Dual EVPN-MPLS Instance VPLS Services
This chapter provides information about the dual EVPN-MPLS instance VPLS services.
Topics in this chapter include:
Applicability
The information and MD-CLI configuration in this chapter are based on SR OS Release 22.10.R1. Dual EVPN-MPLS instance in VPLS is supported in SR OS Release 21.10.R1 and later.
Overview
One of the scale issues that low-scale access nodes or leaf PEs face in high-scale architectures is the limited number of EVPN/IP-VPN next hops, tunnels, and service labels that they support.
The following solutions reduce the number of EVPN next hops exposed to the access nodes:
- inter-AS model B, as described in the Inter-AS VPRN Model B chapter
- next-hop-self route reflectors (NHS-RRs)
The figure Access nodes receive next hops from the NHS-RRs shows the NHS-RR solution reducing the number of EVPN next hops that are sent to the low-scale access nodes PE-1 and PE-2. Only the two NHS-RRs are exposed as next hops to PE-1.
The number of EVPN next hops is reduced, but the number of service labels to be learned is not. PE-1 still learns one service label per remote PE for each service it is attached to. In case of EVPN E-LAN services and broadcast, unknown unicast, and multicast (BUM) traffic, the ingress PE still needs one copy of every BUM packet per egress PE that exists in the remote domains, even if all the BUM traffic goes through one of the two NHS-RRs (or ASBRs in the case of model B).
The following solutions reduce the number of service labels:
- VPRN services on the NHS-RRs with allow-export-bgp-vpn configured
- dual EVPN-MPLS instance VPLS services on the NHS-RRs
The allow-export-bgp-vpn command applies to VPRN services using EVPN-IFL, VPN-IPv4, and VPN-IPv6 families. Routes from the WAN are imported to the VPRN service and exported to the access nodes as new VPN-IP routes. The values of the service labels, route targets (RTs), and BGP next hops of the re-advertised routes are based on the configuration of the exporting VPRN.
The figure Access nodes receive one service label per service from each NHS-RR shows a dual EVPN-MPLS instance VPLS service on the NHS-RRs, which offers a similar solution for EVPN-VPLS services to the allow-export-bgp-vpn solution for VPRN services. EVPN-MPLS routes received from the WAN are imported to the network EVPN-MPLS instance and redistributed to the access EVPN-MPLS instance with a new route distinguisher (RD), next hop, service label, and possibly a new RT. The ingress PE learns only one service label for each NHS-RR per service, as opposed to one service label per remote PE that is attached to the same EVPN service. With this solution, the replication of BUM traffic is also optimized because the ingress PE sends a single copy of each BUM packet to the NHS-RR, as opposed to one copy per egress PE.
In the example, redundant NHS-RRs are used. Redundancy is handled via anycast multihoming, which implies that two or more PEs are configured with the same service parameters as part of the same redundancy group: identical route distinguishers and RTs per instance, and the same anycast IP address. The ingress PEs set up EVPN destinations to only one PE in the anycast group for a specific service. EVPN BUM destinations are not established between PEs in the same anycast group because the received anycast peer inclusive multicast Ethernet tag (IMET) routes have the same local originating IP address. In anycast multihoming scenarios, policies are required to prevent control-plane loops.
Configuration
The following scenarios are described in this section:
- dual EVPN-MPLS instance VPLS without multihoming
- dual EPVN-MPLS instance VPLS with anycast multihoming
Dual EVPN-MPLS instance VPLS without multihoming
The figure Example topology 1 shows EVPN-MPLS VPLS 1 configured on four PEs. PE-2 and PE-4 are EVPN gateways (GWs). RR-7 is the route reflector for PE-2 and PE-4 in the WAN network.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- IS-IS level 1 between PE-1 and PE-2 and between PE-4 and PE-6
- IS-IS level 2 between PE-2, PE-4, and RR-7
- SR-TE tunnels between PE-2 and PE-4
- MPLS LSPs between PE-1 and PE-2 and between PE-4 and PE-6
BGP is configured on all nodes for the EVPN address family. PE-1 peers with the dual-homed EVPN GW PE-2. In a similar way, PE-6 peers with EVPN GW PE-4. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access1" {
peer-as 64496
family {
evpn true
}
}
neighbor "192.0.2.2" {
group "access1"
}
}
EVPN GW PE-2 peers with PE-1 in BGP group "access1" and with RR-7 in BGP group "WAN":
# on PE-2:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "WAN" {
next-hop-self true
peer-as 64496
family {
evpn true
}
export {
policy ["drop-tag-10"]
}
}
group "access1" {
next-hop-self true
peer-as 64496
family {
evpn true
}
cluster {
cluster-id 192.0.2.2
}
export {
policy ["drop-tag-20"]
}
}
neighbor "192.0.2.1" {
group "access1"
}
neighbor "192.0.2.7" {
group "WAN"
}
}
The BGP configuration on PE-4 is similar. The export policies use tags to avoid loops in topologies with redundant EVPN GWs, as described in the section Dual EVPN-MPLS instance VPLS with anycast multihoming.
