EVPN ESI Type 1
This chapter provides information about EVPN ESI Type 1.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.5.R1.
Overview
In SR OS releases earlier than 21.5.R1, the 10-byte Ethernet Segment Identifier (ESI) can only be configured manually; the auto-derived EVPN ESI type 1 (as per RFC 7432) is supported in SR OS Release 21.5.R1 and later. The auto-esi command is used to configure the ESI mode.
*[ex:/configure service system bgp evpn ethernet-segment "ESI-23"]
A:admin@PE-2# auto-esi ?
auto-esi <keyword>
<keyword> - (none|type-1)
Default - none
EVPN Ethernet segment auto-ESI type
Warning: Modifying this element toggles
'configure service system bgp evpn ethernet-segment "ESI-23" admin-state'
automatically for the new value to take effect.
The default auto-esi value is none, which forces the user to configure the 10-byte ESI manually. When type-1 is configured, a manual ESI cannot be configured and the ESI is auto-derived, as per RFC 7432.
ESI type 1 is auto-derived from the CE's Link Aggregation Control Protocol (LACP) system MAC address and port key. ESI type 1 example shows an example of ESI type 1 for LACP system MAC address 00:00:5e:00:53:00 and administrative key 257 (= 0x0101).
RFC 7432, section "Ethernet Segment", defines ESI type 1 as follows:
- Type 0x01 (byte 0)
- CE LACP system MAC address (bytes 1 through 6); for example, 00:00:5e:00:53:00
- CE LACP port key (bytes 7 and 8); for example, 0x0101
- 0x00 (byte 9 must be zero)
As per RFC 7432, this mechanism can only be used if the ESIs are unique, so the CE LACP system MAC and LACP port key combinations must be unique in the network.
ESI auto-configuration example shows the example where CE-1 has LACP system MAC address 00:00:5e:00:53:00 and LACP port key 257 (= 0x0101). CE-1 sends Link Aggregation Control Protocol Data Units (LACPDUs) to PE-2 and PE-3 with these values. Both PE-2 and PE-3 use ESI 01:00:00:5e:00:53:00:01:01:00 in ES "ESI-23". This applies both to all-active and to single-active ESs.
The CE treats both PE-2 and PE-3 as the same switch. This allows the CE to aggregate links that are attached to different PEs in the same bundle.
When the ES LAG goes operationally down, due to the ports going down or LACP going down or standby, the previously auto-derived ESI is retained. However, when the LACP information on the CE is changed, such as a different LACP port key, the ES goes down and a new ESI will be generated.
The all-active ES "AA-ESI-23" with ESI type 1 is configured as follows:
# on PE-2, PE-3:
configure {
service {
system {
bgp {
evpn {
ethernet-segment "AA-ESI-23" {
admin-state enable
multi-homing-mode all-active
auto-esi type-1
association {
lag "lag-1" {
}
}
}
The following restrictions apply for ESI type 1:
-
ESI type 1 is only supported on non-virtual (regular) ESs. The following error message is raised when attempting to configure auto-esi type-1 for a virtual ES:
*[ex:/configure service system bgp evpn ethernet-segment "vESI-23"] A:admin@PE-2# commit MINOR: SVCMGR #1003: configure service system bgp evpn ethernet-segment "vESI-23" auto-esi - Inconsistent value - not supported along with virtual ethernet-segment
-
ESI type 1 is not supported in ESs with associations other than LAG:
*[ex:/configure service system bgp evpn ethernet-segment "ESI-23" association port 1/2/1] A:admin@PE-2# commit MINOR: SVCMGR #1003: configure service system bgp evpn ethernet-segment "ESI-23" auto-esi - Inconsistent value - not supported with association - configure service system bgp evpn ethernet-segment "ESI-23" *[ex:/configure service system bgp evpn ethernet-segment "ESI-23" association sdp 24] A:admin@PE-2# commit MINOR: SVCMGR #1003: configure service system bgp evpn ethernet-segment "ESI-23" auto-esi - Inconsistent value - not supported with association - configure service system bgp evpn ethernet-segment "ESI-23"
-
An ES with ESI type 1 can only be enabled if the LAG has LACP enabled:
*[ex:/configure service system bgp evpn ethernet-segment "ESI-23" association lag "lag-4"] A:admin@PE-2# commit MINOR: MGMT_CORE #4001: configure service system bgp evpn ethernet-segment "ESI-23" auto-esi - lacp needs to be enabled on lag for auto-esi type 1 - configure lag "lag-4" lacp
-
ESI type 1 is allowed with all-active and single-active ESs. When used in single-active mode, the CE must use a single LAG to connect to the multi-homed PEs.
