EVPN-MPLS E-Tree
This chapter provides information about EVPN-MPLS E-Tree.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 15.0.R6, but the CLI in the current edition is based on SR OS Release 23.7.R1. VPLS E-Tree without EVPN is supported in SR OS Release 12.0.R4, and later. EVPN-MPLS E-Tree is supported in SR OS Release 15.0.R1, and later.
Overview
Ethernet Tree (E-Tree) is a rooted multipoint Ethernet service defined by the Metro Ethernet Forum (MEF). E-Tree can be implemented based on the following:
RFC 7796, Ethernet-Tree Support in Virtual Private LAN Services (VPLS E-Tree without EVPN)
RFC 8317, E-Tree Support in EVPN and PBB-EVPN (EVPN-MPLS E-Tree)
VPLS E-Tree without EVPN
The E-Tree implementation is based on RFC 7796 and is supported for unicast and broadcast, unknown unicast, and multicast (BUM) traffic. Interfaces can be defined as root attachment circuit (AC) or leaf AC, or both, as described in Interfaces in E-Tree . A VPLS E-Tree can have multiple root ACs. Access and network interfaces are both supported on SAPs and SDP bindings.
Interface |
Tag |
---|---|
Access interface (user-to-network interface - UNI) |
Root tag |
Leaf tag |
|
Network interface (network-to-network interface - NNI) |
Root-leaf tag |
On the ingress access interfaces, all frames are tagged and forwarded. On the network interfaces, no traffic is dropped based on the root or leaf tag. On the egress access interfaces, all traffic toward a root AC is forwarded, whereas traffic toward a leaf AC is only forwarded when it originates from a root AC, as summarized in E-Tree Forwarding on Access Interfaces . Traffic from leaf AC to leaf AC is blocked.
To root AC |
To leaf AC |
|
---|---|---|
From root AC |
Allowed |
Allowed |
From leaf AC |
Allowed |
Not allowed |
Within an E-Tree, the split horizon group capability is inherent for leaf SAPs and leaf SDP bindings and extends to all the remote nodes that are part of the same VPLS E-Tree service.
Ingress Tagging and Egress Filtering
Frame Forwarding in a VPLS E-Tree without EVPN shows how frames are forwarded in an E-Tree. The ingress node PE-2 knows whether the frame comes from a leaf AC or a root AC and adds a tag indicating "from root" or "from leaf". Specific VLAN IDs are used to indicate "from root" or "from leaf". The egress node PE-4 forwards the frame based on the "from root" or "from leaf" tag, as follows:
A frame with the "from root" tag can be forwarded to any AC, leaf or root.
A frame with the "from leaf" tag can only be forwarded to a root AC, not to a leaf AC.
SAPs and SDP bindings are considered as root AC automatically (in the following example, SAP 1/2/c1/1:4 is a root AC); leaf ACs get the keyword leaf-ac, and NNI SAPs and SDP bindings get the keyword root-leaf-tag. The root tag equals the service delimiting VLAN ID (VID) in the SAP and the leaf tag can only be configured with a different value.
On PE-2:
configure
service
vpls 4 name "VPLS 4" customer 1 etree create
sap 1/2/c1/1:4 create
exit
sap 1/2/c3/1:4 leaf-ac create
exit
sap 1/2/c5/1:4 root-leaf-tag leaf-tag 44 create
exit
spoke-sdp 24:4 vc-type vlan root-leaf-tag create
exit
spoke-sdp 210:4 leaf-ac create
exit
no shutdown
exit
exit
exit
VLAN ranges are not allowed in a VPLS E-Tree, as shown for the following connection profile VLAN, which is configured on PE-2:
On PE-2:
configure
connection-profile-vlan 10 create
vlan-range 10 to 19
vlan-range 110
exit
exit
The following error is raised when attempting to configure a SAP with VLAN range cp-10:
configure service vpls 4 sap 1/2/c3/1:cp-10 create
MINOR: SVCMGR #8303 vlan-range not allowed - etree configured
configure service vpls 4 sap 1/2/c3/1:cp-10.* leaf-ac create
MINOR: CLI SAP-id has an invalid port number or encapsulation value.
All incoming frames on a SAP or SDP binding in a VPLS have their dot1q/qinq encapsulation removed by the local PE. In a VPLS E-Tree, the local PE then adds a VLAN tag with a dedicated VID indicating whether the frame originates from a root AC or a leaf AC.
For dot1q/qinq-based L2 services, a VLAN tag with VID x is added for root and VID y for leaf. Frames with VID x are forwarded to any type of AC, while frames with VID y are only forwarded to root ACs at the remote node, as shown in VLAN Tags Added by Ingress Node and Filtered by Egress Node in VPLS E-Tree.
For pseudowire-based L2 services, a VLAN tag with VID 1 is hard-coded for frames received on a root AC and a VLAN tag with VID 2 for frames received on a leaf AC.
EVPN-MPLS E-Tree
Operators migrate their regular VPLS services to EVPN services because of the advantages offered by EVPN, such as all-active multi-homing, scalability, and easy provisioning. EVPN-MPLS E-Trees block leaf-to-leaf traffic, while allowing all traffic from and to root ACs. The following is a configuration example of an EVPN-MPLS E-Tree. The evpn-etree-leaf-label command is only relevant for EVPN E-Tree services and allocates an E-Tree leaf label on the system, which is used for egress filtering of BUM traffic.
configure
service
system
bgp-evpn
evpn-etree-leaf-label
exit
exit
vpls 1 name "VPLS 1" customer 1 etree create
bgp
exit
bgp-evpn
evi 1
mpls bgp 1
ingress-replication-bum-label
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
sap 1/2/c1/1:1 create
exit
sap 1/2/c3/1:1 leaf-ac create
exit
spoke-sdp 210:1 leaf-ac create
exit
no shutdown
exit
exit
exit
SAPs or SDP bindings are by default root AC objects. MAC addresses learned on root AC objects are advertised as usual, while MAC addresses learned on a SAP or SDP binding configured as leaf AC are advertised with an BGP EVPN E-Tree extended community with leaf indication bit L=1.
