market any more (and reflected this in significant reductions in discounts),
and secondly we need to look at higher bandwidth port options (40G + 100G,
particularly for backhaul circuits).

As we're primarily a Cisco house, I've been looking at suitable
replacements, and the Nexus 9k range looks good - 92160YC and 9236C in
particular. However, this would mean a shift from VPLS to VXLAN. We're also
looking at Cisco-like products, such as the Arista range.

We've been doing some testing in the lab, and so far, things look good -
it's easy to configure, and appears to do the job of getting packets from A
to B.

We do have two concerns, though:

1) Cisco are strongly advising against using the Nexus switches in a WAN
   scenario - as they're designed for "datacentre" use. They've so far said 
   they can't find anyone who can help validate designs using Nexus, and 
   instead are pushing us towards the NCS-5000 series switches. Same
chipset,
   but 2-3 times the price! NCS does, however, support VPLS, so would be an
   easier drop-in to our existing network.

2) Traffic engineering - we don't have a lot of requirement for this, but do
   have a small number of customers who buy A and B circuits, and require
them
   to be routed across different paths on our network. This is easy with
MPLS
   using explicit LSPs, but we've not yet worked out how to achieve the same
   thing in VXLAN.

So, my question to the community is - have any of you used VXLAN as a
wide-area layer 2 transport technology? Any pros or cons? Gotchas? Scare
stories?
Recommendations? Am I trying to shoot myself in the foot?

Many thanks,

Simon



More information about the NANOG mailing list