Domain Path Attribute for VPRN BGP Routes

This chapter provides information about the domain path attribute for VPRN BGP routes.

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.

Overview

The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.

The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in Loop prevention in networks with multiple IP-VPN and EVPN domains.

Figure 1. Loop prevention in networks with multiple IP-VPN and EVPN domains

All PEs in Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.

D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.

Figure 2. D-path attribute

The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:

  • 0 for local ISF routes
  • 1 for PE-CE BGP domains
  • 70 for EVPN domains
  • 128 for IP-VPN domains

The domain ID can be configured on:

  • VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
  • VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
  • R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
  • VPRN BGP neighbors (PE-CE)
  • VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.

Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.

A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.

The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.

Configuration

Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.

Figure 3. Example topology with VPRN 10 and its domain IDs

The initial configuration includes:

  • cards, MDAs, ports
  • router interfaces
  • OSPF as IGP on PE-1, PE-2, and PE-3
  • IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
  • SR-OSPF on PE-1, PE-2, and PE-3
  • SRv6 on PE-2, PE-3, and PE-4, configured as in chapter "Segment Routing over IPv6" in the Segment Routing and PCE volume of 7450 ESS, 7750 SR, and 7950 XRS Advanced Configuration Guide — Book I.
  • LDP on PE-4, RR-5, PE-6, and PE-7

The BGP configuration on PE-1 is as follows:

# on PE-1:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update evpn
            group "internal1"
                family evpn
                type internal
                neighbor 192.0.2.2
                exit
                neighbor 192.0.2.3
                exit
            exit
# on PE-2 (similar configuration on PE-3):
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            router-id 192.0.2.2        # on PE-3: 192.0.2.3
            advertise-inactive
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal1"
                family evpn
                next-hop-self
                type internal
                local-address 192.0.2.2        # on PE-3: 192.0.2.3
                neighbor 192.0.2.1
                exit
                neighbor 192.0.2.3        # on PE-3: 192.0.2.2
                exit
            exit
            group "internal2"
                family vpn-ipv4 vpn-ipv6
                next-hop-self
                type internal
                local-address 2001:db8::2:2        # on PE-3: 2001:db8::2:3
                extended-nh-encoding ipv4 vpn-ipv4
                advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
                neighbor 2001:db8::2:3        # on PE-3: 2001:db8::2:2
                exit
                neighbor 2001:db8::2:4
                exit
            exit
# on PE-4:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            router-id 192.0.2.4
            advertise-inactive
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal2"
                family vpn-ipv4 vpn-ipv6 evpn
                next-hop-self
                type internal
                local-address 2001:db8::2:4
                extended-nh-encoding ipv4 vpn-ipv4
                advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6 
                neighbor 2001:db8::2:2
                exit
                neighbor 2001:db8::2:3
                exit
            exit
            group "internal3"
                family vpn-ipv4 vpn-ipv6 evpn
                next-hop-self
                type internal
                local-address 192.0.2.4
                neighbor 192.0.2.5
                exit
            exit
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal3"
                type internal
                cluster 192.0.2.5
                neighbor 192.0.2.4
                    family vpn-ipv4 vpn-ipv6 evpn
                exit
                neighbor 192.0.2.6
                    family evpn
                exit
                neighbor 192.0.2.7
                    family vpn-ipv4 vpn-ipv6
                exit
            exit
# on PE-6:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update evpn
            group "internal3"
                type internal
                neighbor 192.0.2.5
                    family evpn
                exit
            exit
# on PE-7:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6
            group "internal3"
                type internal
                neighbor 192.0.2.5
                    family vpn-ipv4 vpn-ipv6
                exit
            exit

Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances

On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls context:

# on PE-1:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            interface "int-PE-1-CE-11" create
                address 172.31.1.1/24
                ipv6
                    address 2001:db8::31:1:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-ospf
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.1:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown
        exit

Domain ID 64496:1010 is configured in the bgp-evpn mpls context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.

On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.