BGP EVPN VXLAN is not supported in E-Tree services; only EVPN-MPLS E-Tree is supported. The following error is raised when attempting to configure VXLAN in an E-Tree enabled service:
configure
service
vpls 3 name "VPLS 3" customer 1 etree create
vxlan vni 3 create
MINOR: SVCMGR #7890 Cannot configure vxlan - not supported on etree enabled services
In an EVPN-MPLS E-Tree, it is not required and not even possible to configure the root-leaf-tag option on interfaces. The following error is raised when attempting to configure a spoke SDP or SAP with root-leaf-tag option:
configure
service
vpls 1
spoke-sdp 24:1 vc-type vlan root-leaf-tag create
MINOR: SVCMGR #7883 evpn configured in service
configure
service
vpls 1
sap 1/2/c3/1:200 create root-leaf-tag leaf-tag 22
MINOR: SVCMGR #7883 evpn configured in service
BGP EVPN Control Plane for EVPN E-Tree
No leaf tag needs to be added to frames forwarded to EVPN destinations. Instead, the BGP EVPN control plane for EVPN E-Tree advertises a leaf indication bit and a leaf label in the E-tree extended community, as shown in BGP EVPN Control Plane for EVPN E-Tree.
The BGP EVPN control plane is extended with the EVPN E-Tree extended community, as per RFC 8317. The low-order bit of the flags field contains the L-bit (L=1 indicates a leaf AC). The leaf label contains a 20-bit MPLS label that is non-zero for Ethernet Auto Discovery (AD) per Ethernet Segment (per-ES) routes (tag MAX-ET), but it equals zero for MAC/IP routes and Ethernet AD per EVPN Instance (per-EVI) routes (tag 0). The following BGP EVPN AD per-ES route contains an EVPN E-Tree extended community with L=0 and leaf label 524282, and is used for egress BUM filtering. RFC 8317 states that the leaf indication bit L must be ignored on reception and should be zero on transmission.
On PE-2:
9 2023/07/26 21:52:45.409 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 81
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 192.0.2.2:1 ESI: ESI-0, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 24 Extended Community:
target:64496:1
etree::L:0/Leaf-Label:524282
bgp-tunnel-encap:MPLS
"
The following BGP EVPN MAC route contains an EVPN E-Tree extended community with L=1 and leaf label 0, and is used for known unicast ingress filtering:
On PE-2:
3 2023/07/26 21:51:52.235 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 89
Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-MAC Len: 33 RD: 192.0.2.2:1 ESI: ESI-0, tag: 0, mac len: 48 mac: ca:fe:09:29:29:29, IP len: 0, IP: NULL, label1: 8388496 (Raw Label: 0x7fff90)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 24 Extended Community:
target:64496:1
etree::L:1/Leaf-Label:0
bgp-tunnel-encap:MPLS
"
The following BGP EVPN AD per-EVI route contains an EVPN E-Tree extended community with L=1 and leaf label 0, and is used for ES consistency checking:
On PE-4:
80 2023/07/26 22:33:30.588 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 81
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.5
Type: EVPN-AD Len: 25 RD: 192.0.2.5:2 ESI: 01:00:00:00:00:45:01:00:00:01, tag: 0 Label: 8388464 (Raw Label: 0x7fff70) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 24 Extended Community:
target:64496:2
etree::L:1/Leaf-Label:0
bgp-tunnel-encap:MPLS
"
When PE-2 receives a BGP EVPN MAC route with an E-Tree extended community with leaf indication bit L=1, the PE imports the route and installs the MAC address in the forwarding database (FDB) with an EVPN leaf (Lf) flag, as follows:
*A:PE-2# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 ca:fe:01:01:01:01 sdp:210:1 L/30 07/26/23 21:55:11
1 ca:fe:06:46:46:46 mpls-1: Evpn 07/26/23 21:52:46
192.0.2.4:524281
ldp:65538
1 ca:fe:07:47:47:47 mpls-1: Evpn,Lf 07/26/23 21:52:46
192.0.2.4:524281
ldp:65538
1 ca:fe:08:28:28:28 sap:1/2/c1/1:1 L/0 07/26/23 21:51:58
1 ca:fe:09:29:29:29 sap:1/2/c3/1:1 LT/0 07/26/23 21:51:52
-------------------------------------------------------------------------------
No. of MAC Entries: 5
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
If receiving the same MAC route as root from PE-1 and as leaf from PE-2, the MAC route from PE-1 is selected: root MAC routes have higher priority than leaf MAC routes. Root static MAC routes take precedence over leaf static MAC routes.
