AC:

Attachment Circuit or logical interface associated with a given BT. To determine the AC on which a packet arrived, the NVE will examine the physical/logical port and/or VLAN tags (where the VLAN tags can be individual c-tags, s-tags, or ranges of both).

ARP and NDP:

Address Resolution Protocol (IPv4) and Neighbor Discovery Protocol (IPv6), respectively.

BD:

Broadcast Domain that corresponds to a tenant IP subnet. If no suppression techniques are used, a BUM frame that is injected in a Broadcast Domain will reach all the NVEs that are attached to that Broadcast Domain. An EVI may contain one or multiple Broadcast Domains depending on the service model [RFC 7432]. This document will use the term Broadcast Domain to refer to a tenant subnet.

BT:

Bridge Table, as defined in [RFC 7432]. A BT is the instantiation of a Broadcast Domain in an NVE. When there is a single Broadcast Domain on a given EVI, the MAC-VRF is equivalent to the BT on that NVE. Although a Broadcast Domain spans multiple NVEs and a BT is really the instantiation of a Broadcast Domain in an NVE, this document uses BT and Broadcast Domain interchangeably.

BUM:

Broadcast, Unknown Unicast, and Multicast frames

Clos:

A multistage network topology described in [CLOS1953], where all the edge switches (or Leafs) are connected to all the core switches (or Spines). Typically used in Data Centers.

DF and NDF:

Designated Forwarder and Non-Designated Forwarder, respectively. These are the roles that a given PE can have in a given ES.

ECMP:

Equal-Cost Multipath

ES:

Ethernet Segment. When a Tenant System (TS) is connected to one or more NVEs via a set of Ethernet links, that set of links is referred to as an "Ethernet Segment". Each ES is represented by a unique Ethernet Segment Identifier (ESI) in the NVO3 network, and the ESI is used in EVPN routes that are specific to that ES.

Ethernet Tag:

Used to represent a Broadcast Domain that is configured on a given ES for the purpose of Designated Forwarder election. Note that any of the following may be used to represent a Broadcast Domain: VIDs (including Q-in-Q tags), configured IDs, VNIs, normalized VIDs, Service Instance Identifiers (I-SIDs), etc., as long as the representation of the Broadcast Domains is configured consistently across the multihomed PEs attached to that ES.

EVI or EVPN Instance:

A Layer 2 Virtual Network that uses an EVPN control plane to exchange reachability information among the member NVEs. It corresponds to a set of MAC-VRFs of the same tenant. See MAC-VRF in this section.

EVPN:

Ethernet Virtual Private Network, as described in [RFC 7432].

EVPN VLAN-Aware Bundle Service Interface:

Similar to the VLAN-bundleinterface but each individual VLAN value is mapped to a different BroadcastDomain. In this interface, there are multiple Broadcast Domains per EVI for a giventenant. Each Broadcast Domain is identified by an "Ethernet Tag", which is acontrol plane value that identifies the routes for the Broadcast Domain withinthe EVI.

EVPN VLAN-Based Service Interface:

One of the three service interfaces defined in [RFC 7432]. It is characterized as a Broadcast Domain that uses a single VLAN per physical access port to attach tenant traffic to the Broadcast Domain. In this service interface, there is only one Broadcast Domain per EVI.

EVPN VLAN-Bundle Service Interface:

Similar to the VLAN-based interface but uses a bundle of VLANs per physical port to attach tenant traffic to the Broadcast Domain. Like the VLAN-based interface, there is only one Broadcast Domain per EVI.

Geneve:

Generic Network Virtualization Encapsulation. An NVO3 encapsulation defined in [RFC 8926].

IP-VRF:

IP Virtual Routing and Forwarding table, as defined in [RFC 4364]. It stores IP Prefixes that are part of the tenant's IP space and are distributed among NVEs of the same tenant by EVPN. A Route Distinguisher (RD) and one or more Route Targets (RTs) are required properties of an IP-VRF. An IP-VRF is instantiated in an NVE for a given tenant if the NVE is attached to multiple subnets of the tenant and local inter-subnet forwarding is required across those subnets.

