EVPN ESI Type 1
This chapter provides information about EVPN ESI Type 1.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.5.R1.
Overview
In SR OS releases earlier than 21.5.R1, the 10-byte Ethernet Segment Identifier (ESI) can only be configured manually; the auto-derived EVPN ESI type 1 (as per RFC 7432) is supported in SR OS Release 21.5.R1 and later. The auto-esi command is used to configure the ESI mode.
*A:PE-2>config>service>system>bgp-evpn>eth-seg$ auto-esi ?
  - auto-esi {none|type-1}
The default auto-esi value is none, which forces the user to configure the 10-byte ESI manually. When type-1 is configured, a manual ESI cannot be configured and the ESI is auto-derived, as per RFC 7432.
ESI type 1 is auto-derived from the CE's Link Aggregation Control Protocol (LACP) system MAC address and port key. ESI type 1 example shows an example of ESI type 1 for LACP system MAC address 00:00:5e:00:53:00 and administrative key 257 (= 0x0101).
 
            RFC 7432, section "Ethernet Segment", defines ESI type 1 as follows:
- Type 0x01 (byte 0)
- CE LACP system MAC address (bytes 1 through 6); for example, 00:00:5e:00:53:00
- CE LACP port key (bytes 7 and 8); for example, 0x0101
- 0x00 (byte 9 must be zero)
As per RFC 7432, this mechanism can only be used if the ESIs are unique, so the CE LACP system MAC and LACP port key combinations must be unique in the network.
ESI auto-configuration example shows the example where CE-1 has LACP system MAC address 00:00:5e:00:53:00 and LACP port key 257 (= 0x0101). CE-1 sends Link Aggregation Control Protocol Data Units (LACPDUs) to PE-2 and PE-3 with these values. Both PE-2 and PE-3 use ESI 01:00:00:5e:00:53:00:01:01:00 in ES "ESI-23". This applies both to all-active and to single-active ESs.
 
            The CE treats both PE-2 and PE-3 as the same switch. This allows the CE to aggregate links that are attached to different PEs in the same bundle.
When the ES LAG goes operationally down, due to the ports going down or LACP going down or standby, the previously auto-derived ESI is retained. However, when the LACP information on the CE is changed, such as a different LACP port key, the ES goes down and a new ESI will be generated.
The all-active ES "AA-ESI-23" with ESI type 1 is configured as follows:
# on PE-2, PE-3:
configure
    service
        system
            bgp-evpn
                ethernet-segment "AA-ESI-23" create
                    auto-esi type-1
                    service-carving
                        mode auto
                    exit
                    multi-homing all-active
                    ac-df-capability exclude   
                    lag 1
                    no shutdown
                exit
The following restrictions apply for ESI type 1:
- 
                    ESI type 1 is only supported on non-virtual (regular) ESs. The following error message is raised when attempting to configure auto-esi type-1 for a virtual ES: *A:PE-2>config>service>system>bgp-evpn# ethernet-segment "vES-23" virtual create *A:PE-2>config>service>system>bgp-evpn>eth-seg$ auto-esi type-1 MINOR: SVCMGR #8050 Ethernet segment config cannot be modified - auto-esi not supported with virtual ethernet-segment
- 
                    ESI type 1 is not supported in ESs with associations other than LAG: *A:PE-2>config>service>system>bgp-evpn>eth-seg$ port 1/2/1 MINOR: SVCMGR #8048 Ethernet segment association is not valid - not allowed with auto-esi *A:PE-2>config>service>system>bgp-evpn>eth-seg# sdp 24 MINOR: SVCMGR #8048 Ethernet segment association is not valid - not allowed with auto-esi
- 
                    An ES with ESI type 1 can only be enabled if the LAG has LACP enabled: *A:PE-2>config>service>system>bgp-evpn>eth-seg$ lag 4 *A:PE-2>config>service>system>bgp-evpn>eth-seg$ no shutdown MINOR: SVCMGR #8057 Ethernet segment cannot change admin state - LACP not enabled on LAG for auto-esi type 1 ethernet-segment
- 
                    ESI type 1 is allowed with all-active and single-active ESs. When used in single-active mode, the CE must use a single LAG to connect to the multi-homed PEs. 
- 
                    It is not possible to manually configure an ESI when auto-esi type-1 is configured: *A:PE-2>config>service>system>bgp-evpn>eth-seg# esi 01:00:00:00:00:23:00:00:00:01 MINOR: SVCMGR #8050 Ethernet segment config cannot be modified - esi value and auto-esi type incompatible
- 
                    An ES with a manually configured ESI cannot be created with the same ESI value as the auto-derived ESI type 1 in another ES. *A:PE-2>config>service>system>bgp-evpn>eth-seg# esi 01:00:00:5e:00:53:00:01:01:00 MINOR: SVCMGR #8047 Ethernet segment id is not valid - ESI already in use by another ethernet segment
- 
                    If an ES with manual ESI is active and another ES is configured with an auto-derived ESI with the same value as the manual ESI, the auto-ESI value is deleted, and a log event is added to log "99": # in log "99": 97 2022/05/20 15:21:23.873 UTC MINOR: SVCMGR #2610 Base "The Auto Ethernet segment identifier type-1 has been deleted for Ethernet Segment AA-ESI-23 because the new ID 01:00:00:5e:00:53:00:01:01:00 conflicts with ES AA-ESI-23-5"
Configuration
In this section, ESI type 1 is configured in the following use cases:
- ESI type 1 in all-active ESs
- ESI type 1 in single-active ESs
Example topology shows the example topology with four PEs and two CEs. CE-1 is connected via LAG 1 to the all-active ES "AA-ESI-23" on PE-2 and PE-3; CE-6 is connected via LAG-2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. In this example, an EVPN-MPLS VPLS is configured, but other services are also supported.
 
            The initial configuration includes:
- cards, MDAs, ports
- on PEs: router interfaces, IS-IS, LDP
On the PEs, BGP is configured for the EVPN address family. PE-2 acts as the route reflector with the following configuration:
# on PE-2:
configure
    router Base
        autonomous-system 64500
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            rapid-update evpn
            group "internal"
                family evpn
                cluster 1.1.1.1
                peer-as 64500
                neighbor 192.0.2.3
                exit
                neighbor 192.0.2.4
                exit
                neighbor 192.0.2.5
                exit
            exit
On CE-1, LAG 1 is configured with LACP enabled and administrative key 257, as follows:
# on CE-1:
configure
    lag 1 name "lag-1"
        mode hybrid
        encap-type dot1q
        port 1/1/1
        port 1/1/2
        lacp active administrative-key 257
        no shutdown
The LACP system MAC address of CE-1 can be retrieved with the following command:
*A:CE-1# show chassis | match MAC
  Base MAC address                  : 00:00:5e:00:53:00
ESI type 1 in all-active ESs
On PE-2 and PE-3, the all-active ES "AA-ESI-23" is configured with auto-esi type-1 and LAG 1:
# on PE-2, PE-3:
configure
    service
        system
            bgp-evpn
                ethernet-segment "AA-ESI-23" create
                    auto-esi type-1
                    service-carving
                        mode auto
                    exit
                    multi-homing all-active
                    lag 1
                    no shutdown
                exit
The EVPN-MPLS VPLS 1 is configured as follows:
# on PE-2, PE-3:
configure
    service
        vpls 1 name "VPLS 1" customer 1 create
            bgp
            exit
            bgp-evpn
                evi 1
                mpls bgp 1
                    ingress-replication-bum-label
                    ecmp 2
                    auto-bind-tunnel
                        resolution any
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            sap lag-1:1 create
                no shutdown
            exit
            no shutdown
        exit
The operational ESI on PE-2 is 01:00:00:5e:00:53:00:01:01:00 for CE LACP system MAC address 00:00:5e:00:53:00 and administrative key 0x0101, as can be verified with the following command:
*A:PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23"
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : AA-ESI-23
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : auto-esi
Oper ESI                : 01:00:00:5e:00:53:00:01:01:00
Auto-ESI Type           : Type 1
AC DF Capability        : Include
Multi-homing            : allActive          Oper Multi-homing  : allActive
ES SHG Label            : 524283
Source BMAC LSB         : None
Lag Id                  : 1
ES Activation Timer     : 3 secs (default)
Oper Group              : (Not Specified)
Svc Carving             : auto               Oper Svc Carving   : auto
Cfg Range Type          : primary
===============================================================================
This output is slightly different for a manually configured ES, as follows:
# on PE-2, PE-3:
configure
    service
        system
            bgp-evpn
                ethernet-segment "AA-ESI-23-5" 
                    esi 01:00:00:00:00:23:05:00:00:01
                    service-carving
                        mode auto
                    exit
                    multi-homing all-active
                    lag 5
                    no shutdown
                exit
*A:PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23-5"
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : AA-ESI-23-5
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : 01:00:00:00:00:23:05:00:00:01
Oper ESI                : 01:00:00:00:00:23:05:00:00:01
Auto-ESI Type           : None
AC DF Capability        : Include
Multi-homing            : allActive          Oper Multi-homing  : allActive
ES SHG Label            : 524282
Source BMAC LSB         : None
Lag Id                  : 5
ES Activation Timer     : 3 secs (default)
Oper Group              : (Not Specified)
Svc Carving             : auto               Oper Svc Carving   : auto
Cfg Range Type          : primary
===============================================================================
ESI type 1 in single-active ESs
CE-6 is connected via LAG 2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. An ES operational group and LAG monitor operational group is required in this use case.
On CE-6, LAG 2 is configured with LACP enabled and administrative key 32768 (= 0x8000), as follows:
# on CE-6:
configure
    lag 2 name "lag-2"
        mode hybrid
        encap-type dot1q
        port 1/1/1
        port 1/1/2
        lacp active administrative-key 32768
        no shutdown
The LACP system MAC address of CE-6 is the following:
*A:CE-6# show chassis | match MAC
  Base MAC address                  : 00:00:5e:00:53:f6
On PE-4 and PE-5, operational group "op-grp-2" is configured and assigned to single-active ES "SA-ESI-45".
LAG 2 monitors this operational group. The configuration is as follows:
# on PE-4:
configure
    service
        oper-group "op-grp-2" create
            hold-time
                group down 0    # default
                group up 0
            exit
       exit
    exit
    lag 2 name "lag-2"
        mode access
        encap-type dot1q
        monitor-oper-group "op-grp-2"
        port 1/1/1
        lacp active administrative-key 1 system-id 00:00:00:00:45:02
        no shutdown
    exit
    service
        system
            bgp-evpn
                ethernet-segment "SA-ESI-45" create
                    auto-esi type-1
                    service-carving
                        mode manual        # required for oper-group
                        manual
                            preference non-revertive create
                                value 200
                            exit
                        exit
                    exit
                    multi-homing single-active
                    ac-df-capability exclude    
                    lag 2
                    oper-group "op-grp-2"       
                    no shutdown
                exit
            exit
        exit
        vpls 1 name "VPLS 1" customer 1 create
            bgp
            exit
            bgp-evpn
                evi 1
                mpls bgp 1
                    ingress-replication-bum-label
                    ecmp 2
                    auto-bind-tunnel
                        resolution any
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            sap lag-2:1 create
                no shutdown
            exit
            no shutdown
        exit
The following command on Designated Forwarder (DF) PE-4 shows that the operational ESI is 01:00:00:5e:00:53:f6:80:00:00:
# on PE-4:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" all
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : SA-ESI-45
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : auto-esi
Oper ESI                : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type           : Type 1
AC DF Capability        : Exclude
Multi-homing            : singleActive       Oper Multi-homing  : singleActive
ES SHG Label            : 524283
Source BMAC LSB         : None
Lag Id                  : 2
ES Activation Timer     : 3 secs (default)
Oper Group              : op-grp-2
Svc Carving             : manual             Oper Svc Carving   : manual
Cfg Range Type          : lowest-pref
 
