Multi-Site VxLAN Lab with BGP EVPN deployment across two data centers

 

                                                                      Fig: Multi-Site VxLAN Lab with BGP EVPN 

#Prepared_By: #Sardar_Imran_Hossain 

This diagram represents a Multi-Site VxLAN Lab with BGP EVPN deployment across two data centers. The architecture demonstrates an advanced design that merges two key networking technologies: VXLAN (Virtual Extensible LAN) for layer 2 connectivity over layer 3 networks, and BGP EVPN (Border Gateway Protocol with Ethernet VPN) as the control plane to provide efficient layer 2 and layer 3 segmentation across the fabric. The setup is built to showcase high availability, load balancing, and connectivity between two geographically separated data centers, with distinct Multi-AS (Autonomous System) and Single-AS models.

Data Center 1: Multi-AS Model with eBGP Underlay
In Data Center 1, the design employs a Multi-AS model with BGP as the underlay, utilizing eBGP for communication between different layers. It includes two spine switches (NX9K-Spine-1 and NX9K-Spine-2), two leaf switches (NX9K-Leaf-1 and NX9K-Leaf-2), and a border leaf (NX9K-Border-Leaf-1). This structure forms the VXLAN EVPN fabric within the data center.
The spine-leaf architecture ensures high availability and horizontal scalability. Spines NX9K-Spine-1 and NX9K-Spine-2 are responsible for forwarding traffic between leaf switches in a non-blocking manner, forming a robust data plane. The leaves (NX9K-Leaf-1 and NX9K-Leaf-2) connect endpoints, like servers and firewalls, and also extend layer 2 and layer 3 connectivity across the fabric.

VxLAN EVPN is used to encapsulate layer 2 frames within layer 3 packets, enabling efficient data center interconnect (DCI) between the two data centers.
F5 Load Balancers (F5-LTM-1 and F5-LTM-2) are deployed to handle traffic management and load balancing of applications, and they ensure application availability through a VIP (Virtual IP) setup.
The border leaf switch (NX9K-Border-Leaf-1) connects to external networks, including ISP links, and acts as the data center’s gateway for external communication. The BGP AS number 64333 is used for routing information exchange with external routers.

The firewalls (PA-FW1 and PA-FW2) provide security at the perimeter of Data Center 1, ensuring that traffic between internal and external networks is filtered based on security policies.
Data Center 2: Single-AS Model with OSPF Underlay

In contrast to Data Center 1, Data Center 2 uses a Single-AS model with OSPF (Open Shortest Path First) as the underlay routing protocol. Here, the same fundamental architecture is used with two spine switches (NX9K-Spine-3 and NX9K-Spine-4), two leaf switches (NX9K-Leaf-3 and NX9K-Leaf-4), and a border leaf (NX9K-Border-Leaf-2). However, the key difference lies in the use of a single BGP AS number (65000) across the entire data center, making intra-data center communication simpler and reducing complexity for internal routing.

Similar to Data Center 1, F5 load balancers (F5-LTM-3 and F5-LTM-4) manage application traffic, and the perimeter firewalls (PA-FW3 and PA-FW4) secure traffic entering and leaving the data center.