Traditional VXLAN networks rely on “flood-and-learn” behavior inherited from Ethernet switching principles. When a VTEP (VXLAN Tunnel Endpoint) needs to deliver a frame to a destination MAC address it doesn’t know, it floods the frame across all other VTEPs in the VXLAN segment, waiting for responses to learn the correct location.<\/p>\n\n\n\n
The Process:<\/mark><\/strong><\/p>\n\n\n\n As data centers scale, flood-and-learn creates multiple critical issues:<\/p>\n\n\n\n Broadcast Storms and Bandwidth Waste<\/strong><\/p>\n\n\n\n CPU Overload on VTEPs<\/strong><\/p>\n\n\n\n Unpredictable Traffic Paths<\/strong><\/p>\n\n\n\n Scalability Limitations<\/strong><\/p>\n\n\n\n Host Mobility Issues<\/strong><\/p>\n\n\n\n EVPN (Ethernet VPN) is an extension to BGP (Border Gateway Protocol) that fundamentally changes how VXLAN networks discover and communicate endpoint information. Instead of learning MAC and IP addresses reactively through data-plane flooding, EVPN uses the control plane to proactively advertise and distribute endpoint reachability information<\/strong>.<\/p>\n\n\n\n Core Innovation:<\/strong><\/p>\n\n\n\n BGP as the Control Plane<\/strong> Route Reflector Architecture<\/strong> Standardized Route Types<\/strong> EVPN uses different BGP route types to advertise different categories of information. Each route type serves a specific purpose in the network.<\/p>\n\n\n\n Purpose:<\/strong> Advertise MAC addresses and associated IP addresses of locally connected hosts.<\/p>\n\n\n\n What Gets Advertised:<\/strong><\/p>\n\n\n\n Practical Example:<\/strong> Why This Matters:<\/strong> Purpose:<\/strong> Enable VTEP discovery and coordinate Broadcast, Unknown Unicast, and Multicast (BUM) traffic handling.<\/p>\n\n\n\n What Gets Advertised:<\/strong><\/p>\n\n\n\n Practical Example:<\/strong> Why This Matters:<\/strong> Purpose:<\/strong> Enable IP-based routing across different VXLAN segments (VNIs) or to external networks.<\/p>\n\n\n\n What Gets Advertised:<\/strong><\/p>\n\n\n\n Practical Example:<\/strong> Why This Matters:<\/strong> Before EVPN (Traditional VXLAN):<\/strong><\/p>\n\n\n\n With EVPN:<\/strong><\/p>\n\n\n\n ARP suppression is one of EVPN’s most powerful features for reducing broadcast traffic. Instead of allowing ARP requests to flood across the fabric, VTEPs intercept local ARP requests and respond locally using information learned from the control plane.<\/p>\n\n\n\n How ARP Suppression Works:<\/strong><\/p>\n\n\n\n Step 1: Host Sends ARP Request<\/strong><\/p>\n\n\n\n Step 2: VTEP Intercepts the Request<\/strong> Step 3: VTEP Responds Locally<\/strong> Step 4: Traffic Flows Directly<\/strong> Result:<\/strong> The ARP request never left the local VXLAN segment. No flooding across the fabric. Zero broadcast traffic.<\/p>\n\n\n\n Traditional networks use Spanning Tree Protocol (STP) to prevent loops when hosts connect to multiple switches. However, STP has fundamental limitations:<\/p>\n\n\n\n In virtual machine deployments with thousands of hosts, STP becomes a severe bottleneck.<\/p>\n\n\n\n EVPN multihoming allows a single host (or group of hosts) to connect to multiple VTEPs simultaneously, with all links active and load-balanced. The solution uses three key components:<\/p>\n\n\n\n 1. Ethernet Segment Identifier (ESI)<\/strong><\/p>\n\n\n\n ESI is a unique identifier that groups multiple physical links connecting a host to the VXLAN fabric. It tells all VTEPs that multiple links belong to the same host.<\/p>\n\n\n\n All links with the same ESI are treated as a single logical connection by the fabric.<\/p>\n\n\n\n 2. BGP Signaling of ESI Information<\/strong><\/p>\n\n\n\n Each VTEP advertises the ESIs it’s connected to via EVPN. This ensures all VTEPs in the fabric know which VTEPs have access to which hosts.