EVPN VPWS Services with SRv6 Transport
This chapter provides information about SRv6 support for EVPN-VPWS overlay services.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.10.R1. SRv6 support for EVPN-VPWS overlay services is supported on FP-based platforms with FP4-based network ports in SR OS Release 22.7.R1 and later.
Chapter EVPN for MPLS Tunnels is prerequisite reading.
Overview
Service providers prefer an optimized, standardized, and unified control plane for VPNs. EVPN-VPWS is supported in SRv6 networks that may also run other EVPN-based services, such as EVPN-based VPLS services or Layer 3 EVPN IFL (interface-less) services. From a control plane perspective, EVPN-VPWS is a simplified point-to-point version of RFC 7432, because there is no need to advertise MAC/IP advertisement routes in VPWS. EVPN-VPWS is described in RFC 8214, and the signaling aspects to support SRv6 are specified in RFC 9252.
EVPN-VPWS supports all-active multihoming (per-flow load-balancing multihoming) as well as single-active multihoming (per-service load-balancing multihoming), using the same Ethernet segments (ESs) used for EVPN-based VPLS services. EVPN-VPWS uses route type 1 and route type 4; it does not use route types 2, 3, or 5, because MAC/IP routes, inclusive multicast routes, or IP-prefix routes are not required.
EVPN-VPWS uses AD per-EVI routes, and optionally, if multihoming is used, AD per-ES and ES routes are required:
route type 1 - Auto-discovery per EVPN instance (AD per-EVI). This route type is used in all EVPN-VPWS scenarios, with or without multihoming. For EVPN-VPWS, the Ethernet tag field is encoded with the local attachment circuit (AC) of the advertising PE. This value is configured using the configure service epipe <service-id> bgp-evpn local-attachment-circuit <ac-name> eth-tag <tag-value> command. The route distinguisher (RD), label, and the Ethernet segment identifier (ESI) are encoded as for EVPN-based VPLS. The label field is used as service label. In case of multihoming, AD per-EVI routes containing the same ESI are used to provide aliasing and a backup path to the PEs part of the ES. The L2 MTU field is encoded with the service MTU configured in the Epipe. The flags used for EVPN-VPWS are:
Flag C: this flag is set if a control word is configured in the service; however, this does not apply if the transport is SRv6.
Flag P: this flag is set if the advertising PE is a primary PE.
If no multihoming is used, there is no primary PE (P = 0).
In all-active multihoming, all PEs in the ES are primary (P = 1).
In single-active multihoming, only one PE per-EVI in the ES is a primary (P = 1).
Flag B: this flag is set if the advertising PE is a backup PE.
Flag B is only set in case of single-active multihoming and only for one PE, even if more than two PEs are present in the same single-active ES. The backup PE is the winner of the second designated forwarder (DF) election (excluding the DF). The remaining non-DF PEs send B = 0.
If there is no multihoming, the ESI, flag P, and flag B are set to zero.
route type 1 - Auto-discovery per Ethernet segment (AD per-ES). This route type has the same encoding as for EVPN-based VPLS. The AD per-ES route is only used in multihoming scenarios where it is advertised from the PE for each ES. This route type carries the ESI label (used for split-horizon, but only for VPLS services and not for Epipe services) and can affect procedures such as the DF election, as well as the aliasing on remote PEs.
route type 4 - ES route. This route type has the same encoding as for EVPN-based VPLS. The ES route is only used in multihoming scenarios. This route type advertises a local configured ES. The exchange of this route type can discover remote PEs that are part of the same ES and the DF election algorithm among them.
Configuration
EVPN-VPWS example topology shows the example topology that is used throughout this chapter.
The example topology consists of six SR OS nodes with the following initial configuration:
Network (or hybrid) ports interconnect the core PEs with configured router interfaces.
MTU-1 is a pure Ethernet aggregator. The ports toward the core PEs are access ports. Likewise, the ports on PE-2 and PE-3 toward MTU-1 are access ports.
Core PEs and MTU-6 run IS-IS on all interfaces.
Link LDP is configured between all PEs, and toward and from MTU-6.
EVPN uses BGP for exchanging reachability information at the service level. Therefore, BGP peering sessions must be established among the core PEs for the EVPN family. Although a separate router is typically used, in this chapter, PE-2 is used as route reflector with the following BGP configuration:
*A:PE-2# configure router Base autonomous-system 64500 bgp vpn-apply-import vpn-apply-export enable-peer-tracking rapid-withdrawal split-horizon rapid-update evpn group "gr_v6_internal" family evpn cluster 1.1.1.1 peer-as 64500 extended-nh-encoding ipv4 vpn-ipv4 advertise-ipv6-next-hops evpn neighbor 2001:db8::2:3 exit neighbor 2001:db8::2:4 exit neighbor 2001:db8::2:5 exit exit exit all
The BGP configuration on the other PEs is as follows:
*A:PE-3#, *A:PE-4#, *A:PE-5# configure router Base autonomous-system 64500 bgp vpn-apply-import vpn-apply-export enable-peer-tracking rapid-withdrawal split-horizon rapid-update evpn group "gr_v6_internal" family evpn peer-as 64500 extended-nh-encoding ipv4 vpn-ipv4 advertise-ipv6-next-hops evpn neighbor 2001:db8::2:2 exit exit exit all
The following sections describe the EVPN-VPWS scenarios:
SRv6 tunnels in EVPN-VPWS services without multihoming
BGP-EVPN can be enabled in Epipe services with either SAPs or spoke SDPs at the access, as shown in Example topology for EVPN-VPWS without multihoming.
