MPLS for the masses

EVPN/VXLAN Group Based Policy

How to integrate and distribute security functions in EVPN/VxLAN fabric

Every year I look forward to itnog, as an opportunity to share new ideas and experiences on new technologies, and how I’ve found ways to use them, and this year was no different. In my presentation “Group Based Policy - How to integrate security functions in EVPN/VxLAN” at ITNOG-10, I demonstrated how to distribute the networking and secuity (up to layer 4) functions directly into the fabric, transforming the entire EVPN/VxLAN fabric into a single, highly scalable and flexible distributed system that integrates all switching, routing, and security features.

Posted by     nmodena on Saturday, May 16, 2026

EVPN/VXLAN outside the datacenter

How to create scalable campus and wan solutions with evpn/vxlan

Every year, the Itnog appointment is special. It is an opportunity to share something practical and engage in new challenges for those who want to collect them. This year, I decided to talk about the EVPN/VXLAN in a campus and geographic context. The growing support of this technology by many vendors in different products, such as switches, routers, and now firewalls, has made this possibility real. It is now possible to create uniform solutions from the data center until access leveraging this technology.

Posted by     nmodena on Tuesday, May 20, 2025

EVPN control-plane for overlay networks

I had the opportunity to talk about datacenter during ITNOG2 thank you guys! I talked about the use EVPN as control plane for overlay networks, and how to exploit them to create distributed services between different datacenters. I also mentioned the use of EVPN type-5 with proxy-arp to reduce distribution of mac-address routes and completely eliminate layer-2, while maintaining compatibility with current clustering and HA solutions based on layer-2 but now distributed in multiple datacenters.

Posted by     nmodena on Wednesday, November 16, 2016

avatar

Independent Network Architect, CCIE #19119 JNCIE-SP 986

FEATURED TAGS
automation bgp evpn mpls vxlan