VXLAN Forwarding Path Extension

This chapter provides information about VXLAN Forwarding Path Extension.

Topics in this chapter include:

Applicability

This chapter was initially written based on SR OS Release 15.0.R4, but the MD-CLI in the current edition corresponds to SR OS Release 21.2.R2. Virtual eXtensible Local Area Network (VXLAN) Forwarding Path Extension (FPE) is supported in SR OS Release 14.0.R4, and later. IPv6 addresses are supported for EVPN-VXLAN BGP peering in SR OS release 15.0.R1, and later.

Overview

Use cases

VXLAN Forwarding Path Extension (FPE) is an SR OS feature that enables VXLAN tunnels to terminate on non-system IPv4 and IPv6 Destination Addresses (DAs). The non-system IPv4/IPv6 VXLAN termination feature can be applied in the following use cases:

  • VXLAN Gateway (GW) in Software-Defined VPNs (SD-VPNs)

  • VXLAN IPv6 underlay for Data Centers (DCs)

VXLAN GW in SD-VPNs

Traffic transported on a VXLAN is usually connected to a trusted environment through a VPRN running in a private IP/MPLS network. The VXLAN GW system IP address is used for all internal management and MPLS termination in the trusted network. However, in this use case, SR OS routers are expected to be used as a VXLAN GW in SD-VPNs where the VXLAN GW terminates untrusted VXLAN tunnels initiated on the SD-VPN CPEs and forwards packets to a trusted IP/MPLS network, as shown in VXLAN GW in an SD-VPN.

Figure 1. VXLAN GW in an SD-VPN

For security reasons, service providers will not expose system IP addresses to the untrusted IP network. Therefore, an IPv4 or IPv6 loopback address will be defined and used for VXLAN termination. The VXLAN tunnel can be terminated in a VPLS, an Epipe, or an R-VPLS service connected to a VPRN.

VXLAN IPv6 underlay for DCs

Some service providers migrate their entire network infrastructure to IPv6, including the DC network, so the DC GW must be able to terminate a VXLAN over an IPv6 infrastructure. Layer 2 (VPLS termination) and Layer 3 (R-VPLS termination) DC interconnect are both supported. VXLAN IPv6 underlay for DC shows the VXLAN IPv6 underlay for DC.

Figure 2. VXLAN IPv6 underlay for DC

VXLAN FPE function

The following applies to VXLAN FPE:

  • In an SR OS node, VXLAN tunnels can be terminated in four different VXLAN Tunnel Endpoints (VTEPs):

    • System IPv4 address

    • Up to three non-system IPv4/IPv6 addresses

    This limit is based on the number of supported source IP addresses that can be used for VXLAN encapsulation.

  • The preceding four terminating IP addresses can be used in addition to the Assisted Replication IP address (AR IP). The AR IP does not count against this limit of four VTEPs. See chapter Layer 2 Multicast Optimization for EVPN-VXLAN — Assisted Replication"Layer 2 Multicast Optimization for EVPN-VXLAN - Assisted Replication" for more information about AR.

  • VXLAN FPE requires PXC ports; see the "Port Cross-Connect (PCX)" chapter in the 7450 ESS, 7750 SR, and 7950 XRS Interface Configuration Advanced Configuration Guide for MD CLI.

    • Ingress traffic from a VXLAN with an IP DA equal to a loopback address will be redirected to the PXC port where the IP header will get additional processing.

    • Usually, only the ingress traffic from the VXLAN is redirected to the PXC port. The egress traffic to the VXLAN tunnel can go straight out of the egress network port, except for R-VPLS traffic toward an IPv6 VXLAN that is redirected to the PXC port.

  • The VPLS/R-VPLS functionality is not impacted by the choice of VTEP termination (system IP address or not).

Provisioning model

Non-system IP VXLAN termination and VXLAN IPv6 underlay are both provisioned as per the following steps:

  1. Create an FPE

  2. Associate the FPE with VXLAN termination

  3. Configure a router loopback interface

  4. Configure non-system VXLAN termination VTEP addresses

  5. Add the service configuration

Configuration

Example topology for VXLAN FPE shows the example topology with two PEs in an EVPN-VXLAN network. The loopback addresses in the base router will be used for non-system IP VXLAN termination.

Figure 3. Example topology for VXLAN FPE

The initial configuration includes the cards, MDAs, ports, router interfaces and IGP. BGP is configured for address family EVPN, for example on PE-1 as follows:

# on PE-1:
configure {
    router "Base" {
        autonomous-system 64500
        bgp {
            rapid-withdrawal true
            split-horizon true
            rapid-update {
                evpn true
            }
            group "internal" {
                peer-as 64500
                family {
                    evpn true
                }
            }
            neighbor "192.0.2.2" {
                group "internal"
            }
        }

In this example, the BGP peering is IPv4-based, but EVPN-VXLAN routes can also be exchanged between IPv6 BGP peers.