RR-7 peers with PE-2 and PE-4 in BGP group "WAN":
# on RR-7:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "WAN" {
peer-as 64496
family {
evpn true
}
cluster {
cluster-id 192.0.2.7
}
}
neighbor "192.0.2.2" {
group "WAN"
}
neighbor "192.0.2.4" {
group "WAN"
}
}
On PE-1, VPLS 1 is configured with a single EVPN-MPLS instance. The RD 192.0.2.1:1 for BGP 1 is auto-derived from the values for the IPv4 system address and the EVI. PE-1 imports and exports routes with RT 64496:101.
# on PE-1:
configure {
service {
vpls "VPLS-1" {
admin-state enable
service-id 1
customer "1"
bgp 1 {
# route-distinguisher 192.0.2.1:1 # will be auto-derived
route-target {
export "target:64496:101"
import "target:64496:101"
}
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
}
sap 1/1/c10/1:1 {
}
}
On PE-2, VPLS 1 is configured with two EVPN-MPLS instances: instance 1 is configured with multihoming mode access and instance 2 with the (default) multihoming mode network, as follows:
# on PE-2:
configure {
service {
system {
bgp-auto-rd-range {
ip-address 192.0.2.2
community-value {
start 2000
end 2999
}
}
}
vpls "VPLS-1" {
admin-state enable
description "dual BGP-EVPN MPLS instance VPLS"
service-id 1
customer "1"
bgp 1 {
# route-distinguisher 192.0.2.2:1 # will be auto-derived
route-target {
export "target:64496:101"
import "target:64496:101"
}
}
bgp 2 {
route-distinguisher auto-rd
route-target {
export "target:64496:100"
import "target:64496:100"
}
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
mh-mode access
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
mpls 2 {
admin-state enable
# mh-mode network # default MH mode
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-te true
}
}
}
}
}
On PE-4, the configuration is similar:
# on PE-4:
configure {
service {
system {
bgp-auto-rd-range {
ip-address 192.0.2.4
community-value {
start 2000
end 2999
}
}
}
vpls "VPLS-1" {
admin-state enable
description "dual BGP-EVPN MPLS instance VPLS"
service-id 1
customer "1"
bgp 1 {
# route-distinguisher 192.0.2.4:1 # will be auto-derived
route-target {
export "target:64496:102"
import "target:64496:102"
}
}
bgp 2 {
route-distinguisher auto-rd # different RD
route-target {
export "target:64496:100"
import "target:64496:100"
}
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
mh-mode access
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
mpls 2 {
admin-state enable
# mh-mode network # default MH mode
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-te true
}
}
}
}
}
The following command on PE-2 shows BGP instances 1 and 2 in VPLS 1. RD 192.0.2.2:1 for BGP instance 1 is auto-derived from the IPv4 system address and the EVI; the RD for BGP instance 2 is configured with auto-rd and has the value 192.0.2.2:2000. The RT values are configured.