<\/p>\n\n\n\n 3. Split-Horizon Mechanism<\/strong><\/p>\n\n\n\n When a VTEP receives traffic from a host over one ESI link, it prevents that traffic from being sent back out another ESI link to the same host (preventing loops).<\/p>\n\n\n\n In All-Active mode, all links to a multihomed host carry traffic simultaneously.<\/p>\n\n\n\n How It Works:<\/strong><\/p>\n\n\n\n Example Traffic Flow:<\/strong><\/p>\n\n\n\n EVPN detects failures through multiple mechanisms, enabling rapid recovery:<\/p>\n\n\n\n VTEP Failure Detection<\/strong><\/p>\n\n\n\n Link Failure Detection<\/strong><\/p>\n\n\n\n Host Mobility Detection<\/strong><\/p>\n\n\n\n Step 1: Failure Detection<\/strong><\/p>\n\n\n\n Step 2: Route Withdrawal<\/strong><\/p>\n\n\n\n Step 3: Traffic Reroute<\/strong><\/p>\n\n\n\n Step 4: Stabilization<\/strong><\/p>\n\n\n\n Traditional VXLAN uses data-plane learning, which causes:<\/p>\n\n\n\n EVPN provides superior scalability:<\/p>\n\n\n\n Why EVPN Scales Better<\/strong><\/p>\n\n\n\n\n
![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-7.png\")
<\/figure>\n\n\n\nWhy Flood-and-Learn Becomes Problematic<\/mark><\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n\n\n\nIntroducing EVPN \u2013 Control Plane Intelligence<\/mark><\/h2>\n\n\n\n
What is EVPN?<\/h2>\n\n\n\n
\n
![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-8.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-9.png\")
<\/figure>\n\n\n\nKey Architectural Concepts<\/h2>\n\n\n\n
EVPN leverages BGP’s proven, scalable routing capabilities to distribute endpoint information. Each VTEP advertises the MAC addresses, IP addresses, and virtual network associations of locally connected hosts. BGP ensures all VTEPs receive this information consistently and efficiently.<\/p>\n\n\n\n
In large deployments, EVPN uses BGP route reflectors to simplify the control plane topology. Rather than requiring full-mesh BGP peering between all VTEPs, route reflectors collect advertisements from VTEPs and efficiently distribute them. This dramatically reduces control plane complexity and CPU overhead.<\/p>\n\n\n\n
EVPN defines specific BGP route types for different purposes, ensuring interoperability across vendors and consistent behavior across the fabric.<\/p>\n\n\n\n
\n\n\n\nEVPN Route Types \u2013 The Foundation of Control Plane Communication<\/strong><\/mark><\/h2>\n\n\n\n
Understanding Route Types<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-10-1024x490.png\")
<\/figure>\n\n\n\nType 2: MAC\/IP Advertisement Routes<\/h2>\n\n\n\n
\n
When a server connects to VTEP 1, VTEP 1 learns the server’s MAC address and IP through local detection (ARP snooping or DHCP snooping). VTEP 1 creates a Type 2 route and advertises it via BGP:<\/p>\n\n\n\n\n
Before any traffic arrives, the entire fabric knows where this host is located. No flooding is needed.<\/p>\n\n\n\nType 3: IMET (Inclusive Multicast Ethernet Tag) Routes<\/h2>\n\n\n\n
\n
When VTEP 1 is configured for VXLAN segment 100, it advertises a Type 3 route:<\/p>\n\n\n\n\n
Type 3 routes establish the foundation for controlled BUM traffic distribution without unlimited flooding.<\/p>\n\n\n\nType 5: IP Prefix Routes<\/h2>\n\n\n\n
\n
A VTEP connected to both VNI 100 (database servers) and VNI 200 (application servers) advertises Type 5 routes to enable cross-subnet communication:<\/p>\n\n\n\n\n
Type 5 routes enable true Layer 3 connectivity within the VXLAN fabric without requiring separate routers.<\/p>\n\n\n\n
\n\n\n\nTraffic Flow and ARP Suppression<\/strong><\/mark><\/h2>\n\n\n\n
How EVPN Changes Traffic Patterns<\/h2>\n\n\n\n
\n
\n
![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-11.png\")
<\/figure>\n\n\n\nARP Suppression: Stopping Flooding at the Source<\/h2>\n\n\n\n
Host A: \"Who has IP 192.168.1.50?\"
(ARP request with destination MAC = ff:ff:ff:ff:ff:ff)
<\/code><\/pre>\n\n\n\n
VTEP 1 receives the ARP request locally. Before flooding it, the VTEP checks its EVPN-learned MAC\/IP table:<\/p>\n\n\n\n\n
