How EVPN works: control plane, route types and forwarding

EVPN (Ethernet VPN) is the BGP-based control plane that finally killed flood-and-learn in modern fabrics. Here is how it actually works.

Why EVPN exists

• Legacy L2 VPNs (VPLS) flooded unknown unicast and broadcast everywhere — it did not scale.
• EVPN learns MACs in the control plane (BGP), not the data plane.
• One unified protocol for L2, L3, multi-tenancy and multi-homing.

The control plane in one picture

• Every VTEP (leaf switch) runs BGP with the EVPN address family (AFI 25, SAFI 70).
• When a host sends a frame, the local VTEP learns its MAC, then advertises it via BGP to all other VTEPs.
• Remote VTEPs install that MAC pointing at the originating VTEP's IP — no flooding needed.

Route types you must know

• Type 2 — MAC/IP advertisement. The workhorse: every host = one Type 2.
• Type 3 — Inclusive Multicast. Builds the BUM replication list per VNI.
• Type 5 — IP Prefix route. For inter-subnet routing and external prefixes.
• Types 1 and 4 — Ethernet Segment / multi-homing (only when you have EVPN-MH).

Forwarding: MAC learning without flooding

• Known unicast: VTEP encapsulates in VXLAN (or MPLS), unicast to the destination VTEP.
• BUM traffic: uses Type 3 list — ingress replication or underlay multicast.
• ARP suppression: VTEP answers ARP locally from the EVPN MAC/IP table.

Where EVPN fits today

• Data-center spine-leaf fabrics (with VXLAN) — the default in 2026.
• Service-provider L2VPN (with MPLS or SR) — replacing VPLS.
• Campus fabrics (Aruba, Juniper Mist, Cisco SD-Access overlays).

Train EVPN reasoning under pressure in a TechLeague tournament.

Related reading

• Evpn Vxlan Explained
• Bgp Evpn Route Types
• VTEP and VNI explained: the building blocks of VXLAN
• Bum Traffic Evpn
• VXLAN IRB: symmetric vs asymmetric, when to use which