On PE-2, Epipe 1 is configured as follows:
*A:PE-2# configure
service
epipe 1 name "Epipe-1" customer 1 create
segment-routing-v6 1 create
locator "loc_Epipe-1"
function
end-dx2
exit
exit
exit
bgp
exit
bgp-evpn
local-attachment-circuit AC-PE-2-CE-20 create
eth-tag 220
exit
remote-attachment-circuit AC-PE-4-MTU-6 create
eth-tag 46
exit
evi 10
segment-routing-v6 bgp 1 srv6-instance 1 default-locator "loc_Epipe-1" create
# source-address 2001:db8::2:2 # defined for SRv6 on router level
no shutdown
exit
exit
sap 1/1/c2/1:101 create
no shutdown
exit
no shutdown
exit all
On PE-4, the service configuration is as follows:
*A:PE-4# configure
service
sdp 460 create
far-end 192.0.2.6
keep-alive
shutdown
exit
no shutdown
exit
epipe 1 name "Epipe-1" customer 1 create
segment-routing-v6 1 create
locator "loc_Epipe-1"
function
end-dx2
exit
exit
exit
bgp
exit
bgp-evpn
local-attachment-circuit AC-PE-4-MTU-6 create
eth-tag 46
exit
remote-attachment-circuit AC-PE-2-CE-20 create
eth-tag 220
exit
evi 10
segment-routing-v6 bgp 1 srv6-instance 1 default-locator "loc_Epipe-1" create
# source-address 2001:db8::2:4 # defined for SRv6 on router level
no shutdown
exit
exit
spoke-sdp 460:101 create
no shutdown
exit
no shutdown
exit all
The following commands are relevant for the EVPN-VPWS configuration:
the bgp command enables the context for the BGP configuration relevant to the service. The bgp context configures the common BGP parameters for all BGP families in the service, such as the RD and the route target (RT). Even if the general BGP parameters for the service are auto-derived, the bgp context must be enabled.
*A:PE-2# configure service epipe 1 bgp ? - bgp - no bgp [no] adv-service-mtu - Configure service-mtu to be advertised [no] pw-template-bi* + Configure pw-template bind policy [no] route-distingu* - Configure route distinguisher [no] route-target - Configure route target [no] vsi-export - VSI export route policies [no] vsi-import - VSI import route policies
The following commands can be configured in the bgp-evpn context:
*A:PE-2# configure service epipe 1 bgp-evpn ? - bgp-evpn - no bgp-evpn [no] evi - EVPN Identifier [no] local-attachme* + Configure local attachment circuit information [no] mpls + Configure BGP EVPN mpls [no] remote-attachm* + Configure remote attachment circuit information [no] segment-routin* + Configure SRv6 instance [no] vxlan + Configure BGP EVPN vxlan
The evi command configures a 2-byte or 3-byte EVPN identifier (EVI) used for auto-deriving the service RD, service RT, and for the service carving (or DF election) when multihoming is used. For 2-byte EVIs, the auto-derivation of RD and RT is as follows:
RD system-ip:evi
RT autonomous-system:evi
The EVI values must be unique in the system, regardless of the type of service they are assigned to (Epipe or VPLS).
The local-attachment-circuit and remote-attachment-circuit commands configure the two attachment circuits connected by the EVPN-VPWS service. The configured Ethernet tag for the local AC is advertised in the Ethernet tag field of the AD per-EVI route for the Epipe, along with the corresponding RD, RT, and label. Both local and remote Ethernet tags are necessary to bring up the Epipe service. If the received Ethernet tag for the Epipe service matches the configured remote AC Ethernet tag, an EVPN-SRv6 destination is created to the next hop.
The local Ethernet tag cannot be modified without disabling bgp-evpn segment-routing-v6 in the Epipe, as shown in the following output:
*A:PE-2# configure service epipe "Epipe-1" bgp-evpn local-attachment-circuit AC-PE-2-CE-20 eth-tag 221 MINOR: SVCMGR #8036 evpn-vpws ac eth-tag not allowed - cannot change while evpn mpls/vxlan/srv6 is enabled
Unlike local Ethernet tags, remote Ethernet tags can be modified without disabling bgp-evpn.
The following configuration options are available for Epipes in the configure service epipe 1 bgp-evpn segment-routing-v6 context:
*A:PE-2# configure service epipe 1 bgp-evpn segment-routing-v6 ? - no segment-routing-v6 [bgp <bgp-instance>] - segment-routing-v6 [bgp <bgp-instance>] [srv6-instance <[1..1]>] [default-locator <name>] [create] <bgp-instance> : [1..1] <name> : [64 chars max] <create> : keyword [no] default-route-* - Configure default-route-tag to match against export policies ecmp - Configure maximum ECMP routes information [no] evi-three-byte* - Enable/Disable evi-three-byte-auto-rt [no] force-qinq-vc-* - Forces qinq-vc-type forwarding in the data-path [no] force-vlan-vc-* - Forces vlan-vc-type forwarding in the data-path [no] oper-group - Configure oper-group resolution - Configure route resolution options route-next-hop - Configure route next-hop [no] shutdown - Enable/disable SRV6 [no] source-address - Configure source IPv6 address
This output shows a subset of the options for VPLS services; see chapter EVPN for MPLS Tunnels for a longer list of options.
When the local AC (sap 1/1/c2/1:101) is up, PE-2 sends a BGP EVPN AD per-EVI route that contains Ethernet tag 220 for the local AC:
# on PE-2:
4 2022/11/30 09:46:56.704 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:4
"Peer 1: 2001:db8::2:4: UPDATE
Peer 1: 2001:db8::2:4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 192.0.2.2:10 ESI: ESI-0, tag: 220 Label: 8388448 (Raw Label: 0x7fff60) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:10
l2-attribute:MTU: 1514 C: 0 P: 0 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes)
Type: 1 Len: 30 Rsvd1: 0x0
SRv6 SID: 2001:db8:aaaa:102::
SID Flags: 0x0 Endpoint Behavior: 0x15 Rsvd2: 0x0
SRv6 SID Sub-Sub-TLV
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
The auto-derived RD is 192.0.2.2:10 and the RT is 64500:10.