[/]
A:admin@PE-2# show service id 1 bgp
===============================================================================
BGP Information
===============================================================================
Bgp Instance : 1
Vsi-Import : None
Vsi-Export : None
Route Dist : None
Oper Route Dist : 192.0.2.2:1
Oper RD Type : derivedEvi
Rte-Target Import : 64496:101 Rte-Target Export: 64496:101
Oper RT Imp Origin : configured Oper RT Import : 64496:101
Oper RT Exp Origin : configured Oper RT Export : 64496:101
ADV Service MTU : -1
Bgp Instance : 2
Vsi-Import : None
Vsi-Export : None
Route Dist : auto-rd
Oper Route Dist : 192.0.2.2:2000
Oper RD Type : auto
Rte-Target Import : 64496:100 Rte-Target Export: 64496:100
Oper RT Imp Origin : configured Oper RT Import : 64496:100
Oper RT Exp Origin : configured Oper RT Export : 64496:100
ADV Service MTU : -1
PW-Template Id : None
-------------------------------------------------------------------------------
===============================================================================
The following command on PE-2 shows EVPN destination 192.0.2.1 in EVPN-MPLS instance 1:
[/]
A:admin@PE-2# show service id 1 evpn-mpls instance 1
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.1 524286 0 bum 12/13/2022 09:56:36
rsvp:1 No
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
The following command on PE-2 shows EVPN destination 192.0.2.4 in EVPN-MPLS instance 2:
[/]
A:admin@PE-2# show service id 1 evpn-mpls instance 2
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.4 524282 0 bum 12/13/2022 09:56:39
sr-te:655362 No
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
When traffic is sent between CE-11 and CE-16, MAC address 00:00:5e:00:53:11 of CE-11 is learned on the local SAP in VPLS 1 on PE-1 and MAC address 00:00:5e:00:53:16 of CE-16 is learned on the local SAP in VPLS 1 on PE-6. EVPN MAC routes are advertised to the BGP-EVPN peers.
The forwarding database (FDB) on PE-1 is as follows:
[/]
A:admin@PE-1# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 00:00:5e:00:53:11 sap:1/1/c10/1:1 L/0 12/13/22 10:04:14
1 00:00:5e:00:53:16 mpls-1: Evpn 12/13/22 10:04:14
192.0.2.2:524284
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB on PE-2 shows that an EVPN MAC route is received in EVPN-MPLS instance 1 for address 00:00:5e:00:53:11 whereas an EVPN MAC route is received in EVPN-MPLS instance 2 for address 00:00:5e:00:53:16.
[/]
A:admin@PE-2# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 00:00:5e:00:53:11 mpls-1: Evpn 12/13/22 10:04:14
192.0.2.1:524286
rsvp:1
1 00:00:5e:00:53:16 mpls-2: Evpn 12/13/22 10:04:14
192.0.2.4:524282
sr-te:655362
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The following command shows the received EVPN-MAC routes on PE-2 for MAC address 00:00:5e:00:53:16. The route with RD 192.0.2.4:2000 is used:
[/]
A:admin@PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:16
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.4:2000 00:00:5e:00:53:16 ESI-0
0 Seq:0 LABEL 524282
n/a
192.0.2.4
*>i 192.0.2.6:1 00:00:5e:00:53:16 ESI-0
0 Seq:0 LABEL 524286
n/a
192.0.2.6
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
Dual EVPN-MPLS instance VPLS with anycast multihoming
Example topology 2 shows example topology 2 with VPLS 2 configured on six PEs. PE-2 and PE-3 are redundant EVPN GWs with anycast address 23.23.23.23; PE-4 and PE-5 are redundant EVPN GWs with anycast address 45.45.45.45. RR-7 is the route reflector for PE-2, PE-3, PE-4, and PE-5 in the WAN network.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- IS-IS level 1 between PE-1, PE-2, and PE-3
- IS-IS level 1 between PE-4, PE-5, and PE-6
- IS-IS level 2 between PE-2, PE-3, PE-4, PE-5, and RR-7
- SR-ISIS between PE-2, PE-3, PE-4, and PE-5
- MPLS LSPs between PE-1 and PE-2, between PE-1 and PE-3, between PE-4 and PE-6, and between PE-5 and PE-6
The BGP configuration on PE-1 and PE-6 is similar.
# on PE-1:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access1" {
peer-as 64496
family {
evpn true
}
}
neighbor "192.0.2.2" { # on PE-6: 192.0.2.4
group "access1"
}
neighbor "192.0.2.3" { # on PE-6: 192.0.2.5
group "access1"
}
}
The BGP configuration on PE-3 is:
# on PE-3:
configure {
router "Base" {
autonomous-system 64496
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "WAN" {
next-hop-self true
peer-as 64496
family {
evpn true
}
export {
policy ["drop-tag-10"]
}
}
group "access1" {
next-hop-self true
peer-as 64496
family {
evpn true
}
cluster {
cluster-id 192.0.2.3
}
export {
policy ["drop-tag-20"]
}
}
neighbor "192.0.2.1" {
group "access1"
}
neighbor "192.0.2.7" {
group "WAN"
}
}
The BGP configuration on PE-2, PE-4, and PE-5 is similar.
