EVPN IP-VRF-to-IP-VRF Models
This chapter provides information about EVPN IP-VRF-to-IP-VRF Models.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 16.0.R3. SR OS supports the three EVPN IP-VRF-to-IP-VRF models described in draft-ietf-bess-evpn-prefix-advertisement. The two interface-ful models for IPv4 are supported for EVPN-VXLAN in SR OS Release 12.0.R4, and later, and for EVPN-MPLS in SR OS Release 14.0.R1. The interface-less model is supported for IPv4 in EVPN-VXLAN and EVPN-MPLS in SR OS Release 16.0.R2, and later. Interface-less and interface-ful models for IPv6 are supported in SR OS Release 16.0.R4, and later.
Overview
EVPN is considered the standard for Data Centers (DCs) and DC Interconnect (DCI) for layer 2 and layer 3 services. Draft-ietf-bess-evpn-prefix-advertisement describes the following three IP-VRF-to-IP-VRF models:
Interface-less model (mandatory)
Interface-ful model with Supplementary Broadcast Domain (SBD) Interworking Routing and Bridging (IRB) (mandatory)
Interface-ful model with unnumbered SRB IRB (optional)
In standard terminology, SBD is the Broadcast Domain (BD) that joins two IP-VRFs. In SR OS, the SBD is a "backhaul" R-VPLS service that connects two PEs attached to VPRNs of the same VPN. For IP prefix advertisement in the SBD, ip-route-advertisement needs to be enabled in the BGP-EVPN context, whereas mac-advertisement is enabled by default. BGP-EVPN IP prefix route type 5 (RT-5) updates are used in all models; MAC/IP routes (RT-2) are used in the interface-ful models only. In the interface-less model, mac-advertisement must be disabled.
Interface-ful SBD IRB and Interface-ful Unnumbered SBD IRB show the two interface-ful IP-VRF-to-IP-VRF models: SBD IRB and unnumbered SBD IRB. Both interface-ful SBD IRB models require BGP-EVPN IP prefix routes (RT-5) with recursive lookup to MAC/IP routes (RT-2). Host 1 is located in broadcast domain 1 (BD1 corresponds to an R-VPLS) linked to the VRF in PE-1 and host 2 is located in BD2 linked to the VRF in PE-2. The VRFs correspond to VPRNs that are linked to an SBD, which is a backhaul R-VPLS.
The interface-ful SBD IRB model requires an IP address on the VPRN interface for the SBD (IP2 on PE-2); no EVPN tunnel can be used. Both PEs will send BGP-EVPN RT-5 (IP prefix) and BGP-EVPN RT-2 (MAC/IP) updates. PE-2 sends an RT-5 update for IP prefix 20.0.0.0/24 with GW IP address IP2 and an RT-2 update for GW IP address IP2 with MAC2 and next-hop PE-2. On PE-1, the prefix 20.0.0.0/24 appears in the VRF route table as an EVPN route with next-hop GW IP2. The ARP table for the VRF contains the corresponding MAC address MAC2 for the GW IP address IP2. The FDB of the SBD includes an EVPN entry for GW MAC address MAC2 with next-hop PE-2.
When the VPRN is configured toward the SBD with an EVPN tunnel rather than a numbered IP interface, the RT-5 update will contain the GW MAC address MAC2 instead of the GW IP address IP2. Interface-ful Unnumbered SBD IRB shows that PE-2 sends an RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address MAC2 and an RT-2 update for GW MAC address MAC2 with next-hop PE-2. Again, a recursive lookup is done.
Finally, in the interface-less IP-VRF-to-IP-VRF model, mac-advertisement is disabled in the BGP-EVPN context of the backhaul R-VPLS. BGP-EVPN RT-5 updates will contain the GW MAC address, and no RT-2 updates will be sent; therefore, the number of BGP-EVPN updates is reduced and no recursive lookup is done on PE-1. PE-1 adds an entry in its FDB based on an RT-5 route instead of an RT-2 route from PE-2. Interface-less IP-VRF-to-IP-VRF Model shows the interface-less IP-VRF-to-IP-VRF model where PE-2 sends an RT-5 update with GW MAC address MAC2.