IRB:

Integrated Routing and Bridging. It refers to the logical interface that connects a Broadcast Domain instance (or a BT) to an IP-VRF and forwards packets with a destination in a different subnet.

MAC-VRF:

A MAC Virtual Routing and Forwarding table, as defined in [RFC 7432]. The instantiation of an EVI (EVPN Instance) in an NVE. A Route Distinguisher (RD) and one or more RTs are required properties of a MAC-VRF, and they are normally different from the ones defined in the associated IP-VRF (if the MAC-VRF has an IRB interface).

NVE:

Network Virtualization Edge. A network entity that sits at the edge of an underlay network and implements Layer 2 and/or Layer 3 network virtualization functions. The network-facing side of the NVE uses the underlying Layer 3 network to tunnel tenant frames to and from other NVEs. The tenant-facing side of the NVE sends and receives Ethernet frames to and from individual Tenant Systems. In this document, an NVE could be implemented as a virtual switch within a hypervisor, a switch, or a router, and it runs EVPN in the control plane.

NVO3 tunnels:

Network Virtualization over Layer 3 tunnels. In this document, NVO3 tunnels refer to a way to encapsulate tenant frames or packets into IP packets, whose IP Source Addresses (SAs) or Destination Addresses (DAs) belong to the underlay IP address space, and identify NVEs connected to the same underlay network. Examples of NVO3 tunnel encapsulations are VXLAN [RFC 7348], Geneve [RFC 8926], or MPLSoUDP [RFC 7510].

PE:

Provider Edge

PMSI:

Provider Multicast Service Interface

PTA:

PMSI Tunnel Attribute

RT and RD:

Route Target and Route Distinguisher, respectively.

RT-1, RT-2, RT-3, etc.:

These refer to the Route Types followed by the type numbers as defined in the "EVPN Route Types" IANA registry (see <https://www.iana.org/assignments/evpn/>).

SA and DA:

Source Address and Destination Address, respectively. They are used along with MAC or IP, e.g., IP SA or MAC DA.

SBD:

Supplementary Broadcast Domain, as defined in [RFC 9136]. It is a Broadcast Domain that does not have any Attachment Circuits, only has IRB interfaces, and provides connectivity among all the IP-VRFs of a tenant in the Interface-ful IP-VRF-to-IP-VRF models.

TS:

Tenant System. A physical or virtual system that can play the role of a host or a forwarding element, such as a router, switch, firewall, etc. It belongs to a single tenant and connects to one or more Broadcast Domains of that tenant.

VID:

Virtual Local Area Network Identifier

VNI:

Virtual Network Identifier. Irrespective of the NVO3 encapsulation, the tunnel header always includes a VNI that is added at the ingress NVE (based on the mapping table lookup) and identifies the BT at the egress NVE. This VNI is called VNI in VXLAN or Geneve, Virtual Subnet ID (VSID) in nvGRE, or Label in MPLSoGRE or MPLSoUDP. This document refers to VNI as a generic VNI for any NVO3 encapsulation.

VXLAN:

Virtual eXtensible Local Area Network. An NVO3 encapsulation defined in [RFC 7348].

1. Auto-discovery of the remote NVEs that are attached to the same VPN instance (Layer 2 and/or Layer 3) as the ingress NVE is.
2. Dissemination of the MAC/IP host information so that mapping tables can be populated on the remote NVEs.
3. Advanced features such as MAC Mobility, MAC Protection, BUM and ARP/ND traffic reduction/suppression, multihoming, functionality similar to Prefix Independent Convergence (PIC) [BGP-PIC], fast convergence, etc.

• In order to flood a given BUM frame, the ingress NVE must know the IP addresses of the remote NVEs attached to the same Broadcast Domain. This may be done as follows:
  • The remote tunnel IP addresses can be statically provisioned on the ingress NVE. If the ingress NVE receives a BUM frame for the Broadcast Domain on an ingress Attachment Circuit, it will do ingress replication and will send the frame to all the configured egress NVE destination IP addresses in the Broadcast Domain.
  • All the NVEs attached to the same Broadcast Domain can subscribe to an underlay IP multicast group that is dedicated to that Broadcast Domain. When an ingress NVE receives a BUM frame on an ingress Attachment Circuit, it will send a single copy of the frame encapsulated into an NVO3 tunnel using the multicast address as the destination IP address of the tunnel. This solution requires PIM in the underlay network and the association of individual Broadcast Domains to underlay IP multicast groups.
• "Flood and learn" solves the issues of auto-discovery and the learning of the MAC to VNI/tunnel IP mapping on the NVEs for a given Broadcast Domain. However, it does not provide a solution for advanced features, and it does not scale well (mostly due to the need for constant flooding and the underlay PIM states that must be maintained).