On PE-1, VPLS 2 is configured with a single EVPN-MPLS instance. PE-1 imports and exports routes with RT 64496:501. The configuration is as follows:
# on PE-1:
configure {
service {
vpls "VPLS-2" {
admin-state enable
service-id 2
customer "1"
bgp 1 {
# route-distinguisher 192.0.2.1:2 # will be auto-derived
route-target {
export "target:64496:501"
import "target:64496:501"
}
}
bgp-evpn {
evi 2
mpls 1 {
admin-state enable
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
}
sap 1/1/c10/1:2 {
}
}
On PE-2 and PE-3, the following policies are used in VPLS 2:
- Export policy "vsi-501-export" adds the communities "SOO-23" for the site of origin (SOO) and "RT64496:501" for the RT.
- Export policy "vsi-502-export" adds the communities "SOO-23" and "RT64496:502".
- Import policy "vsi-501-import" prevents loops based on the SOO and accepts routes with RT 64496:501.
- Import policy "vsi-502-import" prevent loops based on the SOO and accepts routes with RT 64496:502.
# on PE-2, PE-3:
configure {
policy-options {
community "RT64496:501" {
member "target:64496:501" { }
}
community "RT64496:502" {
member "target:64496:502" { }
}
community "SOO-23" {
member "origin:23:23" { }
}
policy-statement "vsi-501-export" {
default-action {
action-type accept
community {
add ["RT64496:501" "SOO-23"]
}
}
}
policy-statement "vsi-501-import" {
entry 10 {
from {
family [evpn]
community {
name "SOO-23"
}
}
action {
action-type reject
}
}
entry 20 {
from {
family [evpn]
community {
name "RT64496:501"
}
}
action {
action-type accept
}
}
}
policy-statement "vsi-502-export" {
default-action {
action-type accept
community {
add ["RT64496:502" "SOO-23"]
}
}
}
policy-statement "vsi-502-import" {
entry 10 {
from {
family [evpn]
community {
name "SOO-23"
}
}
action {
action-type reject
}
}
entry 20 {
from {
family [evpn]
community {
name "RT64496:502"
}
}
action {
action-type accept
}
}
}
On PE-2 and PE-3, VPLS 2 is configured with two EVPN-MPLS instances: instance 1 is configured with multihoming mode access and instance 2 with multihoming mode network. For redundancy, anycast multihoming is configured with anycast address 23.23.23.23 and identical RDs and RTs for the same instance. The RD for BGP 1 is 192.0.2.23:2 and the RD for BGP 2 is 192.0.2.32:2. The default-route-tag 10 command is configured for service instance 1, while default-route-tag 20 is configured for service instance 2. These route tags are used in the BGP peer export policies to differentiate the different routes.On PE-2 and PE-3, VPLS 2 is configured as follows:
# on PE-2, PE-3:
configure {
service {
vpls "VPLS-2" {
admin-state enable
description "dual BGP-EVPN MPLS instance VPLS"
service-id 2
customer "1"
bgp 1 {
route-distinguisher "192.0.2.23:2"
vsi-import ["vsi-501-import"]
vsi-export ["vsi-501-export"]
}
bgp 2 {
route-distinguisher "192.0.2.32:2"
vsi-import ["vsi-502-import"]
vsi-export ["vsi-502-export"]
}
bgp-evpn {
evi 2
incl-mcast-orig-ip 23.23.23.23
mpls 1 {
admin-state enable
default-route-tag 0xa # default route tag 10
mh-mode access
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
mpls 2 {
admin-state enable
default-route-tag 0x14 # default route tag 20
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-isis true
}
}
}
}
}
In datacenter GWs (DC GWs) with EVPN-VXLAN and EVPN-MPLS instances, route policies can match on the encapsulation type VXLAN or MPLS. In DC GWs with two EVPN-MPLS instances, the default route tag is used instead. The default route tag prevents a MAC/IP route that is installed in instance 1 (access) from being readvertised back to the access peers. In a similar way, MAC/IP routes installed in instance 2 are not readvertised back to peers in instance 2. On PE-2 and PE-3, the BGP peer export policy "drop-tag-10" drops routes with tag 10 and is configured in BGP group "WAN" with neighbor RR-7; BGP peer export policy "drop-tag-20" drops routes with tag 20 and is configured in BGP group "access1" with neighbor PE-1.