Other vendors do not use a service context as the R-VPLS EVPN tunnel shown in Figure 3, and they configure the route targets used for the RT-5 updates in the VPRN (or VRF) instances. When interoperating with those vendors, ensure that the 7x50 R-VPLS route targets match the route targets in the VRF of the third-party router.
The preceding examples are based on EVPN-VXLAN, but IP-VRF-to-IP-VRF also works for EVPN-MPLS. Instead of the VNI, the MPLS label is then included in the RT-5 and RT-2 updates.
EVPN MAC Selection Criteria
In the interface-less scenario, the MAC address entry in the R-VPLS FDB that is required to forward packets to the remote PE is obtained from an internal MAC/IP route. This internal route is obtained from the router MAC extended community in the BGP-EVPN RT-5 update. In case the same MAC address is received in multiple ways, the following MAC selection criteria apply. Beginning with criterion (1), the MAC is selected if the criterion is met, or the next criterion is applied. As indicated in (8), a MAC received from an RT-2 has higher priority than a MAC populated by the router MAC extended community in an RT-5 update.
Conditional static MAC addresses (locally protected MAC addresses)
Auto-learned protected MAC addresses (locally learned MAC addresses on SAPs or SDP-bindings due to the configuration of auto-learn-mac-protect)
EVPN ES PBR MAC addresses
EVPN static MAC addresses (remotely protected MAC addresses)
Data plane learned MAC addresses (regular learning on SAPs or SDP-bindings)
EVPN MAC routes with a higher sequence number
EVPN E-Tree root MAC addresses
EVPN non-RT-5 MAC addresses (this tie-breaking rule is only applied if the selection algorithm is comparing received MAC routes (RT-2) and internal MAC routes derived from the MAC addresses in IP-prefix routes, such as RT-5 MACs)
Lowest IP address for the next-hop of the EVPN NLRI
Lowest Ethernet tag (that will be zero for MPLS and might be different from zero for VXLAN)
Lowest route distinguisher
Lowest BGP instance (this tie-breaking rule is only applied if the preceding rules fail to select a unique MAC address and the service has two BGP instances of the same encapsulation)
EVPN IP-VRF-to-IP-VRF Model Comparison
Each model has its advantages. EVPN IP-VRF-to-IP-VRF Model Comparison compares the three IP-VRF-to-IP-VRF models.
Advantage |
Model 1 Interface-less |
Model 2 Interface-ful SBD IRB |
Model 3 Interface-ful unnumbered SBD IRB |
|---|---|---|---|
Reduced number of EVPN routes |
Yes |
No |
No |
Ease of provisioning (no IP address on core IRB) |
Yes |
No |
Yes |
Mass withdrawal due to recursive resolution |
No |
Yes |
Yes |
Configuration
The following use cases are documented in this chapter:
IP-VRF-to-IP-VRF Models in EVPN-VXLAN
Interface-ful model with SBD IRB in EVPN-VXLAN
Interface-ful model with unnumbered SBD IRB in EVPN-VXLAN
Interface-less model in EVPN-VXLAN
IP-VRF-to-IP-VRF Models in EVPN-MPLS
Interface-ful model with SBD IRB in EVPN-MPLS
Interface-ful model with unnumbered SBD IRB in EVPN-MPLS
Interface-less model in EVPN-MPLS
IP-VRF-to-IP-VRF Model in EVPN-VXLAN
Example Topology with Services - EVPN-VXLAN shows the example topology with two PEs. Hosts 1 and 2-emulated through VPRNs 11 and 22-are attached to R-VPLS 1 and 2 respectively.
The initial configuration on the PEs includes the following:
Cards, MDAs, ports
Router interfaces
IS-IS (alternatively, OSPF can be used)
BGP for address family EVPN
On PE-1, the BGP configuration is as follows. The BGP configuration on PE-2 is similar.