-
It is not possible to manually configure an ESI when auto-esi type-1 is configured:
*[ex:/configure service system bgp evpn ethernet-segment "ESI-23"] A:admin@PE-2# auto-esi type-1 *[ex:/configure service system bgp evpn ethernet-segment "ESI-23"] A:admin@PE-2# esi 01:00:00:00:00:23:00:00:00:01 *[ex:/configure service system bgp evpn ethernet-segment "ESI-23"] A:admin@PE-2# commit MINOR: SVCMGR #1003: configure service system bgp evpn ethernet-segment "ESI-23" auto-esi - Inconsistent value - not supported along with esi configuration
-
An ES with a manually configured ESI cannot be created with the same ESI value as the auto-derived ESI type 1 in another ES.
*[ex:/configure service system bgp evpn ethernet-segment "AA-ESI-23-5"] A:admin@PE-2# esi 01:00:00:5e:00:53:00:01:01:00 *[ex:/configure service system bgp evpn ethernet-segment "AA-ESI-23-5"] A:admin@PE-2# commit MINOR: SVCMGR #8047: configure service system bgp evpn ethernet-segment "AA-ESI-23-5" - Ethernet segment id is not valid - ESI already in use by another ethernet segment
-
If an ES with manual ESI is active and another ES is configured with an auto-derived ESI with the same value as the manual ESI, the auto-ESI value is deleted, and a log event is added to log "99":
# in log "99": 110 2022/05/25 15:28:44.361 CEST MINOR: SVCMGR #2610 Base "The Auto Ethernet segment identifier type-1 has been deleted for Ethernet Segment AA-ESI-23 because the new ID 01:00:00:5e:00:53:00:01:01:00 conflicts with ES AA-ESI-23-5"
Configuration
In this section, ESI type 1 is configured in the following use cases:
- ESI type 1 in all-active ESs
- ESI type 1 in single-active ESs
Example topology shows the example topology with four PEs and two CEs. CE-1 is connected via LAG 1 to the all-active ES "AA-ESI-23" on PE-2 and PE-3; CE-6 is connected via LAG-2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. In this example, an EVPN-MPLS VPLS is configured, but other services are also supported.
The initial configuration includes:
- cards, MDAs, ports
- on PEs: router interfaces, IS-IS, LDP
On the PEs, BGP is configured for the EVPN address family. PE-2 acts as the route reflector with the following configuration:
# on PE-2:
configure {
router "Base" {
autonomous-system 64500
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
rapid-update {
evpn true
}
group "internal" {
peer-as 64500
family {
evpn true
}
cluster {
cluster-id 1.1.1.1
}
}
neighbor "192.0.2.3" {
group "internal"
}
neighbor "192.0.2.4" {
group "internal"
}
neighbor "192.0.2.5" {
group "internal"
}
}
On CE-1, LAG 1 is configured with LACP enabled and administrative key 257, as follows:
# on CE-1:
configure {
lag "lag-1" {
admin-state enable
mode hybrid
max-ports 64
lacp {
mode active
administrative-key 257
}
port 1/1/1 {
}
port 1/1/2 {
}
The LACP system MAC address of CE-1 can be retrieved with the following command:
[/]
A:admin@CE-1# show chassis | match MAC
Base MAC address : 00:00:5e:00:53:00
ESI type 1 in all-active ESs
On PE-2 and PE-3, the all-active ES "AA-ESI-23" is configured with auto-esi type-1 and LAG 1:
# on PE-2, PE-3:
configure {
service {
system {
bgp {
evpn {
ethernet-segment "AA-ESI-23" {
admin-state enable
multi-homing-mode all-active
auto-esi type-1
association {
lag "lag-1" {
}
}
}
The EVPN-MPLS VPLS 1 is configured as follows:
# on PE-2, PE-3:
configure {
service {
vpls "VPLS 1" {
admin-state enable
service-id 1
customer "1"
bgp 1 {
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
sap lag-1:1 {
}
}
The operational ESI on PE-2 is 01:00:00:5e:00:53:00:01:01:00 for CE LACP system MAC address 00:00:5e:00:53:00 and administrative key 0x0101, as can be verified with the following command:
[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23"
===============================================================================
Service Ethernet Segment
===============================================================================
Name : AA-ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:00:01:01:00
Auto-ESI Type : Type 1
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES SHG Label : 524279
Source BMAC LSB : None
Lag Id : 1
ES Activation Timer : 3 secs (default)
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
===============================================================================
This output is slightly different for a manually configured ES, as follows:
# on PE-2, PE-3:
configure {
service {
system {
bgp {
evpn {
ethernet-segment "AA-ESI-23-5" {
admin-state enable
esi 01:00:00:00:00:23:05:00:00:01
multi-homing-mode all-active
association {
lag "lag-5" {
}
}
}
}
}
[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "AA-ESI-23-5"
===============================================================================
Service Ethernet Segment
===============================================================================
Name : AA-ESI-23-5
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:05:00:00:01
Oper ESI : 01:00:00:00:00:23:05:00:00:01
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES SHG Label : 524278
Source BMAC LSB : None
Lag Id : 5
ES Activation Timer : 3 secs (default)
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
===============================================================================
ESI type 1 in single-active ESs
CE-6 is connected via LAG 2 to the single-active ES "SA-ESI-45" on PE-4 and PE-5. An ES operational group and LAG monitor operational group is required in this use case.
On CE-6, LAG 2 is configured with LACP enabled and administrative key 32768 (= 0x8000), as follows:
# on CE-6:
configure {
lag "lag-2" {
admin-state enable
mode hybrid
max-ports 64
lacp {
mode active
administrative-key 32768
}
port 1/1/1 {
}
port 1/1/2 {
}
}
The LACP system MAC address of CE-6 is the following:
[/]
A:admin@CE-6# show chassis | match MAC
Base MAC address : 00:00:5e:00:53:f6
On PE-4 and PE-5, operational group "op-grp-2" is configured and assigned to single-active ES "SA-ESI-45".
LAG 2 monitors this operational group. The configuration is as follows:
# on PE-4:
configure {
lag "lag-2" {
admin-state enable
encap-type dot1q
mode access
monitor-oper-group "op-grp-2"
max-ports 64
lacp {
mode active
system-id 00:00:00:00:45:02
administrative-key 1
}
port 1/1/1 {
}
}
service {
oper-group "op-grp-2" {
hold-time {
## down # default 0
up 0
}
}
system {
bgp {
evpn {
ethernet-segment "SA-ESI-45" {
admin-state enable
multi-homing-mode single-active
oper-group "op-grp-2"
auto-esi type-1
ac-df-capability exclude
service-carving-mode manual # required for oper-group
manual {
preference {
mode non-revertive
value 200
}
}
}
association {
lag "lag-2" {
}
}
}
}
}
}
vpls "VPLS 1" {
admin-state enable
service-id 1
customer "1"
bgp 1 {
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
sap lag-2:1 {
}
}
The following command on Designated Forwarder (DF) PE-4 shows that the operational ESI is 01:00:00:5e:00:53:f6:80:00:00:
# [/]
A:admin@PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : SA-ESI-45
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type : Type 1
AC DF Capability : Exclude
Multi-homing : singleActive Oper Multi-homing : singleActive
ES SHG Label : 524281
Source BMAC LSB : None
Lag : lag-2
ES Activation Timer : 3 secs (default)
Oper Group : op-grp-2
Svc Carving : manual Oper Svc Carving : manual
Cfg Range Type : lowest-pref
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference Preference Last Admin Change Oper Pref Do No
Mode Value Value Preempt
-------------------------------------------------------------------------------
non-revertive 200 05/25/2022 15:14:19 200 Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 yes
-------------------------------------------------------------------------------
Number of entries: 1
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.4
1 192.0.2.5
-------------------------------------------------------------------------------
Number of entries: 2
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
The operational ESI on Non-Designated Forwarder (NDF) PE-5 is the same as for PE-4.
The operational status of the operational group "op-grp-2" on DF PE-4 is up, while it is down on NDF PE-5 where the ES is inactive, as follows:
[/]
A:admin@PE-4# show service oper-group "op-grp-2"
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-2
Creation Origin : manual Oper Status: up
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
[/]
A:admin@PE-5# show service oper-group "op-grp-2" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-2
Creation Origin : manual Oper Status: down
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-2
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-45 Inactive
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-2
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
2 up down No 0 0 N/A
lag-2
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
LAG 2 monitors the operational group "op-grp-2", so it follows the state of the ES "SA-ESI-45". On DF PE-4, LAG 2 is operationally up:
[/]
A:admin@PE-4# show lag "lag-2"
===============================================================================
Lag Data
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count MC Act/Stdby
name
-------------------------------------------------------------------------------
2 up up No 0 1 N/A
lag-2
===============================================================================
On NDF PE-5, LAG 2 is operationally down with reason operGroupDown:
[/]
A:admin@PE-5# show lag "lag-2" detail
===============================================================================
LAG Details
===============================================================================
Description : N/A
-------------------------------------------------------------------------------
Details
-------------------------------------------------------------------------------
Lag-id : 2 Mode : access
Lag-name : lag-2
Adm : up Opr : down
Reason Down : operGroupDown
Thres. Last Cleared : 05/25/2022 14:48:24 Thres. Exceeded Cnt : 0
Dynamic Cost : false Encap Type : dot1q
Configured Address : 02:1f:ff:00:01:42 Lag-IfIndex : 1342177282
Hardware Address : 02:1f:ff:00:01:42 Adapt Qos (access) : distribute