EVPN MAC routes with a higher sequence number have a higher priority than root or leaf MAC routes. MAC mobility procedures take precedence to first identify the location of the MAC before associating that MAC with a root or a leaf site. The EVPN MAC route selection criteria in tie-break order are as follows:
Conditional static MACs (local protected MACs)
Auto-learned protected MACs (locally learned MACs on SAPs or mesh/spoke SDPs because of the configuration of auto-learn-mac-protect)
EVPN ES PBR MACs
EVPN static MACs (remote protected MACs)
Data plane learned MACs (regular MAC learning on SAPs/SDP-bindings)
EVPN MACs with a higher sequence number
EVPN E-Tree root MACs
Lowest IP (next-hop IP of the EVPN NLRI)
Lowest Ethernet tag (Ethernet tag is zero for MPLS and non-zero for VXLAN)
Lowest RD
Ingress Leaf Filtering for Unicast Traffic
EVPN-MPLS E-Tree is the only E-Tree technology able to do unicast ingress filtering, as opposed to the usual unicast egress filtering that, for example, VPLS does. Remote MAC addresses are learned in the control plane, so EVPN can optimize the forwarding by filtering known unicast traffic at the ingress:
Unicast frames entering a root AC at the ingress PE are not filtered. The MAC destination address (DA) is looked up in the FDB and the frames are forwarded. The MAC source address (SA) is learned and advertised in BGP EVPN without the E-Tree extended community.
Unicast frames entering a leaf AC at the ingress PE are filtered. The MAC DA is looked up in the FDB. When the MAC DA is learned from an EVPN leaf (or a leaf AC), the frame is dropped. When the MAC DA is learned from an EVPN root (or root AC), the frame is forwarded. The MAC SA is learned and advertised in BGP EVPN with leaf indication bit L=1.
Ingress Leaf Filtering for Known Unicast Traffic shows that PE-4 advertises MAC2 with leaf indication bit L=1. When a frame is sent with MAC SA MAC1 on a leaf AC of PE-2, PE-2 does a MAC lookup in the FDB to find out that the DA MAC2 is learned from an EVPN leaf. Therefore, PE-2 does not forward the frame to PE-4, but drops it at the ingress.
The ingress filtering blocks E-Tree leaf-to-leaf traffic and requires the implementation of an extra leaf EVPN-MPLS destination per remote PE containing leaf ACs per E-Tree service. Therefore, a dedicated EVPN-MPLS binding is created per leaf unicast traffic in the service. This additional internal EVPN-MPLS destination is created per remote PE that contains a leaf and that advertises at least one leaf MAC. The MPLS E-Tree leaf destination is created when a MAC route with L=1 is received. Any EVPN E-Tree service could potentially use one additional EVPN-MPLS destination for leaf unicast traffic per remote PE. This additional EVPN-MPLS leaf destination in the E-Tree is only unicast and not part of the flooding list. The EVPN-MPLS leaf destination consumes EVPN resources, as can be verified as follows:
*A:PE-2# tools dump service evpn usage | match "Mpls Etree"
Mpls Etree Leaf Dests : 1
All MAC addresses received with L=1 point to this EVPN-MPLS E-Tree leaf destination, whereas root MAC addresses point to the root destination.
Egress Leaf Filtering for BUM Traffic
Egress Leaf Filtering for BUM Traffic shows that leaf-to-leaf BUM traffic is filtered at the egress, based on the EVPN leaf label advertised in the E-Tree extended community of the zero ESI AD per-ES route (tag=MAX-ET).
BUM frames that enter a root AC at the ingress PE are not filtered; the BUM frames follow regular EVPN data plane procedures.
BUM frames that enter a leaf AC at the ingress PE are marked as leaf and forwarded or replicated to the egress IOM. At the egress IOM, the frame is flooded in the default multicast list, subject to the following:
Leaf entries are skipped when BUM traffic is forwarded, so no BUM traffic is forwarded to local leaf ACs.
BUM traffic to remote BGP EVPN PEs is encapsulated with the EVPN label stack.
If the remote PE has advertised an AD per-ES route with E-Tree leaf label L1, this leaf label L1 is added at the bottom of the stack. At the egress PE, when the leaf label L1 matches the leaf label of the PE, the BUM traffic is only forwarded to the root ACs, not to the leaf ACs.
If the egress PE does not have any E-Tree enabled service, it has not advertised any AD per-ES route with E-Tree leaf label. The local PE forwards the BUM traffic with BGP EVPN encapsulation, but without an additional label. Even when the egress PE does not have E-Tree enabled, it can still work with the VPLS E-Tree service available in the ingress PE. No traffic is dropped at the egress PE where no E-Tree is configured.
The following command is used to monitor the ESI label entries consumed by the EVPN E-Tree application:
*A:PE-2# tools dump service evpn usage | match "BUM"
Evpn Etree Remote BUM Leaf Labels : 1
Configuration
The initial configuration on the nodes includes the following:
Cards, MDAs, ports
Router interfaces
IS-IS (alternatively, OSPF can be used)
LDP between the PEs
BGP for the EVPN address family (between the PEs)
In this section, the following cases are described:
EVPN-MPLS E-Tree without multi-homing
EVPN-MPLS E-Tree with all-active and single-active multi-homing
EVPN-MPLS E-Tree without Multi-homing
Example Topology for EVPN-MPLS E-Tree without Multi-homing shows an example topology with two PEs in an EVPN-MPLS network with VPLS 1 configured as E-Tree. CE-6 and CE-8 have root ACs and are able to send and receive traffic to and from all other CEs, whereas CE-7, CE-9, and CE-1 are only able to exchange traffic with CE-6 and CE-8, but not with each other. The video source can be connected to CE-8 (root AC) or CE-9 (leaf AC).
The service configuration on PE-2 is as follows:
On PE-2:
configure
service
sdp 210 mpls create
far-end 192.0.2.10
ldp
no shutdown
exit
system
bgp-evpn
evpn-etree-leaf-label
exit
exit
vpls 1 name "VPLS 1" customer 1 etree create
bgp
exit
bgp-evpn
evi 1
mpls bgp 1
ingress-replication-bum-label
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
sap 1/2/c1/1:1 create
exit
sap 1/2/c3/1:1 leaf-ac create
exit
spoke-sdp 210:1 leaf-ac create
exit
no shutdown
exit
exit
exit
The service configuration on PE-4 is similar, with SAP 1/2/c1/1:1 as root AC and SAP 1/2/c3/1:1 as leaf AC.