# on GW PE-2:
configure
    service
         vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            segment-routing-v6 1 create
                locator "PE-2_loc"                       # on PE-3:"PE-3_loc"
                    function
                        end-dt4
                        end-dt6
                    exit
                exit
            exit
            bgp-ipvpn
                segment-routing-v6 
                    domain-id 64496:1020
                    route-distinguisher 192.0.2.2:16     # on PE-3: 192.0.2.3:16
                    srv6-instance 1 default-locator "PE-2_loc"  # on PE-3:"PE-3_loc"
                    source-address 2001:db8::2:2         # on PE-3: 2001:db8::2:3
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-ospf
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1010
                    route-distinguisher 192.0.2.2:10     # on PE-3: 192.0.2.3:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.

# on GW PE-4:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            segment-routing-v6 1 create
                locator "PE-4_loc"
                    function
                        end-dt4
                        end-dt6
                    exit
                exit
            exit
            bgp-ipvpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1030
                    route-distinguisher 192.0.2.4:10
                    vrf-target target:64496:10
                    no shutdown
                exit
                segment-routing-v6 
                    domain-id 64496:1020
                    route-distinguisher 192.0.2.4:16
                    srv6-instance 1 default-locator "PE-4_loc"
                    source-address 2001:db8::2:4          ## system IP@
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1030
                    route-distinguisher 192.0.2.4:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            allow-export-bgp-vpn        
            no shutdown

For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:

# on PE-6:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            interface "int-PE-6-CE-16" create
                address 172.31.6.1/24
                ipv6
                    address 2001:db8::31:6:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.6:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:

# on PE-7:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            local-routes-domain-id 64496:1007
            autonomous-system 64496
            interface "int-PE-7-CE-17" create
                address 172.31.7.1/24
                ipv6
                    address 2001:db8::31:7:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-ipvpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.7:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:

*A:PE-4# show service id 10 bgp-ipvpn
 
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : None
Oper Route Dist   : 192.0.2.4:10
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id         : 64496:1030
Dyn Egr Lbl Limit : Disabled
 
Auto-Bind Tunnel
Resolution        : disabled            Strict Tnl Tag    : False
ECMP              : 0                   Flex Algo FB      : False
Weighted ECMP     : False
BGP Instance      : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
 
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
 
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : 192.0.2.4:16
Oper Route Dist   : 192.0.2.4:16
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag     : 0x0
Route Resolution  : route-table
 
Srv6 Instance     : 1
Default Locator   : PE-4_loc
Source Address    : 2001:db8::2:4
Domain-Id         : 64496:1020
 
===============================================================================

For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:

*A:PE-4# show service id 10 bgp-evpn
 
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State        : Up
VRF Import         : None
VRF Export         : None
Route Dist.        : 192.0.2.4:10
Oper Route Dist.   : 192.0.2.4:10
Oper RD Type       : configured
Route Target       : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag  : None
Domain-Id          : 64496:1030
Dyn Egr Lbl Limit  : Disabled
 
Advertise          : Disabled
Weighted ECMP      : Disabled
 
Auto-Bind Tunnel
Resolution         : filter                 Strict Tnl Tag : False
ECMP               : 1                      Flex Algo FB   : False
BGP Instance       : 1
Filter Tunnel Types: ldp
 
Tunnel Encap
MPLS               : True                   MPLSoUDP       : False
===============================================================================

VPRN BGP routes for prefix 172.31.6.0/24

PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on PE-6:
1 2022/09/05 14:07:07.846 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 82
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS

RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on RR-5:
34 2022/09/05 14:07:11.660 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 156
    Flag: 0x90 Type: 14 Len: 105 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
        Type: EVPN-IP-PREFIX Len: 58 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 2001:db8::31:6:0/120 gw_ip :: Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
"

PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):

53 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 98
    Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 24 NextHop 2001:db8::2:4
        172.31.6.0/24 RD 192.0.2.4:10 Label 524280 (Raw label 0x7fff81)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"

PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:

# on PE-2:
40 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 115
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"

VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:

Figure 4. VPRN BGP routes for prefix 172.31.6.0/24

VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:

Figure 5. VPRN BGP routes for prefix 172.31.7.0/24

In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.

The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).

