Arista VESPA: WLAN Architecture for Large Campus Networks

Contents

Arista Networks is introducing VESPA (Virtual Ethernet Segment with Proxy ARP), a new WLAN architecture specifically designed for the demands of large campus networks. It is based on Arista EOS and utilizes EVPN in the campus to manage up to 30,000 access points (APs) and 500,000 WLAN clients without the need for traditional WLAN controllers.

Challenge and Solution

Traditional WLAN environments are built with centralized WLAN controllers, and WLAN access points tunnel traffic to the controllers via CAPWAP. There, the traffic is routed into the respective VLAN or, in the case of guest traffic, forwarded to other controllers in a DMZ for routing. During roaming between access points and even between different controllers, the client's IP address should be maintained to avoid interruption of data flows. This required tunnels between controllers within so-called mobility domains if the existing IP network was not available at the new controller. Switching between mobility domains with multiple controllers was only possible with interruptions. However, spreading VLANs across multiple locations is not recommended due to the risk of Layer 2 loops and other hazards.

VESPA's architecture utilizes established principles of the standard-based technology combination EVPN-VXLAN, as used by the market leader in data center switching in large data centers. EVPN forms the control plane, and VXLAN forms the data plane. To achieve this, VESPA relies on VXLAN tunnels between the access points and central Arista switches that function as WLAN gateways. A central WLAN controller is not required for this. The core network can be routed and does not need to originate from Arista.

EVPN is used for MAC learning and distributing reachability information. Proxy ARP and MAC rewrites on the access points reduce broadcast flooding. When packets arrive at the AP, it generates an Ethernet Segment Identifier (Type 6 ESI) with the AP's VTEP IP. The switches then distribute the address information via EVPN Type 2 routes (MAC/IP routes). According to Arista CTO Ken Duda, this enables active/active redundancy and provides efficient scaling of gateways, which can thus support hundreds of thousands of clients. Arista claims scalability of up to 30,000 access points and 500,000 clients for large distributed campus networks.

AI is a Must

The AI tool AVA is now gaining agentic functions. According to Arista, AVA enables multi-domain event correlation that links wired and wireless networks, data centers, and security solutions. Furthermore, continuous monitoring and automated root cause analysis are intended to ensure proactive detection of disruptions before they have an impact.

Arista is also expanding its switch portfolio with two new rugged platforms called 710HXP-28TXH and 710HXP-20TNH. They are specifically designed for use in demanding environments. The offering includes a 20-port DIN rail switch with IP50 protection and a 24-port switch with one height unit and IP30 protection. Both platforms are designed for extreme conditions such as high temperatures, vibrations, and shocks. They also offer Multi-Gigabit Ethernet and 90W PoE ports to power Wi-Fi 7 access points, for example. Thanks to the unified operating system Arista EOS and the CloudVision management platform, the switches offer a unified operating model.

Assessment

First, the question arises whether this massive scalability is needed in many environments. Nevertheless, the EVPN-based approach appears attractive, as more and more manufacturers, including Cisco, are offering EVPN for campus networks. Regarding the availability of the new software functions and switches, Arista mentions the first quarter of 2026 in the announcement.

(dmk)