When the remote AC on PE-4 (spoke sdp 460:101) is up, PE-2 receives the following BGP update from PE-4:
# on PE-2:
5 2022/11/30 09:47:19.837 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:4
"Peer 1: 2001:db8::2:4: UPDATE
Peer 1: 2001:db8::2:4 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-AD Len: 25 RD: 192.0.2.4:10 ESI: ESI-0, tag: 46 Label: 8388448 (Raw Label: 0x7fff60) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:10
l2-attribute:MTU: 1514 C: 0 P: 0 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes)
Type: 1 Len: 30 Rsvd1: 0x0
SRv6 SID: 2001:db8:aaaa:104::
SID Flags: 0x0 Endpoint Behavior: 0x15 Rsvd2: 0x0
SRv6 SID Sub-Sub-TLV
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
When the received RT matches and the received Ethernet tag matches the configured remote AC Ethernet tag, the EVPN-SRv6 destination, which consists of a termination endpoint (TEP) and a SID) is created on PE-2 and PE-4:
*A:PE-2# show service id 1 segment-routing-v6 instance 1 destinations
===============================================================================
TEP, SID
===============================================================================
Instance TEP Address Segment Id
-------------------------------------------------------------------------------
1 192.0.2.4 2001:db8:aaaa:104:7fff:6000::
-------------------------------------------------------------------------------
Number of TEP, SID: 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
The egress label for the EVPN-SRv6 destination on PE-4 is 524278. The 24-bit label value in the BGP update debug is 16 (24) times as high:
524 278 * 16 = 8 388 448
because the debug message is shown before the router can parse the label field and determine if it corresponds to an MPLS label or a transposed function (20 bits), or to a VXLAN VNI (24 bits).
The BGP AD per-EVI routes for Ethernet tag 46 are shown with the following command:
*A:PE-2# show router bgp routes evpn auto-disc tag 46
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.4:10 ESI-0 192.0.2.4
46 524278
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The following command shows the BGP EVPN information for Epipe 1:
*A:PE-2# show service id 1 bgp-evpn
===============================================================================
BGP EVPN Table
===============================================================================
EVI : 10 Creation Origin : manual
-------------------------------------------------------------------------------
Local AC Name Eth Tag Endpoint Ingress Label
-------------------------------------------------------------------------------
AC-PE-2-CE-20 220 0
-------------------------------------------------------------------------------
Number of local ACs : 1
-------------------------------------------------------------------------------
Remote AC Name Eth Tag Endpoint
-------------------------------------------------------------------------------
AC-PE-4-MTU-6 46
-------------------------------------------------------------------------------
Number of Remote ACs : 1
===============================================================================
===============================================================================
Segment Routing v6 Instance 1 Service 1
===============================================================================
Admin State : Enabled
Srv6 Instance : 1
Default Locator : loc_Epipe-1
Oper Group : (Not Specified)
Default Route Tag : 0x0
Source Address : (Not Specified)
ECMP : 1
Force Vlan VC Fwd : disabled
Next Hop Type : system-ipv4
Evi 3-byte Auto-RT : disabled
Route Resolution : route-table
Force QinQ VC Fwd : none
MH Mode : network
===============================================================================
Each PE sends its service MTU into the L2 MTU field in the l2-attribute in the AD per-EVI route for the Epipe service. The received L2 MTU is checked. In case of a mismatch between the received MTU and the configured service MTU, the router does not set up the EVPN destination and, therefore, the service does not come up.
SRv6 tunnels in EVPN-VPWS services with multihoming
SR OS supports EVPN multihoming as per RFC 8214.
The EVPN multihoming implementation is based on the concept of the ES. An ES is a logical structure that can be defined in one or more PEs and identifies the CE (or access network) multihoming to the EVPN PEs. An ES is associated with a port, LAG, or SDP object, and is shared by all the services defined on those objects. It can also be shared between Epipe and VPLS services.
Each ES has a unique ESI that is 10 bytes and is manually configured. The ESI is advertised in the control plane to all the PEs in an EVPN network; therefore, it is very important to ensure that the 10-byte ESI value is unique throughout the entire network. Single-homing CEs are assumed to be connected to an ES with ESI = 0 (single-homing ESs are not explicitly configured).
The ES is part of the base BGP-EVPN configuration and is not applied to any EVPN-based VPLS service by default. An ES can be shared by multiple services; a specific SAP or spoke SDP is automatically associated with an ES when the SAP is defined in the same LAG or port configured in the ES, or when the spoke SDP is defined in the same SDP configured in the ES.
Regardless of the multihoming mode, the local Ethernet tag values must match on all the PEs that are part of the same ES. The PEs in the ES use the AD per-EVI routes from the peer PEs to validate the PEs as DF election candidates for an EVI. The DF election is only relevant for single-active multihoming ESs. For Epipes defined in an all-active multihoming ES, there is no DF election required, because all PEs are forwarding traffic and all traffic is treated as unicast.
Aliasing is supported when sending traffic to an ES destination. Assuming ECMP is enabled on the ingress PE (and shared queuing or ingress policing are configured), per-flow load-balancing is performed among all the PEs that advertise P = 1. PEs advertising P = 0 are not considered as next hops for an ES destination.
The following sections show the configuration of:
an all-active multihoming ES with a LAG associated with it
a single-active multihoming ES linked to an SDP
Example topology EVPN-VPWS with multihoming shows the example topology has an all-active multihoming ES "ESI-23" with a LAG associated with it in PE-2 and PE-3. A single-active multihoming ES "ESI-45" with an SDP associated with it is configured in PE-4 and PE-5.