Non-system IP VXLAN termination

Create FPEs

PXC is used as a simple back-to-back cross-connect. An FPE uses the PXC ports assigned in the FPE path, either a PXC port or a LAG-based PXC. For non-system IP VXLAN terminations between VPLSs, the PXC is only required on the ingress (from VXLAN, or from PE-1 to GW PE-2). PXC 1 and PXC 2 are created on PE-1, as follows:

# on PE-1:
configure {
    port 1/2/1 {
        admin-state enable
        ethernet {
            mode hybrid
            dot1x {
                tunneling true
            }
        }
    }
    port 1/2/2 {
        admin-state enable
        ethernet {
            mode hybrid
            dot1x {
                tunneling true
            }
        }
    }
    port pxc-1.a {
        admin-state enable
    }
    port pxc-1.b {
        admin-state enable
    }
    port pxc-2.a {
        admin-state enable
    }
    port pxc-2.b {
        admin-state enable
    }
    port-xc {
        pxc 1 {
            admin-state enable
            port-id 1/2/1
        }
        pxc 2 {
            admin-state enable
            port-id 1/2/2
        }
    }

The sub-ports of PXC 1 are operationally up, as follows.

[/]
A:admin@PE-1# show port pxc 1 

===============================================================================
Ports on Port Cross Connect 1
===============================================================================
Port          Admin Link Port    Cfg  Oper LAG/ Port Port Port   C/QS/S/XFP/
Id            State      State   MTU  MTU  Bndl Mode Encp Type   MDIMDX
-------------------------------------------------------------------------------
pxc-1.a       Up    Yes  Up      1574 1574    - hybr dotq xgige  
pxc-1.b       Up    Yes  Up      1574 1574    - hybr dotq xgige  
===============================================================================

The following FPEs use the PXCs.

# on PE-1, PE-2:
configure {
    fwd-path-ext {
        fpe 1 {
            path {
                pxc 1
            }
        }
        fpe 2 {
            path {
                pxc 2
            }
        }

These FPEs are created without defining a range of SDP IDs. SDP IDs are required in case of R-VPLS services terminating IPv6 VXLAN tunnels, where the FPE is also used at the egress and an internal static SDP is created to allow for the required extra processing.

When the FPE has no VXLAN termination associated, no internal router interfaces are created, so the only router interfaces are the system interface and the interface between PE-1 and PE-2, as follows.

[/]
A:admin@PE-1# show router interface

===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
int-PE-1-PE-2                    Up        Up/Down     Network 1/1/1
   192.168.12.1/30                                             n/a
system                           Up        Up/Down     Network system
   192.0.2.1/32                                                n/a
-------------------------------------------------------------------------------
Interfaces : 2
===============================================================================

Associate the FPEs with VXLAN termination

The following command associates the FPEs with VXLAN termination.

# on PE-1, PE-2:
configure {
    fwd-path-ext {
        sdp-id-range {
            start 10000
            end 10127
        }
        fpe 1 {
            path {
                pxc 1
            }
            application {
                vxlan-termination {
                }
            }
        }
        fpe 2 {
            path {
                pxc 2
            }
            application {
                vxlan-termination {
                }
            }
        }

When attempting to associate the FPEs with VXLAN termination without configuring a range of SDP IDs for FPE, the following error is raised:

*[ex:/configure fwd-path-ext fpe 1 application vxlan-termination]
A:admin@PE-1# commit
MINOR: FPE #1021: configure fwd-path-ext fpe 1 - sdp-id-range is not configured - configure fwd-path-ext sdp-id-range

After the FPEs are associated with VXLAN terminations, the system creates two internal router interfaces per FPE, one per PXC sub-port:

[/]
A:admin@PE-1# show router interface

===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
_tmnx_fpe_1.a                    Up        Up/Up       Network pxc-1.a:1
   fe80::100/64                                                PREFERRED
_tmnx_fpe_1.b                    Up        Up/Up       Network pxc-1.b:1
   fe80::101/64                                                PREFERRED
_tmnx_fpe_2.a                    Up        Up/Up       Network pxc-2.a:1
   fe80::200/64                                                PREFERRED
_tmnx_fpe_2.b                    Up        Up/Up       Network pxc-2.b:1
   fe80::201/64                                                PREFERRED
int-PE-1-PE-2                    Up        Up/Down     Network 1/1/1
   192.168.12.1/30                                             n/a
system                           Up        Up/Down     Network system
   192.0.2.1/32                                                n/a
-------------------------------------------------------------------------------
Interfaces : 6
===============================================================================

Configure router loopback interfaces

The following loopback interfaces are configured in PE-1 and added to the IS-IS context:

# on PE-1:
configure {
    router "Base"
        interface "loopback1" {
            loopback
            ipv4 {
                primary {
                    address 1.0.0.1
                    prefix-length 24
                }
            }
        }
        interface "loopback2" {
            loopback
            ipv4 {
                primary {
                    address 2.0.0.1
                    prefix-length 31
                }
            }
            ipv6 {
                address 201:: {
                    prefix-length 127
                }
            }
        }
        isis 0 {
            interface "loopback1" {
            }
            interface "loopback2" {
            }
        }

A non /32 or /128 subnet must be assigned to the loopback interface, because the system cannot terminate VXLAN on a local interface address. In the preceding example, all addresses in the subnet 1.0.0.0/24 can be used for VXLAN tunnel termination, except for 1.0.0.1. The subnet will be advertised by the IGP. The subnet can be as small as /31 or /127, as for example for interface "loopback2".

In this scenario, only one loopback interface with an IPv4 address is sufficient: interface "loopback1" with IPv4 address 1.0.0.1/24. There is no need to configure loopback interfaces in the GW PE-2, because VXLAN FPE is only required in the ingress (from VXLAN to GW).

Configure non-system VTEP addresses

Up to three non-system VTEP addresses can be configured to terminate VXLAN tunnels and their corresponding FPEs; on PE-1 as follows:

# on PE-1:
configure {
    service {
        system {
            vxlan {
                tunnel-termination 1.0.0.2 {
                    fpe-id 1
                }
                tunnel-termination 2.0.0.2 {
                    fpe-id 2
                }
                tunnel-termination 201::1 {
                    fpe-id 2
                }

No non-system VTEP addresses need to be configured on PE-2.

When attempting to configure the IP address of the loopback interface as a VXLAN tunnel termination, the following error is raised:

*[ex:/configure service system vxlan tunnel-termination 1.0.0.1]
A:admin@PE-1# commit
MINOR: MGMT_CORE #4001: configure service system vxlan tunnel-termination 1.0.0.1 - IP address matches a local interface IP address

When attempting to configure more than three non-system VTEP addresses, the following error is raised:

*[ex:/configure service system vxlan tunnel-termination 1.0.0.100]A:admin@PE-1# commit
MINOR: MGMT_CORE #232: configure service system vxlan tunnel-termination 1.0.0.100 - Reached maximum number of entries - maximum is 3 but has 4

When the non-system VTEP addresses are configured, an internal loopback interface "_tmnx_vli_vxlan_1_131077" is created that can respond to ICMP requests.

[/]
A:admin@PE-1# show router interface

===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
_tmnx_fpe_1.a                    Up        Up/Up       Network pxc-1.a:1
   fe80::100/64                                                PREFERRED
_tmnx_fpe_1.b                    Up        Up/Up       Network pxc-1.b:1
   fe80::101/64                                                PREFERRED
_tmnx_fpe_2.a                    Up        Up/Up       Network pxc-2.a:1
   fe80::200/64                                                PREFERRED
_tmnx_fpe_2.b                    Up        Up/Up       Network pxc-2.b:1
   fe80::201/64                                                PREFERRED
_tmnx_vli_vxlan_1_131077         Up        Up/Up       Network loopback
   1.0.0.2/32                                                  n/a
   2.0.0.2/32                                                  n/a
   201::1/128                                                  PREFERRED
   fe80::f:ffff:fe00:0/64                                      PREFERRED
int-PE-1-PE-2                    Up        Up/Down     Network 1/1/1
   192.168.12.1/30                                             n/a
loopback1                        Up        Up/Down     Network loopback
   1.0.0.1/24                                                  n/a
loopback2                        Up        Up/Up       Network loopback
   2.0.0.1/31                                                  n/a
   201::/127                                                   PREFERRED
   fe80::f:ffff:fe00:0/64                                      PREFERRED
system                           Up        Up/Down     Network system
   192.0.2.1/32                                                n/a
-------------------------------------------------------------------------------
Interfaces : 9
===============================================================================

The system does not verify whether there is a local base router loopback interface with a subnet corresponding to the VTEP address. If a tunnel termination address is configured and the FPE is up, the system will start terminating VXLAN traffic and responding using ICMP for that address, regardless of the presence of a loopback interface in the base router. It is also possible that a non-loopback interface has an IP address in the configured subnet.

