AC-Influenced DF Election on an ES

This chapter provides information about Attachment Circuit (AC) influenced Designated Forwarder (DF) election on an Ethernet Segment (ES).

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 22.5.R1. Attachment Circuit (AC) influenced Designated Forwarder (DF) election on an Ethernet Segment (ES) is always enabled in SR OS releases earlier than 21.5.R1. The AC-DF election capability can be disabled in SR OS Release 21.5.R1 and later.

Overview

RFC 8584, section “The AC-Influenced DF Election Capability”, describes the AC-DF capability that modifies the EVPN DF election process in RFC 7432. RFC 8584 states that when PEs build their candidate DF election list, they do not include PEs when no Auto-Discovery (AD) per-ES or per-EVI routes for those PEs are present. In SR OS, this behavior is default for all ESs, configured as ac-df-capability include.

The ac-df-capability command is configurable in the configure service system bgp evpn ethernet-segment context:

[ex:/configure service system bgp evpn ethernet-segment "SA-ESI-23"]
A:admin@PE-2# ac-df-capability ?
 
 ac-df-capability <keyword>
 <keyword>  - (include|exclude)
 Default    - include
 
    AC-influenced DF election capability
 
    Warning: Modifying this element toggles
    'configure service system bgp evpn ethernet-segment "SA-ESI-23" admin-state'
    automatically for the new value to take effect.

The command ac-df-capability exclude disables AC-DF on the ES, so the presence of an AD per-ES or per-EVI does not influence the candidate DF election list. When ac-df-capability exclude is configured:

  • The candidate DF election list is not influenced by the presence or absence of AD per-ES/EVI routes (type 1) from the ES peers.
  • PEs are only removed from the candidate DF election list when their ES route (type 4) is not present.
  • The local ES route is active if there are active SAPs on the ES.
  • When the local AC is operationally down, due to admin-state disable or reason other than Multi Homing (MH) standby, this does not trigger a DF switchover.

The ac-df-capability exclude option:

  • is supported with any type of service-carving (DF Election)
  • is recommended in ESs that use an operational group monitored by the access LAG to signal standby LACP or power-off
  • must be configured consistently on all PEs attached to the same ES

AC-DF enabled – default

The following example illustrates the default behavior, where a PE builds the list of DF candidates with nodes that have sent EVPN AD per-ES/EVI routes. This behavior is compatible with the behavior in SR OS releases earlier than 21.5.R1.

PE-4 as the DF on a single-active ES for three VPLSs shows a topology with MTU-6 connected via SDPs to the single-active ES "SA-vESI-45". PE-4 is the DF for three services: VPLS 1, VPLS 2, and VPLS 3. Traffic for these services passes via PE-4, while PE-5 is standby.

Figure 1. PE-4 as the DF on a single-active ES for three VPLSs
PE-4 as the DF on a single-active ES for three VPLSs

When a failure occurs on the spoke-SDP in VPLS 2 on PE-4, PE-4 sends an EVPN-AD per-EVI withdrawal and PE-4 becomes the Non-Designated Forwarder (NDF) for VPLS 2, while remaining the DF for VPLS 1 and VPLS 3, as shown in AC failure in VPLS 2 on PE-4 causes PE-5 to become the DF for VPLS 2.

Figure 2. AC failure in VPLS 2 on PE-4 causes PE-5 to become the DF for VPLS 2
AC failure in VPLS 2 on PE-4 causes PE-5 to become the DF for VPLS 2

VPLS 2 traffic to and from MTU-6 passes via DF PE-5, while VPLS 1 and VPLS 3 traffic will pass via DF PE-4. No traffic is dropped. The AC failure in VPLS 2 does not have an impact on the other services.

Problem with AC-DF on ES with the operational group monitored by LAG

In this example, a failure in an access circuit of a particular service also impacts other services when the AC-DF capability is enabled.

PE-2 is DF on single-active ES for three VPLSs shows a single-active ES with LAG 1 associated with it. An operational group is assigned to the ES and monitored by the LAG to signal standby LACP (default) or power off. Three VPLSs are configured on PE-2 and PE-3. PE-2 is the DF for each of these VPLSs.

Figure 3. PE-2 is DF on single-active ES for three VPLSs
PE-2 is DF on single-active ES for three VPLSs

On NDF PE-3, the ES is inactive which causes the operational group in the ES to go down. LAG 1 monitors this operational group, so the LAG goes standby on NDF PE-3. LAG 1 has LACP standby-signaling enabled (default). On CE-1, only the LAG port to DF PE-2 is up and all traffic for the VPLSs goes via PE-2.