SRv6 tunnels in EVPN-VPWS services with all-active multihoming
All-active multihoming allows for per-flow load-balancing. Unlike EVPN-based VPLS services, EVPN-VPWS has no DF election in all-active multihoming. All PEs in the ES are active and the remote PE performs per-flow load-balancing. ESI-23 is configured on PE-2 and PE-3 as all-active multihoming and is associated with LAG 1. This LAG is used as a SAP in Epipe 2 on both PE-2 and PE-3. The configuration of the ES and Epipe 2 is identical on PE-2 and PE-3, including the local AC and remote AC names and Ethernet tags:
*A:PE-2#, *A:PE-3# configure
service
system
bgp-evpn
ethernet-segment "ESI-23" create
esi 01:00:00:00:00:23:00:00:00:01
es-activation-timer 3
service-carving
mode auto
exit
multi-homing all-active
lag 1
no shutdown
exit
exit
exit
epipe 2 name "Epipe-2" customer 1 create
segment-routing-v6 1 create
locator "loc_Epipe-2"
function
end-dx2
exit
exit
exit
bgp
exit
bgp-evpn
local-attachment-circuit AC-ESI-23-MTU-1 create
eth-tag 231
exit
remote-attachment-circuit AC-ESI-45-MTU-6 create
eth-tag 456
exit
evi 20
segment-routing-v6 bgp 1 srv6-instance 1 default-locator "loc_Epipe-2" create
ecmp 2
no shutdown
exit
exit
sap lag-1:201 create
no shutdown
exit
no shutdown
exit
exit all
See chapter EVPN for MPLS Tunnels for a detailed explanation of the configuration parameters of the ES.
In EVPN-VPWS multihoming scenarios, three route types are exchanged: AD per-EVI, AD per-ES, and ES routes. The following ES route (route type 4) for ESI 01:00:00:00:00:23:00:00:00:01, sent by PE-2, is imported at PE-3:
# on PE-3:
8 2022/11/30 10:02:59.056 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.2:0 ESI: 01:00:00:00:00:23:00:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.2
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Auto/DP:0/DF-Preference:0/AC:1
target:00:00:00:00:23:00
"
The target 00:00:00:00:23:00 in the extended community is derived from the ESI (bytes 2 to 7) and is only imported by the PEs that are part of the same ES; that is, PE-2 and PE-3 in this example.
At the same time, the following AD per-ES route (route type 1) with maximum Ethernet (MAX-ET) tag (all Fs) and label 0 is sent by RR PE-2 and imported by the rest of the PEs. The following two BGP updates with MAX-ET are received by PE-4:
# on PE-4:
15 2022/11/30 10:03:42.705 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 192.0.2.2:20 ESI: 01:00:00:00:00:23:00:00:00:01, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
esi-label:3/All-Active
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes)
Type: 1 Len: 30 Rsvd1: 0x0
Type: 1 Len: 6
BL:0 NL:0 FL:0 AL:0 TL:0 TO:0
"
13 2022/11/30 10:03:42.705 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 127
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.3
Type: EVPN-AD Len: 25 RD: 192.0.2.3:20 ESI: 01:00:00:00:00:23:00:00:00:01, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.3
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
esi-label:3/All-Active
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Type: 1 Len: 6
BL:0 NL:0 FL:0 AL:0 TL:0 TO:0
"
The ESI label is in the extended community, as well as the indication that the multihoming is all-active. Epipe services do not require ESI labels because BUM traffic is not recognized in EVPN-VPWS services. However, because the ES can be shared by Epipe and VPLS services, the AD per-ES route still includes a non-zero ESI label. In this case, the transport is SRv6, so there are no ESI labels. The label field in the ESI-label extended community is an implicit-null value (3) and the included SRv6 Services TLV encodes a SID with value 0.
The following two AD per-EVI routes (route type 1) with Ethernet tag 231 sent by RR PE-2 are received and imported on PE-4:
# on PE-4:
14 2022/11/30 10:03:42.705 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-AD Len: 25 RD: 192.0.2.2:20 ESI: 01:00:00:00:00:23:00:00:00:01, tag: 231 Label: 8388432 (Raw Label: 0x7fff50) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
l2-attribute:MTU: 1514 C: 0 P: 1 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes)
Type: 1 Len: 30 Rsvd1: 0x0
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
12 2022/11/30 10:03:42.705 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 127
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.3
Type: EVPN-AD Len: 25 RD: 192.0.2.3:20 ESI: 01:00:00:00:00:23:00:00:00:01, tag: 231 Label: 8388432 (Raw Label: 0x7fff50) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.3
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
l2-attribute:MTU: 1514 C: 0 P: 1 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
This route type contains the flags for control word (C), primary (P), and backup (B). In all-active multihoming, all nodes are primary (P = 1).