*A:PE-1#
configure
router
autonomous-system 64500
bgp
vpn-apply-import
vpn-apply-export
rapid-withdrawal
rapid-update evpn
group "dc"
family evpn
type internal
neighbor 192.0.2.2
exit
exit
exit
Interface-ful Model with SBD IRB in EVPN-VXLAN
The service configuration on PE-1 includes the SBD R-VPLS 15, VPRN 151, and R-VPLS 1. The service configuration on PE-2 is similar, but R-VPLS 2 is configured instead of R-VPLS 1.
On PE-1, SBD R-VPLS 15 is configured with VNI 15, as follows. MAC advertisement is enabled by default, but IP route advertisement must be enabled explicitly. Only one BGP instance and one VXLAN instance are configured.
*A:PE-1#
configure
service
vpls 15 name "sbd-15" customer 1 create
description "backhaul R-VPLS 15"
allow-ip-int-bind
exit
vxlan instance 1 vni 15 create
exit
bgp
exit
bgp-evpn
ip-route-advertisement
evi 15
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
no shutdown
exit
VPRN 151 has two interfaces: one toward the SBD R-VPLS 15 and one toward BD R-VPLS 1. The interface toward the SBD has GW IP address 172.16.151.1/24 and MAC address 00:00:00:01:51:01. The interface toward R-VPLS 1 has IP address 10.0.0.1/24 and MAC address 00:00:00:1e:01:01. VRRP is configured in passive mode, so PE-1 uses the backup IP address as an anycast gateway. The backup IP address is 10.0.0.254 and the auto-derived virtual MAC address is 00:00:5e:00:00:01 for VRID 1. On PE-1, VPRN 151 is configured as follows:
*A:PE-1#
configure
service
vprn 151 name "ip-vrf-151" customer 1 create
ecmp 2
route-distinguisher auto-rd
interface "sbd-15" create
address 172.16.151.1/24
mac 00:00:00:01:51:01
vpls "sbd-15"
exit
exit
interface "bd-1" create
address 10.0.0.1/24
mac 00:00:00:1e:01:01
vrrp 1 passive
backup 10.0.0.254
ping-reply
traceroute-reply
exit
vpls "bd-1"
exit
exit
no shutdown
exit
On PE-1, R-VPLS 1 is configured as follows. Host 1 is attached to the SAP.
*A:PE-1#
configure
service
vpls 1 name "bd-1" customer 1 create
description "R-VPLS 1 - BD 1"
allow-ip-int-bind
exit
sap pxc-10.a:1 create
no shutdown
exit
no shutdown
exit
In this example, host 1 is simulated by VPRN 11, as follows. The default route has next-hop 10.0.0.254, which is the VRRP backup address in VPRN 151.
*A:PE-1#
configure
service
vprn 11 name "host1" customer 1 create
description "Host-1 attached to R-VPLS 1"
route-distinguisher auto-rd
interface "local" create
address 10.0.0.111/24
mac 00:00:00:10:11:01
sap pxc-10.b:1 create
exit
exit
static-route-entry 0.0.0.0/0
next-hop 10.0.0.254
no shutdown
exit
exit
no shutdown
exit
The service configuration on PE-2 is similar, with R-VPLS 2 instead of R-VPLS 1 and VPRN 22 instead of VPRN 11. The GW IP address on PE-2 is 172.16.151.2/24, interface "bd-2" in VPRN 151 has IP address 20.0.0.2/24, and host 2 has IP address 20.0.0.222/24.
PE-1 receives a BGP-EVPN RT-5 update from PE-2 for IP prefix 20.0.0.0/24, as follows. The GW IP address is 172.16.151.2 and the next-hop is PE-2.