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference     Preference     Last Admin Change        Oper Pref      Do No
Mode           Value                                   Value          Preempt
-------------------------------------------------------------------------------
non-revertive  200            06/08/2022 15:02:13      200            Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
 
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   yes
-------------------------------------------------------------------------------
Number of entries: 1
===============================================================================
 
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.4
1                                       192.0.2.5
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
The operational ESI on Non-Designated Forwarder (NDF) PE-5 is the same as for PE-4.
The operational status of the operational group "op-grp-2" on DF PE-4 is up, while it is down on NDF PE-5 where the ES is inactive, as follows:
*A:PE-4# show service oper-group "op-grp-2"
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-2
Creation Origin  : manual                          Oper Status: up
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
*A:PE-5# show service oper-group "op-grp-2" detail
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-2
Creation Origin  : manual                          Oper Status: down
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
 
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-2
===============================================================================
Ethernet-Segment                        Status
-------------------------------------------------------------------------------
SA-ESI-45                               Inactive
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
 
===============================================================================
Monitoring LAG for OperGroup: op-grp-2
===============================================================================
Lag-id         Adm       Opr       Weighted  Threshold Up-Count  Act/Stdby
    name
-------------------------------------------------------------------------------
2              up        down      No        0         0         N/A
    lag-2
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
LAG 2 monitors the operational group "op-grp-2", so it follows the state of the ES "SA-ESI-45". On DF PE-4, LAG 2 is operationally up:
*A:PE-4# show lag "lag-2"
 
===============================================================================
Lag Data
===============================================================================
Lag-id         Adm     Opr     Weighted Threshold Up-Count MC Act/Stdby
    name
-------------------------------------------------------------------------------
2              up      up      No       0         1        N/A
    lag-2
===============================================================================
On NDF PE-5, LAG 2 is operationally down with reason operGroupDown:
*A:PE-5# show lag "lag-2" detail
 