                             +--TS2---+
                             *        | Single-Active
                             *        |   ESI-1
                           +----+  +----+
                           |BD1 |  |BD1 |
             +-------------|    |--|    |-----------+
             |             +----+  +----+           |
             |              NVE2    NVE3          NVE4
             |           EVPN NVO3 Network       +----+
        NVE1(IP-A)                               | BD1|-----+
       +-------------+      RT-2                 |    |     |
       |             |    +-------+              +----+     |
       |   +----+    |    |MAC1   |               NVE5     TS3
TS1--------|BD1 |    |    |IP1    |              +----+     |
MAC1   |   +----+    |    |Label L|--->          | BD1|-----+
IP1    |             |    |NH IP-A|              |    | All-Active
       | Hypervisor  |    +-------+              +----+  ESI-2
       +-------------+                              |
             +--------------------------------------+

• BD1 is an EVPN Broadcast Domain for a given tenant and TS1, TS2, and TS3 are connected to it. The five represented NVEs are attached to BD1 and are connected to the same underlay IP network. That is, each NVE learns the remote NVEs' loopback addresses via underlay routing protocol.
• NVE1 is deployed as a virtual switch in a hypervisor with IP-A as underlay loopback IP address. The rest of the NVEs in Figure 1 are physical switches and TS2/TS3 are multihomed to them. TS1 is a virtual machine, identified by MAC1 and IP1. TS2 and TS3 are physically dual-connected to NVEs; hence, they are normally not considered virtual machines.
• The terms Single-Active and All-Active in Figure 1 refer to the mode in which the TS2 and TS3 are multihomed to the NVEs in BD1. In All-Active mode, all the multihoming links are active and can send or receive traffic. In Single-Active mode, only one link (of the set of links connected to the NVEs) is active.

• Automation on Ethernet Segments (ESes): An Ethernet Segment is defined as a group of NVEs that are attached to the same Tenant System or network. An Ethernet Segment is identified by an Ethernet Segment Identifier (ESI) in the control plane, but neither the ESI nor the NVEs that share the same Ethernet Segment are required to be manually provisioned in the local NVE.
  • If the multihomed Tenant System or network is running protocols, such as the Link Aggregation Control Protocol (LACP) [IEEE.802.1AX_2014], the Multiple Spanning Tree Protocol (MSTP), G.8032, etc., and all the NVEs in the Ethernet Segment can listen to the protocol PDUs to uniquely identify the multihomed Tenant System/network, then the ESI can be "auto-sensed" or "auto-provisioned" following the guidelines in Section 5 of RFC 7432. The ESI can also be auto-derived out of other parameters that are common to all NVEs attached to the same Ethernet Segment.
  • As described in [RFC 7432], EVPN can also auto-derive the BGP parameters required to advertise the presence of a local Ethernet Segment in the control plane (RT and RD). Local Ethernet Segments are advertised using Ethernet Segment routes, and the ESI-import Route Target used by Ethernet Segment routes can be auto-derived based on the procedures of Section 7.6 of RFC 7432.
  • By listening to other Ethernet Segment routes that match the local ESI and import Route Target, an NVE can also auto-discover the other NVEs participating in the multihoming for the Ethernet Segment.
  • Once the NVE has auto-discovered all the NVEs attached to the same Ethernet Segment, the NVE can automatically perform the Designated Forwarder election algorithm (which determines the NVE that will forward traffic to the multihomed Tenant System/network). EVPN guarantees that all the NVEs in the Ethernet Segment have a consistent Designated Forwarder election.
• Auto-provisioning of services: When deploying a Layer 2 service for a tenant in an NVO3 network, all the NVEs attached to the same subnet must be configured with a MAC-VRF and the Broadcast Domain for the subnet, as well as certain parameters for them. Note that if the EVPN service interfaces are VLAN-based or VLAN-bundle, implementations do not normally have a specific provisioning for the Broadcast Domain since, in this case, it is the same construct as the MAC-VRF. EVPN allows auto-deriving as many MAC-VRF parameters as possible. As an example, the MAC-VRF's Route Target and Route Distinguisher for the EVPN routes may be auto-derived. Section 5.1.2.1 of RFC 8365 specifies how to auto-derive a MAC-VRF's Route Target as long as a VLAN-based service interface is implemented. [RFC 7432] specifies how to auto-derive the Route Distinguisher.

