EVPN ESI Type 1
This chapter provides information about EVPN ESI Type 1.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.5.R1.
Overview
In SR OS releases earlier than 21.5.R1, the 10-byte Ethernet Segment Identifier (ESI) can only be configured manually; the auto-derived EVPN ESI type 1 (as per RFC 7432) is supported in SR OS Release 21.5.R1 and later. The auto-esi command is used to configure the ESI mode.
*A:PE-2>config>service>system>bgp-evpn>eth-seg$ auto-esi ?
- auto-esi {none|type-1}
The default auto-esi value is none, which forces the user to configure the 10-byte ESI manually. When type-1 is configured, a manual ESI cannot be configured and the ESI is auto-derived, as per RFC 7432.
ESI type 1 is auto-derived from the CE's Link Aggregation Control Protocol (LACP) system MAC address and port key. ESI type 1 example shows an example of ESI type 1 for LACP system MAC address 00:00:5e:00:53:00 and administrative key 257 (= 0x0101).
RFC 7432, section "Ethernet Segment", defines ESI type 1 as follows:
- Type 0x01 (byte 0)
- CE LACP system MAC address (bytes 1 through 6); for example, 00:00:5e:00:53:00
- CE LACP port key (bytes 7 and 8); for example, 0x0101
- 0x00 (byte 9 must be zero)
As per RFC 7432, this mechanism can only be used if the ESIs are unique, so the CE LACP system MAC and LACP port key combinations must be unique in the network.
ESI auto-configuration example shows the example where CE-1 has LACP system MAC address 00:00:5e:00:53:00 and LACP port key 257 (= 0x0101). CE-1 sends Link Aggregation Control Protocol Data Units (LACPDUs) to PE-2 and PE-3 with these values. Both PE-2 and PE-3 use ESI 01:00:00:5e:00:53:00:01:01:00 in ES "ESI-23". This applies both to all-active and to single-active ESs.
The CE treats both PE-2 and PE-3 as the same switch. This allows the CE to aggregate links that are attached to different PEs in the same bundle.
When the ES LAG goes operationally down, due to the ports going down or LACP going down or standby, the previously auto-derived ESI is retained. However, when the LACP information on the CE is changed, such as a different LACP port key, the ES goes down and a new ESI will be generated.
The all-active ES "AA-ESI-23" with ESI type 1 is configured as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ESI-23" create
auto-esi type-1
service-carving
mode auto
exit
multi-homing all-active
ac-df-capability exclude
lag 1
no shutdown
exit
The following restrictions apply for ESI type 1:
-
ESI type 1 is only supported on non-virtual (regular) ESs. The following error message is raised when attempting to configure auto-esi type-1 for a virtual ES:
*A:PE-2>config>service>system>bgp-evpn# ethernet-segment "vES-23" virtual create *A:PE-2>config>service>system>bgp-evpn>eth-seg$ auto-esi type-1 MINOR: SVCMGR #8050 Ethernet segment config cannot be modified - auto-esi not supported with virtual ethernet-segment -
ESI type 1 is not supported in ESs with associations other than LAG:
*A:PE-2>config>service>system>bgp-evpn>eth-seg$ port 1/2/1 MINOR: SVCMGR #8048 Ethernet segment association is not valid - not allowed with auto-esi *A:PE-2>config>service>system>bgp-evpn>eth-seg# sdp 24 MINOR: SVCMGR #8048 Ethernet segment association is not valid - not allowed with auto-esi -
An ES with ESI type 1 can only be enabled if the LAG has LACP enabled:
*A:PE-2>config>service>system>bgp-evpn>eth-seg$ lag 4 *A:PE-2>config>service>system>bgp-evpn>eth-seg$ no shutdown MINOR: SVCMGR #8057 Ethernet segment cannot change admin state - LACP not enabled on LAG for auto-esi type 1 ethernet-segment -
ESI type 1 is allowed with all-active and single-active ESs. When used in single-active mode, the CE must use a single LAG to connect to the multi-homed PEs.