PE-4 learns AD per-EVI and AD per-ES routes for ESI-23 from PE-2 and PE-3, as shown in the following output:
*A:PE-4# show router bgp routes evpn auto-disc esi 01:00:00:00:00:23:00:00:00:01
===============================================================================
BGP Router ID:192.0.2.4 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:20 01:00:00:00:00:23:00:00:00:01 192.0.2.2
231 524277
u*>i 192.0.2.2:20 01:00:00:00:00:23:00:00:00:01 192.0.2.2
MAX-ET 0
u*>i 192.0.2.3:20 01:00:00:00:00:23:00:00:00:01 192.0.2.3
231 524277
u*>i 192.0.2.3:20 01:00:00:00:00:23:00:00:00:01 192.0.2.3
MAX-ET 0
-------------------------------------------------------------------------------
Routes : 4
===============================================================================
For Epipe 2 on PE-4, the EVPN VPWS destination is not pointing at a specific TEP, but at ESI-23, as shown in the following output:
*A:PE-4# show service id 2 segment-routing-v6 instance 1 destinations
===============================================================================
TEP, SID
===============================================================================
Instance TEP Address Segment Id
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
1 01:00:00:00:00:23:00:00:00:01 0 11/30/2022 10:03:43
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
When ECMP is greater than 1 on the ingress PE, multiple TEPs can correspond to a specific ESI (aliasing). In this case, ECMP = 2 and PE-4 and PE-5 have two TEP addresses and SIDs for ESI 01:00:00:00:00:23:00:00:00:01, as shown for PE-4:
*A:PE-4# show service id 2 segment-routing-v6 esi 01:00:00:00:00:23:00:00:00:01
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
1 01:00:00:00:00:23:00:00:00:01 0 11/30/2022 10:03:43
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
Segment Routing v6 Dest TEP Info
===============================================================================
Instance TEP Address Segment Id Last Change
-------------------------------------------------------------------------------
1 192.0.2.2 2001:db8:aaaa:202:* 11/30/2022 10:03:43
1 192.0.2.3 2001:db8:aaaa:203:* 11/30/2022 10:03:43
-------------------------------------------------------------------------------
Number of entries : 2
-------------------------------------------------------------------------------
===============================================================================
* indicates that the corresponding row element may have been truncated.
Even if ECMP is configured, the ingress router (where a SAP is configured) does not load-balance the traffic unless shared queuing or ingress policing is configured in the SAP. This is not specific to EVPN, but is generic to the way Epipes forward traffic.
In all-active multihoming for EVPN-VPWS, there is no DF election and all PEs in the ES are active. For ESI-23, both PE-2 and PE-3 are active primary DF, but there are no DF candidates, because there is no DF election:
*A:PE-2# show service system bgp-evpn ethernet-segment name "ESI-23" evi 20
===============================================================================
EVI DF and Candidate List
===============================================================================
EVI SvcId Actv Timer Rem DF DF Last Change
-------------------------------------------------------------------------------
20 2 0 yes 11/30/2022 10:02:39
===============================================================================
===============================================================================
DF Candidates Time Added Oper Pref Do Not
Value Preempt
-------------------------------------------------------------------------------
No entries found
===============================================================================
Similarly, on PE-3:
*A:PE-3# show service system bgp-evpn ethernet-segment name "ESI-23" evi 20
===============================================================================
EVI DF and Candidate List
===============================================================================
EVI SvcId Actv Timer Rem DF DF Last Change
-------------------------------------------------------------------------------
20 2 0 yes 11/30/2022 10:02:58
===============================================================================
===============================================================================
DF Candidates Time Added Oper Pref Do Not
Value Preempt
-------------------------------------------------------------------------------
No entries found
===============================================================================
To confirm that all-active multihoming is working correctly, the following command shows all information related to a specific ESI; in this case, ESI-23 on PE-2:
*A:PE-2# show service system bgp-evpn ethernet-segment name "ESI-23" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:00:00:00:01
Oper ESI : 01:00:00:00:00:23:00:00:00:01
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES SHG Label : 524277
Source BMAC LSB : None
Lag Id : 1
ES Activation Timer : 3 secs
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
Vprn NextHop EVI Ranges : <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
20 2 0 yes
-------------------------------------------------------------------------------
Number of entries: 1
===============================================================================
---snip---
===============================================================================
SRv6 tunnels in EVPN-VPWS services with single-active multihoming
Single-active multihoming allows for per-service load-balancing. Single-active multihoming is configured on PE-4 and PE-5 with ES "ESI-45". Both PEs have an SDP to MTU-6, which is associated with the ES and to the Epipe service. The configuration of the local and remote AC names and Ethernet tags is identical on PE-4 and PE-5.
On PE-4, the service configuration is as follows:
*A:PE-4# configure
service
sdp 46 mpls create
far-end 192.0.2.6
ldp
keep-alive
shutdown
exit
no shutdown
exit
system
bgp-evpn
ethernet-segment "ESI-45" create
esi 01:00:00:00:00:45:00:00:00:01
es-activation-timer 3
service-carving
mode auto
exit
multi-homing single-active
sdp 46
no shutdown
exit
exit
exit
epipe 2 name "Epipe-2" customer 1 create
segment-routing-v6 1 create
locator "loc_Epipe-2"
function
end-dx2
exit
exit
exit
bgp
exit
bgp-evpn
local-attachment-circuit AC-ESI-45-MTU-6 create
eth-tag 456
exit
remote-attachment-circuit AC-ESI-23-MTU-1 create
eth-tag 231
exit
evi 20
segment-routing-v6 bgp 1 srv6-instance 1 default-locator "loc_Epipe-2" create
# source-address 2001:db8::2:4 # defined for SRv6 on router level
ecmp 2
no shutdown
exit
exit
spoke-sdp 46:201 create
no shutdown
exit
no shutdown
exit
exit all
On PE-5, the configuration is similar, but with a different SDP:
*A:PE-5# configure
service
sdp 56 mpls create
far-end 192.0.2.6
ldp
keep-alive
shutdown
exit
no shutdown
exit
system
bgp-evpn
ethernet-segment "ESI-45" create
esi 01:00:00:00:00:45:00:00:00:01
es-activation-timer 3
service-carving
mode auto
exit
multi-homing single-active
sdp 56
no shutdown
exit
exit
exit
epipe 2 name "Epipe-2" customer 1 create
segment-routing-v6 1 create
locator "loc_Epipe-2"
function
end-dx2
exit
exit
exit
bgp
exit
bgp-evpn
local-attachment-circuit AC-ESI-45-MTU-6 create
eth-tag 456
exit
remote-attachment-circuit AC-ESI-23-MTU-1 create
eth-tag 231
exit
evi 20
segment-routing-v6 bgp 1 srv6-instance 1 default-locator "loc_Epipe-2" create
# source-address 2001:db8::2:5 # defined for SRv6 on router level
ecmp 2
no shutdown
exit
exit
spoke-sdp 56:201 create
no shutdown
exit
no shutdown
exit
exit all
The core PEs exchange three route types: AD per-EVI, AD per-ES, and ES routes.