• In a given EVPN Broadcast Domain, the MAC addresses of TSes are first learned at the NVE they are attached to via data path or management plane learning. In Figure 1, we assume NVE1 learns MAC1/IP1 in the management plane (for instance, via Cloud Management System) since the NVE is a virtual switch. NVE2, NVE3, NVE4, and NVE5 are ToR/Leaf switches, and they normally learn MAC addresses via data path.
• Once NVE1's BD1 learns MAC1/IP1, NVE1 advertises that information along with a VNI and Next-Hop IP-A in a MAC/IP Advertisement route. The EVPN routes are advertised using the Route Distinguisher / Route Targets of the MAC-VRF where the Broadcast Domain belongs. Similarly, all the NVEs in BD1 learn local MAC/IP addresses and advertise them in MAC/IP Advertisement routes.
• The remote NVEs can then add MAC1 to their mapping table for BD1 (BT). For instance, when TS3 sends frames to NVE4 with the destination MAC address = MAC1, NVE4 does a MAC lookup on the Bridge Table that yields IP-A and Label L. NVE4 can then encapsulate the frame into an NVO3 tunnel with IP-A as the tunnel destination IP address and L as the VNI. Note that the MAC/IP Advertisement route may also contain the host's IP address (as shown in the example of Figure 1). While the MAC of the received MAC/IP Advertisement route is installed in the Bridge Table, the IP address may be installed in the Proxy ARP/ND table (if enabled) or in the ARP/IP-VRF tables if the Broadcast Domain has an IRB. See Section 4.7.3 for more information about Proxy ARP/ND and Section 4.3 for more details about IRB and Layer 3 services.

              +-------------------------------------+
              |             EVPN NVO3               |
              |                                     |
            NVE1                                 NVE2
      +--------------------+            +--------------------+
      | +---+IRB +------+  |            |  +------+IRB +---+ |
TS1-----|BD1|----|IP-VRF|  |            |  |IP-VRF|----|BD1| |
      | +---+    |      |  |            |  |      |    +---+ |
      | +---+    |      |  |            |  |      |    +---+ |
      | |BD2|----|      |  |            |  |      |----|BD2|----TS2
      | +---+IRB +------+  |            |  +------+IRB +---+ |
      +--------------------+            +--------------------+
              |                                     |
              +-------------------------------------+

              +-------------------------------------+
              |             EVPN NVO3               |
              |                                     |
            NVE1                                 NVE2
      +--------------------+            +--------------------+
      | +---+IRB +------+  |            |  +------+IRB +---+ |
TS1-----|BD1|----|IP-VRF|  |            |  |IP-VRF|----|BD3|-----TS3
      | +---+    |      |  |            |  |      |    +---+ |
      | +---+IRB |      |  |            |  +------+          |
TS2-----|BD2|----|      |  |            +--------------------+
      | +---+    +------+  |                        |
      +--------------------+                        |
              |                                     |
              +-------------------------------------+