*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:15 20.0.0.0/24
0 172.16.151.2
192.0.2.2
VNI 15
-------------------------------------------------------------------------------
Routes : 1
PE-1 receives the following BGP-EVPN MAC update for MAC address 00:00:00:01:51:02, which corresponds to GW IP 172.16.151.2:
*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.2:15 00:00:00:01:51:02 ESI-0
0 Static VNI 15
172.16.151.2
192.0.2.2
-------------------------------------------------------------------------------
Routes : 1
The following traceroute on PE-1 from host 1 to host 2 shows that the first hop is 10.0.0.1 (interface "bd-1" in VPRN 151 on PE-1), the second hop is the IP GW address 172.16.151.2 (interface "sbd-15" in VPRN 151 on PE-2), and the third hop is host 2 with IP address 20.0.0.222:
*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
1 10.0.0.1 (10.0.0.1) 0.695 ms 0.489 ms 0.536 ms
2 172.16.151.2 (172.16.151.2) 1.16 ms 1.00 ms 0.840 ms
3 20.0.0.222 (20.0.0.222) 1.13 ms 1.16 ms 1.24 ms
On PE-1, the following route table for VPRN 151 contains a BGP-EVPN route for IP prefix 20.0.0.0/24 with next-hop 172.16.151.2 and preference 169 (whereas BGP-VPN routes for IP-VPN have a preference of 170):
*A:PE-1# show router 151 route-table
===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/24 Local Local 04h05m45s 0
bd-1 0
20.0.0.0/24 Remote BGP EVPN 02h33m29s 169
172.16.151.2 0
172.16.151.0/24 Local Local 04h01m07s 0
sbd-15 0
-------------------------------------------------------------------------------
No. of Routes: 3
On PE-1, the following ARP table of VPRN 151 contains an EVPN entry for GW IP address 172.16.151.2:
*A:PE-1# show router 151 arp
===============================================================================
ARP Table (Service: 151)
===============================================================================
IP Address MAC Address Expiry Type Interface
-------------------------------------------------------------------------------
172.16.151.1 00:00:00:01:51:01 00h00m00s Oth[I] sbd-15
172.16.151.2 00:00:00:01:51:02 00h00m00s Evp[I] sbd-15
10.0.0.1 00:00:00:1e:01:01 00h00m00s Oth[I] bd-1
10.0.0.111 00:00:00:10:11:01 03h58m06s Dyn[I] bd-1
10.0.0.254 00:00:5e:00:01:01 00h00m00s Oth[I] bd-1
-------------------------------------------------------------------------------
No. of ARP Entries: 5
The following FDB on PE-1 shows a static and protected EVPN entry for MAC address 00:00:00:01:51:02:
*A:PE-1# show service id 15 fdb detail
===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
15 00:00:00:01:51:01 cpm Intf 10/11/18 06:55:47
15 00:00:00:01:51:02 vxlan-1: EvpnS 10/11/18 09:07:16
P
192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
*A:PE-1#
Interface-ful Model with Unnumbered SBD IRB in EVPN-VXLAN
On both PEs, the GW IP addresses 172.16.151.x/24 are removed from interface "sbd-15" in VPRN 151 and an EVPN tunnel is configured instead. The changes in the configuration of VPRN 151 on PE-1 are the following:
*A:PE-1#
configure
service
vprn 151
interface "sbd-15"
no address 172.16.151.1/24
vpls "sbd-15"
evpn-tunnel
exit
exit
Similarly, the following is configured in VPRN 151 on PE-2:
*A:PE-2#
configure
service
vprn 151
interface "sbd-15"
no address 172.16.151.2/24
vpls "sbd-15"
evpn-tunnel
exit
exit
The configuration of VPRN 151 on PE-2 is as follows:
*A:PE-2>config>service>vprn# info
----------------------------------------------
ecmp 2
route-distinguisher auto-rd
interface "sbd-15" create
mac 00:00:00:01:51:02
vpls "sbd-15"
evpn-tunnel
exit
exit
interface "bd-2" create
address 20.0.0.2/24
mac 00:00:00:2e:02:02
vrrp 1 passive
backup 20.0.0.254
ping-reply
traceroute-reply
exit
vpls "bd-2"
exit
exit
no shutdown
----------------------------------------------
The provisioning is easier with unnumbered SBD IRB because no IRB IP addresses need to be configured in the VPRN.
PE-1 receives the following RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address 00:00:00:01:51:02, because there is no GW IP address. The GW MAC address is used in the VPRN route table, where the EVPN tunnel leads toward this GW MAC address.