As an example, the following is the ES route with originator PE-4 sent by RR PE-2 to PE-5. It contains a target 00:00:00:00:45:00 in the extended community that is derived from the ESI:
# on PE-2:
56 2022/11/30 10:04:09.636 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:5
"Peer 1: 2001:db8::2:5: UPDATE
Peer 1: 2001:db8::2:5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 85
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:00:00:45:00:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.4
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Auto/DP:0/DF-Preference:0/AC:1
target:00:00:00:00:45:00
"
The AD per-ES route has a MAX-ET tag and an ESI label in the extended community. The multihoming mode is single-active. As in the case of all-active multihoming, the ESI label is not used in Epipe services. The following BGP update with originator PE-5 is sent by RR PE-2 to its client PE-4:
# on PE-2:
53 2022/11/30 10:04:09.634 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:4
"Peer 1: 2001:db8::2:4: UPDATE
Peer 1: 2001:db8::2:4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 127
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.5
Type: EVPN-AD Len: 25 RD: 192.0.2.5:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.5
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
esi-label:3/Single-Active
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Type: 1 Len: 6
BL:0 NL:0 FL:0 AL:0 TL:0 TO:0
"
The AD per-EVI route contains flags for primary and backup, which are different for routes received from PE-4 and PE-5. In this case, PE-4 is the primary in the single-active multihoming ES (P = 1):
# on PE-2:
67 2022/11/30 10:04:13.745 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:5
"Peer 1: 2001:db8::2:5: UPDATE
Peer 1: 2001:db8::2:5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 127
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-AD Len: 25 RD: 192.0.2.4:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: 456 Label: 8388400 (Raw Label: 0x7fff30) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.4
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
l2-attribute:MTU: 1514 C: 0 P: 1 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
PE-5 is the backup in the single-active multihoming ES (B = 1):
# on PE-2:
69 2022/11/30 10:04:13.820 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:5
"Peer 1: 2001:db8::2:5: UPDATE
Peer 1: 2001:db8::2:5 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.5
Type: EVPN-AD Len: 25 RD: 192.0.2.5:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: 456 Label: 8388432 (Raw Label: 0x7fff50) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
l2-attribute:MTU: 1514 C: 0 P: 0 B: 1
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 Service Information Sub-TLV (33 bytes)
Type: 1 Len: 30 Rsvd1: 0x0
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
The BGP EVPN AD routes are shown with the following command:
*A:PE-2# show router bgp routes evpn auto-disc esi 01:00:00:00:00:45:00:00:00:01
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.4:20 01:00:00:00:00:45:00:00:00:01 192.0.2.4
456 524275
u*>i 192.0.2.4:20 01:00:00:00:00:45:00:00:00:01 192.0.2.4
MAX-ET 0
u*>i 192.0.2.5:20 01:00:00:00:00:45:00:00:00:01 192.0.2.5
456 524277
u*>i 192.0.2.5:20 01:00:00:00:00:45:00:00:00:01 192.0.2.5
MAX-ET 0
-------------------------------------------------------------------------------
Routes : 4
===============================================================================
For each PE in the single-active ES, there are two AD routes: the routes with MAX-ET are AD per-ES routes and the routes with a configured Ethernet tag are AD per-EVI routes.
The EVPN VPWS destination for Epipe 2 on PE-2 is ESI-45, as shown in the following output:
*A:PE-2# show service id 2 segment-routing-v6 instance 1 destinations
===============================================================================
TEP, SID
===============================================================================
Instance TEP Address Segment Id
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
1 01:00:00:00:00:45:00:00:00:01 0 11/30/2022 10:04:14
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
The ESI is resolved to the TEP address of the primary (DF) PE-4, as follows:
*A:PE-2# show service id 2 segment-routing-v6 esi 01:00:00:00:00:45:00:00:00:01
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
1 01:00:00:00:00:45:00:00:00:01 0 11/30/2022 10:04:14
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
Segment Routing v6 Dest TEP Info
===============================================================================
Instance TEP Address Segment Id Last Change
-------------------------------------------------------------------------------
1 192.0.2.4 2001:db8:aaaa:204:* 11/30/2022 10:04:14
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
* indicates that the corresponding row element may have been truncated.
The DF election is key for the forwarding and backup functions in single-active multihoming ESs. The PE elected as DF is the primary for the ES in the Epipe and unblocks its SAP and spoke SDP for upstream and downstream traffic. The rest of the PEs in the ES bring their ES SAPs or spoke SDPs operationally down.
PE-5 is a non-DF, as follows:
*A:PE-5# show service system bgp-evpn ethernet-segment name "ESI-45" evi 20
===============================================================================
EVI DF and Candidate List
===============================================================================
EVI SvcId Actv Timer Rem DF DF Last Change
-------------------------------------------------------------------------------
20 2 0 no 11/30/2022 10:03:57
===============================================================================
===============================================================================
DF Candidates Time Added Oper Pref Do Not
Value Preempt
-------------------------------------------------------------------------------
192.0.2.4 11/30/2022 10:04:10 0 Disabl*
192.0.2.5 11/30/2022 10:04:11 0 Disabl*
-------------------------------------------------------------------------------
Number of entries: 2
===============================================================================
* indicates that the corresponding row element may have been truncated.