# on PE-7:
1 2022/09/05 14:07:07.879 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 72
    Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 12 NextHop 192.0.2.7
        172.31.7.0/24 RD 192.0.2.7:10 Label 524283 (Raw label 0x7fffb1)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"

RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:

# on PE-2:
41 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 123
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"

Loop prevention

Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in Loop prevention between PE-2 and PE-3:

Figure 6. Loop prevention between PE-2 and PE-3

The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:

*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : n/a
Nexthop        : 192.0.2.3
Path Id        : None
From           : 192.0.2.3
Res. Nexthop   : 192.168.23.2
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:10 bgp-tunnel-encap:MPLS
Cluster        : 192.0.2.5
Originator Id  : 192.0.2.6              Peer Router Id : 192.0.2.3
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type      : IP-PREFIX
ESI            : ESI-0
Tag            : 0
Gateway Address: 00:00:00:00:00:00
Prefix         : 172.31.6.0/24
Route Dist.    : 192.0.2.3:10
MPLS Label     : LABEL 524283
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h24m27s
DPath Loop VRFs:  10
---snip---

The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:

*A:PE-2# show router 10 route-table 
 
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
172.31.1.0/24                                 Remote  EVPN-IFL  00h26m24s  170
       192.0.2.1 (tunneled:SR-OSPF:524290)                          10
172.31.6.0/24                                 Remote  BGP VPN   00h26m24s  170
       2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6)                20
172.31.7.0/24                                 Remote  BGP VPN   00h26m24s  170
       2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances

Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.

Figure 7. Example topology with R-VPLS

The service configuration on PE-1 does not include a domain ID, as follows:

# on PE-1:
configure
    service
        vprn 20 name "VPRN 20" customer 1 create
            autonomous-system 64496
            interface "int-SBD-21" create
                vpls "SBD-21"
                    evpn-tunnel
                exit
            exit
            interface "int-PE-1-CE-21" create
                address 10.20.201.1/24
                sap 1/1/c5/1:20 create
                exit
            exit
            no shutdown
        exit
        vpls 21 name "SBD-21" customer 1 create
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 1 create
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement 
                evi 21
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit    

On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.

# on PE-2:
configure
    service
        vprn 20 name "VPRN 20" customer 1 create
            autonomous-system 64496
            interface "int-SBD-21" create
                vpls "SBD-21"
                    evpn-tunnel
                exit
            exit
            segment-routing-v6 1 create
                locator "PE-2_loc"        # on PE-3: "PE3_loc"
                    function
                        end-dt46
                    exit
                exit
            exit
            bgp-ipvpn
                segment-routing-v6
                    domain-id 64496:2020
                    route-distinguisher 192.0.2.2:26        # on PE-3; 192.0.2.3:26
                    srv6-instance 1 default-locator "PE-2_loc"  # on PE-3: "PE3_loc"
                    source-address 2001:db8::2:2            # on PE-3: 2001:db8::2:3
                    vrf-target target:64496:20
                    no shutdown
                exit
            exit
            no shutdown
        exit
        vpls 21 name "SBD-21" customer 1 create
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 1 create
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement domain-id 64496:2010
                evi 21
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit  

The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:

*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete
 
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : 10.20.201.0/24
Nexthop        : 2001:db8::2:3
Route Dist.    : 192.0.2.3:26           VPN Label      : 524286
Path Id        : None
From           : 2001:db8::2:3
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:20
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.3
Fwd Class      : None                   Priority       : None
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:2010:(evpn)]
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h07m49s
SRv6 TLV Type  : SRv6 L3 Service TLV (5)
SRv6 SubTLV    : SRv6 SID Information (1)
Sid            : 2001:db8:aaaa:103::
Full Sid       : 2001:db8:aaaa:103:7fff:e000::
Behavior       : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len  : 48                     Loc-Node-Len   : 16
Func-Len       : 20                     Arg-Len        : 0
Tpose-Len      : 20                     Tpose-offset   : 64
VPRN Imported  : None
DPath Loop VRFs:  20
 
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.

Figure 8. Loop prevention between DC GW PE-2 and DC GW PE-3

PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:

*A:PE-2# show router 20 route-table
 
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
10.20.201.0/24                                Remote  EVPN-IFF  00h18m36s  169
       int-SBD-21 (ET-02:0f:ff:ff:ff:52)                            0
10.20.206.0/24                                Remote  BGP VPN   00h18m36s  170
       2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Conclusion

The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.