-
It is not possible to manually configure an ESI when auto-esi type-1 is configured:
*A:PE-2>config>service>system>bgp-evpn>eth-seg# esi 01:00:00:00:00:23:00:00:00:01 MINOR: SVCMGR #8050 Ethernet segment config cannot be modified - esi value and auto-esi type incompatible -
An ES with a manually configured ESI cannot be created with the same ESI value as the auto-derived ESI type 1 in another ES.
*A:PE-2>config>service>system>bgp-evpn>eth-seg# esi 01:00:00:5e:00:53:00:01:01:00 MINOR: SVCMGR #8047 Ethernet segment id is not valid - ESI already in use by another ethernet segment -
If an ES with manual ESI is active and another ES is configured with an auto-derived ESI with the same value as the manual ESI, the auto-ESI value is deleted, and a log event is added to log "99":
# in log "99": 97 2022/05/20 15:21:23.873 UTC MINOR: SVCMGR #2610 Base "The Auto Ethernet segment identifier type-1 has been deleted for Ethernet Segment AA-ESI-23 because the new ID 01:00:00:5e:00:53:00:01:01:00 conflicts with ES AA-ESI-23-5"
Configuration
In this section, ESI type 1 is configured in the following use cases:
- ESI type 1 in all-active ESs
- ESI type 1 in single-active ESs
Example topology shows the example topology with four PEs and two CEs. CE-1 is connected via LAG 1 to the all-active ES "AA-ESI-23" on PE-2 and PE-3; CE-6 is connected via LAG-2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. In this example, an EVPN-MPLS VPLS is configured, but other services are also supported.
The initial configuration includes:
- cards, MDAs, ports
- on PEs: router interfaces, IS-IS, LDP
On the PEs, BGP is configured for the EVPN address family. PE-2 acts as the route reflector with the following configuration:
# on PE-2:
configure
router Base
autonomous-system 64500
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "internal"
family evpn
cluster 1.1.1.1
peer-as 64500
neighbor 192.0.2.3
exit
neighbor 192.0.2.4
exit
neighbor 192.0.2.5
exit
exit
On CE-1, LAG 1 is configured with LACP enabled and administrative key 257, as follows:
# on CE-1:
configure
lag 1 name "lag-1"
mode hybrid
encap-type dot1q
port 1/1/1
port 1/1/2
lacp active administrative-key 257
no shutdown
The LACP system MAC address of CE-1 can be retrieved with the following command:
*A:CE-1# show chassis | match MAC
Base MAC address : 00:00:5e:00:53:00
ESI type 1 in all-active ESs
On PE-2 and PE-3, the all-active ES "AA-ESI-23" is configured with auto-esi type-1 and LAG 1:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ESI-23" create
auto-esi type-1
service-carving
mode auto
exit
multi-homing all-active
lag 1
no shutdown
exit
The EVPN-MPLS VPLS 1 is configured as follows:
# on PE-2, PE-3:
configure
service
vpls 1 name "VPLS 1" customer 1 create
bgp
exit
bgp-evpn
evi 1
mpls bgp 1
ingress-replication-bum-label
ecmp 2
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
sap lag-1:1 create
no shutdown
exit
no shutdown
exit
The operational ESI on PE-2 is 01:00:00:5e:00:53:00:01:01:00 for CE LACP system MAC address 00:00:5e:00:53:00 and administrative key 0x0101, as can be verified with the following command:
*A:PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23"
===============================================================================
Service Ethernet Segment
===============================================================================
Name : AA-ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:00:01:01:00
Auto-ESI Type : Type 1
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES SHG Label : 524283
Source BMAC LSB : None
Lag Id : 1
ES Activation Timer : 3 secs (default)
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
===============================================================================
This output is slightly different for a manually configured ES, as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ESI-23-5"
esi 01:00:00:00:00:23:05:00:00:01
service-carving
mode auto
exit
multi-homing all-active
lag 5
no shutdown
exit
*A:PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23-5"
===============================================================================
Service Ethernet Segment
===============================================================================
Name : AA-ESI-23-5
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:05:00:00:01
Oper ESI : 01:00:00:00:00:23:05:00:00:01
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES SHG Label : 524282
Source BMAC LSB : None
Lag Id : 5
ES Activation Timer : 3 secs (default)
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
===============================================================================
ESI type 1 in single-active ESs
CE-6 is connected via LAG 2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. An ES operational group and LAG monitor operational group is required in this use case.