The following command on PE-2 shows that SAP 1/2/c1/1:1 is a root AC (default), SAP 1/2/c3/1:1 is a leaf AC (indicated by "L"), and spoke SDP 210:1 is also a leaf AC.
*A:PE-2# show service id 1 etree
===============================================================================
Service Basic Information
===============================================================================
Service Id : 1 Vpn Id : 0
Service Type : VPLS
---snip---
Etree Mode : Enabled
Admin State : Up Oper State : Up
---snip---
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier Type AdmMTU OprMTU Adm Opr
-------------------------------------------------------------------------------
sap:1/2/c1/1:1 q-tag 8936 8936 Up Up
sap:1/2/c3/1:1 (L) q-tag 8936 8936 Up Up
sdp:210:1 (L) S(192.0.2.10) Spok 0 8910 Up Up
-------------------------------------------------------------------------------
Legend: (L): Leaf-Ac, (RL): Root-Leaf-Tag
===============================================================================
* indicates that the corresponding row element may have been truncated.
The following command on PE-2 shows that SAP 1/2/c1/1:1 is not configured as a leaf AC (Leaf-Ac Disabled), while SAP 1/2/c3/1:1 is configured as a leaf AC. Root-leaf tag cannot be configured on objects in an EVPN-MPLS E-Tree, so this is always disabled and no leaf tag is defined.
*A:PE-2# show service sap-using etree
===========================================================================
Etree SAP Information
===========================================================================
Svc Id SAP Leaf-Tag Root- Leaf-Ac
leaf-tag
---------------------------------------------------------------------------
1 1/2/c1/1:1 0 Disabled Disabled
1 1/2/c3/1:1 0 Disabled Enabled
---snip---
---------------------------------------------------------------------------
Number of etree saps: 5
===========================================================================
Likewise, the following command shows that spoke SDP 210:1 is configured as a leaf AC. Again, root-leaf tag cannot be configured on an object in an EVPN-MPLS E-Tree.
*A:PE-2# show service sdp-using etree
===========================================================================
Etree SDP-BIND Information
===========================================================================
Svc Id SDP-BIND Type Root- Leaf-Ac
leaf-tag
---------------------------------------------------------------------------
1 210:1 Spoke Disabled Enabled
---snip---
---------------------------------------------------------------------------
Number of etree sdp-binds: 3
===========================================================================
EVPN E-Tree Known Unicast Ingress Filtering
Unicast traffic can be exchanged between CE-8 (root AC) and any other CE. However, unicast traffic from CE-9 on leaf AC can only be exchanged with CE-8 and CE-6 on root ACs, but not with CE-7 (via leaf AC SAP 1/2/c3/1:1) or CE-1 (via leaf AC spoke SDP 210:1), as follows:
*A:CE-9# ping 172.16.0.28 rapid # succeeds - leaf AC can send to root AC
PING 172.16.0.28 56 data bytes
!!!!!
---- 172.16.0.28 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 2.51ms, avg = 3.35ms, max = 6.28ms, stddev = 1.47ms
*A:CE-9# ping 172.16.0.46 rapid # succeeds - leaf AC can send to root AC
PING 172.16.0.46 56 data bytes
!!!!!
---- 172.16.0.46 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 3.42ms, avg = 3.57ms, max = 3.88ms, stddev = 0.168ms
*A:CE-9# ping 172.16.0.47 rapid # fails - leaf AC cannot send to leaf AC!
PING 172.16.0.47 56 data bytes
.....
---- 172.16.0.47 PING Statistics ----
5 packets transmitted, 0 packets received, 100% packet loss
*A:CE-9# ping 172.16.0.110 rapid # fails - leaf AC cannot send to leaf AC!
PING 172.16.0.110 56 data bytes
.....
---- 172.16.0.110 PING Statistics ----
5 packets transmitted, 0 packets received, 100% packet loss
The following FDB for VPLS 1 on PE-2 shows that MAC address ca:fe:07:47:47:47 of CE-7 is learned as EVPN leaf, whereas MAC address ca:fe:01:01:01:01 of CE-1 is learned on the local root spoke SDP.
