Domain Path Attribute for VPRN BGP Routes
This chapter provides information about the domain path attribute for VPRN BGP routes.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.
Overview
The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.
The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as BGP-EVPN RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in the figure Loop prevention in networks with multiple IP-VPN and EVPN domains.
All PEs in the figure Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.
The figure D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.
The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:
- 0 for local ISF routes
- 1 for PE-CE BGP domains
- 70 for EVPN domains
- 128 for IP-VPN domains
The domain ID can be configured on:
- VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
- VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
- R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
- VPRN BGP neighbors (PE-CE)
- VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.
Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.
A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.
The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.
Configuration
The figure Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- OSPF as IGP on PE-1, PE-2, and PE-3
- IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
- SR-OSPF on PE-1, PE-2, and PE-3
- SRv6 on PE-2, PE-3, and PE-4, configured as in the "Segment Routing over IPv6" chapter in the Segment Routing and PCE volume in the 7450 ESS, 7750 SR, and 7950 XRS MD-CLI Advanced Configuration Guide - Part I.
- LDP on PE-4, RR-5, PE-6, and PE-7
The BGP configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "internal1" {
type internal
family {
evpn true
}
}
neighbor "192.0.2.2" {
group "internal1"
}
neighbor "192.0.2.3" {
group "internal1"
}
}
# on PE-2 (similar configuration on PE-3):
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
router-id 192.0.2.2 # on PE-3: 192.0.2.3
advertise-inactive true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
vpn-ipv4 true
vpn-ipv6 true
evpn true
}
group "internal1" {
next-hop-self true
type internal
local-address 192.0.2.2 # on PE-3: 192.0.2.3
family {
evpn true
}
}
group "internal2" {
next-hop-self true
type internal
local-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
family {
vpn-ipv4 true
vpn-ipv6 true
}
extended-nh-encoding {
vpn-ipv4 true
ipv4 true
}
advertise-ipv6-next-hops {
vpn-ipv6 true
vpn-ipv4 true
}
}
neighbor "192.0.2.1" {
group "internal1"
}
neighbor "192.0.2.3" { # on PE-3: 192.0.2.2
group "internal1"
}
neighbor "2001:db8::2:3" { # on PE-3: 2001:db8::2:2
group "internal2"
}
neighbor "2001:db8::2:4" {
group "internal2"
}
}
# on PE-4:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
router-id 192.0.2.4
advertise-inactive true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
vpn-ipv4 true
vpn-ipv6 true
evpn true
}
group "internal2" {
next-hop-self true
type internal
local-address 2001:db8::2:4
family {
vpn-ipv4 true
vpn-ipv6 true
}
extended-nh-encoding {
vpn-ipv4 true
ipv4 true
}
advertise-ipv6-next-hops {
vpn-ipv6 true
vpn-ipv4 true
}
}
group "internal3" {
next-hop-self true
type internal
local-address 192.0.2.4
family {
vpn-ipv4 true
vpn-ipv6 true
evpn true
}
}
neighbor "192.0.2.5" {
group "internal3"
}
neighbor "2001:db8::2:2" {
group "internal2"
}
neighbor "2001:db8::2:3" {
group "internal2"
}
}
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
vpn-ipv4 true
vpn-ipv6 true
evpn true
}
group "internal3" {
type internal
cluster {
cluster-id 192.0.2.5
}
}
neighbor "192.0.2.4" {
group "internal3"
family {
vpn-ipv4 true
vpn-ipv6 true
evpn true
}
}
neighbor "192.0.2.6" {
group "internal3"
family {
evpn true
}
}
neighbor "192.0.2.7" {
group "internal3"
family {
vpn-ipv4 true
vpn-ipv6 true
}
}
}
# on PE-6:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "internal3" {
type internal
}
neighbor "192.0.2.5" {
group "internal3"
family {
evpn true
}
}
}
# on PE-7:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
vpn-ipv4 true
vpn-ipv6 true
}
group "internal3" {
type internal
}
neighbor "192.0.2.5" {
group "internal3"
family {
vpn-ipv4 true
vpn-ipv6 true
}
}
}
Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances
On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls 1 context:
# on PE-1:
configure {
service {
vprn "VPRN 10" {
admin-state enable
service-id 10
customer "1"
autonomous-system 64496
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.1:10"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-ospf true
}
}
}
}
interface "int-PE-1-CE-11" {
ipv4 {
primary {
address 172.31.1.1
prefix-length 24
}
}
sap 1/1/c5/1:10 {
}
ipv6 {
address 2001:db8::31:1:1 {
prefix-length 120
}
}
}
}
Domain ID 64496:1010 is configured in the bgp-evpn mpls 1 context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.