When the single-active ES has the default AC-DF setting (ac-df-capability include), a failure (or an unintended admin-state disable) on SAP lag-1:2 in VPLS 2 (or on the VPLS 2 service) on PE-2 can have an impact on all three services that share LAG 1. AC failure in VPLS 2 on PE-2 causes PE-3 to become DF for VPLS 2 shows that such an AC failure in VPLS 2 on PE-2 causes PE-3 to become the DF for VPLS 2 (after receiving an AD per-EVI withdrawal from PE-2).

Figure 4. AC failure in VPLS 2 on PE-2 causes PE-3 to become DF for VPLS 2
AC failure in VPLS 2 on PE-2 causes PE-3 to become DF for VPLS 2

When PE-3 is the DF for VPLS 2, the ES operational group on PE-3 goes up. Therefore, the monitoring LAG is up on PE-3. On CE-1, both LAG ports to PE-2 and PE-3 are up. CE-1 can now send all VPLS traffic via either LAG port: DF PE-2 forwards the VPLS 1 and VPLS 3 traffic whereas NDF PE-3 drops it. PE-3 accepts VPLS 2 traffic, but PE-2 drops it. Approximately 50% of the traffic is lost.

AC-DF capability disabled

Nokia recommends disabling the AC-DF capability in ESs where the operational group is monitored by the LAG. AC failure in VPLS 2 on PE-2 has no impact on DF election shows the situation with the AC-DF disabled (ac-df-capability exclude): the PEs ignore the AD per-EVI withdrawal and PE-2 remains the DF for VPLS 2.

Figure 5. AC failure in VPLS 2 on PE-2 has no impact on DF election
AC failure in VPLS 2 on PE-2 has no impact on DF election

VPLS 2 traffic is dropped by PE-2, but the other services are not impacted.

Configuration

Example topology shows the example topology with four PEs in an EVPN-MPLS network.

Figure 6. Example topology
Example topology with four PEs in an EVPN-MPLS network

The initial configuration includes:

  • cards, MDAs, ports
  • router interfaces on the PEs and on MTU-6
  • IS-IS on the router interfaces (alternatively, OSPF can be configured)
  • LDP on the router interfaces

On the PEs, BGP is configured for the EVPN address family. In this example, PE-2 is the Route Reflector (RR) with the following BGP configuration:

# on PE-2:
configure {
    router "Base" {
        autonomous-system 64500
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            rapid-update {
                evpn true
            }
            group "internal" {
                peer-as 64500
                family {
                    evpn true
                }
                cluster {
                    cluster-id 192.0.2.2
                }
            }
            neighbor "192.0.2.3" {
                group "internal"
            }
            neighbor "192.0.2.4" {
                group "internal"
            }
            neighbor "192.0.2.5" {
                group "internal"
            }
        }

The BGP configuration on the clients PE-3, PE-4, and PE-5 is as follows:

# on PE-3, PE-4, PE-5:
configure {
    router "Base" {
        autonomous-system 64500
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            rapid-update {
                evpn true
            }
            group "internal" {
                peer-as 64500
                family {
                    evpn true
                }
            }
            neighbor "192.0.2.2" {
                group "internal"
            }
        }

AC-DF capability enabled – default

On PE-2 and PE-3, operational group "op-grp-sa-es-23" is configured. This operational group is assigned to the single-active ES "SA-ESI-23" and monitored on LAG 1.

On PE-2, LAG 1 is configured as follows. The LAG configuration on PE-3 is similar, but with port 1/1/1 instead.

# on PE-2:
configure {
    lag "lag-1" {
        admin-state enable
        encap-type dot1q
        mode access
        # standby-signaling lacp      # default
        monitor-oper-group "op-grp-sa-es-23"
        max-ports 64
        lacp {
            mode active
            system-id 00:00:00:00:23:01
            administrative-key 1
        }
        port 1/1/2 {
        }
    }

On PE-2 and PE-3, three VPLS services are configured with SAPs from LAG 1, which is associated with single-active ES "SA-ESI-23". This ES is configured with the operational group "op-grp-sa-es-23" that is monitored by LAG 1. The operational group triggers the LACP standby signaling from the NDF PE to CE-1 to avoid attracting traffic.

The service configuration on PE-2 and PE-3 is similar; only the preference value for the service carving in the ES is different.

Note:

When an operational group is associated with an ES, the hold timers for the operational group must be zero (the default value).