===============================================================================
LAG Details
===============================================================================
Description        : N/A
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
Lag-id              : 2                     Mode                 : access
Lag-name            : lag-2
Adm                 : up                    Opr                  : down
Reason Down         : operGroupDown
Thres. Last Cleared : 05/20/2022 14:57:23   Thres. Exceeded Cnt  : 0
Dynamic Cost        : false                 Encap Type           : dot1q
Configured Address  : 02:1f:ff:00:01:42     Lag-IfIndex          : 1342177282
Hardware Address    : 02:1f:ff:00:01:42     Adapt Qos (access)   : distribute
Hold-time Down      : 0.0 sec               Port Type            : standard
Per-Link-Hash       : disabled
Include-Egr-Hash-Cfg: disabled              Forced               : -
Per FP Ing Queuing  : disabled              Per FP Egr Queuing   : disabled
Per FP SAP Instance : disabled
Access Bandwidth    : N/A                   Access Booking Factor: 100
Access Available BW : 0
Access Booked BW    : 0
LACP                : enabled               Mode                 : active
LACP Transmit Intvl : fast                  LACP xmit stdby      : enabled
Selection Criteria  : highest-count         Slave-to-partner     : disabled
MUX control         : coupled
Subgrp hold time    : 0.0 sec               Remaining time       : 0.0 sec
Subgrp selected     : 1                     Subgrp candidate     : -
Subgrp count        : 1
System Id           : 00:00:00:00:45:02     System Priority      : 32768
Admin Key           : 1                     Oper Key             : 1
Prtr System Id      : 00:00:5e:00:53:f6     Prtr System Priority : 32768
Prtr Oper Key       : 32768
Standby Signaling   : lacp
Port hashing        : port-speed            Port weight speed    : 0 gbps
Ports Up            : 0
Weights Up          : 0                     Hash-Weights Up      : 0
Monitor oper group  : op-grp-2
Oper group status   : down
Adaptive loadbal.   : disabled              Tolerance            : N/A
 
-------------------------------------------------------------------------------
Port-id        Adm     Act/Stdby Opr     Primary   Sub-group     Forced  Prio
-------------------------------------------------------------------------------
1/1/2          up      active    down    yes       1             -       32768
 
-------------------------------------------------------------------------------
Port-id        Role      Exp   Def   Dist  Col   Syn   Aggr  Timeout  Activity
-------------------------------------------------------------------------------
1/1/2          actor     No    No    No    No    No    Yes   Yes      Yes
1/1/2          partner   No    No    No    No    Yes   Yes   Yes      Yes
===============================================================================
When the LAG is operationally down, the SAP is operationally down. On DF PE-4, the SAP is up:
*A:PE-4# show service id 1 sap
 
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-2:1                         1          1     none    1     none   Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
On NDF PE-5, the SAP is operationally down:
*A:PE-5# show service id 1 sap lag-2:1
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id         : 1
SAP                : lag-2:1                  Encap             : q-tag
Description        : (Not Specified)
Admin State        : Up                       Oper State        : Down
Flags              : PortOperDown StandByForMHProtocol
Multi Svc Site     : None
Last Status Change : 05/20/2022 15:02:07
Last Mgmt Change   : 05/20/2022 15:01:15
===============================================================================
Auto-derived ESI changes when LACP port key on CE is modified
When the LAG goes operationally down due to ports going down or LACP going down, the auto-derived ESI is preserved. However, when the CE LACP configuration is changed— for example, with a different LACP port key—a new ESI is auto-derived.
In this example, the initial operational ESI on PE-4 is 01:00:00:5e:00:53:f6:80:00:00, as follows:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name                    : SA-ESI-45
ESI                     : auto-esi
Oper ESI                : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type           : Type 1
On CE-6, the initial configuration of LAG 2 has LACP active with administrative key 32768:
*A:CE-6>config>lag# info
----------------------------------------------
        mode hybrid
        encap-type dot1q
        port 1/1/1
        port 1/1/2
        lacp active administrative-key 32768
        no shutdown
----------------------------------------------
On CE-6, LAG 2 is reconfigured with administrative key 4095 (= 0x0fff), as follows:
# on CE-6:
configure
    lag 2 name "lag-2"
        mode hybrid
        encap-type dot1q
        port 1/1/1
        port 1/1/2
        lacp active administrative-key 4095
        no shutdown
As a result, the operational ESI on PE-4 is 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
*A:PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name                    : SA-ESI-45
ESI                     : auto-esi
Oper ESI                : 01:00:00:5e:00:53:f6:0f:ff:00
Auto-ESI Type           : Type 1
When debugging is enabled for BGP updates, the following ES routes are seen: initially with ESI 01:00:00:5e:00:53:f6:80:00:00 and later with ESI 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
39 2022/06/08 15:02:18.970 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 71
    Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.4
        Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:80:00:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
        target:00:00:5e:00:53:f6
"
---snip---
56 2022/06/08 15:10:53.605 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 71
    Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.4
        Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:0f:ff:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
        target:00:00:5e:00:53:f6
"Conclusion
To simplify the configuration of single-active and all-active ESs with LAG association, ESI type 1 can be used to auto-derive the ESI from the CE's LACP system MAC address and LACP port key.