*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:15 20.0.0.0/24
0 00:00:00:01:51:02
192.0.2.2
VNI 15
-------------------------------------------------------------------------------
Routes : 1
MAC advertisement is by default enabled, so PE-1 also receives the following RT-2 update for the GW MAC address. The interface is unnumbered, so there is no corresponding IP address.
*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.2:15 00:00:00:01:51:02 ESI-0
0 Static VNI 15
n/a
192.0.2.2
-------------------------------------------------------------------------------
Routes : 1
The following traceroute from host 1 to host 2 shows that the second hop now is 20.0.0.2, which corresponds to the "bd-2" interface in VPRN 151 on PE-2. The other hops remain the same as in the preceding case.
*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
1 10.0.0.1 (10.0.0.1) 0.804 ms 0.518 ms 0.493 ms
2 20.0.0.2 (20.0.0.2) 1.01 ms 1.39 ms 1.04 ms
3 20.0.0.222 (20.0.0.222) 1.26 ms 1.27 ms 1.10 ms
The following route table of VPRN 151 on PE-1 shows a BGP-EVPN route for IP prefix 20.0.0.0/24 with EVPN tunnel (ET) to GW MAC address 00:00:00:01:51:02:
*A:PE-1# show router 151 route-table
===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/24 Local Local 04h42m30s 0
bd-1 0
20.0.0.0/24 Remote BGP EVPN 00h14m14s 169
sbd-15 (ET-00:00:00:01:51:02) 0
-------------------------------------------------------------------------------
No. of Routes: 2
The following ARP table for VPRN 151 does not contain any entries for interface "sbd-15", because they are unnumbered:
*A:PE-1# show router 151 arp "sbd-15"
===============================================================================
ARP Table (Service: 151)
===============================================================================
IP Address MAC Address Expiry Type Interface
-------------------------------------------------------------------------------
No Matching Entries Found
However, internally, ARP entries are created. The following command shows that the same number of ARP entries are consumed as in the preceding use case with the numbered interface "sbd-15". The BGP-EVPN ARP entry corresponds to the GW interface "sbd-15" on the BGP peer.
*A:PE-1# show router 151 arp summary
============================================================
ARP Table Summary (Service: 151)
============================================================
Local ARP Entries : 3
Static ARP Entries : 0
Dynamic ARP Entries : 1
Managed ARP Entries : 0
Internal ARP Entries : 0
BGP-EVPN ARP Entries : 1
------------------------------------------------------------
No. of ARP Entries : 5
============================================================
*A:PE-1#
The FDB for R-VPLS 15 on PE-1 is as follows:
*A:PE-1# show service id 15 fdb detail
===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
15 00:00:00:01:51:01 cpm Intf 10/11/18 06:55:47
15 00:00:00:01:51:02 vxlan-1: EvpnS 10/11/18 12:03:16
P
192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
*A:PE-1#
Interface-less Model in EVPN-VXLAN
The only difference from the preceding configuration is that MAC route advertisement is disabled in the backhaul R-VPLS 15 on both PEs, as follows:
*A:PE-1#
configure
service
vpls 15
bgp-evpn
no mac-advertisement
exit
The configuration of R-VPLS 16 on PE-2 is as follows:
*A:PE-2# configure service vpls 15
*A:PE-2>config>service>vpls# info
----------------------------------------------
description "backhaul R-VPLS 15"
allow-ip-int-bind
exit
vxlan instance 1 vni 15 create
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 15
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
----------------------------------------------
Again, the provisioning is easier with unnumbered SBD IRB because no IRB IP addresses need to be configured in the VPRN.
PE-1 receives the following BGP-EVPN RT-5 update for IP prefix 20.0.0.0/24 with GW MAC address 00:00:00:01:51:02, which is the same as in the preceding use case:
*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:15 20.0.0.0/24
0 00:00:00:01:51:02
192.0.2.2
VNI 15
-------------------------------------------------------------------------------
Routes : 1
PE-1 does not receive any BGP-EVPN RT-2 updates because PE-2 does not advertise any MAC addresses in R-VPLS 15, as follows:
*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:15
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
No Matching Entries Found.
