Domain Path Attribute for VPRN BGP Routes
This chapter provides information about the domain path attribute for VPRN BGP routes.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.
Overview
The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.
The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in Loop prevention in networks with multiple IP-VPN and EVPN domains.
All PEs in Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.
D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.
The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:
- 0 for local ISF routes
- 1 for PE-CE BGP domains
- 70 for EVPN domains
- 128 for IP-VPN domains
The domain ID can be configured on:
- VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
- VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
- R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
- VPRN BGP neighbors (PE-CE)
- VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.
Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.
A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.
The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.
Configuration
Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- OSPF as IGP on PE-1, PE-2, and PE-3
- IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
- SR-OSPF on PE-1, PE-2, and PE-3
- SRv6 on PE-2, PE-3, and PE-4, configured as in chapter "Segment Routing over IPv6" in the 7750 SR and 7950 XRS Segment Routing and PCE Advanced Configuration Guide for Classic CLI.
- LDP on PE-4, RR-5, PE-6, and PE-7
The BGP configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "internal1"
family evpn
type internal
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
# on PE-2 (similar configuration on PE-3):
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
router-id 192.0.2.2 # on PE-3: 192.0.2.3
advertise-inactive
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal1"
family evpn
next-hop-self
type internal
local-address 192.0.2.2 # on PE-3: 192.0.2.3
neighbor 192.0.2.1
exit
neighbor 192.0.2.3 # on PE-3: 192.0.2.2
exit
exit
group "internal2"
family vpn-ipv4 vpn-ipv6
next-hop-self
type internal
local-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
extended-nh-encoding ipv4 vpn-ipv4
advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
neighbor 2001:db8::2:3 # on PE-3: 2001:db8::2:2
exit
neighbor 2001:db8::2:4
exit
exit
# on PE-4:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
router-id 192.0.2.4
advertise-inactive
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal2"
family vpn-ipv4 vpn-ipv6 evpn
next-hop-self
type internal
local-address 2001:db8::2:4
extended-nh-encoding ipv4 vpn-ipv4
advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
neighbor 2001:db8::2:2
exit
neighbor 2001:db8::2:3
exit
exit
group "internal3"
family vpn-ipv4 vpn-ipv6 evpn
next-hop-self
type internal
local-address 192.0.2.4
neighbor 192.0.2.5
exit
exit
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal3"
type internal
cluster 192.0.2.5
neighbor 192.0.2.4
family vpn-ipv4 vpn-ipv6 evpn
exit
neighbor 192.0.2.6
family evpn
exit
neighbor 192.0.2.7
family vpn-ipv4 vpn-ipv6
exit
exit
# on PE-6:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "internal3"
type internal
neighbor 192.0.2.5
family evpn
exit
exit
# on PE-7:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6
group "internal3"
type internal
neighbor 192.0.2.5
family vpn-ipv4 vpn-ipv6
exit
exit
Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances
On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls context:
# on PE-1:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-PE-1-CE-11" create
address 172.31.1.1/24
ipv6
address 2001:db8::31:1:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
sr-ospf
exit
resolution filter
exit
route-distinguisher 192.0.2.1:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
exit
Domain ID 64496:1010 is configured in the bgp-evpn mpls context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.
On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.
# on GW PE-2:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
segment-routing-v6 1 create
locator "PE-2_loc" # on PE-3:"PE-3_loc"
function
end-dt4
end-dt6
exit
exit
exit
bgp-ipvpn
segment-routing-v6
domain-id 64496:1020
route-distinguisher 192.0.2.2:16 # on PE-3: 192.0.2.3:16
srv6-instance 1 default-locator "PE-2_loc" # on PE-3:"PE-3_loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64496:10
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
sr-ospf
exit
resolution filter
exit
domain-id 64496:1010
route-distinguisher 192.0.2.2:10 # on PE-3: 192.0.2.3:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.