# on PE-2:
configure {
    service {
        oper-group "op-grp-sa-es-23" {
            hold-time {
             ## down    # default 0
                up 0
            }
        }
        system {
            bgp {
                evpn {
                    ethernet-segment "SA-ESI-23" {
                        admin-state enable
                        esi 01:00:00:00:00:23:01:00:00:01
                        multi-homing-mode single-active
                        oper-group "op-grp-sa-es-23"
                        # ac-df-capability include        # default
                        df-election {
                            service-carving-mode manual
                            manual {
                                preference {
                                    mode non-revertive
                                    value 200         # on PE-3: preference value 100
                                }
                            }
                        }
                        association {
                            lag "lag-1" {
                            }
                        }
                    }
                }
            }
        }
        vpls "VPLS 1" {
            admin-state enable
            service-id 1
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 1
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            sap lag-1:1 {
            }
        }
        vpls "VPLS 2" {
            admin-state enable
            service-id 2
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 2
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            sap lag-1:2 {
            }
        }
        vpls "VPLS 3" {
            admin-state enable
            service-id 3
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 3
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            sap lag-1:3 {
            }
        }

On PE-4 and PE-5, single-active virtual ES "SA-vESI-45" is configured. No operational group is configured here. The service configuration on PE-4 is as follows. The configuration on PE-5 is similar, but with a different SDP and a different preference value for service carving.

# on PE-4:  
configure {
    service {
        system {
            bgp {
                evpn {
                    ethernet-segment "SA-vESI-45" {
                        admin-state enable
                        type virtual
                        esi 0x01000000004501000001
                        multi-homing-mode single-active
                        # ac-df-capability include      # default
                        df-election {
                            service-carving-mode manual
                            manual {
                                preference {
                                    value 200        # on PE-5: value 100
                                }
                            }
                        }
                        association {
                            sdp 46 {
                                virtual-ranges {
                                    vc-id 1 {
                                        end 3
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        sdp 46 {                # on PE-5: sdp 56
            admin-state enable
            delivery-type mpls
            ldp true
            far-end {
                ip-address 192.0.2.6
            }
        }
        vpls "VPLS 1" {
            admin-state enable
            service-id 1
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 1
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            spoke-sdp 46:1 {            # on PE-5: spoke-sdp 56:1
            }
        }
        vpls "VPLS 2" {
            admin-state enable
            service-id 2
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 2
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            spoke-sdp 46:2 {            # on PE-5: spoke-sdp 56:2
            }
        }
        vpls "VPLS 3" {
            admin-state enable
            service-id 3
            customer "1"
            bgp 1 {
            }
            bgp-evpn {
                evi 3
                mpls 1 {
                    admin-state enable
                    ingress-replication-bum-label true
                    ecmp 2
                    auto-bind-tunnel {
                        resolution any
                    }
                }
            }
            spoke-sdp 46:3 {            # on PE-5: spoke-sdp 56:3
            }
        }

With the AC-DF capability enabled (default), the PEs send ES routes with AC:1 in the extended community for DF election. The following ES route is received by PE-3 from PE-2:

10 2022/06/08 15:38:15.005 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 71
    Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.2:0 ESI: 01:00:00:00:00:23:01:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.2
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:1
        target:00:00:00:00:23:01

The remainder of the chapter focuses on PE-2 and PE-3, where an AC failure in one of the services can have an impact on the other services using the same LAG.

DF election

PE-2 is the highest-preference PE in the ES and becomes the DF (preference value 200 on PE-2 versus preference value 100 on PE-3). In case of equal preference value between PE-2 and PE-3, the Don't Preempt (DP) bit is the tiebreaker (DP = 1 for non-revertive wins over DP = 0); if that is also a tie, the lowest PE IP address is the tiebreaker.

The following command shows that PE-2 is the DF for all three VPLSs. The candidate list contains both PE-2 and PE-3 for each of these VPLSs.

[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : SA-ESI-23
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : 01:00:00:00:00:23:01:00:00:01
Oper ESI                : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type           : None
AC DF Capability        : Include
Multi-homing            : singleActive       Oper Multi-homing  : singleActive
ES SHG Label            : 524276
Source BMAC LSB         : None
Lag                     : lag-1
ES Activation Timer     : 3 secs (default)
Oper Group              : op-grp-sa-es-23
Svc Carving             : manual             Oper Svc Carving   : manual
Cfg Range Type          : lowest-pref
 
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference     Preference     Last Admin Change        Oper Pref      Do No
Mode           Value                                   Value          Preempt
-------------------------------------------------------------------------------
non-revertive  200            06/08/2022 15:38:15      200            Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
 
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   yes
2                   2                   0                   yes
3                   3                   0                   yes
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
 
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.2
1                                       192.0.2.3
2                                       192.0.2.2
2                                       192.0.2.3
3                                       192.0.2.2
3                                       192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---

The same command on PE-3 shows that PE-3 is NDF for the three VPLSs and the DF candidate list is identical to the one on PE-2:

[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : SA-ESI-23
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : 01:00:00:00:00:23:01:00:00:01
Oper ESI                : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type           : None
AC DF Capability        : Include
Multi-homing            : singleActive       Oper Multi-homing  : singleActive
ES SHG Label            : 524276
Source BMAC LSB         : None
Lag                     : lag-1
ES Activation Timer     : 3 secs (default)
Oper Group              : op-grp-sa-es-23
Svc Carving             : manual             Oper Svc Carving   : manual
Cfg Range Type          : lowest-pref
 
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference     Preference     Last Admin Change        Oper Pref      Do No
Mode           Value                                   Value          Preempt
-------------------------------------------------------------------------------
non-revertive  100            06/08/2022 15:38:44      100            Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
 
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   no
2                   2                   0                   no
3                   3                   0                   no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
 
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.2
1                                       192.0.2.3
2                                       192.0.2.2
2                                       192.0.2.3
3                                       192.0.2.2
3                                       192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---

Operational group status

PE-2 is the DF, so the ES "SA-ESI-23" is active, the operational group "op-grp-sa-es-23" is operationally up, and the monitoring LAG 1 is operationally up.

[/]
A:admin@PE-2# show service oper-group "op-grp-sa-es-23" detail
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-sa-es-23
Creation Origin  : manual                          Oper Status: up
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
 
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment                        Status
-------------------------------------------------------------------------------
SA-ESI-23                               Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
 
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id         Adm       Opr       Weighted  Threshold Up-Count  Act/Stdby
    name
-------------------------------------------------------------------------------
1              up        up        No        0         1         N/A
    lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring

PE-3 is NDF, so the ES "SA-ESI-23" is inactive, the operational group "op-grp-sa-es-23" is operationally down, and the monitoring LAG 1 is operationally down:

[/]
A:admin@PE-3# show service oper-group "op-grp-sa-es-23" detail
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-sa-es-23
Creation Origin  : manual                          Oper Status: down
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
 
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment                        Status
-------------------------------------------------------------------------------
SA-ESI-23                               Inactive
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
 
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id         Adm       Opr       Weighted  Threshold Up-Count  Act/Stdby
    name
-------------------------------------------------------------------------------
1              up        down      No        0         0         N/A
    lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring

LAG port status

On DF PE-2, LAG port 1/1/2 toward CE-1 is operationally up:

[/]
A:admin@PE-2# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/2          up    active   up    yes     1              -      32768
===============================================================================

On NDF PE-3, LAG port 1/1/1 toward CE-1 is operationally down:

[/]
A:admin@PE-3# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/1          up    active   down  yes     1              -      32768
===============================================================================

On CE-1, LAG port 1/1/1 toward DF PE-2 is operationally up while LAG port 1/1/2 toward NDF PE-3 is down:

[/]
A:admin@CE-1# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/1          up    active   up    yes     1              -      32768
       1/1/2          up    active   down          1              -      32768
===============================================================================

AD per-EVI route withdrawal

A failure is simulated by disabling SAP lag-1:2 in VPLS 2 on PE-2:

# on PE-2:
configure {
    service {
        vpls "VPLS 2" {
            sap lag-1:2 {
                admin-state disable

PE-2 withdraws the EVPN-AD per-EVI route. The following withdrawal is received by PE-3:

77 2022/06/08 15:44:59.536 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 69
    Flag: 0x90 Type: 15 Len: 65 Multiprotocol Unreachable NLRI:
        Address Family EVPN
        Type: EVPN-MAC Len: 33 RD: 192.0.2.2:2 ESI: ESI-0, tag: 0, mac len: 48 mac: 00:00:00:00:02:01, IP len: 0, IP: NULL, label1: 0
        Type: EVPN-AD Len: 25 RD: 192.0.2.2:2 ESI: 01:00:00:00:00:23:01:00:00:01, tag: 0 Label: 0 (Raw Label: 0x0) PathId:
"

The following command on PE-3 shows that the list of DF candidates no longer includes PE-2 in the DF candidate list for VPLS 2 and that PE-3 is the DF for VPLS 2, while remaining the NDF for VPLS 1 and VPLS 3.

[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all | match "EVI Information" pre-lines 2 post-lines 24
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   no
2                   2                   0                   yes
3                   3                   0                   no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.2
1                                       192.0.2.3
2                                       192.0.2.3
3                                       192.0.2.2
3                                       192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 5
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================

When PE-3 becomes the DF for one of the services, the ES "SA-ESI-23" is active and the operational group "op-grp-sa-es-23" and LAG 1 are up, as follows:

[/]
A:admin@PE-3# show service oper-group "op-grp-sa-es-23" detail
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-sa-es-23
Creation Origin  : manual                          Oper Status: up
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
 
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment                        Status
-------------------------------------------------------------------------------
SA-ESI-23                               Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
 
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id         Adm       Opr       Weighted  Threshold Up-Count  Act/Stdby
    name
-------------------------------------------------------------------------------
1              up        up        No        0         1         N/A
    lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring

On PE-3, LAG port 1/1/1 toward CE-1 is up:

[/]
A:admin@PE-3# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/1          up    active   up    yes     1              -      32768
===============================================================================

PE-2 remains the DF for VPLS 1 and VPLS 3:

[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all | match "EVI Information" pre-lines 2 post-lines 24
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   yes
2                   2                   0                   no
3                   3                   0                   yes
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.2
1                                       192.0.2.3
2                                       192.0.2.3
3                                       192.0.2.2
3                                       192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 5
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================

On PE-2, ES "SA-ESI-23" remains active, so the operational group "op-grp-sa-es-23" is up and the monitoring LAG is also up:

[/]
A:admin@PE-2# show service oper-group "op-grp-sa-es-23" detail
 
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group       : op-grp-sa-es-23
Creation Origin  : manual                          Oper Status: up
Hold DownTime    : 0 secs                          Hold UpTime: 0 secs
Members          : 1                               Monitoring : 1
===============================================================================
 
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment                        Status
-------------------------------------------------------------------------------
SA-ESI-23                               Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
 
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id         Adm       Opr       Weighted  Threshold Up-Count  Act/Stdby
    name
-------------------------------------------------------------------------------
1              up        up        No        0         1         N/A
    lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring

The following commands on PE-2 shows that SAP lag-1:1 in VPLS 1 is up, SAP lag-1:2 in VPLS 2 is down (as it might be due to a failure or misconfiguration), and SAP lag-1:3 in VPLS 3 is up:

[/]
A:admin@PE-2# show service id 1 sap
 
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:1                         1          1     none    1     none   Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
[/]
A:admin@PE-2# show service id 2 sap
 
===============================================================================
SAP(Summary), Service 2
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:2                         2          1     none    1     none   Down Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================


[/]
A:admin@PE-2# show service id 3 sap
 
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:3                         3          1     none    1     none   Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================

On PE-3, lag-1:2 is up while lag-1:1 and lag-1:3 are down, as follows:

[/]
A:admin@PE-3# show service sap-using sap lag-1
 
===============================================================================
Service Access Points
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:1                         1          1     none    1     none   Up   Down
lag-1:2                         2          1     none    1     none   Up   Up
lag-1:3                         3          1     none    1     none   Up   Down
-------------------------------------------------------------------------------
Number of SAPs : 3
-------------------------------------------------------------------------------
===============================================================================

On CE-1, both ports in LAG 1 are up:

[/]
A:admin@CE-1# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/1          up    active   up    yes     1              -      32768
       1/1/2          up    active   up            1              -      32768
===============================================================================

All traffic can take either LAG port, but PE-2 only forwards traffic for VPLS 1 and VPLS 3, while PE-3 only forwards traffic for VPLS 2. Traffic from VPLS 1 or VPLS 3 via port 1/1/2 to PE-3 is dropped by PE-3 because it is the NDF for VPLS 1 and VPLS 3. VPLS 2 traffic via LAG port 1/1/1 to PE-2 is dropped because SAP lag-1:2 is down (failure). This means that approximately 50% of the traffic is lost.

Potential loss on a single service under maintenance is acceptable but affecting other services on the same node is not acceptable. The solution is to disable the AC-DF capability.