In single-active multihoming, the service SAP or spoke SDP is brought operationally down on the non-DF, as shown in the following output:
*A:PE-5# show service id 2 sdp
===============================================================================
Services: Service Destination Points
===============================================================================
SdpId Type Far End addr Adm Opr I.Lbl E.Lbl
-------------------------------------------------------------------------------
56:201 Spok 192.0.2.6 Up Down 524275 524275
-------------------------------------------------------------------------------
Number of SDPs : 1
-------------------------------------------------------------------------------
===============================================================================
The spoke sdp 56:201 is operationally down with a StandbyForMHProtocol flag:
*A:PE-5# show service id 2 sdp 56:201 detail | match Flag
Flags : StandbyForMHProtocol
Two consecutive DF elections take place: the first DF election includes all PEs in the ES for that Epipe and determines which PE is the primary PE (flags P = 1, B = 0). The second DF election excludes this DF and determines which PE is the backup (P = 0, B = 1). All other PEs signal flags P = 0 and B = 0.
When the primary PE fails, AD per-ES and AD per-EVI withdrawal messages are sent to the remote PE, which updates its next hop to the backup. The backup PE takes over immediately without waiting for the ES activation timer (configured with the es-activation-timer command) to bring up its SAP and spoke SDP.
ES failures
When the SDP toward the primary (DF) fails, the backup PE needs to take over. An SDP failure is emulated and log 99 on PE-4 shows that SDP 46 is operationally down and PE-4 is no longer the DF:
155 2022/11/30 10:11:25.583 UTC MINOR: SVCMGR #2303 Base
"Status of SDP 46 changed to admin=up oper=down"
157 2022/11/30 10:11:25.584 UTC MINOR: SVCMGR #2094 Base
"Ethernet Segment:ESI-45, EVI:20, Designated Forwarding state changed to:false"
Remote PEs receive route withdrawal updates (unreachable NLRI) from the former DF PE-4, for example on PE-2:
# on PE-2:
2 2022/11/30 10:11:25.585 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:4
"Peer 1: 2001:db8::2:4: UPDATE
Peer 1: 2001:db8::2:4 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 34
Flag: 0x90 Type: 15 Len: 30 Multiprotocol Unreachable NLRI:
Address Family EVPN
Type: EVPN-AD Len: 25 RD: 192.0.2.4:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: MAX-ET Label: 0 (Raw Label: 0x0) PathId:
"
1 2022/11/30 10:11:25.585 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:4
"Peer 1: 2001:db8::2:4: UPDATE
Peer 1: 2001:db8::2:4 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 59
Flag: 0x90 Type: 15 Len: 55 Multiprotocol Unreachable NLRI:
Address Family EVPN
Type: EVPN-AD Len: 25 RD: 192.0.2.4:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: 456 Label: 0 (Raw Label: 0x0) PathId:
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:00:00:45:00:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
"
The backup PE-5 is promoted to primary (P = 1, B = 0) and sends BGP updates accordingly. The following AD per-EVI is received on PE-2:
# on PE-2:
5 2022/11/30 10:11:25.589 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:5
"Peer 1: 2001:db8::2:5: UPDATE
Peer 1: 2001:db8::2:5 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 113
Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.5
Type: EVPN-AD Len: 25 RD: 192.0.2.5:20 ESI: 01:00:00:00:00:45:00:00:00:01, tag: 456 Label: 8388432 (Raw Label: 0x7fff50) PathId:
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:20
l2-attribute:MTU: 1514 C: 0 P: 1 B: 0
Flag: 0xc0 Type: 40 Len: 37 Prefix-SID-attr:
SRv6 Services TLV (37 bytes):-
Type: SRV6 L2 Service TLV (6)
Length: 34 bytes, Reserved: 0x0
SRv6 SID Sub-Sub-TLV
Type: 1 Len: 6
BL:48 NL:16 FL:20 AL:0 TL:20 TO:64
"
PE-5 brings up its spoke SDP without waiting for the ES activation timer and takes over immediately. It is now the only DF candidate, and therefore the DF, as follows:
*A:PE-5# show service system bgp-evpn ethernet-segment name "ESI-45" evi 20
===============================================================================
EVI DF and Candidate List
===============================================================================
EVI SvcId Actv Timer Rem DF DF Last Change
-------------------------------------------------------------------------------
20 2 0 yes 11/30/2022 10:03:57
===============================================================================
===============================================================================
DF Candidates Time Added Oper Pref Do Not
Value Preempt
-------------------------------------------------------------------------------
192.0.2.5 11/30/2022 10:04:11 0 Disabl*
-------------------------------------------------------------------------------
Number of entries: 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
BGP updates are exchanged and the remote PEs resolve the ESI to the TEP address 192.0.2.5. For example, on PE-2:
*A:PE-2# show service id 2 segment-routing-v6 esi 01:00:00:00:00:45:00:00:00:01
===============================================================================
Segment Routing v6 Ethernet Segment Dest
===============================================================================
Instance Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
1 01:00:00:00:00:45:00:00:00:01 0 11/30/2022 10:11:26
-------------------------------------------------------------------------------
Number of entries: 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
Segment Routing v6 Dest TEP Info
===============================================================================
Instance TEP Address Segment Id Last Change
-------------------------------------------------------------------------------
1 192.0.2.5 2001:db8:aaaa:205:* 11/30/2022 10:11:26
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
* indicates that the corresponding row element may have been truncated.
Because of the default DF election algorithm, this process is revertive; as soon as the SDP 46 is operationally up again, a new DF election is triggered with two DF candidates and PE-4 is elected as DF. A non-revertive mode is also available if preference-based DF election is configured.
Troubleshooting and debugging
The following show and debug commands can be used in EVPN-VPWS:
show redundancy bgp-evpn-multi-homing
show router bgp routes evpn (and filters)
show service segment-routing-v6 [<ip-address>]
show service id <service-id> bgp-evpn
show service system bgp-evpn
show service system bgp-evpn ethernet-segment (and modifiers)
debug router bgp update
show log log-id 99
Most of these commands have been shown in the preceding sections; some commands are shown in this section.