On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.
# on GW PE-2:
configure {
service {
vprn "VPRN 10" {
admin-state enable
service-id 10
customer "1"
autonomous-system 64496
segment-routing-v6 1 {
locator "PE-2_loc" { # on PE-3:"PE-3_loc"
function {
end-dt4 {
}
end-dt6 {
}
}
}
}
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.2:10" # on PE-3: 192.0.2.3:10
domain-id "64496:1010"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-ospf true
}
}
}
}
bgp-ipvpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:16" # on PE-3: 192.0.2.3:16
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64496:1020"
vrf-target {
community "target:64496:10"
}
srv6 {
instance 1
default-locator "PE-2_loc" # on PE-3:"PE-3_loc"
}
}
}
}
On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.
# on GW PE-4:
configure {
service {
vprn "VPRN 10" {
admin-state enable
service-id 10
customer "1"
autonomous-system 64496
allow-export-bgp-vpn true
segment-routing-v6 1 {
locator "PE-4_loc" {
function {
end-dt4 {
}
end-dt6 {
}
}
}
}
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.4:10"
domain-id "64496:1030"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
}
}
bgp-ipvpn {
mpls {
admin-state enable
route-distinguisher "192.0.2.4:10"
domain-id "64496:1030"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
}
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.4:16"
source-address 2001:db8::2:4
domain-id "64496:1020"
vrf-target {
community "target:64496:10"
}
srv6 {
instance 1
default-locator "PE-4_loc"
}
}
}
For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:
# on PE-6:
configure {
service {
vprn "VPRN 10" {
admin-state enable
service-id 10
customer "1"
autonomous-system 64496
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.6:10"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
}
}
interface "int-PE-6-CE-16" {
ipv4 {
primary {
address 172.31.6.1
prefix-length 24
}
}
sap 1/1/c5/1:10 {
}
ipv6 {
address 2001:db8::31:6:1 {
prefix-length 120
}
}
}
}
PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:
# on PE-7:
configure {
service {
vprn "VPRN 10" {
admin-state enable
service-id 10
customer "1"
autonomous-system 64496
local-routes-domain-id "64496:1007"
bgp-ipvpn {
mpls {
admin-state enable
route-distinguisher "192.0.2.7:10"
vrf-target {
community "target:64496:10"
}
auto-bind-tunnel {
resolution filter
resolution-filter {
ldp true
}
}
}
}
interface "int-PE-7-CE-17" {
ipv4 {
primary {
address 172.31.7.1
prefix-length 24
}
}
sap 1/1/c5/1:10 {
}
ipv6 {
address 2001:db8::31:7:1 {
prefix-length 120
}
}
}
}
The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:
[/]
A:admin@PE-4# show service id 10 bgp-ipvpn
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Auto-Bind Tunnel
Resolution : disabled Strict Tnl Tag : False
ECMP : 0 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:16
Oper Route Dist : 192.0.2.4:16
Oper RD Type : configured
Route Target : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE-4_loc
Source Address : 2001:db8::2:4
Domain-Id : 64496:1020
===============================================================================
For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:
[/]
A:admin@PE-4# show service id 10 bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:10
Oper Route Dist. : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : filter Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
BGP Instance : 1
Filter Tunnel Types: ldp
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
VPRN BGP routes for prefix 172.31.6.0/24
PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on PE-6:
2 2022/09/06 10:46:07.053 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 82
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on RR-5:
12 2022/09/06 10:46:07.053 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 96
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
"
PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):
29 2022/09/06 10:46:07.055 CEST MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 98
Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 24 NextHop 2001:db8::2:4
172.31.6.0/24 RD 192.0.2.4:10 Label 524281 (Raw label 0x7fff91)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"
PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:
# on PE-2:
21 2022/09/06 10:46:07.056 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 115
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"
The figure VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:
The figure VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:
In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.
