Dec 23 2021

What Is EVPN-VXLAN, and Can It Benefit K–12 Schools?

Ethernet VPN and Virtual Extensible LAN offer a next-generation approach to scalability and data security, but this technology has both advantages and challenges for districts.

The nature of K–12 education has fundamentally changed. Driven by pandemic pressures, many schools moved fully online in 2020 and attempted hybrid frameworks in 2021. According to the AT&T Future of School Report, remote classrooms are here to stay — 85 percent of parents want to see virtual school days if kids are sick or inclement weather makes in-person attendance impossible.

But expanded digital education initiatives also come with potential pitfalls: In the second half of the 2020-2021 school year, cyberattacks on K–12 campuses increased by 60 percent. Tasked with storing and protecting a wealth of student and staff data, schools need security solutions capable of keeping pace with evolving educational expectations.

An Ethernet virtual private network (EVPN) is a next-generation approach to data protection and privacy. But how does this technology work? And what benefits does it offer for K–12 schools?

Click the banner below for a customized content experience when you sign up as an Insider.

What Is EVPN, and How Does It Work?

Traditional VPNs create encrypted connections across public internet services via the network and transport layers of the OSI model, also known as Layer 3 and Layer 4. IP VPNs, meanwhile, leverage Layer 2 — the data link layer — to establish private connections.

EVPNs take a different approach. According to Syed Ahmed, advisory systems engineer at Dell Technologies, “an EVPN is a standards-based approach to create overlay networks that uses the Virtual Extensible LAN (VXLAN) protocol to provide data center connectivity using tunneling to stretch Layer 2 connections over an underlying Layer 3 network.”

In practice, this means that EVPNs leverage both Layer 2 and Layer 3 functions to deliver both connectivity and security.

“EVPN involves underlying network technology that connects everything together using a fabric network concept,” says Douglas Walsten, business solutions architect for education at Cisco. “The EVPN fabric network is built upon an architecture leveraged industrywide, the proven and scalable Border Gateway Protocols (BGP), and uses VXLAN encapsulation in the forwarding plane to maintain end-to-end overlay network segmentation.”

By using what’s known as an “all-active multihoming model,” EVPNs provide both multipath forwarding and redundancy, meaning that endpoints or devices can connect to two or more upstream devices, and forward traffic using all available links. As a result, individual device failures don’t impede the flow of traffic.

MORE ON EDTECH: Network upgrades support large schools with small IT staff.

Why Do They Matter for K–12 IT Leaders?

“For K–12 schools, virtual networking enables IT, or your building network provider, to deliver a consistent local network experience. The EVPN fabric technology simplifies underlying network infrastructure and builds converged, segmented, routed networks across single or multidomain IP networks,” says Walsten.

With EVPN-VXLAN fabric technology, K–12 IT leaders have the option to expand infrastructure without redesigning a new set of services.

“They can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs,” Ahmed says. “By using a Layer 3–based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based connections.”

By using a Layer 3–based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks.”

Syed Ahmed Advisory Systems Engineer, Dell Technologies

EVPN Scalability Options for K–12 Networks

BGP EVPN control planes are designed to address the scalability and workload mobility requirements for modern data centers and campuses.

In practice, this offers scalability benefits across three key areas:

  • Traditional network transformation: “Many K–12 school networks are based on legacy network environments,” says Walsten. “BGP EVPN technology can transform classic Layer 2 (flat) networks with simplified and optimal Layer 3 routed networks and can extend Layer 2 networks for mobility with distributed wireless.”
  • Flexible integration: EVPNs make it possible to seamlessly integrate existing wireless networks, create unified policies and policy enforcement across both wired and wireless networks, and extend fabric boundaries up to school building or district firewalls.
  • Service routing: While new services deployed on school networks can enhance remote learning, they can also create challenges with “flooding,” which occurs when data packets are sent through every outgoing link. “With optimal forwarding of traffic, both east-west and north-south, BGP EVPN solutions minimize flooding within the network,” Ahmed says.

Exploring EVPN Security Benefits for Educational Technology

EVPNs also offer a way for K–12 IT teams to streamline their security response as threats rise.

“With EVPNs, network boundaries can be protected with deep and granular network access control, device authorization and isolated network segments to enable secure, closed, user group communications,” Walsten says. He points to the example of student, staff or IT-managed devices such as video cameras; with EVPN, these devices can be securely isolated across both wired and wireless networks.

K–12 schools can benefit from complete network segmentation that extends across multiple campuses and data centers and allows per-tenant network traffic isolation.

“Secure EVPN provides a similar level of privacy, integrity and authentication as Internet Key Exchange version 2 (IKEv2),” Ahmed notes.

KEEP READING: Artificial intelligence and machine learning power next-gen cybersecurity solutions.

Addressing EVPN Challenges for K–12 Districts

“EVPN technology has been slow to mature,” says Ahmed. “While it is intrinsically scalable in operation, configuring it at scale can be complex and could lead to configuration errors.”

Because K–12 IT teams are typically small and operate on a limited budget, investing in a new or complex technology may be daunting. Trusting third-party configuration experts can help schools adopt EVPN technology for their networks.

“Any technology transformation brings new benefits, new demands, new learning curves and new implementation challenges across school districts,” Walsten says.

Simply put, EVPNs provide next-generation control and scalability for K–12 networks to help them meet remote learning requirements and exceed security expectations.

FlashMovie/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT