EVPN IP-VRF-to-IP-VRF Models

This chapter provides information about EVPN IP-VRF-to-IP-VRF Models.

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 16.0.R3. SR OS supports the three EVPN IP-VRF-to-IP-VRF models described in draft-ietf-bess-evpn-prefix-advertisement. The two interface-ful models for IPv4 are supported for EVPN-VXLAN in SR OS Release 12.0.R4, and later, and for EVPN-MPLS in SR OS Release 14.0.R1. The interface-less model is supported for IPv4 in EVPN-VXLAN and EVPN-MPLS in SR OS Release 16.0.R2, and later. Interface-less and interface-ful models for IPv6 are supported in SR OS Release 16.0.R4, and later.

Overview

EVPN is considered the standard for Data Centers (DCs) and DC Interconnect (DCI) for layer 2 and layer 3 services. Draft-ietf-bess-evpn-prefix-advertisement describes the following three IP-VRF-to-IP-VRF models:

  • Interface-less model (mandatory)

  • Interface-ful model with Supplementary Broadcast Domain (SBD) Interworking Routing and Bridging (IRB) (mandatory)

  • Interface-ful model with unnumbered SRB IRB (optional)

In standard terminology, SBD is the Broadcast Domain (BD) that joins two IP-VRFs. In SR OS, the SBD is a "backhaul" R-VPLS service that connects two PEs attached to VPRNs of the same VPN. For IP prefix advertisement in the SBD, ip-route-advertisement needs to be enabled in the BGP-EVPN context, whereas mac-advertisement is enabled by default. BGP-EVPN IP prefix route type 5 (RT-5) updates are used in all models; MAC/IP routes (RT-2) are used in the interface-ful models only. In the interface-less model, mac-advertisement must be disabled.

Interface-ful SBD IRB and Interface-ful Unnumbered SBD IRB show the two interface-ful IP-VRF-to-IP-VRF models: SBD IRB and unnumbered SBD IRB. Both interface-ful SBD IRB models require BGP-EVPN IP prefix routes (RT-5) with recursive lookup to MAC/IP routes (RT-2). Host 1 is located in broadcast domain 1 (BD1 corresponds to an R-VPLS) linked to the VRF in PE-1 and host 2 is located in BD2 linked to the VRF in PE-2. The VRFs correspond to VPRNs that are linked to an SBD, which is a backhaul R-VPLS.

Figure 1. Interface-ful SBD IRB

The interface-ful SBD IRB model requires an IP address on the VPRN interface for the SBD (IP2 on PE-2); no EVPN tunnel can be used. Both PEs will send BGP-EVPN RT-5 (IP prefix) and BGP-EVPN RT-2 (MAC/IP) updates. PE-2 sends an RT-5 update for IP prefix 20.0.0.0/24 with GW IP address IP2 and an RT-2 update for GW IP address IP2 with MAC2 and next-hop PE-2. On PE-1, the prefix 20.0.0.0/24 appears in the VRF route table as an EVPN route with next-hop GW IP2. The ARP table for the VRF contains the corresponding MAC address MAC2 for the GW IP address IP2. The FDB of the SBD includes an EVPN entry for GW MAC address MAC2 with next-hop PE-2.

When the VPRN is configured toward the SBD with an EVPN tunnel rather than a numbered IP interface, the RT-5 update will contain the GW MAC address MAC2 instead of the GW IP address IP2. Interface-ful Unnumbered SBD IRB shows that PE-2 sends an RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address MAC2 and an RT-2 update for GW MAC address MAC2 with next-hop PE-2. Again, a recursive lookup is done.

Figure 2. Interface-ful Unnumbered SBD IRB

Finally, in the interface-less IP-VRF-to-IP-VRF model, mac-advertisement is disabled in the BGP-EVPN context of the backhaul R-VPLS. BGP-EVPN RT-5 updates will contain the GW MAC address, and no RT-2 updates will be sent; therefore, the number of BGP-EVPN updates is reduced and no recursive lookup is done on PE-1. PE-1 adds an entry in its FDB based on an RT-5 route instead of an RT-2 route from PE-2. Interface-less IP-VRF-to-IP-VRF Model shows the interface-less IP-VRF-to-IP-VRF model where PE-2 sends an RT-5 update with GW MAC address MAC2.

Figure 3. Interface-less IP-VRF-to-IP-VRF Model
Note:

Other vendors do not use a service context as the R-VPLS EVPN tunnel shown in Figure 3, and they configure the route targets used for the RT-5 updates in the VPRN (or VRF) instances. When interoperating with those vendors, ensure that the 7x50 R-VPLS route targets match the route targets in the VRF of the third-party router.

The preceding examples are based on EVPN-VXLAN, but IP-VRF-to-IP-VRF also works for EVPN-MPLS. Instead of the VNI, the MPLS label is then included in the RT-5 and RT-2 updates.

EVPN MAC Selection Criteria

In the interface-less scenario, the MAC address entry in the R-VPLS FDB that is required to forward packets to the remote PE is obtained from an internal MAC/IP route. This internal route is obtained from the router MAC extended community in the BGP-EVPN RT-5 update. In case the same MAC address is received in multiple ways, the following MAC selection criteria apply. Beginning with criterion (1), the MAC is selected if the criterion is met, or the next criterion is applied. As indicated in (8), a MAC received from an RT-2 has higher priority than a MAC populated by the router MAC extended community in an RT-5 update.

  1. Conditional static MAC addresses (locally protected MAC addresses)

  2. Auto-learned protected MAC addresses (locally learned MAC addresses on SAPs or SDP-bindings due to the configuration of auto-learn-mac-protect)

  3. EVPN ES PBR MAC addresses

  4. EVPN static MAC addresses (remotely protected MAC addresses)

  5. Data plane learned MAC addresses (regular learning on SAPs or SDP-bindings)

  6. EVPN MAC routes with a higher sequence number

  7. EVPN E-Tree root MAC addresses

  8. EVPN non-RT-5 MAC addresses (this tie-breaking rule is only applied if the selection algorithm is comparing received MAC routes (RT-2) and internal MAC routes derived from the MAC addresses in IP-prefix routes, such as RT-5 MACs)

  9. Lowest IP address for the next-hop of the EVPN NLRI

  10. Lowest Ethernet tag (that will be zero for MPLS and might be different from zero for VXLAN)

  11. Lowest route distinguisher

  12. Lowest BGP instance (this tie-breaking rule is only applied if the preceding rules fail to select a unique MAC address and the service has two BGP instances of the same encapsulation)

EVPN IP-VRF-to-IP-VRF Model Comparison

Each model has its advantages. EVPN IP-VRF-to-IP-VRF Model Comparison compares the three IP-VRF-to-IP-VRF models.

Table 1. EVPN IP-VRF-to-IP-VRF Model Comparison

Advantage

Model 1

Interface-less

Model 2

Interface-ful SBD IRB

Model 3

Interface-ful unnumbered SBD IRB

Reduced number of EVPN routes

Yes

No

No

Ease of provisioning (no IP address on core IRB)

Yes

No

Yes

Mass withdrawal due to recursive resolution

No

Yes

Yes

Configuration

The following use cases are documented in this chapter:

  • IP-VRF-to-IP-VRF Models in EVPN-VXLAN

    • Interface-ful model with SBD IRB in EVPN-VXLAN

    • Interface-ful model with unnumbered SBD IRB in EVPN-VXLAN

    • Interface-less model in EVPN-VXLAN

  • IP-VRF-to-IP-VRF Models in EVPN-MPLS

    • Interface-ful model with SBD IRB in EVPN-MPLS

    • Interface-ful model with unnumbered SBD IRB in EVPN-MPLS

    • Interface-less model in EVPN-MPLS

IP-VRF-to-IP-VRF Model in EVPN-VXLAN

Example Topology with Services - EVPN-VXLAN shows the example topology with two PEs. Hosts 1 and 2-emulated through VPRNs 11 and 22-are attached to R-VPLS 1 and 2 respectively.

Figure 4. Example Topology with Services - EVPN-VXLAN

The initial configuration on the PEs includes the following:

  • Cards, MDAs, ports

  • Router interfaces

  • IS-IS (alternatively, OSPF can be used)

  • BGP for address family EVPN

On PE-1, the BGP configuration is as follows. The BGP configuration on PE-2 is similar.

*A:PE-1#
configure
    router
        autonomous-system 64500
        bgp
            vpn-apply-import
            vpn-apply-export
            rapid-withdrawal
            rapid-update evpn
            group "dc"
                family evpn
                type internal
                neighbor 192.0.2.2
                exit
            exit
        exit

Interface-ful Model with SBD IRB in EVPN-VXLAN

The service configuration on PE-1 includes the SBD R-VPLS 15, VPRN 151, and R-VPLS 1. The service configuration on PE-2 is similar, but R-VPLS 2 is configured instead of R-VPLS 1.

On PE-1, SBD R-VPLS 15 is configured with VNI 15, as follows. MAC advertisement is enabled by default, but IP route advertisement must be enabled explicitly. Only one BGP instance and one VXLAN instance are configured.

*A:PE-1#
configure
    service
        vpls 15 name "sbd-15" customer 1 create
            description "backhaul R-VPLS 15"
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 15 create
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement
                evi 15
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            no shutdown
        exit

VPRN 151 has two interfaces: one toward the SBD R-VPLS 15 and one toward BD R-VPLS 1. The interface toward the SBD has GW IP address 172.16.151.1/24 and MAC address 00:00:00:01:51:01. The interface toward R-VPLS 1 has IP address 10.0.0.1/24 and MAC address 00:00:00:1e:01:01. VRRP is configured in passive mode, so PE-1 uses the backup IP address as an anycast gateway. The backup IP address is 10.0.0.254 and the auto-derived virtual MAC address is 00:00:5e:00:00:01 for VRID 1. On PE-1, VPRN 151 is configured as follows:

*A:PE-1#
configure
    service
        vprn 151 name "ip-vrf-151" customer 1 create
            ecmp 2
            route-distinguisher auto-rd
            interface "sbd-15" create
                address 172.16.151.1/24
                mac 00:00:00:01:51:01
                vpls "sbd-15"
                exit
            exit
            interface "bd-1" create
                address 10.0.0.1/24
                mac 00:00:00:1e:01:01
                vrrp 1 passive
                    backup 10.0.0.254
                    ping-reply
                    traceroute-reply
                exit
                vpls "bd-1"
                exit
            exit
            no shutdown
        exit

On PE-1, R-VPLS 1 is configured as follows. Host 1 is attached to the SAP.

*A:PE-1#
configure
    service
        vpls 1 name "bd-1" customer 1 create
            description "R-VPLS 1 - BD 1"
            allow-ip-int-bind
            exit
            sap pxc-10.a:1 create
                no shutdown
            exit
            no shutdown
        exit
        

In this example, host 1 is simulated by VPRN 11, as follows. The default route has next-hop 10.0.0.254, which is the VRRP backup address in VPRN 151.

*A:PE-1#
configure
    service
        vprn 11 name "host1" customer 1 create
            description "Host-1 attached to R-VPLS 1"
            route-distinguisher auto-rd
            interface "local" create
                address 10.0.0.111/24
                mac 00:00:00:10:11:01
                sap pxc-10.b:1 create
                exit
            exit
            static-route-entry 0.0.0.0/0
                next-hop 10.0.0.254
                    no shutdown
                exit
            exit
            no shutdown
        exit

The service configuration on PE-2 is similar, with R-VPLS 2 instead of R-VPLS 1 and VPRN 22 instead of VPRN 11. The GW IP address on PE-2 is 172.16.151.2/24, interface "bd-2" in VPRN 151 has IP address 20.0.0.2/24, and host 2 has IP address 20.0.0.222/24.

PE-1 receives a BGP-EVPN RT-5 update from PE-2 for IP prefix 20.0.0.0/24, as follows. The GW IP address is 172.16.151.2 and the next-hop is PE-2.

*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag  Route Dist.         Prefix
      Tag                 Gw Address
                          NextHop
                          Label
-------------------------------------------------------------------------------
u*>i  192.0.2.2:15        20.0.0.0/24
      0                   172.16.151.2
                          192.0.2.2
                          VNI 15

-------------------------------------------------------------------------------
Routes : 1

PE-1 receives the following BGP-EVPN MAC update for MAC address 00:00:00:01:51:02, which corresponds to GW IP 172.16.151.2:

*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag  Route Dist.         MacAddr           ESI
      Tag                 Mac Mobility      Label1
                          Ip Address        
                          NextHop           
-------------------------------------------------------------------------------
u*>i  192.0.2.2:15        00:00:00:01:51:02 ESI-0
      0                   Static            VNI 15
                          172.16.151.2
                          192.0.2.2

-------------------------------------------------------------------------------
Routes : 1

The following traceroute on PE-1 from host 1 to host 2 shows that the first hop is 10.0.0.1 (interface "bd-1" in VPRN 151 on PE-1), the second hop is the IP GW address 172.16.151.2 (interface "sbd-15" in VPRN 151 on PE-2), and the third hop is host 2 with IP address 20.0.0.222:

*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111 
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
  1  10.0.0.1 (10.0.0.1)    0.695 ms  0.489 ms  0.536 ms
  2  172.16.151.2 (172.16.151.2)    1.16 ms  1.00 ms  0.840 ms
  3  20.0.0.222 (20.0.0.222)    1.13 ms  1.16 ms  1.24 ms

On PE-1, the following route table for VPRN 151 contains a BGP-EVPN route for IP prefix 20.0.0.0/24 with next-hop 172.16.151.2 and preference 169 (whereas BGP-VPN routes for IP-VPN have a preference of 170):

*A:PE-1# show router 151 route-table 
===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.0.0.0/24                                   Local   Local     04h05m45s  0
       bd-1                                                         0
20.0.0.0/24                                   Remote  BGP EVPN  02h33m29s  169
       172.16.151.2                                                 0
172.16.151.0/24                               Local   Local     04h01m07s  0
       sbd-15                                                       0
-------------------------------------------------------------------------------
No. of Routes: 3

On PE-1, the following ARP table of VPRN 151 contains an EVPN entry for GW IP address 172.16.151.2:

*A:PE-1# show router 151 arp

===============================================================================
ARP Table (Service: 151)
===============================================================================
IP Address      MAC Address       Expiry    Type   Interface
-------------------------------------------------------------------------------
172.16.151.1    00:00:00:01:51:01 00h00m00s Oth[I] sbd-15
172.16.151.2    00:00:00:01:51:02 00h00m00s Evp[I] sbd-15
10.0.0.1        00:00:00:1e:01:01 00h00m00s Oth[I] bd-1
10.0.0.111      00:00:00:10:11:01 03h58m06s Dyn[I] bd-1
10.0.0.254      00:00:5e:00:01:01 00h00m00s Oth[I] bd-1
-------------------------------------------------------------------------------
No. of ARP Entries: 5

The following FDB on PE-1 shows a static and protected EVPN entry for MAC address 00:00:00:01:51:02:

*A:PE-1# show service id 15 fdb detail 

===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId     MAC               Source-Identifier       Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
15         00:00:00:01:51:01 cpm                     Intf     10/11/18 06:55:47
15         00:00:00:01:51:02 vxlan-1:                EvpnS    10/11/18 09:07:16
                                                     P        
                             192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend:  L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
*A:PE-1#

Interface-ful Model with Unnumbered SBD IRB in EVPN-VXLAN

On both PEs, the GW IP addresses 172.16.151.x/24 are removed from interface "sbd-15" in VPRN 151 and an EVPN tunnel is configured instead. The changes in the configuration of VPRN 151 on PE-1 are the following:

*A:PE-1#
configure
    service
        vprn 151 
            interface "sbd-15" 
                no address 172.16.151.1/24
                vpls "sbd-15"
                    evpn-tunnel
                exit
            exit

Similarly, the following is configured in VPRN 151 on PE-2:

*A:PE-2#
configure
    service
        vprn 151 
            interface "sbd-15" 
                no address 172.16.151.2/24
                vpls "sbd-15"
                    evpn-tunnel
                exit
            exit

The configuration of VPRN 151 on PE-2 is as follows:

*A:PE-2>config>service>vprn# info 
----------------------------------------------
            ecmp 2
            route-distinguisher auto-rd
            interface "sbd-15" create
                mac 00:00:00:01:51:02
                vpls "sbd-15"
                    evpn-tunnel
                exit
            exit
            interface "bd-2" create
                address 20.0.0.2/24
                mac 00:00:00:2e:02:02
                vrrp 1 passive
                    backup 20.0.0.254
                    ping-reply
                    traceroute-reply
                exit
                vpls "bd-2"
                exit
            exit
            no shutdown
----------------------------------------------

The provisioning is easier with unnumbered SBD IRB because no IRB IP addresses need to be configured in the VPRN.

PE-1 receives the following RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address 00:00:00:01:51:02, because there is no GW IP address. The GW MAC address is used in the VPRN route table, where the EVPN tunnel leads toward this GW MAC address.

*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag  Route Dist.         Prefix
      Tag                 Gw Address
                          NextHop
                          Label
-------------------------------------------------------------------------------
u*>i  192.0.2.2:15        20.0.0.0/24
      0                   00:00:00:01:51:02
                          192.0.2.2
                          VNI 15

-------------------------------------------------------------------------------
Routes : 1

MAC advertisement is by default enabled, so PE-1 also receives the following RT-2 update for the GW MAC address. The interface is unnumbered, so there is no corresponding IP address.

*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15       
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag  Route Dist.         MacAddr           ESI
      Tag                 Mac Mobility      Label1
                          Ip Address        
                          NextHop           
-------------------------------------------------------------------------------
u*>i  192.0.2.2:15        00:00:00:01:51:02 ESI-0
      0                   Static            VNI 15
                          n/a
                          192.0.2.2

-------------------------------------------------------------------------------
Routes : 1

The following traceroute from host 1 to host 2 shows that the second hop now is 20.0.0.2, which corresponds to the "bd-2" interface in VPRN 151 on PE-2. The other hops remain the same as in the preceding case.

*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111     
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
  1  10.0.0.1 (10.0.0.1)    0.804 ms  0.518 ms  0.493 ms
  2  20.0.0.2 (20.0.0.2)    1.01 ms  1.39 ms  1.04 ms
  3  20.0.0.222 (20.0.0.222)    1.26 ms  1.27 ms  1.10 ms

The following route table of VPRN 151 on PE-1 shows a BGP-EVPN route for IP prefix 20.0.0.0/24 with EVPN tunnel (ET) to GW MAC address 00:00:00:01:51:02:

*A:PE-1# show router 151 route-table 

===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.0.0.0/24                                   Local   Local     04h42m30s  0
       bd-1                                                         0
20.0.0.0/24                                   Remote  BGP EVPN  00h14m14s  169
       sbd-15 (ET-00:00:00:01:51:02)                                0
-------------------------------------------------------------------------------
No. of Routes: 2

The following ARP table for VPRN 151 does not contain any entries for interface "sbd-15", because they are unnumbered:

*A:PE-1# show router 151 arp "sbd-15" 

===============================================================================
ARP Table (Service: 151)
===============================================================================
IP Address      MAC Address       Expiry    Type   Interface
-------------------------------------------------------------------------------
No Matching Entries Found

However, internally, ARP entries are created. The following command shows that the same number of ARP entries are consumed as in the preceding use case with the numbered interface "sbd-15". The BGP-EVPN ARP entry corresponds to the GW interface "sbd-15" on the BGP peer.

*A:PE-1# show router 151 arp summary 

============================================================
ARP Table Summary (Service: 151)
============================================================
Local ARP Entries    : 3
Static ARP Entries   : 0
Dynamic ARP Entries  : 1
Managed ARP Entries  : 0
Internal ARP Entries : 0
BGP-EVPN ARP Entries : 1
------------------------------------------------------------
No. of ARP Entries   : 5
============================================================
*A:PE-1#

The FDB for R-VPLS 15 on PE-1 is as follows:

*A:PE-1# show service id 15 fdb detail                               

===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId     MAC               Source-Identifier       Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
15         00:00:00:01:51:01 cpm                     Intf     10/11/18 06:55:47
15         00:00:00:01:51:02 vxlan-1:                EvpnS    10/11/18 12:03:16
                                                     P        
                             192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend:  L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
*A:PE-1#

Interface-less Model in EVPN-VXLAN

The only difference from the preceding configuration is that MAC route advertisement is disabled in the backhaul R-VPLS 15 on both PEs, as follows:

*A:PE-1#
configure
    service
        vpls 15 
            bgp-evpn
                no mac-advertisement
            exit

The configuration of R-VPLS 16 on PE-2 is as follows:

*A:PE-2# configure service vpls 15 
*A:PE-2>config>service>vpls# info 
----------------------------------------------
            description "backhaul R-VPLS 15"
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 15 create
            exit
            bgp
            exit
            bgp-evpn
                no mac-advertisement
                ip-route-advertisement
                evi 15
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
----------------------------------------------

Again, the provisioning is easier with unnumbered SBD IRB because no IRB IP addresses need to be configured in the VPRN.

PE-1 receives the following BGP-EVPN RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address 00:00:00:01:51:02, which is the same as in the preceding use case:

*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag  Route Dist.         Prefix
      Tag                 Gw Address
                          NextHop
                          Label
-------------------------------------------------------------------------------
u*>i  192.0.2.2:15        20.0.0.0/24
      0                   00:00:00:01:51:02
                          192.0.2.2
                          VNI 15

-------------------------------------------------------------------------------
Routes : 1

PE-1 does not receive any BGP-EVPN RT-2 updates because PE-2 does not advertise any MAC addresses in R-VPLS 15, as follows:

*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15       
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag  Route Dist.         MacAddr           ESI
      Tag                 Mac Mobility      Label1
                          Ip Address        
                          NextHop           
-------------------------------------------------------------------------------
No Matching Entries Found.

The following traceroute from host 1 to host 2 shows that the second hop is the IP address of the "bd-2" interface in VPRN 151 on PE-2, as in the preceding use case:

*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111 
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
  1  10.0.0.1 (10.0.0.1)    0.643 ms  0.554 ms  0.549 ms
  2  20.0.0.2 (20.0.0.2)    1.08 ms  1.13 ms  0.988 ms
  3  20.0.0.222 (20.0.0.222)    1.31 ms  1.22 ms  1.29 ms

The following route table for VPRN 151 on PE-1 shows a BGP-EVPN route for IP prefix 20.0.0.0/24 with EVPN tunnel:

*A:PE-1# show router 151 route-table 

===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
10.0.0.0/24                                   Local   Local     05h06m26s  0
       bd-1                                                         0
20.0.0.0/24                                   Remote  BGP EVPN  00h38m10s  169
       sbd-15 (ET-00:00:00:01:51:02)                                0
-------------------------------------------------------------------------------
No. of Routes: 2

The following FDB in R-VPLS 15 on PE-1 shows an EVPN entry for GW MAC address 00:00:00:01:51:02, which is created out of the RT-5 GW MAC (router MAC extended community):

*A:PE-1# show service id 15 fdb detail 

===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId     MAC               Source-Identifier       Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
15         00:00:00:01:51:01 cpm                     Intf     10/11/18 06:55:47
15         00:00:00:01:51:02 vxlan-1:                Evpn     10/11/18 12:29:36
                             192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2

IP-VRF-to-IP-VRF Models in EVPN-MPLS

The three IP-VRF-to-IP-VRF models are also supported in EVPN-MPLS. Example Topology with Services - EVPN-MPLS shows the example topology with the services R-VPLS 16, VPRN 161, R-VPLS 3 (or 4), and VPRN 31 for host 3 (or VPRN 42 for host 4).

Figure 5. Example Topology with Services - EVPN-MPLS

For MPLS, LDP is configured on the interface between PE-1 and PE-2.

Interface-ful Model with SBD IRB in EVPN-MPLS

The following services are configured on PE-1 and PE-2:

  • Backhaul R-VPLS 16

  • VPRN 161

  • R-VPLS 3 on PE-1; R-VPLS 4 on PE-2

  • VPRN 31 (host 3) on PE-1; VPRN 42 (host 4) on PE-2

The service configuration on PE-1 is as follows. MAC route advertisement is enabled by default. The configuration on PE-2 is similar.

*A:PE-1#
configure
    service
        vpls 16 name "sbd-16" customer 1 create
            description "backhaul EVPN-MPLS R-VPLS 16"
            allow-ip-int-bind
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement          
                evi 16
                mpls bgp 1
                    auto-bind-tunnel
                        resolution any
                    exit
                    no shutdown
                exit
            exit
            no shutdown
        exit
        vprn 161 name "ip-vrf-161" customer 1 create
            ecmp 2
            route-distinguisher auto-rd
            interface "sbd-16" create
                address 172.16.161.1/24
                mac 00:00:00:01:61:01
                vpls "sbd-16"
                exit
            exit
            interface "bd-3" create
                address 30.0.0.1/24
                mac 00:00:00:3e:03:01
                vrrp 1 passive
                    backup 30.0.0.254
                    ping-reply
                    traceroute-reply
                exit
                vpls "bd-3"
                exit
            exit
            no shutdown
        exit
        vpls 3 name "bd-3" customer 1 create
            description "R-VPLS 3 - BD 3"
            allow-ip-int-bind
            exit
            sap pxc-10.a:3 create
                no shutdown
            exit
            no shutdown
        exit
        vprn 31 name "host3" customer 1 create
            description "Host-3 attached to R-VPLS 3"
            route-distinguisher auto-rd
            interface "local" create
                address 30.0.0.111/24
                mac 00:00:00:30:11:01
                sap pxc-10.b:3 create
                exit
            exit
            static-route-entry 0.0.0.0/0
                next-hop 30.0.0.254
                    no shutdown
                exit
            exit
            no shutdown
        exit

PE-1 receives the following BGP-EVPN IP prefix route for prefix 40.0.0.0/24:

*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:16 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag  Route Dist.         Prefix
      Tag                 Gw Address
                          NextHop
                          Label
-------------------------------------------------------------------------------
u*>i  192.0.2.2:16        40.0.0.0/24
      0                   172.16.161.2
                          192.0.2.2
                          LABEL 524286

-------------------------------------------------------------------------------
Routes : 1

The GW address is the IP address 172.16.161.2. The following BGP-EVPN MAC route advertises the corresponding MAC address 00:00:00:01:61:02:

*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:16       
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag  Route Dist.         MacAddr           ESI
      Tag                 Mac Mobility      Label1
                          Ip Address        
                          NextHop           
-------------------------------------------------------------------------------
u*>i  192.0.2.2:16        00:00:00:01:61:02 ESI-0
      0                   Static            LABEL 524286
                          172.16.161.2
                          192.0.2.2

-------------------------------------------------------------------------------
Routes : 1

The following traceroute from host 3 to host 4 shows that the GW IP address is the second hop:

*A:PE-1# traceroute router 31 40.0.0.222 source 30.0.0.111 
traceroute to 40.0.0.222 from 30.0.0.111, 30 hops max, 40 byte packets
  1  30.0.0.1 (30.0.0.1)    1.62 ms  0.569 ms  0.531 ms
  2  172.16.161.2 (172.16.161.2)    2.08 ms  1.19 ms  0.943 ms
  3  40.0.0.222 (40.0.0.222)    2.64 ms  1.30 ms  1.18 ms

The route table and ARP table in VPRN 161 and the FDB in R-VPLS 16 are similar to the ones in theInterface-ful Model with SBD IRB in EVPN-VXLAN section.

Interface-ful Model with Unnumbered SBD IRB in EVPN-MPLS

The GW IP addresses are removed from the "sbd-16" interface in VPRN 161 and an EVPN-tunnel is configured instead. On PE-2, VPRN 161 is configured as follows:

*A:PE-2# configure service vprn 161 
*A:PE-2>config>service>vprn# info 
----------------------------------------------
            ecmp 2
            route-distinguisher auto-rd
            interface "sbd-16" create
                mac 00:00:00:01:61:02
                vpls "sbd-16"
                    evpn-tunnel
                exit
            exit
            interface "bd-4" create
                address 40.0.0.2/24
                mac 00:00:00:2e:04:02
                vrrp 1 passive
                    backup 40.0.0.254
                    ping-reply
                    traceroute-reply
                exit
                vpls "bd-4"
                exit
            exit
            no shutdown
----------------------------------------------

The route table in VPRN 161 and the FDB in R-VPLS 16 are similar to the ones in the Interface-ful Model with Unnumbered SBD IRB in EVPN-VXLAN section.

Interface-less Model in EVPN-MPLS

MAC route advertisement is disabled in backhaul R-VPLS 16, as follows:

*A:PE-1# configure service vpls 16 
*A:PE-1>config>service>vpls# info 
----------------------------------------------
            description "backhaul EVPN-MPLS R-VPLS 16"
            allow-ip-int-bind
            exit
            bgp
            exit
            bgp-evpn
                no mac-advertisement
                ip-route-advertisement
                evi 16
                mpls bgp 1
                    auto-bind-tunnel
                        resolution any
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
----------------------------------------------

The following route table for VPRN 161 contains a BGP-EVPN entry for prefix 40.0.0.0/24 with an EVPN tunnel to GW MAC address 00:00:00:01:61:02:

*A:PE-1# show router 161 route-table 
===============================================================================
Route Table (Service: 161)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
30.0.0.0/24                                   Local   Local     06h02m30s  0
       bd-3                                                         0
40.0.0.0/24                                   Remote  BGP EVPN  00h04m26s  169
       sbd-16 (ET-00:00:00:01:61:02)                                0
-------------------------------------------------------------------------------
No. of Routes: 2

The following FDB for VPLS 16 contains an EVPN entry for GW MAC address 00:00:00:01:61:02. This information is retrieved from a BGP-EVPN RT-5 update.

*A:PE-1# show service id 16 fdb detail 

===============================================================================
Forwarding Database, Service 16
===============================================================================
ServId     MAC               Source-Identifier       Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
16         00:00:00:01:61:01 cpm                     Intf     10/11/18 07:06:48
16         00:00:00:01:61:02 eMpls:                  Evpn     10/11/18 13:07:12
                             192.0.2.2:524286
-------------------------------------------------------------------------------
No. of MAC Entries: 2

However, no EVPN MAC routes were received for R-VPLS 16, as follows:

*A:PE-1# show router bgp routes evpn mac 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag  Route Dist.         MacAddr           ESI
      Tag                 Mac Mobility      Label1
                          Ip Address        
                          NextHop           
-------------------------------------------------------------------------------
No Matching Entries Found.

Conclusion

The three EVPN IP-VRF-to-IP-VRF models each have advantages. Different vendors have chosen different models in the first phases of their EVPN implementations. SR OS supports all three EVPN IP-VRF-to-IP-VRF models, so they can be deployed in all environments where third-party vendors are deployed already.