# on PE-2, PE-3:
configure {
policy-options {
policy-statement "drop-tag-10" {
description "used as export policy toward WAN BGP peers"
entry 10 {
from {
tag 10
}
action {
action-type reject
}
}
default-action {
action-type accept
}
}
policy-statement "drop-tag-20" {
description "used as export policy toward DC BGP peers"
entry 10 {
from {
tag 20
}
action {
action-type reject
}
}
default-action {
action-type accept
}
}
info
}
router "Base" {
bgp {
group "WAN" {
export {
policy ["drop-tag-10"]
}
}
group "access1" {
export {
policy ["drop-tag-20"]
}
}
The figure Export policies on PE-2 drop routes based on tag shows an incoming EVPN MAC route on PE-2 for CE-21's MAC address 00:00:5e:00:53:21. PE-2 receives the EVPN MAC route with RT target:64496:501 from PE-1 (BGP-EVPN peer 192.0.2.1). On PE-2, BGP 1 in VPLS 2 imports routes with this RT and the MAC address is installed in the FDB. The EVPN MAC route is redistributed to BGP 2 where the communities "RT64496:502" and "SOO-23", as well as internal tag 20, are added to the route. When PE-2’s BGP process sends an EVPN MAC route with tag 20 to BGP peer PE-1, the BGP export policy "drop-tag-20" drops the route, preventing PE-2 from re-advertising the EVPN MAC route back to the access peer 192.0.2.1. PE-2 can only send the EVPN MAC route to WAN neighbor 192.0.2.7 because the BGP export policy toward the WAN only drops the routes with tag 10, not the ones with tag 20.
For completeness, the configuration on PE-4 and PE-5 is as follows:
# on PE-4, PE-5:
configure {
policy-options {
community "RT64496:502" {
member "target:64496:502" { }
}
community "RT64496:503" {
member "target:64496:503" { }
}
community "SOO-45" {
member "origin:45:45" { }
}
policy-statement "drop-tag-20" {
description "used as export policy toward DC BGP peers"
entry 10 {
from {
tag 20
}
action {
action-type reject
}
}
default-action {
action-type accept
}
}
policy-statement "drop-tag-30" {
description "used as export policy toward WAN BGP peers"
entry 10 {
from {
tag 30
}
action {
action-type reject
}
}
default-action {
action-type accept
}
}
policy-statement "vsi-502-export" {
default-action {
action-type accept
community {
add ["RT64496:502" "SOO-45"]
}
}
}
policy-statement "vsi-502-import" {
entry 10 {
from {
family [evpn]
community {
name "SOO-45"
}
}
action {
action-type reject
}
}
entry 20 {
from {
family [evpn]
community {
name "RT64496:502"
}
}
action {
action-type accept
}
}
}
policy-statement "vsi-503-export" {
default-action {
action-type accept
community {
add ["RT64496:503" "SOO-45"]
}
}
}
policy-statement "vsi-503-import" {
entry 10 {
from {
family [evpn]
community {
name "SOO-45"
}
}
action {
action-type reject
}
}
entry 20 {
from {
family [evpn]
community {
name "RT64496:503"
}
}
action {
action-type accept
}
}
}
}
service {
vpls "VPLS-2" {
admin-state enable
description "dual BGP-EVPN MPLS instance VPLS"
service-id 2
customer "1"
bgp 1 {
route-distinguisher "192.0.2.45:2"
vsi-import ["vsi-503-import"]
vsi-export ["vsi-503-export"]
}
bgp 2 {
route-distinguisher "192.0.2.54:2"
vsi-import ["vsi-502-import"]
vsi-export ["vsi-502-export"]
}
bgp-evpn {
evi 2
incl-mcast-orig-ip 45.45.45.45
mpls 1 {
admin-state enable
default-route-tag 0x1e # default route tag 30
mh-mode access
auto-bind-tunnel {
resolution filter
resolution-filter {
rsvp true
}
}
}
mpls 2 {
admin-state enable
default-route-tag 0x14 # default route tag 20
auto-bind-tunnel {
resolution filter
resolution-filter {
sr-isis true
}
}
}
}
}
The following command on PE-2 shows BGP instances 1 and 2 in VPLS 2. RD 192.0.2.23:2 is configured in BGP instance 1; RD 192.0.2.32:2 is configured in BGP instance 2. The RTs are defined by virtual switching instance (VSI) policies.