Instead of flooding, VTEP 1 creates and sends an ARP reply:<\/p>\n\n\n\nARP Reply: IP 192.168.1.50 is at MAC 00:aa:bb:cc:dd:ee
(Response sent directly from VTEP 1 to Host A)
<\/code><\/pre>\n\n\n\n
Host A receives the ARP reply and sends traffic to the MAC address. VTEP 1 has already learned from the BGP Type 2 route that this MAC exists on VTEP 3, so it tunnels the traffic directly.<\/p>\n\n\n\nBenefits of ARP Suppression<\/h2>\n\n\n\n
Benefit<\/th> Impact<\/th><\/tr><\/thead> Eliminated ARP Flooding<\/strong><\/td> Reduces broadcast traffic by 80-95% in typical deployments<\/td><\/tr> Reduced CPU Load<\/strong><\/td> VTEPs don’t process irrelevant ARP traffic<\/td><\/tr> Faster Host Discovery<\/strong><\/td> Hosts get ARP responses from local VTEPs immediately<\/td><\/tr> Lower Latency<\/strong><\/td> No waiting for distant VTEPs to respond to ARP<\/td><\/tr> Improved Stability<\/strong><\/td> Fewer broadcast storms during network events<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nEVPN Multihoming \u2013 Redundancy Without Spanning Tree<\/strong><\/mark><\/h2>\n\n\n\n
The Problem with Traditional Redundancy<\/h2>\n\n\n\n
\n
EVPN Multihoming Solution<\/h2>\n\n\n\n
Host 1 \u2192 VTEP 1 (Link 1) \u2500\u2510
\u251c\u2500 Assigned ESI = 00:11:22:33:44:55:00:00:00:01
Host 1 \u2192 VTEP 2 (Link 2) \u2500\u2518
<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-12.png\")
<\/figure>\n\n\n\nAll-Active Multihoming Mode<\/h2>\n\n\n\n
\n
\n
\n
\n
Remote Host (on VTEP 3) sends to Host 1 (multihomed):
- Packet 1 \u2192 VTEP 1 \u2192 Host 1 (Link 1)
- Packet 2 \u2192 VTEP 2 \u2192 Host 1 (Link 2)
- Packet 3 \u2192 VTEP 1 \u2192 Host 1 (Link 1)
- Load distributed across both VTEPs and links
<\/code><\/pre>\n\n\n\nBenefits of EVPN Multihoming<\/h2>\n\n\n\n
Feature<\/th> Benefit<\/th><\/tr><\/thead> All-Active Mode<\/strong><\/td> 100% link utilization; no blocked ports<\/td><\/tr> Fast Failover<\/strong><\/td> Sub-second convergence via BGP updates<\/td><\/tr> No STP<\/strong><\/td> Eliminates unpredictable STP convergence<\/td><\/tr> Load Balancing<\/strong><\/td> Traffic automatically spreads across all links<\/td><\/tr> Redundancy<\/strong><\/td> Host connectivity survives multiple link failures<\/td><\/tr> Deterministic<\/strong><\/td> Behavior is predictable and controllable<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nFailure Detection and Convergence<\/strong><\/mark><\/h2>\n\n\n\n
How EVPN Detects Failures<\/h2>\n\n\n\n
\n
\n
\n
![\"\"](\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2026\/01\/image-13.png\")
<\/figure>\n\n\n\nEVPN Convergence Process<\/h2>\n\n\n\n
Time = 0ms: VTEP 1 fails (link goes down)
BGP keepalive timer expires on connected VTEPs
All VTEPs detect loss of VTEP 1
<\/code><\/pre>\n\n\n\nTime = 50-100ms: Route reflector detects VTEP 1 failure
All Type 2 and Type 3 routes from VTEP 1 are withdrawn
Route updates are sent to remaining VTEPs
<\/code><\/pre>\n\n\n\nTime = 100-200ms: All VTEPs update their forwarding tables
Traffic destined for hosts on VTEP 1 is rerouted
If multihoming is configured, traffic uses alternate VTEP
Hosts experience brief pause (~100ms) but no packet loss
<\/code><\/pre>\n\n\n\nTime = 200-500ms: Network reaches stable state
All hosts are reachable via surviving VTEPs
No additional flooding or relearning occurs
<\/code><\/pre>\n\n\n\nComparison: Traditional vs EVPN Convergence<\/h2>\n\n\n\n
Scenario<\/th> Traditional VXLAN<\/th> EVPN<\/th><\/tr><\/thead> VTEP failure (single host)<\/td> 30-60 seconds<\/td> 100-300ms<\/td><\/tr> Link failure<\/td> 30-60 seconds<\/td> 50-150ms<\/td><\/tr> Host mobility<\/td> 10-30 seconds<\/td> 100-500ms<\/td><\/tr> Broadcast relearning<\/td> Yes (multiple events)<\/td> No<\/td><\/tr> Predictability<\/td> Low<\/td> High<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\nScalability Benefits<\/strong><\/mark><\/h2>\n\n\n\n
Control Plane Scaling<\/h2>\n\n\n\n
\n
\n