1. [RFC 9135] uses MAC/IP Advertisement routes to convey the information to populate Layer 2, ARP/ND, and Layer 3 Forwarding Information Base tables in the remote NVE. For instance, in Figure 3, NVE2 would advertise a MAC/IP Advertisement route with TS3's IP and MAC addresses and include two labels / VNIs: a label-3/VNI-3 that identifies BD3 for MAC lookup (that would be used for Layer 2 traffic in case NVE1 was attached to BD3 too) and a label-1/VNI-1 that identifies the IP-VRF for IP lookup (that would be used for Layer 3 traffic). NVE1 imports the MAC/IP Advertisement route and installs TS3's IP in the IP-VRF route table with label-1/VNI-1. Traffic, e.g., from TS2 to TS3, would be encapsulated with label-1/VNI-1 and forwarded to NVE2.
2. [RFC 9136] uses MAC/IP Advertisement routes to convey the information to populate the Layer 2 Forwarding Information Base, ARP/ND tables, and IP Prefix routes to populate the IP-VRF Layer 3 Forwarding Information Base table. For instance, in Figure 3, NVE2 would advertise a MAC/IP Advertisement route including TS3's MAC and IP addresses with a single label-3/VNI-3. In this example, this MAC/IP Advertisement route wouldn't be imported by NVE1 because NVE1 is not attached to BD3. In addition, NVE2 would advertise an IP Prefix route with TS3's IP address and label-1/VNI-1. This IP Prefix route would be imported by NVE1's IP-VRF and the host route installed in the Layer 3 Forwarding Information Base associated with label-1/VNI-1. Traffic from TS2 to TS3 would be encapsulated with label-1/VNI-1.

• Negotiate a subset of Geneve option TLVs that can be carried on a Geneve tunnel,
• Enforce an order for Geneve option TLVs, and
• Limit the total number of options that could be carried on a Geneve tunnel.

• Single-Active multihoming means per-service load-balancing to/from the Tenant System. For example, in Figure 1 for BD1, only one of the NVEs can forward traffic from/to TS2. For a different Broadcast Domain, the other NVE may forward traffic.
• All-active multihoming means per-flow load-balancing for unicast frames to/from the Tenant System. That is, in Figure 1 and for BD1, both NVE4 and NVE5 can forward known unicast traffic to/from TS3. For BUM traffic, only one of the two NVEs can forward traffic to TS3, and both can forward traffic from TS3.

Designated Forwarder (DF) election:

The Designated Forwarder is the NVE that forwards the traffic to the Ethernet Segment in Single-Active mode. In the case of All-Active mode, the Designated Forwarder is the NVE that forwards the BUM traffic to the Ethernet Segment.

Split-horizon function:

Prevents the Tenant System from receiving echoed BUM frames that the Tenant System itself sent to the Ethernet Segment. This is especially relevant in All-Active ESes where the TS may forward BUM frames to a Non-Designated Forwarder NVE that can flood the BUM frames back to the Designated Forwarder NVE and then back to the TS. As an example, assuming NVE4 is the Designated Forwarder for ESI-2 in BD1, Figure 1 shows that BUM frames sent from TS3 to NVE5 will be received at NVE4. NVE4 will forward them back to TS3 since NVE4 is the Designated Forwarder for BD1. Split-horizon allows NVE4 (and any multihomed NVE for that matter) to identify if an EVPN BUM frame is coming from the same Ethernet Segment or a different one. If the frame belongs to the same ESI-2, NVE4 will not forward the BUM frame to TS3 in spite of being the Designated Forwarder.

[RFC7364]

T. Narten, E. Gray, D. Black, L. Fang, L. Kreeger, and M. Napierala, "Problem Statement: Overlays for Network Virtualization", RFC 7364, DOI 10.17487/RFC7364, October 2014,
<https://www.rfc-editor.org/info/rfc7364>.

[RFC7365]

M. Lasserre, F. Balus, T. Morin, N. Bitar, and Y. Rekhter, "Framework for Data Center (DC) Network Virtualization", RFC 7365, DOI 10.17487/RFC7365, October 2014,
<https://www.rfc-editor.org/info/rfc7365>.

[RFC7432]

A. Sajassi, R. Aggarwal, N. Bitar, A. Isaac, J. Uttaro, J. Drake, and W. Henderickx, "BGP MPLS-Based Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February 2015,
<https://www.rfc-editor.org/info/rfc7432>.

[BGP-PIC]

Sproute Networks, A. Bashandy, C. Filsfils, and P. Mohapatra, "BGP Prefix Independent Convergence", Internet-Draft draft-ietf-rtgwg-bgp-pic-19, April 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-bgp-pic-19>.