On CE-6, LAG 2 is configured with LACP enabled and administrative key 32768 (= 0x8000), as follows:
# on CE-6:
configure
lag 2 name "lag-2"
mode hybrid
encap-type dot1q
port 1/1/1
port 1/1/2
lacp active administrative-key 32768
no shutdown
The LACP system MAC address of CE-6 is the following:
*A:CE-6# show chassis | match MAC
Base MAC address : 00:00:5e:00:53:f6
On PE-4 and PE-5, operational group "op-grp-2" is configured and assigned to single-active ES "SA-ESI-45".
LAG 2 monitors this operational group. The configuration is as follows:
# on PE-4:
configure
service
oper-group "op-grp-2" create
hold-time
group down 0 # default
group up 0
exit
exit
exit
lag 2 name "lag-2"
mode access
encap-type dot1q
monitor-oper-group "op-grp-2"
port 1/1/1
lacp active administrative-key 1 system-id 00:00:00:00:45:02
no shutdown
exit
service
system
bgp-evpn
ethernet-segment "SA-ESI-45" create
auto-esi type-1
service-carving
mode manual # required for oper-group
manual
preference non-revertive create
value 200
exit
exit
exit
multi-homing single-active
ac-df-capability exclude
lag 2
oper-group "op-grp-2"
no shutdown
exit
exit
exit
vpls 1 name "VPLS 1" customer 1 create
bgp
exit
bgp-evpn
evi 1
mpls bgp 1
ingress-replication-bum-label
ecmp 2
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
sap lag-2:1 create
no shutdown
exit
no shutdown
exit
The following command on Designated Forwarder (DF) PE-4 shows that the operational ESI is 01:00:00:5e:00:53:f6:80:00:00:
# on PE-4:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : SA-ESI-45
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type : Type 1
AC DF Capability : Exclude
Multi-homing : singleActive Oper Multi-homing : singleActive
ES SHG Label : 524283
Source BMAC LSB : None
Lag Id : 2
ES Activation Timer : 3 secs (default)
Oper Group : op-grp-2
Svc Carving : manual Oper Svc Carving : manual
Cfg Range Type : lowest-pref
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference Preference Last Admin Change Oper Pref Do No
Mode Value Value Preempt
-------------------------------------------------------------------------------
non-revertive 200 06/08/2022 15:02:13 200 Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 yes
-------------------------------------------------------------------------------
Number of entries: 1
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.4
1 192.0.2.5
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
The operational ESI on Non-Designated Forwarder (NDF) PE-5 is the same as for PE-4.
The operational status of the operational group "op-grp-2" on DF PE-4 is up, while it is down on NDF PE-5 where the ES is inactive, as follows:
*A:PE-4# show service oper-group "op-grp-2"
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-2
Creation Origin : manual Oper Status: up
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
*A:PE-5# show service oper-group "op-grp-2" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-2
Creation Origin : manual Oper Status: down
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-2
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-45 Inactive
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-2
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
2 up down No 0 0 N/A
lag-2
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
LAG 2 monitors the operational group "op-grp-2", so it follows the state of the ES "SA-ESI-45". On DF PE-4, LAG 2 is operationally up:
*A:PE-4# show lag "lag-2"
===============================================================================
Lag Data
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count MC Act/Stdby
name
-------------------------------------------------------------------------------
2 up up No 0 1 N/A
lag-2
===============================================================================
On NDF PE-5, LAG 2 is operationally down with reason operGroupDown:
*A:PE-5# show lag "lag-2" detail
===============================================================================
LAG Details
===============================================================================
Description : N/A
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
Lag-id : 2 Mode : access
Lag-name : lag-2
Adm : up Opr : down
Reason Down : operGroupDown
Thres. Last Cleared : 05/20/2022 14:57:23 Thres. Exceeded Cnt : 0
Dynamic Cost : false Encap Type : dot1q
Configured Address : 02:1f:ff:00:01:42 Lag-IfIndex : 1342177282