The following traceroute from host 1 to host 2 shows that the second hop is the IP address of the "bd-2" interface in VPRN 151 on PE-2, as in the preceding use case:
*A:PE-1# traceroute router 11 20.0.0.222 source 10.0.0.111
traceroute to 20.0.0.222 from 10.0.0.111, 30 hops max, 40 byte packets
1 10.0.0.1 (10.0.0.1) 0.643 ms 0.554 ms 0.549 ms
2 20.0.0.2 (20.0.0.2) 1.08 ms 1.13 ms 0.988 ms
3 20.0.0.222 (20.0.0.222) 1.31 ms 1.22 ms 1.29 ms
The following route table for VPRN 151 on PE-1 shows a BGP-EVPN route for IP prefix 20.0.0.0/24 with EVPN tunnel:
*A:PE-1# show router 151 route-table
===============================================================================
Route Table (Service: 151)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/24 Local Local 05h06m26s 0
bd-1 0
20.0.0.0/24 Remote BGP EVPN 00h38m10s 169
sbd-15 (ET-00:00:00:01:51:02) 0
-------------------------------------------------------------------------------
No. of Routes: 2
The following FDB in R-VPLS 15 on PE-1 shows an EVPN entry for GW MAC address 00:00:00:01:51:02, which is created out of the RT-5 GW MAC (router MAC extended community):
*A:PE-1# show service id 15 fdb detail
===============================================================================
Forwarding Database, Service 15
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
15 00:00:00:01:51:01 cpm Intf 10/11/18 06:55:47
15 00:00:00:01:51:02 vxlan-1: Evpn 10/11/18 12:29:36
192.0.2.2:15
-------------------------------------------------------------------------------
No. of MAC Entries: 2
IP-VRF-to-IP-VRF Models in EVPN-MPLS
The three IP-VRF-to-IP-VRF models are also supported in EVPN-MPLS. Example Topology with Services - EVPN-MPLS shows the example topology with the services R-VPLS 16, VPRN 161, R-VPLS 3 (or 4), and VPRN 31 for host 3 (or VPRN 42 for host 4).
For MPLS, LDP is configured on the interface between PE-1 and PE-2.
Interface-ful Model with SBD IRB in EVPN-MPLS
The following services are configured on PE-1 and PE-2:
Backhaul R-VPLS 16
VPRN 161
R-VPLS 3 on PE-1; R-VPLS 4 on PE-2
VPRN 31 (host 3) on PE-1; VPRN 42 (host 4) on PE-2
The service configuration on PE-1 is as follows. MAC route advertisement is enabled by default. The configuration on PE-2 is similar.
*A:PE-1#
configure
service
vpls 16 name "sbd-16" customer 1 create
description "backhaul EVPN-MPLS R-VPLS 16"
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
ip-route-advertisement
evi 16
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
no shutdown
exit
vprn 161 name "ip-vrf-161" customer 1 create
ecmp 2
route-distinguisher auto-rd
interface "sbd-16" create
address 172.16.161.1/24
mac 00:00:00:01:61:01
vpls "sbd-16"
exit
exit
interface "bd-3" create
address 30.0.0.1/24
mac 00:00:00:3e:03:01
vrrp 1 passive
backup 30.0.0.254
ping-reply
traceroute-reply
exit
vpls "bd-3"
exit
exit
no shutdown
exit
vpls 3 name "bd-3" customer 1 create
description "R-VPLS 3 - BD 3"
allow-ip-int-bind
exit
sap pxc-10.a:3 create
no shutdown
exit
no shutdown
exit
vprn 31 name "host3" customer 1 create
description "Host-3 attached to R-VPLS 3"
route-distinguisher auto-rd
interface "local" create
address 30.0.0.111/24
mac 00:00:00:30:11:01
sap pxc-10.b:3 create
exit
exit
static-route-entry 0.0.0.0/0
next-hop 30.0.0.254
no shutdown
exit
exit
no shutdown
exit
PE-1 receives the following BGP-EVPN IP prefix route for prefix 40.0.0.0/24:
*A:PE-1# show router bgp routes evpn ip-prefix rd 192.0.2.2:16
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:16 40.0.0.0/24
0 172.16.161.2
192.0.2.2
LABEL 524286
-------------------------------------------------------------------------------
Routes : 1
The GW address is the IP address 172.16.161.2. The following BGP-EVPN MAC route advertises the corresponding MAC address 00:00:00:01:61:02:
*A:PE-1# show router bgp routes evpn mac rd 192.0.2.2:16
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.2:16 00:00:00:01:61:02 ESI-0
0 Static LABEL 524286
172.16.161.2
192.0.2.2
-------------------------------------------------------------------------------
Routes : 1
The following traceroute from host 3 to host 4 shows that the GW IP address is the second hop:
*A:PE-1# traceroute router 31 40.0.0.222 source 30.0.0.111
traceroute to 40.0.0.222 from 30.0.0.111, 30 hops max, 40 byte packets
1 30.0.0.1 (30.0.0.1) 1.62 ms 0.569 ms 0.531 ms
2 172.16.161.2 (172.16.161.2) 2.08 ms 1.19 ms 0.943 ms
3 40.0.0.222 (40.0.0.222) 2.64 ms 1.30 ms 1.18 ms
The route table and ARP table in VPRN 161 and the FDB in R-VPLS 16 are similar to the ones in theInterface-ful Model with SBD IRB in EVPN-VXLAN section.
Interface-ful Model with Unnumbered SBD IRB in EVPN-MPLS
The GW IP addresses are removed from the "sbd-16" interface in VPRN 161 and an EVPN-tunnel is configured instead. On PE-2, VPRN 161 is configured as follows:
*A:PE-2# configure service vprn 161
*A:PE-2>config>service>vprn# info
----------------------------------------------
ecmp 2
route-distinguisher auto-rd
interface "sbd-16" create
mac 00:00:00:01:61:02
vpls "sbd-16"
evpn-tunnel
exit
exit
interface "bd-4" create
address 40.0.0.2/24
mac 00:00:00:2e:04:02
vrrp 1 passive
backup 40.0.0.254
ping-reply
traceroute-reply
exit
vpls "bd-4"
exit
exit
no shutdown
----------------------------------------------
The route table in VPRN 161 and the FDB in R-VPLS 16 are similar to the ones in the Interface-ful Model with Unnumbered SBD IRB in EVPN-VXLAN section.
Interface-less Model in EVPN-MPLS
MAC route advertisement is disabled in backhaul R-VPLS 16, as follows:
*A:PE-1# configure service vpls 16
*A:PE-1>config>service>vpls# info
----------------------------------------------
description "backhaul EVPN-MPLS R-VPLS 16"
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 16
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
----------------------------------------------
The following route table for VPRN 161 contains a BGP-EVPN entry for prefix 40.0.0.0/24 with an EVPN tunnel to GW MAC address 00:00:00:01:61:02:
*A:PE-1# show router 161 route-table
===============================================================================
Route Table (Service: 161)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
30.0.0.0/24 Local Local 06h02m30s 0
bd-3 0
40.0.0.0/24 Remote BGP EVPN 00h04m26s 169
sbd-16 (ET-00:00:00:01:61:02) 0
-------------------------------------------------------------------------------
No. of Routes: 2
The following FDB for VPLS 16 contains an EVPN entry for GW MAC address 00:00:00:01:61:02. This information is retrieved from a BGP-EVPN RT-5 update.
*A:PE-1# show service id 16 fdb detail
===============================================================================
Forwarding Database, Service 16
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
16 00:00:00:01:61:01 cpm Intf 10/11/18 07:06:48
16 00:00:00:01:61:02 eMpls: Evpn 10/11/18 13:07:12
192.0.2.2:524286
-------------------------------------------------------------------------------
No. of MAC Entries: 2
However, no EVPN MAC routes were received for R-VPLS 16, as follows:
*A:PE-1# show router bgp routes evpn mac
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
No Matching Entries Found.
Conclusion
The three EVPN IP-VRF-to-IP-VRF models each have advantages. Different vendors have chosen different models in the first phases of their EVPN implementations. SR OS supports all three EVPN IP-VRF-to-IP-VRF models, so they can be deployed in all environments where third-party vendors are deployed already.