Hold-time Down : 0.0 sec Port Type : standard
Per-Link-Hash : disabled
Include-Egr-Hash-Cfg: disabled Forced : -
Per FP Ing Queuing : disabled Per FP Egr Queuing : disabled
Per FP SAP Instance : disabled
Access Bandwidth : N/A Access Booking Factor: 100
Access Available BW : 0
Access Booked BW : 0
LACP : enabled Mode : active
LACP Transmit Intvl : fast LACP xmit stdby : enabled
Selection Criteria : highest-count Slave-to-partner : disabled
MUX control : coupled
Subgrp hold time : 0.0 sec Remaining time : 0.0 sec
Subgrp selected : 1 Subgrp candidate : -
Subgrp count : 1
System Id : 00:00:00:00:45:02 System Priority : 32768
Admin Key : 1 Oper Key : 1
Prtr System Id : 00:00:5e:00:53:f6 Prtr System Priority : 32768
Prtr Oper Key : 32768
Standby Signaling : lacp
Port hashing : port-speed Port weight speed : 0 gbps
Ports Up : 0
Weights Up : 0 Hash-Weights Up : 0
Monitor oper group : op-grp-2
Oper group status : down
Adaptive loadbal. : disabled Tolerance : N/A
-------------------------------------------------------------------------------
Port-id Adm Act/Stdby Opr Primary Sub-group Forced Prio
-------------------------------------------------------------------------------
1/1/2 up active down yes 1 - 32768
-------------------------------------------------------------------------------
Port-id Role Exp Def Dist Col Syn Aggr Timeout Activity
-------------------------------------------------------------------------------
1/1/2 actor No No No No No Yes Yes Yes
1/1/2 partner No No No No Yes Yes Yes Yes
===============================================================================
When the LAG is operationally down, the SAP is operationally down. On DF PE-4, the SAP is up:
[/]
A:admin@PE-4# show service id 1 sap
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-2:1 1 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
On NDF PE-5, the SAP is operationally down:
[/]
A:admin@PE-5# show service id 1 sap lag-2:1
===============================================================================
Service Access Points(SAP)
===============================================================================
Service Id : 1
SAP : lag-2:1 Encap : q-tag
Description : (Not Specified)
Admin State : Up Oper State : Down
Flags : PortOperDown StandByForMHProtocol
Multi Svc Site : None
Last Status Change : 05/25/2022 14:48:24
Last Mgmt Change : 05/25/2022 15:14:27
===============================================================================
Auto-derived ESI changes when LACP port key on CE is modified
When the LAG goes operationally down due to ports going down or LACP going down, the auto-derived ESI is preserved. However, when the CE LACP configuration is changed— for example, with a different LACP port key—a new ESI is auto-derived.
In this example, the initial operational ESI on PE-4 is 01:00:00:5e:00:53:f6:80:00:00, as follows:
[/]
A:admin@PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name : SA-ESI-45
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:80:00:00
Auto-ESI Type : Type 1
On CE-6, the initial configuration of LAG 2 has LACP active with administrative key 32768:
[ex:/configure lag "lag-2"]
A:admin@CE-6# info
admin-state enable
mode hybrid
max-ports 64
lacp {
mode active
administrative-key 32768
}
port 1/1/1 {
}
port 1/1/2 {
}
On CE-6, LAG 2 is reconfigured with administrative key 4095 (= 0x0fff), as follows:
# on CE-6:
configure {
lag "lag-2" {
admin-state enable
mode hybrid
max-ports 64
lacp {
mode active
administrative-key 4095
}
port 1/1/1 {
}
port 1/1/2 {
}
As a result, the operational ESI on PE-4 is 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
[/]
A:admin@PE-4# show service system bgp-evpn ethernet-segment name "SA-ESI-45" | match ESI
Name : SA-ESI-45
ESI : auto-esi
Oper ESI : 01:00:00:5e:00:53:f6:0f:ff:00
Auto-ESI Type : Type 1
When debugging is enabled for BGP updates, the following ES routes are seen: initially with ESI 01:00:00:5e:00:53:f6:80:00:00 and later with ESI 01:00:00:5e:00:53:f6:0f:ff:00, as follows:
24 2022/05/25 15:14:18.871 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:80:00:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
target:00:00:5e:00:53:f6
"
---snip---
61 2022/05/25 15:23:01.331 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.4
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.4:0 ESI: 01:00:00:5e:00:53:f6:0f:ff:00, IP-Len: 4 Orig-IP-Addr: 192.0.2.4
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
target:00:00:5e:00:53:f6
"
Conclusion
To simplify the configuration of single-active and all-active ESs with LAG association, ESI type 1 can be used to auto-derive the ESI from the CE's LACP system MAC address and LACP port key.