What Is EVPN-VXLAN, and Can It Benefit K–12 Schools?

What Is EVPN, and How Does It Work?

Traditional VPNs create encrypted connections across public internet services via the network and transport layers of the OSI model, also known as Layer 3 and Layer 4. IP VPNs, meanwhile, leverage Layer 2 — the data link layer — to establish private connections.

EVPNs take a different approach. According to Syed Ahmed, advisory systems engineer at Dell Technologies, “an EVPN is a standards-based approach to create overlay networks that uses the Virtual Extensible LAN (VXLAN) protocol to provide data center connectivity using tunneling to stretch Layer 2 connections over an underlying Layer 3 network.”

In practice, this means that EVPNs leverage both Layer 2 and Layer 3 functions to deliver both connectivity and security.

“EVPN involves underlying network technology that connects everything together using a fabric network concept,” says Douglas Walsten, business solutions architect for education at Cisco. “The EVPN fabric network is built upon an architecture leveraged industrywide, the proven and scalable Border Gateway Protocols (BGP), and uses VXLAN encapsulation in the forwarding plane to maintain end-to-end overlay network segmentation.”

By using what’s known as an “all-active multihoming model,” EVPNs provide both multipath forwarding and redundancy, meaning that endpoints or devices can connect to two or more upstream devices, and forward traffic using all available links. As a result, individual device failures don’t impede the flow of traffic.

MORE ON EDTECH: Network upgrades support large schools with small IT staff.

Why Do They Matter for K–12 IT Leaders?

“For K–12 schools, virtual networking enables IT, or your building network provider, to deliver a consistent local network experience. The EVPN fabric technology simplifies underlying network infrastructure and builds converged, segmented, routed networks across single or multidomain IP networks,” says Walsten.

With EVPN-VXLAN fabric technology, K–12 IT leaders have the option to expand infrastructure without redesigning a new set of services.

“They can deploy a common set of policies and services across campuses with support for Layer 2 and Layer 3 VPNs,” Ahmed says. “By using a Layer 3–based underlay with an EVPN-VXLAN overlay, campus network operators can deploy much larger networks than are otherwise available with traditional Layer 2 Ethernet-based connections.”

EVPN Scalability Options for K–12 Networks

BGP EVPN control planes are designed to address the scalability and workload mobility requirements for modern data centers and campuses.

In practice, this offers scalability benefits across three key areas:

• Traditional network transformation: “Many K–12 school networks are based on legacy network environments,” says Walsten. “BGP EVPN technology can transform classic Layer 2 (flat) networks with simplified and optimal Layer 3 routed networks and can extend Layer 2 networks for mobility with distributed wireless.”
• Flexible integration: EVPNs make it possible to seamlessly integrate existing wireless networks, create unified policies and policy enforcement across both wired and wireless networks, and extend fabric boundaries up to school building or district firewalls.
• Service routing: While new services deployed on school networks can enhance remote learning, they can also create challenges with “flooding,” which occurs when data packets are sent through every outgoing link. “With optimal forwarding of traffic, both east-west and north-south, BGP EVPN solutions minimize flooding within the network,” Ahmed says.

Exploring EVPN Security Benefits for Educational Technology

EVPNs also offer a way for K–12 IT teams to streamline their security response as threats rise.

“With EVPNs, network boundaries can be protected with deep and granular network access control, device authorization and isolated network segments to enable secure, closed, user group communications,” Walsten says. He points to the example of student, staff or IT-managed devices such as video cameras; with EVPN, these devices can be securely isolated across both wired and wireless networks.

K–12 schools can benefit from complete network segmentation that extends across multiple campuses and data centers and allows per-tenant network traffic isolation.

“Secure EVPN provides a similar level of privacy, integrity and authentication as Internet Key Exchange version 2 (IKEv2),” Ahmed notes.

KEEP READING: Artificial intelligence and machine learning power next-gen cybersecurity solutions.

Addressing EVPN Challenges for K–12 Districts

“EVPN technology has been slow to mature,” says Ahmed. “While it is intrinsically scalable in operation, configuring it at scale can be complex and could lead to configuration errors.”

Because K–12 IT teams are typically small and operate on a limited budget, investing in a new or complex technology may be daunting. Trusting third-party configuration experts can help schools adopt EVPN technology for their networks.

“Any technology transformation brings new benefits, new demands, new learning curves and new implementation challenges across school districts,” Walsten says.

Simply put, EVPNs provide next-generation control and scalability for K–12 networks to help them meet remote learning requirements and exceed security expectations.