Information about the configured boot timers (before DF election) and ES activation timer (after the system has been elected DF) is shown as follows:
*A:PE-2# show redundancy bgp-evpn-multi-homing
===============================================================================
Redundancy BGP EVPN Multi-homing Information
===============================================================================
Boot-Timer : 10 secs
Boot-Timer Remaining : 0 secs
ES Activation Timer : 3 secs
===============================================================================
See chapter EVPN for MPLS Tunnels for a description of these timers.
The following command shows that the BGP route type 4 (ES route) messages are only imported by the PEs in the same ES; for example, on PE-3:
*A:PE-3# show router bgp routes evpn eth-seg
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Eth-Seg Routes
===============================================================================
Flag Route Dist. ESI NextHop
OrigAddr
-------------------------------------------------------------------------------
u*>i 192.0.2.2:0 01:00:00:00:00:23:00:00:00:01 192.0.2.2
192.0.2.2
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
On PE-4:
*A:PE-4# show router bgp routes evpn eth-seg
===============================================================================
BGP Router ID:192.0.2.4 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Eth-Seg Routes
===============================================================================
Flag Route Dist. ESI NextHop
OrigAddr
-------------------------------------------------------------------------------
u*>i 192.0.2.5:0 01:00:00:00:00:45:00:00:00:01 192.0.2.5
192.0.2.5
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The following command shows all the EVPN-SRv6 destinations toward TEP 192.0.2.4. Epipe 1 has an EVPN-SRv6 destination toward TEP 192.0.2.4 directly and Epipe 2 has an EVPN-SRv6 destination to ESI-45, which is resolved to TEP 192.0.2.4. This is shown in the following output:
*A:PE-2# show service segment-routing-v6 192.0.2.4
===============================================================================
SRV6 Tunnel Endpoint: 192.0.2.4
===============================================================================
Service Id Segment Id Type Srv6 Instance
-------------------------------------------------------------------------------
1 2001:db8:aaaa* evpn 1
-------------------------------------------------------------------------------
===============================================================================
* indicates that the corresponding row element may have been truncated.
===============================================================================
BGP EVPN SRV6 Ethernet Segment Dest
===============================================================================
Instance Service Id Eth Seg Id Segment Id
-------------------------------------------------------------------------------
1 2 01:00:00:00:00:45:00:00:00:01 2001:db8:aaaa:204:7fff:*
-------------------------------------------------------------------------------
===============================================================================
* indicates that the corresponding row element may have been truncated.
The following command lists all configured ESs on the system:
*A:PE-2# show service system bgp-evpn ethernet-segment
===============================================================================
Service Ethernet Segment
===============================================================================
Name ESI Admin Oper
-------------------------------------------------------------------------------
ESI-23 01:00:00:00:00:23:00:00:00:01 Enabled Up
-------------------------------------------------------------------------------
Entries found: 1
===============================================================================
In addition to the preceding commands, the following tools dump commands may be useful:
tools dump service evpn usage - This command shows the number of EVPN-SRv6 (and EVPN-MPLS and EVPN-VXLAN) destinations in the system.
tools dump service system bgp-evpn ethernet-segment <name> evi <value> df - This command computes the DF election for a specific ESI and EVI. For all-active multihoming, there is no DF election and all PEs forward traffic. For single-active multihoming, one PE is active for a service while another PE is a backup. This command shows the DF (primary), even if it is not the local PE.
The usage of EVPN resources is shown as follows:
*A:PE-2# tools dump service evpn usage
vxlan-srv6-evpn-mpls usage statistics at 11/30/2022 10:08:31:
MPLS-TEP : 0
VXLAN-TEP : 0
SRV6-TEP : 2
Total-TEP : 2/ 16383
Mpls Dests (TEP, Egress Label + ES + ES-BMAC) : 0
Mpls Etree Leaf Dests : 0
Vxlan Dests (TEP, Egress VNI + ES) : 0
Srv6 Dests (TEP, SID + ES) : 2
Total-Dest : 2/196607
Sdp Bind + Evpn Dests : 2/245759
ES L2/L3 PBR : 0/ 32767
Evpn Etree Remote BUM Leaf Labels : 0
On PE-2, there is one SRv6 TEP (192.0.2.4 in Epipe 1 and in Epipe 2) and there are two SRv6 destinations: 192.0.2.4 and ESI 01:00:00:00:00:45:00:00:00:01. PE-5 is not an SRv6 TEP for PE-2 because it is not a primary and, therefore, is not forwarding any traffic.
In all-active multihoming, the DF election is not applicable:
*A:PE-2# tools dump service system bgp-evpn ethernet-segment "ESI-23" evi 20 df
[11/30/2022 10:08:31] All Active VPWS or IP-ALIASING - DF N/A
In single-active multihoming, the following command shows which PE is the DF:
*A:PE-5# tools dump service system bgp-evpn ethernet-segment "ESI-45" evi 20 df
[11/30/2022 10:08:36] Computed DF: 192.0.2.4 (Remote) (Boot Timer Expired: Yes)
[11/30/2022 10:08:36] Computed Backup: 192.0.2.5 (This Node)
The command is launched on PE-5, which is a backup. The computed DF is PE-4 and the boot timer has expired, meaning there is no DF re-election pending.
Conclusion
EVPN-VPWS is a simplified point-to-point version of RFC 7432. EVPN provides a unified control plane mechanism that simplifies the network deployment and operation. Single-active and all-active multihoming can be used in Epipes; EVPN-VPWS is a differentiator of EVPN compared to traditional TLDP or BGP Epipe redundancy mechanisms.