EVPN was one of 2018’s buzzwords, capturing the agenda of networking commentators and corporations alike. But what is it, and why is it such a big deal for everyday network managers? Moreover, does it have any relevance to ordinary VPN users?
We’ve put together a brief primer on what EVPN technology entails, and where it could be used. And it turns out, the implications are pretty wide-ranging. But let’s start at the beginning, with a basic definition.
Getting things started: what is EVPN?
EVPN stands for Ethernet Virtual Private Network. So in that sense, it should be fairly self-explanatory.
Ethernets are networks which involve a number of systems being linked together by a Local Area Network (LAN), using common protocols. Ethernets operate at the Data-Link level of the TCP/IP stack (or Level 2), and allow organizations to set up self-contained local networks with authentication and security features to govern who uses them, and for what ends.
Virtual Private Networks (VPNs) are tools which encrypt data sent across the web, routing that data through global server networks. This has the effect of anonymizing the user’s IP address, letting them surf the web without falling victim to cybercriminals or surveillance systems.
So how do we get to an ethernet VPN? VPNs have long been used by network managers to link together remote computers securely. The encryption offered by VPNs creates an effective barrier between sensitive or proprietary data and the wider internet. So the link is pretty intuitive.
And VPNs have long been used with ethernet systems. But that’s not what EVPN is about. Instead, it represents an ethernet VPN protocol – and that’s actually quite revolutionary.
Why is EVPN such a game-changing technology?
One of the great benefits of developing an ethernet VPN protocol is the ability to bundle together disparate tools into one service. So, for instance, the EVPN implementations offered by Cisco include L3VPN, VPWS, VPLS, and SPB/TRILL.
This means that network bridging tools, VPN protocols, Private Wire Services, and multipoint LANs can be brought together in one package really easily.
In the past, ethernet managers had to juggle a variety of VPN protocols to create customized security solutions. With an ethernet VPN implementation, their task is much simpler. That’s why EVPN is often called a “control plane” protocol – because it gives total control across all security functions.
What could EVPN be used for?
However, all of this seems quite abstract. The real benefits of Ethernet VPN are being felt day by day in network operations. From hospitals and colleges to corporations, this technology has started to make a huge difference to the speed and security of organizations.
It might help to look at a case study to see how these changes are taking place.
Let’s say a company has five regional offices and wants to introduce a company-wide HR and CRM management system. Previously, integrating the networks in all five sites while retaining a high degree of security would have been tricky. And keeping costs low would have been even harder.
With an ethernet VPN working on point-to-point principles, the company can link together the five regional LANs into what is effectively a Wide Area Network (WAN).
This allows workers in any office to log onto centralized customer databases without worrying about using separate VPN protection. And it should enhance working speeds. That’s a key benefit of the EVPN package: by integrating disparate networks, managers can make systems as a whole function far more efficiently.
Moreover, if the company then wanted to create a separate LAN for a research center or department, ethernet VPN would make that easy, via Virtual LAN technology (VLAN).
Ethernet VPN vs IP VPN: what’s the difference?
EVPN technology can be contrasted to IP based VPN (the type we associate with individuals trying to break Netflix geoblockers, or protect their emails from hackers.)
The fundamental difference lies in how the two VPNs connect. In an Ethernet VPN, connections take place via ethernet switches and MAC addresses. On the other hand, IP VPNs user router to router connections and IP addresses.
Generally, Ethernet VPNs will need to transport more data (because of the way things like MAC headers are structured). And they aren’t as capable at linking together subnets. But on the flipside, ethernets can be customized in more depth.
Previously, companies seeking true VPN protection might have favored TCP/IP networks. That’s because VPN protocols like IPSec function by anonymizing IP addresses – but they don’t do anything about MAC addresses.
However, EVPN technology now makes it much easier to create tunneled ethernet connections which essentially mimic IP VPNs. They are becoming easier to scale all the time, cheaper, and much more secure. And that’s why there’s been such a buzz in the networking community.
What about EVPN vs VPLS?
Another important comparison is between ethernet VPN and VPLS. We’ve already mentioned VPLS as one of the technologies bundled in with EVPN protocols, but it can still be used as a standalone alternative.
In fact, VPLS is probably the favored networking solution for connecting LANs together – although it’s very much under threat from ethernet VPN.
In a VPLS setup, we are still talking about connecting LANs. But in this case, the connection is managed via “virtual” switches maintained by the VPLS provider. The virtual switch basically fools a group of network switches into thinking they are part of a much larger network.
The drawback is that VPLS requires an extensive mesh of “virtual wires” to link together various sites and data centers. And it also means that Provider Edge sites in the network could be security weaknesses.
Ethernet VPN is far simpler, using what is known as multiprotocol BGP to establish connections. Essentially, this makes it much easier to send MAC addresses across an ethernet – boosting speeds considerably.
Is ethernet VPN a transformative technology?
We’ve seen that EVPN is a new way to create secure ethernet networks, and is especially useful when connecting together geographically distant locations. It scales up efficiently, is user-friendly, cost-effective, and fast.
But is it really a game-changer? So far, we don’t know for sure. Anything which enhances network security should help reduce the incidence of cybercrime, while economies thrive when networks are as fast as possible. Don’t be surprised if the wholesale adoption of the EVPN standard has huge benefits reaching well beyond IT departments.