L2VPN VPLS vs EVPN Moving from Flood-and-Learn to Control Plane

In the evolution of Layer 2 Virtual Private Network (L2VPN) technologies, the transition from Virtual Private LAN Service (VPLS) to Ethernet VPN (EVPN) marks a significant architectural shift from traditional data plane learning and broadcast flooding to a more scalable and efficient control plane-based forwarding model. Both VPLS and EVPN serve the same fundamental purpose—providing multi-point Layer 2 connectivity over a Layer 3 provider backbone—but they differ dramatically in how they operate, scale, and support modern network demands, particularly in data centers, large-scale enterprise backbones, and service provider environments.

VPLS, defined in RFC 4761 and RFC 4762, emulates a traditional Ethernet LAN over MPLS by using pseudowires to interconnect provider edge (PE) routers in a full mesh. Each PE maintains a forwarding database (FDB) that maps MAC addresses to pseudowires, enabling Ethernet frames to be switched across the MPLS core as if they were on a common broadcast domain. VPLS is based on a flood-and-learn mechanism, where unknown unicast and broadcast traffic is flooded to all remote PEs. Upon receiving a frame, a PE learns the source MAC address and the pseudowire from which it arrived, populating its FDB accordingly. This approach mimics Ethernet behavior but introduces significant inefficiencies, particularly in terms of bandwidth consumption, control over broadcast traffic, and convergence times.

Flood-and-learn in VPLS leads to several operational challenges. The need to flood unknown traffic can saturate bandwidth and expose the core network to unnecessary traffic during events such as topology changes or initial host learning. Moreover, MAC learning is distributed and decentralized, with each PE maintaining its own independent table, which leads to redundant learning and inconsistencies in scenarios involving mobility or dual-homed devices. VPLS also lacks inherent mechanisms to prevent MAC duplication across sites or to manage large numbers of MAC addresses efficiently, limiting its scalability in cloud-scale deployments and tenant-rich environments.

To address these limitations, EVPN was introduced in RFC 7432 as a next-generation L2VPN solution. EVPN leverages Border Gateway Protocol (BGP) as the control plane to distribute MAC address reachability information among PEs, effectively decoupling learning from the data plane. In EVPN, MAC addresses are advertised using BGP routes (specifically Type 2 routes), allowing all PEs to learn endpoint locations and next hops via control plane signaling before data traffic even arrives. This eliminates the need for flooding unknown unicast traffic, greatly reducing overhead and improving efficiency.

One of the core innovations in EVPN is its support for integrated Layer 2 and Layer 3 connectivity within the same service instance. By extending the BGP control plane to include both MAC and IP address mappings, EVPN facilitates seamless inter-subnet routing and optimized host mobility across data center fabrics. This is particularly useful in modern leaf-spine topologies, where hosts may move between racks without losing their IP identity. EVPN’s support for aliasing and mass withdrawal further accelerates convergence and minimizes packet loss during link or node failures, capabilities that are inherently absent or complex to achieve in VPLS.

EVPN also introduces the concept of Ethernet Segment Identifiers (ESIs) and Designated Forwarder (DF) election, enabling active-active multi-homing scenarios where a single device can be connected to multiple PEs for redundancy and load balancing. The control plane ensures consistent forwarding decisions and loop avoidance through coordinated advertisement of MAC reachability and Ethernet Segment routes (Type 1). This contrasts with VPLS, where multi-homing typically requires special configurations like split-horizon mechanisms and does not scale well in symmetric redundancy models.

Scalability is another area where EVPN holds a significant advantage. VPLS scales poorly in environments with a high number of MAC addresses, as each PE must maintain complete forwarding information and rely on broadcast for learning. In EVPN, MAC addresses are distributed selectively based on route reflectors and policy controls, enabling more granular and scalable control over what information each PE receives. Moreover, EVPN supports route summarization and filtering, reducing the burden on control plane resources and allowing for more structured and hierarchical network designs.

From a security and operations perspective, EVPN offers enhanced visibility and control. Because MAC learning is explicit and controlled via BGP, operators have a clear view into endpoint location and can trace advertisements across the network, aiding in troubleshooting and policy enforcement. EVPN also supports per-tenant route segregation and policy-based MAC learning, enabling tighter isolation between services and more deterministic behavior during failover or mobility events. In contrast, VPLS provides limited visibility into MAC learning behavior, with MAC moves often going undetected or resulting in transient blackholing due to stale entries.

In modern deployment contexts such as data centers supporting virtualization, cloud tenants, or NFV workloads, EVPN aligns well with the requirements for agility, scale, and automation. Its integration with technologies like VXLAN (Virtual eXtensible LAN) allows for an IP-based underlay with control plane learning, facilitating virtual overlay networks with high scalability and minimal configuration complexity. EVPN-VXLAN has become a de facto standard for data center interconnects and overlay fabrics, replacing VPLS in most greenfield and brownfield network transformations.

In conclusion, the transition from VPLS to EVPN represents a fundamental shift in L2VPN architecture—from reactive, data plane-driven learning to proactive, control plane-based advertisement. VPLS served its purpose well in an earlier era of service provider networking, but its reliance on flood-and-learn, lack of scalability, and limited support for modern redundancy and mobility needs have made it unsuitable for today’s dynamic, multi-tenant, and application-driven networks. EVPN, by contrast, offers a highly scalable, extensible, and control-rich framework that addresses these limitations head-on, enabling efficient Ethernet service delivery in a wide range of deployment scenarios from provider cores to hyperscale data centers. The industry’s movement toward EVPN is not just a technological upgrade, but a strategic realignment of network architecture toward a more programmable and resilient future.

In the evolution of Layer 2 Virtual Private Network (L2VPN) technologies, the transition from Virtual Private LAN Service (VPLS) to Ethernet VPN (EVPN) marks a significant architectural shift from traditional data plane learning and broadcast flooding to a more scalable and efficient control plane-based forwarding model. Both VPLS and EVPN serve the same fundamental purpose—providing…