*A:PE-2# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 ca:fe:01:01:01:01 sdp:210:1 L/30 07/26/23 21:55:11
1 ca:fe:06:46:46:46 mpls-1: Evpn 07/26/23 21:52:46
192.0.2.4:524281
ldp:65538
1 ca:fe:07:47:47:47 mpls-1: Evpn,Lf 07/26/23 21:52:46
192.0.2.4:524281
ldp:65538
1 ca:fe:08:28:28:28 sap:1/2/c1/1:1 L/0 07/26/23 21:51:58
1 ca:fe:09:29:29:29 sap:1/2/c3/1:1 LT/0 07/26/23 21:51:52
-------------------------------------------------------------------------------
No. of MAC Entries: 5
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
EVPN E-Tree BUM Egress Filtering
When multicast traffic is sent from a video source via CE-8 (root AC), both CE-6 and CE-7 receive this traffic; for multicast traffic sent via CE-9 (leaf AC), only CE-6 (root AC) receives this traffic. PE-2 received leaf label 524282 in an AD per-ES route from PE-4, as follows:
*A:PE-2# show router bgp routes evpn auto-disc rd 192.0.2.4:1 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 192.0.2.4
Path Id : None
From : 192.0.2.4
Res. Nexthop : 192.168.24.2
Local Pref. : 100 Interface Name : int-PE-2-PE-4
---snip---
Community : target:64496:1 etree::L:0/Leaf-Label:524282
bgp-tunnel-encap:MPLS
---snip---
EVPN type : AUTO-DISC
ESI : ESI-0
Tag : MAX-ET
Route Dist. : 192.0.2.4:1
MPLS Label : LABEL 0
---snip---
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Multicast traffic is sent with three labels: MPLS (LDP), EVPN, and leaf label. The EVPN label is 524280 for multicast, as follows:
*A:PE-2# show service id 1 evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest (Instance 1)
===============================================================================
TEP Address Transport:Tnl Egr Label Oper Mcast Num
State MACs
-------------------------------------------------------------------------------
192.0.2.4 ldp:65538 524280 Up bum 0
192.0.2.4 ldp:65538 524281 Up none 2
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
---snip---
===============================================================================
The MPLS transport label is 524287, as follows:
*A:PE-2# show router ldp bindings active prefixes prefix 192.0.2.4/32
===============================================================================
---snip---
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.4/32 Push
-- 524287
192.168.24.2 1/1/c1/1
192.0.2.4/32 Swap
524285 524287
192.168.24.2 1/1/c1/1
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 2
===============================================================================
The video source sends the following multicast stream via CE-9 (leaf AC):
*A:CE-9# show router pim group detail
===============================================================================
PIM Source Group ipv4
===============================================================================
Group Address : 232.1.1.1
Source Address : 192.168.55.2
---snip---
Rpf Neighbor : 192.168.19.1
Incoming Intf : int-CE-9-CE-1
Outgoing Intf List : int-CE-9-PE-2
Curr Fwding Rate : 8239.920 kbps
Forwarded Packets : 28803 Discarded Packets : 0
Forwarded Octets : 42686046 RPF Mismatches : 0
Spt threshold : 0 kbps ECMP opt threshold : 7
Admin bandwidth : 1 kbps
-------------------------------------------------------------------------------
Groups : 1
===============================================================================
Receiver H-6 has joined the multicast stream and CE-6 (root AC) receives the following multicast group:
*A:CE-6# show router pim group detail
===============================================================================
PIM Source Group ipv4
===============================================================================
Group Address : 232.1.1.1
Source Address : 192.168.55.2
---snip---
Rpf Neighbor : 172.16.0.29
Incoming Intf : int-CE-6-PE-4
Outgoing Intf List : int-CE-6-H-6
Curr Fwding Rate : 9123.192 kbps
Forwarded Packets : 24297 Discarded Packets : 0
Forwarded Octets : 36008154 RPF Mismatches : 0
Spt threshold : 0 kbps ECMP opt threshold : 7
Admin bandwidth : 1 kbps
-------------------------------------------------------------------------------
Groups : 1
===============================================================================
Receiver H-7 has also joined the multicast stream, but CE-7 (leaf AC) cannot receive BUM traffic from a leaf AC, so the forwarding rate is 0 kbps, as follows:
*A:CE-7# show router pim group detail
===============================================================================
PIM Source Group ipv4
===============================================================================
Group Address : 232.1.1.1
Source Address : 192.168.55.2
---snip---
Rpf Neighbor :
Incoming Intf :
Outgoing Intf List : int-CE-7-H-7
Curr Fwding Rate : 0.000 kbps
Forwarded Packets : 0 Discarded Packets : 0
Forwarded Octets : 0 RPF Mismatches : 0
Spt threshold : 0 kbps ECMP opt threshold : 7
Admin bandwidth : 1 kbps
-------------------------------------------------------------------------------
Groups : 1
===============================================================================
EVPN E-Tree Egress Filtering Based on MAC SA
Egress filtering on MAC SA is required to cover cases when the ingress PE sends traffic received on a leaf AC, but without leaf indication. EVPN E-Tree Egress Filtering Based on MAC SA shows that CE-9 sends traffic with MAC SA ca:fe:09:29:29:29 on a leaf AC.
When CE-9 sends unicast traffic to CE-6 with root MAC DA ca:fe:06:46:46:46, the ingress PE-2 forwards the frames to this root MAC DA to egress PE-4. However, if PE-4 does not have the MAC DA in its FDB (because of aging or MAC flush and the MAC route has not made it yet to PE-2), it may flood the frame to all the root and leaf ACs, even if the frame originated from a leaf AC. EVPN E-Tree egress filtering based on MAC SA prevents this from happening, so the traffic is only forwarded to the root AC.
The data path does the egress filtering based on MAC SA as follows:
First, frames are identified as leaf frames in one of the following cases:
Frames arriving on a leaf SAP
EVPN traffic arriving with a leaf label
Frames arriving with a MAC SA that is flagged as being a leaf SA
At the egress PE, frames identified as leaf are filtered depending on the type of traffic:
For known unicast traffic, the FDB is consulted. If the MAC DA FDB entry is marked as being from a leaf, the frame is dropped to prevent leaf-to-leaf forwarding.
For BUM traffic, the leaf frames are filtered at the egress IOM to suppress leaf-to-leaf forwarding.
EVPN-MPLS E-Tree with Multi-homing
Example Topology with All-active ESs and Single-active ES shows the example topology with two all-active multi-homing vESs on PE-2 and PE-3 and one single-active multi-homing ES on PE-4 and PE-5.
On PE-2, two all-active multi-homing vESs are configured. VPLS 2 is configured as EVPN-MPLS E-Tree with LAG 1 as root AC and LAG 2 as leaf AC. RD 2.2.2.2 is configured and used in the non-zero AD per-ES routes, while the zero ESI routes (AD per-ES) use the IP address 192.0.2.2. The service configuration on PE-2 is as follows:
On PE-2:
configure
service
system
bgp-evpn
ad-per-es-route-target evi-rt-set route-distinguisher 2.2.2.2
evpn-etree-leaf-label
ethernet-segment "vESI-23_1" virtual create
esi 01:00:00:00:00:23:01:00:00:01
es-activation-timer 3
service-carving
mode auto
exit
multi-homing all-active
lag 1
dot1q
q-tag-range 2
exit
no shutdown
exit
ethernet-segment "vESI-23_2" virtual create
esi 01:00:00:00:00:23:02:00:00:01
es-activation-timer 3
service-carving
mode auto
exit
multi-homing all-active
lag 2
dot1q
q-tag-range 2
exit
no shutdown
exit
exit
exit
vpls 2 name "VPLS 2" customer 1 etree create
bgp
exit
bgp-evpn
evi 2
mpls bgp 1
ingress-replication-bum-label
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
sap lag-1:2 create
exit
sap lag-2:2 leaf-ac create
exit
no shutdown
exit
exit
exit
The service configuration on PE-3 is identical, but with evi-rt-set route-distinguisher 3.3.3.3 instead.
The command config service system bgp-evpn ad-per-es-route-target evi-rt-set is not supported for EVPN E-Tree services. When the command is configured on a router, the AD per-ES routes (with ESI=0) used for EVPN E-Tree services are always advertised with the service route target and route distinguisher, regardless of the ad-per-es-route-target configuration. AD per-ES routes for non-zero ESIs (used for regular multi-homing) is usually sent using either evi-rt-set or evi-rt, based on the router configuration.
It is important that all the ACs in each EVI for an ES must either be root ACs or leaf ACs in both PEs where the ES is defined, not a mix. In this example, SAP lag-1:2 is assigned to vES-23_1 and defined as root AC in both PE-2 and PE-3. Likewise, SAP lag-2:2 is assigned to vES-23_2 and configured as leaf AC in PE-2 and PE-3. However, if the configuration were a mix of root and leaf ACs in different PEs of the same ES, a remote PE (PE-4 or PE-5) would receive the AD per-EVI routes with inconsistent leaf indication and would treat the AC as root AC.
PE-2 sends the following BGP EVPN AD routes: an AD per-ES route with zero ESI and RD 192.0.2.2:2 (for egress filtering of BUM traffic) and an EVPN AD per-EVI route with non-zero ESI and RD 2.2.2.2:1 (to verify the ES consistency).
On PE-2:
17 2023/07/26 22:32:48.324 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.3
"Peer 1: 192.0.2.3: UPDATE
Peer 1: 192.0.2.3 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 81
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 192.0.2.2:2 ESI: ESI-0, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 24 Extended Community:
target:64496:2
etree::L:0/Leaf-Label:524282
bgp-tunnel-encap:MPLS
"
20 2023/07/26 22:32:48.328 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.3
"Peer 1: 192.0.2.3: UPDATE
Peer 1: 192.0.2.3 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 73
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 2.2.2.2:1 ESI: 01:00:00:00:00:23:01:00:00:01, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:2
esi-label:524276/All-Active
"
The following command shows the EVI RT set RD ranging from 2.2.2.2:1 to 2.2.2.2:512. In VPLS 2, the configured EVI is 2 and needs to be divided by 128, the number of EVI RT sets that are advertised. This value is rounded up to 1; therefore, the RD in the preceding AD per-EVI equals 2.2.2.2:1. The minimum EVI RT set RD equals 2.2.2.2:1 and the maximum is 2.2.2.2:512, because the EVI ranges from 1 to 65535 and 65536/128=512.
*A:PE-2# show service system bgp-evpn
===============================================================================
System BGP EVPN Information
===============================================================================
Eth Seg Route Dist. : <none>
Eth Seg Oper Route Dist. : 192.0.2.2:0
Eth Seg Oper Route Dist Type : default
Ad Per ES Route Target : evi-rt-set
EVI RT set Route Dist. : 2.2.2.2:1 - 2.2.2.2:512
Extended Evi Range : Disabled
Etree
Leaf : Enabled
Leaf Label : 524282 (dynamic)
---snip---
===============================================================================
Remote PE-4 received the following EVPN AD per-ES routes from PE-2: two non-zero ESI routes (for vES-23_1 and vES-23_2) and a zero ESI route.
*A:PE-4# show router bgp routes evpn auto-disc tag MAX-ET
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 2.2.2.2:1 01:00:00:00:00:23:01:00:00:01 192.0.2.2
MAX-ET LABEL 0
u*>i 2.2.2.2:1 01:00:00:00:00:23:02:00:00:01 192.0.2.2
MAX-ET LABEL 0
---snip---
u*>i 192.0.2.2:2 ESI-0 192.0.2.2
MAX-ET LABEL 0
---snip---
-------------------------------------------------------------------------------
Routes : 8
===============================================================================
On PE-4 and PE-5, ES-45 is configured in single-active mode. The service configuration on PE-4 is as follows:
On PE-4:
configure
service
system
bgp-evpn
ad-per-es-route-target evi-rt-set route-distinguisher 4.4.4.4
evpn-etree-leaf-label
ethernet-segment "ES-45" create
esi 01:00:00:00:00:45:01:00:00:01
es-activation-timer 3
service-carving
mode manual
manual
preference create
value 10000
exit
exit
exit
multi-homing single-active
sdp 46
no shutdown
exit
exit
exit
vpls 2 name "VPLS 2" customer 1 etree create
bgp
exit
bgp-evpn
evi 2
mpls bgp 1
ingress-replication-bum-label
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
spoke-sdp 46:2 leaf-ac create
exit
no shutdown
exit
exit
exit
The service configuration is similar on PE-5, but with a lower preference for the ES, so PE-4 is the DF, as follows.
*A:PE-4# show service id 2 ethernet-segment
No sap entries
===============================================================================
SDP Ethernet-Segment Information
===============================================================================
SDP Eth-Seg Status
-------------------------------------------------------------------------------
46:2 ES-45 DF
===============================================================================
No vxlan instance entries
For the all-active multi-homing vESs, PE-2 is the DF, as follows:
*A:PE-2# show service id 2 ethernet-segment
===============================================================================
SAP Ethernet-Segment Information
===============================================================================
SAP Eth-Seg Status
-------------------------------------------------------------------------------
lag-1:2 vESI-23_1 DF
lag-2:2 vESI-23_2 DF
===============================================================================
No sdp entries
No vxlan instance entries
Ingress Filtering for Unicast Traffic
Traffic can be sent between CE-12 (root AC lag-1:2) and CE-62 (leaf AC spoke SDP 46:2), but traffic between CE-13 (leaf AC lag-2:2) and CE-63 (leaf AC spoke SDP 46:2) is filtered. The following FDB for VPLS 2 on PE-2 shows two EVPN leaf MAC addresses: ca:fe:06:00:20:62 for CE-62 and ca:fe:06:00:30:63 for CE-63.
*A:PE-2# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 ca:fe:01:00:20:12 sap:lag-1:2 L/0 07/26/23 22:37:20
2 ca:fe:01:00:30:13 sap:lag-2:2 Evpn 07/26/23 22:37:21
2 ca:fe:06:00:20:62 eES: Evpn,Lf 07/26/23 22:33:24
01:00:00:00:00:45:01:00:00:01
2 ca:fe:06:00:30:63 eES: Evpn,Lf 07/26/23 22:37:43
01:00:00:00:00:45:01:00:00:01
-------------------------------------------------------------------------------
No. of MAC Entries: 4
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
The FDB for VPLS 2 on PE-3 shows the same EVPN leaf MAC addresses. For all PEs in the all-active MH ESs, the MAC addresses ca:fe:06:00:20:12 and ca:fe:06:00:30:13 from the locally attached ACs can be learned on the SAPs or via EVPN from the ES peer where they are learned on the SAPs. In this case, they are learned on the SAPs on PE-2 and PE-3.
*A:PE-3# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 ca:fe:01:00:20:12 sap:lag-1:2 L/0 07/26/23 22:33:03
2 ca:fe:01:00:30:13 sap:lag-2:2 L/0 07/26/23 22:37:21
2 ca:fe:06:00:20:62 eES: Evpn,Lf 07/26/23 22:33:24
01:00:00:00:00:45:01:00:00:01
2 ca:fe:06:00:30:63 eES: Evpn,Lf 07/26/23 22:37:43
01:00:00:00:00:45:01:00:00:01
-------------------------------------------------------------------------------
No. of MAC Entries: 4
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
The following FDB for VPLS 2 on DF PE-4 shows one EVPN leaf MAC address: ca:fe:01:00:30:13 for CE-13 on a remote ES.
*A:PE-4# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 ca:fe:01:00:20:12 eES: Evpn 07/26/23 22:33:19
01:00:00:00:00:23:01:00:00:01
2 ca:fe:01:00:30:13 eES: Evpn,Lf 07/26/23 22:37:21
01:00:00:00:00:23:02:00:00:01
2 ca:fe:06:00:20:62 sdp:46:2 L/0 07/26/23 22:33:24
2 ca:fe:06:00:30:63 sdp:46:2 L/4 07/26/23 22:37:43
-------------------------------------------------------------------------------
No. of MAC Entries: 4
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
PE-5 is NDF, and the following FDB shows three MAC routes of type EVPN leaf, for CE-13, CE-62, and CE-63.
*A:PE-5# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 ca:fe:01:00:20:12 eES: Evpn 07/26/23 22:33:33
01:00:00:00:00:23:01:00:00:01
2 ca:fe:01:00:30:13 eES: Evpn,Lf 07/26/23 22:37:21
01:00:00:00:00:23:02:00:00:01
2 ca:fe:06:00:20:62 eES: Evpn,Lf 07/26/23 22:33:33
01:00:00:00:00:45:01:00:00:01
2 ca:fe:06:00:30:63 eES: Evpn,Lf 07/26/23 22:37:43
01:00:00:00:00:45:01:00:00:01
-------------------------------------------------------------------------------
No. of MAC Entries: 4
-------------------------------------------------------------------------------
Legend:L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf T=Trusted
===============================================================================
Egress Filtering for BUM Traffic
Each PE advertises zero ESI AD per-ES routes (with tag MAX-ET) that are needed for egress BUM filtering.
BUM frames received on an ES root AC are flooded to the EVPN, based on regular EVPN procedures. The regular ESI label is sent for split horizon when frames are sent to the DF or NDF PEs in the same ES.
BUM frames received on an ES leaf AC are flooded in the default multicast list. The egress PE does not forward BUM traffic to any leaf ACs, including the ES leaf ACs. However, in the unlikely event that some ACs in a specific ES for an EVI have an inconsistent E-Tree configuration, these ACs are treated as root ACs, and the traffic is forwarded.
The remote PE-4 receives the following EVPN AD routes from DF PE-2: a zero ESI AD per-ES (tag MAX-ET), two AD per-EVI (tag 0) routes with a non-zero label, and two AD per-ES routes (tag MAX-ET).
*A:PE-4# show router bgp routes evpn auto-disc next-hop 192.0.2.2
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 2.2.2.2:1 01:00:00:00:00:23:01:00:00:01 192.0.2.2
MAX-ET LABEL 0
u*>i 2.2.2.2:1 01:00:00:00:00:23:02:00:00:01 192.0.2.2
MAX-ET LABEL 0
u*>i 192.0.2.2:2 ESI-0 192.0.2.2
MAX-ET LABEL 0
u*>i 192.0.2.2:2 01:00:00:00:00:23:01:00:00:01 192.0.2.2
0 LABEL 524274
u*>i 192.0.2.2:2 01:00:00:00:00:23:02:00:00:01 192.0.2.2
0 LABEL 524274
-------------------------------------------------------------------------------
Routes : 5
===============================================================================
The same remote PE-4 receives similar EVPN AD routes from NDF PE-3: a zero ESI AD per-ES (tag MAX-ET), two AD per-EVI (tag 0) routes with a non-zero label, and two AD per-ES routes (tag MAX-ET).
*A:PE-4# show router bgp routes evpn auto-disc next-hop 192.0.2.3
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 3.3.3.3:1 01:00:00:00:00:23:01:00:00:01 192.0.2.3
MAX-ET LABEL 0
u*>i 3.3.3.3:1 01:00:00:00:00:23:02:00:00:01 192.0.2.3
MAX-ET LABEL 0
u*>i 192.0.2.3:2 ESI-0 192.0.2.3
MAX-ET LABEL 0
u*>i 192.0.2.3:2 01:00:00:00:00:23:01:00:00:01 192.0.2.3
0 LABEL 524278
u*>i 192.0.2.3:2 01:00:00:00:00:23:02:00:00:01 192.0.2.3
0 LABEL 524278
-------------------------------------------------------------------------------
Routes : 5
===============================================================================
The following detailed information about the AD per-ES route (tag MAX-ET) for mass withdraw on PE-4 shows that no E-Tree extended community is sent by PE-2; only the ESI-label extended community is sent.
*A:PE-4# show router bgp routes evpn auto-disc rd 2.2.2.2:1 tag MAX-ET esi 01:00:00:00:00:23:01:00:00:01 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.24.1
---snip---
Community : target:64496:2 esi-label:524276/All-Active
---snip---
EVPN type : AUTO-DISC
ESI : 01:00:00:00:00:23:01:00:00:01
Tag : MAX-ET
Route Dist. : 2.2.2.2:1
MPLS Label : LABEL 0
---snip---
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
A similar result is seen for the other vES:
*A:PE-4# show router bgp routes evpn auto-disc rd 2.2.2.2:1 tag MAX-ET esi 01:00:00:00:00:23:02:00:00:01 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.24.1
---snip---
Community : target:64496:2 esi-label:524275/All-Active
---snip---
EVPN type : AUTO-DISC
ESI : 01:00:00:00:00:23:02:00:00:01
Tag : MAX-ET
Route Dist. : 2.2.2.2:1
MPLS Label : LABEL 0
---snip---
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The following detailed information about the AD per-EVI (tag 0) on PE-4 shows that if the ES is root (as for vES-23_1), the regular extended community is sent, not the E-Tree extended community.
*A:PE-4# show router bgp routes evpn auto-disc rd 192.0.2.2:2 tag 0 esi 01:00:00:00:00:23:01:00:00:01 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.24.1
---snip---
Community : target:64496:2 bgp-tunnel-encap:MPLS
---snip---
EVPN type : AUTO-DISC
ESI : 01:00:00:00:00:23:01:00:00:01
Tag : 0
Route Dist. : 192.0.2.2:2
MPLS Label : LABEL 524274
---snip---
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The following detailed information about the AD per-EVI (tag 0) on PE-4 shows that if the ES is leaf (as for vES-23_2), the E-Tree extended community is sent, along with the regular extended community.
*A:PE-4# show router bgp routes evpn auto-disc rd 192.0.2.2:2 tag 0 esi 01:00:00:00:00:23:02:00:00:01 detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.24.1
---snip---
Community : target:64496:2 etree::L:1/Leaf-Label:0
bgp-tunnel-encap:MPLS
---snip---
EVPN type : AUTO-DISC
ESI : 01:00:00:00:00:23:02:00:00:01
Tag : 0
Route Dist. : 192.0.2.2:2
MPLS Label : LABEL 524274
---snip---
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The tools dump service evpn usage command shows that there are three EVPN E-Tree remote BUM leaf labels:
*A:PE-2# tools dump service evpn usage | match "BUM"
Evpn Etree Remote BUM Leaf Labels : 3
This corresponds to the following three ESI-0 AD per-ES routes (tag MAX-ET) on PE-2:
*A:PE-2# show router bgp routes evpn auto-disc esi ESI-0
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.3:2 ESI-0 192.0.2.3
MAX-ET LABEL 0
u*>i 192.0.2.4:2 ESI-0 192.0.2.4
MAX-ET LABEL 0
u*>i 192.0.2.5:2 ESI-0 192.0.2.5
MAX-ET LABEL 0
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
Conclusion
E-Trees can be used for enterprise business services, for the distribution of IPTV multicast content, for centralized backup BNGs, and so on. In a VPLS E-Tree, leaf SAPs or leaf SDP bindings cannot exchange traffic with each other, similar to split horizon group behavior. The E-Tree restrictions apply to all remote PEs that are part of the same service. E-Trees can be applied in an EVPN-MPLS VPLS as well as in a regular VPLS.