The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).
# on PE-7:
5 2022/09/06 10:46:12.896 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 72
Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 12 NextHop 192.0.2.7
172.31.7.0/24 RD 192.0.2.7:10 Label 524282 (Raw label 0x7fffa1)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"
RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:
# on PE-2:
31 2022/09/06 10:46:12.900 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 123
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"
Loop prevention
Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in the figure Loop prevention between PE-2 and PE-3:
The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:10 bgp-tunnel-encap:MPLS
Cluster : 192.0.2.5
Originator Id : 192.0.2.6 Peer Router Id : 192.0.2.3
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 172.31.6.0/24
Route Dist. : 192.0.2.3:10
MPLS Label : LABEL 524283
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h11m56s
DPath Loop VRFs: 10
---snip---
The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:
[/]
A:admin@PE-2# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.31.1.0/24 Remote EVPN-IFL 00h12m46s 170
192.0.2.1 (tunneled:SR-OSPF:524290) 10
172.31.6.0/24 Remote BGP VPN 00h12m30s 170
2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6) 20
172.31.7.0/24 Remote BGP VPN 00h12m24s 170
2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances
Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. The figure Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.
The service configuration on PE-1 does not include a domain ID, as follows:
# on PE-1:
configure {
service {
vpls "SBD-21" {
admin-state enable
service-id 21
customer "1"
vxlan {
instance 1 {
vni 1
}
}
routed-vpls {
}
bgp 1 {
}
bgp-evpn {
evi 21
routes {
ip-prefix {
advertise true
}
}
vxlan 1 {
admin-state enable
vxlan-instance 1
}
}
}
vprn "VPRN 20" {
admin-state enable
service-id 20
customer "1"
autonomous-system 64496
interface "int-PE-1-CE-21" {
ipv4 {
primary {
address 10.20.201.1
prefix-length 24
}
}
sap 1/1/c5/1:20 {
}
}
interface "int-SBD-21" {
vpls "SBD-21" {
evpn-tunnel {
}
}
}
}
On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.
# on PE-2:
configure {
service {
vpls "SBD-21" {
admin-state enable
service-id 21
customer "1"
vxlan {
instance 1 {
vni 1
}
}
routed-vpls {
}
bgp 1 {
}
bgp-evpn {
evi 21
routes {
ip-prefix {
advertise true
domain-id "64496:2010"
}
}
vxlan 1 {
admin-state enable
vxlan-instance 1
}
}
}
vprn "VPRN 20" {
admin-state enable
service-id 20
customer "1"
autonomous-system 64496
segment-routing-v6 1 {
locator "PE-2_loc" { # on PE-3: "PE-3_loc"
function {
end-dt46 {
}
}
}
}
bgp-ipvpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:26" # on PE-3; 192.0.2.3:26
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64496:2020"
vrf-target {
community "target:64496:20"
}
srv6 {
instance 1
default-locator "PE-2_loc" # on PE-3: "PE-3_loc"
}
}
}
interface "int-SBD-21" {
vpls "SBD-21" {
evpn-tunnel {
}
}
}
}
The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:
[/]
A:admin@PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.20.201.0/24
Nexthop : 2001:db8::2:3
Route Dist. : 192.0.2.3:26 VPN Label : 524283
Path Id : None
From : 2001:db8::2:3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:20
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:2010:(evpn)]
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h00m51s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:7fff:b000::
Behavior : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
VPRN Imported : None
DPath Loop VRFs: 20
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
The figure Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.
PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:
[/]
A:admin@PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.201.0/24 Remote EVPN-IFF 00h01m59s 169
int-SBD-21 (ET-02:0f:ff:ff:ff:52) 0
10.20.206.0/24 Remote BGP VPN 00h01m43s 170
2001:db8:aaaa:104:7fff:6000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.