[CLOS1953]

C. Clos, "A study of non-blocking switching networks", DOI 10.1002/j.1538-7305.1953.tb01433.x, March 1953,
<https://ieeexplore.ieee.org/document/6770468>.

[EVPN-GENEVE]

Google, S. Boutros, A. Sajassi, J. Drake, J. Rabadan, and S. Aldrin, "EVPN control plane for Geneve", Internet-Draft draft-ietf-bess-evpn-geneve-06, May 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-geneve-06>.

[EVPN-IPVPN-INTERWORK]

Nokia, J. Rabadan, A. Sajassi, E. Rosen, J. Drake, W. Lin, J. Uttaro, and A. Simpson, "EVPN Interworking with IPVPN", Internet-Draft draft-ietf-bess-evpn-ipvpn-interworking-08, July 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-ipvpn-interworking-08>.

[EVPN-IRB-MCAST]

Cisco Systems, W. Lin, Z. Zhang, J. Drake, E. Rosen, J. Rabadan, and A. Sajassi, "EVPN Optimized Inter-Subnet Multicast (OISM) Forwarding", Internet-Draft draft-ietf-bess-evpn-irb-mcast-09, February 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast-09>.

[EVPN-LSP-PING]

Ericsson, P. Jain, A. Sajassi, S. Salam, S. Boutros, and G. Mirsky, "LSP-Ping Mechanisms for EVPN and PBB-EVPN", Internet-Draft draft-ietf-bess-evpn-lsp-ping-11, May 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-lsp-ping-11>.

[EVPN-MVPN-SEAMLESS]

Verizon, A. Sajassi, K. Thiruvenkatasamy, S. Thoria, A. Gupta, and L. Jalil, "Seamless Multicast Interoperability between EVPN and MVPN PEs", Internet-Draft draft-ietf-bess-evpn-mvpn-seamless-interop-05, March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-mvpn-seamless-interop-05>.

[EVPN-OPT-IR]

Cisco Systems, J. Rabadan, S. Sathappan, W. Lin, M. Katiyar, and A. Sajassi, "Optimized Ingress Replication Solution for Ethernet VPN (EVPN)", Internet-Draft draft-ietf-bess-evpn-optimized-ir-12, January 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-optimized-ir-12>.

[EVPN-PIM-PROXY]

Cisco, J. Rabadan, J. Kotalwar, S. Sathappan, Z. Zhang, and A. Sajassi, "PIM Proxy in EVPN Networks", Internet-Draft draft-skr-bess-evpn-pim-proxy-01, October 2017,
<https://datatracker.ietf.org/doc/html/draft-skr-bess-evpn-pim-proxy-01>.

[EVPN-PREF-DF]

Cisco Systems, J. Rabadan, S. Sathappan, W. Lin, J. Drake, and A. Sajassi, "Preference-based EVPN DF Election", Internet-Draft draft-ietf-bess-evpn-pref-df-11, July 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-pref-df-11>.

[IEEE.802.1AX_2014]

IEEE, "IEEE Standard for Local and metropolitan area networks -- Link Aggregation", IEEE Std 802.1AX-2014, DOI 10.1109/IEEESTD.2014.7055197, December 2014,
<https://doi.org/10.1109/IEEESTD.2014.7055197>.

[NVO3-ENCAP]

Ciena Corporation, S. Boutros, and D. Eastlake 3rd, "Network Virtualization Overlays (NVO3) Encapsulation Considerations", Internet-Draft draft-ietf-nvo3-encap-09, October 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-nvo3-encap-09>.

[RFC4271]

Y. Rekhter, T. Li, and S. Hares, "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>.

[RFC4272]

S. Murphy, "BGP Security Vulnerabilities Analysis", RFC 4272, DOI 10.17487/RFC4272, January 2006,
<https://www.rfc-editor.org/info/rfc4272>.

[RFC4364]

E. Rosen, and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2006,
<https://www.rfc-editor.org/info/rfc4364>.

[RFC4760]

T. Bates, R. Chandra, D. Katz, and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, DOI 10.17487/RFC4760, January 2007,
<https://www.rfc-editor.org/info/rfc4760>.

[RFC5925]

J. Touch, A. Mankin, and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010,
<https://www.rfc-editor.org/info/rfc5925>.