Hardware Address : 02:1f:ff:00:01:42 Adapt Qos (access) : distribute
Hold-time Down : 0.0 sec Port Type : standard
Per-Link-Hash : disabled
Include-Egr-Hash-Cfg: disabled Forced : -
Per FP Ing Queuing : disabled Per FP Egr Queuing : disabled
Per FP SAP Instance : disabled
Access Bandwidth : N/A Access Booking Factor: 100
Access Available BW : 0
Access Booked BW : 0
LACP : enabled Mode : active
LACP Transmit Intvl : fast LACP xmit stdby : enabled
Selection Criteria : highest-count Slave-to-partner : disabled
MUX control : coupled
Subgrp hold time : 0.0 sec Remaining time : 0.0 sec
Subgrp selected : 1 Subgrp candidate : -
Subgrp count : 1
System Id : 00:00:00:00:45:02 System Priority : 32768
Admin Key : 1 Oper Key : 1
Prtr System Id : 00:00:5e:00:53:f6 Prtr System Priority : 32768
Prtr Oper Key : 32768
Standby Signaling : lacp
Port hashing : port-speed Port weight speed : 0 gbps
Ports Up : 0
Weights Up : 0 Hash-Weights Up : 0
Monitor oper group : op-grp-2
Oper group status : down
Adaptive loadbal. : disabled Tolerance : N/A
-------------------------------------------------------------------------------
Port-id Adm Act/Stdby Opr Primary Sub-group Forced Prio
-------------------------------------------------------------------------------
1/1/2 up active down yes 1 - 32768
-------------------------------------------------------------------------------
Port-id Role Exp Def Dist Col Syn Aggr Timeout Activity
-------------------------------------------------------------------------------
1/1/2 actor No No No No No Yes Yes Yes
1/1/2 partner No No No No Yes Yes Yes Yes
===============================================================================
When the LAG is operationally down, the SAP is operationally down. On DF PE-4, the SAP is up:
*A:PE-4# show service id 1 sap
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-2:1 1 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
On NDF PE-5, the SAP is operationally down:
*A:PE-5# show service id 1 sap lag-2:1
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id : 1
SAP : lag-2:1 Encap : q-tag
Description : (Not Specified)
Admin State : Up Oper State : Down
Flags : PortOperDown StandByForMHProtocol
Multi Svc Site : None
Last Status Change : 05/20/2022 15:02:07
Last Mgmt Change : 05/20/2022 15:01:15
===============================================================================
Auto-derived ESI changes when LACP port key on CE is modified
When the LAG goes operationally down due to ports going down or LACP going down, the auto-derived ESI is preserved. However, when the CE LACP configuration is changed— for example, with a different LACP port key—a new ESI is auto-derived.
In this example, the initial operational ESI on PE-4 is 01:00:00:5e:00:53:f6:80:00:00, as follows:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name : SA-ESI-45
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type : Type 1
On CE-6, the initial configuration of LAG 2 has LACP active with administrative key 32768:
*A:CE-6>config>lag# info
----------------------------------------------
mode hybrid
encap-type dot1q
port 1/1/1
port 1/1/2
lacp active administrative-key 32768
no shutdown
----------------------------------------------
On CE-6, LAG 2 is reconfigured with administrative key 4095 (= 0x0fff), as follows:
# on CE-6:
configure
lag 2 name "lag-2"
mode hybrid
encap-type dot1q
port 1/1/1
port 1/1/2
lacp active administrative-key 4095
no shutdown
As a result, the operational ESI on PE-4 is 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name : SA-ESI-45
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:0f:ff:00
Auto-ESI Type : Type 1
When debugging is enabled for BGP updates, the following ES routes are seen: initially with ESI 01:00:00:5e:00:53:f6:80:00:00 and later with ESI 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
39 2022/06/08 15:02:18.970 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:80:00:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
target:00:00:5e:00:53:f6
"
---snip---
56 2022/06/08 15:10:53.605 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:0f:ff:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
target:00:00:5e:00:53:f6
"Conclusion
To simplify the configuration of single-active and all-active ESs with LAG association, ESI type 1 can be used to auto-derive the ESI from the CE's LACP system MAC address and LACP port key.