[/]
A:admin@PE-2# show service id 2 bgp
===============================================================================
BGP Information
===============================================================================
Bgp Instance : 1
Vsi-Import : vsi-501-import
Vsi-Export : vsi-501-export
Route Dist : 192.0.2.23:2
Oper Route Dist : 192.0.2.23:2
Oper RD Type : configured
Rte-Target Import : None Rte-Target Export: None
Oper RT Imp Origin : vsi Oper RT Import : Policy Based
Oper RT Exp Origin : vsi Oper RT Export : Policy Based
ADV Service MTU : -1
Bgp Instance : 2
Vsi-Import : vsi-502-import
Vsi-Export : vsi-502-export
Route Dist : 192.0.2.32:2
Oper Route Dist : 192.0.2.32:2
Oper RD Type : configured
Rte-Target Import : None Rte-Target Export: None
Oper RT Imp Origin : vsi Oper RT Import : Policy Based
Oper RT Exp Origin : vsi Oper RT Export : Policy Based
ADV Service MTU : -1
PW-Template Id : None
-------------------------------------------------------------------------------
===============================================================================
The following command shows that EVPN destination 192.0.2.1 is reachable via an RSVP tunnel and EVPN destination 192.0.2.4 via an SR-ISIS tunnel. In EVPN-MPLS instance 2 of VPLS 2 on PE-2, the EVPN destination 192.0.2.4 is reachable via an SR-ISIS tunnel:
[/]
A:admin@PE-2# show service id 2 evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.1 524284 1 bum 12/13/2022 08:53:25
rsvp:1 No
192.0.2.4 524278 1 bum 12/13/2022 08:53:50
isis:524291 No
-------------------------------------------------------------------------------
Number of entries : 2
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
When traffic is sent between CE-21 and CE-26, the FDB in PE-1 shows that traffic toward MAC address 00:00:5e:00:53:26 is sent via RSVP tunnel 1 toward PE-2:
[/]
A:admin@PE-1# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 sap:1/1/c10/1:2 L/90 12/13/22 10:17:06
2 00:00:5e:00:53:26 mpls-1: Evpn 12/13/22 10:17:32
192.0.2.2:524280
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The following command on PE-1 shows that only the EVPN MAC route received from PE-2 is used, not the one from PE-3 in the same anycast group. This is due to the best path selection done by BGP for the two routes, which have the same route key:
[/]
A:admin@PE-1# show router bgp routes evpn mac mac-address 00:00:5e:00:53:26
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.23:2 00:00:5e:00:53:26 ESI-0
0 Seq:0 LABEL 524280
n/a
192.0.2.2
*>i 192.0.2.23:2 00:00:5e:00:53:26 ESI-0
0 Seq:0 LABEL 524282
n/a
192.0.2.3
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The FDB for VPLS 2 on PE-2 shows that MAC address 00:00:5e:00:53:21 can be reached using EVPN-MPLS instance 1 whereas MAC address 00:00:5e:00:53:26 can be reached using EVPN-MPLS instance 2:
[/]
A:admin@PE-2# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-1: Evpn 12/13/22 10:17:20
192.0.2.1:524284
rsvp:1
2 00:00:5e:00:53:26 mpls-2: Evpn 12/13/22 10:17:32
192.0.2.4:524278
isis:524291
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB for VPLS 2 on PE-4 is as follows:
[/]
A:admin@PE-4# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-2: Evpn 12/13/22 10:17:28
192.0.2.2:524279
isis:524290
2 00:00:5e:00:53:26 mpls-1: Evpn 12/13/22 10:17:32
192.0.2.6:524284
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB for VPLS 2 on PE-6 is as follows:
[/]
A:admin@PE-6# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-1: Evpn 12/13/22 10:17:34
192.0.2.4:524279
rsvp:1
2 00:00:5e:00:53:26 sap:1/1/c10/1:2 L/60 12/13/22 10:17:32
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
Conclusion
Dual-instance EVPN-MPLS GWs reduce the number of service labels to be learned at the access nodes, and optimizes the replication of BUM traffic from the access nodes.