[RFC6952]

M. Jethanandani, K. Patel, and L. Zheng, "Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013,
<https://www.rfc-editor.org/info/rfc6952>.

[RFC7348]

M. Mahalingam, D. Dutt, K. Duda, P. Agarwal, L. Kreeger, T. Sridhar, M. Bursell, and C. Wright, "Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<https://www.rfc-editor.org/info/rfc7348>.

[RFC7432BIS]

Nokia, A. Sajassi, L. Burdet, J. Drake, and J. Rabadan, "BGP MPLS-Based Ethernet VPN", Internet-Draft draft-ietf-bess-rfc7432bis-07, March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-rfc7432bis-07>.

[RFC7510]

X. Xu, N. Sheth, L. Yong, R. Callon, and D. Black, "Encapsulating MPLS in UDP", RFC 7510, DOI 10.17487/RFC7510, April 2015,
<https://www.rfc-editor.org/info/rfc7510>.

[RFC8365]

A. Sajassi, J. Drake, N. Bitar, R. Shekhar, J. Uttaro, and W. Henderickx, "A Network Virtualization Overlay Solution Using Ethernet VPN (EVPN)", RFC 8365, DOI 10.17487/RFC8365, March 2018,
<https://www.rfc-editor.org/info/rfc8365>.

[RFC8584]

J. Rabadan, S. Mohanty, A. Sajassi, J. Drake, K. Nagaraj, and S. Sathappan, "Framework for Ethernet VPN Designated Forwarder Election Extensibility", RFC 8584, DOI 10.17487/RFC8584, April 2019,
<https://www.rfc-editor.org/info/rfc8584>.

[RFC8926]

J. Gross, I. Ganga, and T. Sridhar, "Geneve: Generic Network Virtualization Encapsulation", RFC 8926, DOI 10.17487/RFC8926, November 2020,
<https://www.rfc-editor.org/info/rfc8926>.

[RFC9012]

K. Patel, G. Van de Velde, S. Sangli, and J. Scudder, "The BGP Tunnel Encapsulation Attribute", RFC 9012, DOI 10.17487/RFC9012, April 2021,
<https://www.rfc-editor.org/info/rfc9012>.

[RFC9014]

J. Rabadan, S. Sathappan, W. Henderickx, A. Sajassi, and J. Drake, "Interconnect Solution for Ethernet VPN (EVPN) Overlay Networks", RFC 9014, DOI 10.17487/RFC9014, May 2021,
<https://www.rfc-editor.org/info/rfc9014>.

[RFC9135]

A. Sajassi, S. Salam, S. Thoria, J. Drake, and J. Rabadan, "Integrated Routing and Bridging in Ethernet VPN (EVPN)", RFC 9135, DOI 10.17487/RFC9135, October 2021,
<https://www.rfc-editor.org/info/rfc9135>.

[RFC9136]

J. Rabadan, W. Henderickx, J. Drake, W. Lin, and A. Sajassi, "IP Prefix Advertisement in Ethernet VPN (EVPN)", RFC 9136, DOI 10.17487/RFC9136, October 2021,
<https://www.rfc-editor.org/info/rfc9136>.

[RFC9161]

J. Rabadan, S. Sathappan, K. Nagaraj, G. Hankins, and T. King, "Operational Aspects of Proxy ARP/ND in Ethernet Virtual Private Networks", RFC 9161, DOI 10.17487/RFC9161, January 2022,
<https://www.rfc-editor.org/info/rfc9161>.

[RFC9251]

A. Sajassi, S. Thoria, M. Mishra, K. Patel, J. Drake, and W. Lin, "Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Proxies for Ethernet VPN (EVPN)", RFC 9251, DOI 10.17487/RFC9251, June 2022,
<https://www.rfc-editor.org/info/rfc9251>.

[SECURE-EVPN]

Juniper Networks, A. Sajassi, A. Banerjee, S. Thoria, D. Carrel, B. Weis, and J. Drake, "Secure EVPN", Internet-Draft draft-ietf-bess-secure-evpn-00, June 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-secure-evpn-00>.

Jorge Rabadan

Matthew Bocci

Sami Boutros

Ali Sajassi