# on GW PE-4:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
segment-routing-v6 1 create
locator "PE-4_loc"
function
end-dt4
end-dt6
exit
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
domain-id 64496:1030
route-distinguisher 192.0.2.4:10
vrf-target target:64496:10
no shutdown
exit
segment-routing-v6
domain-id 64496:1020
route-distinguisher 192.0.2.4:16
srv6-instance 1 default-locator "PE-4_loc"
source-address 2001:db8::2:4 ## system IP@
vrf-target target:64496:10
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
domain-id 64496:1030
route-distinguisher 192.0.2.4:10
vrf-target target:64496:10
no shutdown
exit
exit
allow-export-bgp-vpn
no shutdown
For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:
# on PE-6:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-PE-6-CE-16" create
address 172.31.6.1/24
ipv6
address 2001:db8::31:6:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
route-distinguisher 192.0.2.6:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:
# on PE-7:
configure
service
vprn 10 name "VPRN 10" customer 1 create
local-routes-domain-id 64496:1007
autonomous-system 64496
interface "int-PE-7-CE-17" create
address 172.31.7.1/24
ipv6
address 2001:db8::31:7:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
route-distinguisher 192.0.2.7:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:
*A:PE-4# show service id 10 bgp-ipvpn
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Auto-Bind Tunnel
Resolution : disabled Strict Tnl Tag : False
ECMP : 0 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:16
Oper Route Dist : 192.0.2.4:16
Oper RD Type : configured
Route Target : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE-4_loc
Source Address : 2001:db8::2:4
Domain-Id : 64496:1020
===============================================================================
For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:
*A:PE-4# show service id 10 bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:10
Oper Route Dist. : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : filter Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
BGP Instance : 1
Filter Tunnel Types: ldp
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
VPRN BGP routes for prefix 172.31.6.0/24
PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on PE-6:
1 2022/09/05 14:07:07.846 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 82
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on RR-5:
34 2022/09/05 14:07:11.660 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 156
Flag: 0x90 Type: 14 Len: 105 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Type: EVPN-IP-PREFIX Len: 58 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 2001:db8::31:6:0/120 gw_ip :: Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
"
PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):
53 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 98
Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 24 NextHop 2001:db8::2:4
172.31.6.0/24 RD 192.0.2.4:10 Label 524280 (Raw label 0x7fff81)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"
PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:
# on PE-2:
40 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 115
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"
VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:
VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:
In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.
The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).
# on PE-7:
1 2022/09/05 14:07:07.879 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 72
Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 12 NextHop 192.0.2.7
172.31.7.0/24 RD 192.0.2.7:10 Label 524283 (Raw label 0x7fffb1)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"
RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:
# on PE-2:
41 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 123
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"
Loop prevention
Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in Loop prevention between PE-2 and PE-3:
The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:
*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:10 bgp-tunnel-encap:MPLS
Cluster : 192.0.2.5
Originator Id : 192.0.2.6 Peer Router Id : 192.0.2.3
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 172.31.6.0/24
Route Dist. : 192.0.2.3:10
MPLS Label : LABEL 524283
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h24m27s
DPath Loop VRFs: 10
---snip---
The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:
*A:PE-2# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.31.1.0/24 Remote EVPN-IFL 00h26m24s 170
192.0.2.1 (tunneled:SR-OSPF:524290) 10
172.31.6.0/24 Remote BGP VPN 00h26m24s 170
2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6) 20
172.31.7.0/24 Remote BGP VPN 00h26m24s 170
2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances
Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.
The service configuration on PE-1 does not include a domain ID, as follows:
# on PE-1:
configure
service
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-21" create
vpls "SBD-21"
evpn-tunnel
exit
exit
interface "int-PE-1-CE-21" create
address 10.20.201.1/24
sap 1/1/c5/1:20 create
exit
exit
no shutdown
exit
vpls 21 name "SBD-21" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 1 create
exit
bgp
exit
bgp-evpn
ip-route-advertisement
evi 21
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.
# on PE-2:
configure
service
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-21" create
vpls "SBD-21"
evpn-tunnel
exit
exit
segment-routing-v6 1 create
locator "PE-2_loc" # on PE-3: "PE3_loc"
function
end-dt46
exit
exit
exit
bgp-ipvpn
segment-routing-v6
domain-id 64496:2020
route-distinguisher 192.0.2.2:26 # on PE-3; 192.0.2.3:26
srv6-instance 1 default-locator "PE-2_loc" # on PE-3: "PE3_loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64496:20
no shutdown
exit
exit
no shutdown
exit
vpls 21 name "SBD-21" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 1 create
exit
bgp
exit
bgp-evpn
ip-route-advertisement domain-id 64496:2010
evi 21
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:
*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.20.201.0/24
Nexthop : 2001:db8::2:3
Route Dist. : 192.0.2.3:26 VPN Label : 524286
Path Id : None
From : 2001:db8::2:3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:20
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:2010:(evpn)]
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h07m49s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:7fff:e000::
Behavior : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
VPRN Imported : None
DPath Loop VRFs: 20
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.
PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:
*A:PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.201.0/24 Remote EVPN-IFF 00h18m36s 169
int-SBD-21 (ET-02:0f:ff:ff:ff:52) 0
10.20.206.0/24 Remote BGP VPN 00h18m36s 170
2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.