AC-DF capability disabled

The default use of the AC-DF capability in SR OS is disabled on PE-2 and PE-3:

# on PE-2, PE-3:
configure {
    service {
        system {
            bgp {
                evpn {
                    ethernet-segment "SA-ESI-23" {
                        ac-df-capability exclude

With AC-DF disabled, ES routes contain AC:0 in the DF-election extended community, as follows:

# on PE-3:
142 2022/06/08 15:54:10.390 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 71
    Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.2:0 ESI: 01:00:00:00:00:23:01:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.2
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
        target:00:00:00:00:23:01
"

With the AC-DF capability disabled, the withdrawal of EVPN-AD routes does not influence the DF election. In this example, PE-2 remains the DF for all services, including VPLS 2, even when traffic for that service is dropped by PE-2. The following command shows that the DF candidate list on PE-3 contains six entries: even for VPLS 2, PE-2 is included in the list. PE-3 is the NDF for all three services.

[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
 
===============================================================================
Service Ethernet Segment
===============================================================================
Name                    : SA-ESI-23
Eth Seg Type            : None
Admin State             : Enabled            Oper State         : Up
ESI                     : 01:00:00:00:00:23:01:00:00:01
Oper ESI                : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type           : None
AC DF Capability        : Exclude
Multi-homing            : singleActive       Oper Multi-homing  : singleActive
ES SHG Label            : 524275
Source BMAC LSB         : None
Lag                     : lag-1
ES Activation Timer     : 3 secs (default)
Oper Group              : op-grp-sa-es-23
Svc Carving             : manual             Oper Svc Carving   : manual
Cfg Range Type          : lowest-pref
 
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference     Preference     Last Admin Change        Oper Pref      Do No
Mode           Value                                   Value          Preempt
-------------------------------------------------------------------------------
non-revertive  100            06/08/2022 15:38:44      100            Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
 
===============================================================================
EVI Information
===============================================================================
EVI                 SvcId               Actv Timer Rem      DF
-------------------------------------------------------------------------------
1                   1                   0                   no
2                   2                   0                   no
3                   3                   0                   no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
 
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI                                     DF Address
-------------------------------------------------------------------------------
1                                       192.0.2.2
1                                       192.0.2.3
2                                       192.0.2.2
2                                       192.0.2.3
3                                       192.0.2.2
3                                       192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---

On NDF PE-3, the single-active ES "SA-ESI-23" is inactive and the ES operational group is down. The monitoring LAG is also operationally down.

On CE-1, LAG port 1/1/2 toward PE-3 is down:

[/]
A:admin@CE-1# show lag "lag-1" port
 
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id     Port-id        Adm   Act/     Opr   Primary Sub-group      Forced Prio
                            Stdby
-------------------------------------------------------------------------------
lag-1
1(e)   1/1/1          up    active   up    yes     1              -      32768
       1/1/2          up    active   down          1              -      32768
===============================================================================

CE-1 sends all traffic via LAG port 1/1/1 to PE-2. VPLS 1 and VPLS 3 traffic is forwarded by DF PE-2, whereas VPLS 2 traffic is dropped. Therefore, the failure does not have an impact on the other services.

On PE-2, SAP lag-1:1 in VPLS 1 and SAP lag-1:3 in VPLS 3 are operationally up:

[/]
A:admin@PE-2# show service id 1 sap
 
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:1                         1          1     none    1     none   Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================


[/]
A:admin@PE-2# show service id 3 sap
 
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:3                         3          1     none    1     none   Up   Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================

On PE-3, all SAPs in the VPLSs are down:

[/]
A:admin@PE-3# show service id 2 base
 
===============================================================================
Service Basic Information
===============================================================================
Service Id        : 2                   Vpn Id            : 0
Service Type      : VPLS
MACSec enabled    : no
Name              : VPLS 2
---snip---
 
Admin State       : Up                  Oper State        : Up
---snip---

-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier                               Type         AdmMTU  OprMTU  Adm  Opr
-------------------------------------------------------------------------------
sap:lag-1:2                              q-tag        1518    1518    Up   Down
===============================================================================
* indicates that the corresponding row element may have been truncated.


[/]
A:admin@PE-3# show service id 1 sap
 
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:1                         1          1     none    1     none   Up   Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================

 
[/]
A:admin@PE-3# show service id 3 sap
 
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId                          SvcId      Ing.  Ing.    Egr.  Egr.   Adm  Opr
                                           QoS   Fltr    QoS   Fltr
-------------------------------------------------------------------------------
lag-1:3                         3          1     none    1     none   Up   Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================

Conclusion

By default, the AC-DF capability is enabled. Disabling the AC-DF capability is recommended in ESs that use an operational group monitored by the access LAG to signal standby LACP or power-off.