Configure the VPLS

A VPLS will be configured with EVPN-VXLAN enabled. By default, the system IP address will be used as the source VTEP of the VXLAN-encapsulated frames. This default behavior can be overruled by the source-vtep command in the VPLS. The IP address corresponds to the non-system VTEP address configured in the preceding step (VXLAN tunnel termination). VPLS 1 is configured on PE-1 as follows:

# on PE-1:
configure {
    service {
        vpls "EVI-1" {
            admin-state enable
            service-id 1
            customer "1"
            vxlan {
                source-vtep 1.0.0.2
                instance 1 {
                    vni 1
                }
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 1
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
            sap 1/1/2:1 {
            }

When attempting to configure an IP address different from the VTEP addresses, the following error is raised:

[ex:/configure service vpls "EVI-1" vxlan]
A:admin@PE-1# source-vtep 1.0.0.99

*[ex:/configure service vpls "EVI-1" vxlan]
A:admin@PE-1# commit
MINOR: MGMT_CORE #224: configure service vpls "EVI-1" vxlan source-vtep - Entry does not exist - configure service system vxlan tunnel-termination 1.0.0.99

A different VTEP address can be configured as source-vtep in different services on the same PE, as follows:

# on PE-1:
configure {
    service {
        vpls "EVI-2" {
            admin-state enable
            service-id 2
            customer "1"
            vxlan {
                source-vtep 201::1
                instance 1 {
                    vni 2
                }
            }
            routed-vpls {
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 2
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }

The configuration of VPLS 1 on PE-2 does not include any VTEP address, because it is not required in the egress, as follows:

# on PE-2:
configure {
    service {
        vpls "EVI-1" {
            admin-state enable
            service-id 1
            customer "1"
            vxlan {
                instance 1 {
                    vni 1
                }
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 1
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }

When a source VTEP is configured in VPLS 1 on PE-1, this VTEP address will be used as the IP source VTEP for VPLS 1 and BGP will use this VTEP to the BGP NLRI next-hop, as shown in the following BGP route update messages.

The following BGP EVPN inclusive multicast route sent by PE-1 shows the configured source VTEP address 1.0.0.2 as NLRI next-hop, as originator address, and as tunnel endpoint.

# on PE-1:
1 2021/05/06 09:40:06.914 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 77
    Flag: 0x90 Type: 14 Len: 28 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 1.0.0.2
        Type: EVPN-INCL-MCAST Len: 17 RD: 192.0.2.1:1, tag: 0, orig_addr len: 32,
                              orig_addr: 1.0.0.2
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:1
        bgp-tunnel-encap:VXLAN
    Flag: 0xc0 Type: 22 Len: 9 PMSI:
        Tunnel-type Ingress Replication (6)
        Flags: (0x0)[Type: None BM: 0 U: 0 Leaf: not required]
        MPLS Label 1
        Tunnel-Endpoint 1.0.0.2
"

The following BGP EVPN-MAC route sent by PE-1 shows the configured VTEP for VPLS 1 as NLRI next-hop:

# on PE-1:
8 2021/05/06 09:41:43.212 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 81
    Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 1.0.0.2
        Type: EVPN-MAC Len: 33 RD: 192.0.2.1:1 ESI: ESI-0, tag: 0, mac len: 48 
                       mac: ca:fe:01:10:10:10, IP len: 0, IP: NULL, label1: 1
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:1
        bgp-tunnel-encap:VXLAN
"

A BGP peer policy might override the NLRI next-hop created due to the source-vtep configuration.

The following shows that the source VTEP address on PE-1 is 1.0.0.2:

[/]
A:admin@PE-1# show service id 1 vxlan
===============================================================================
VPLS VXLAN
===============================================================================
Vxlan Src Vtep IP: 1.0.0.2

===============================================================================
Vxlan Instance
===============================================================================
VXLAN Instance                VNI         AR          Oper-flags   VTEP
                                                                   security
-------------------------------------------------------------------------------
1                             1           none        none         disabled
-------------------------------------------------------------------------------
Number of Entries : 1
-------------------------------------------------------------------------------
===============================================================================

The following command on PE-1 shows that the egress VTEP is 192.0.2.2:

[/]
A:admin@PE-1# show service id 1 vxlan destinations

===============================================================================
Egress VTEP, VNI
===============================================================================
Instance    VTEP Address                            Egress VNI  EvpnStatic Num
 Mcast       Oper State                              L2 PBR     SupBcasDom MACs
-------------------------------------------------------------------------------
1           192.0.2.2                               1           evpn       0
 BUM         Up                                      No          No
-------------------------------------------------------------------------------
Number of Egress VTEP, VNI : 1
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
BGP EVPN-VXLAN Ethernet Segment Dest
===============================================================================
Instance  Eth SegId                       Num. Macs     Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================

The following shows that no source VTEP address is configured on PE-2:

[/]
A:admin@PE-2# show service id 1 vxlan
===============================================================================
VPLS VXLAN
===============================================================================
Vxlan Src Vtep IP: N/A

===============================================================================
Vxlan Instance
===============================================================================
VXLAN Instance                VNI         AR          Oper-flags   VTEP
                                                                   security
-------------------------------------------------------------------------------
1                             1           none        none         disabled
-------------------------------------------------------------------------------
Number of Entries : 1
-------------------------------------------------------------------------------
===============================================================================

The following command on PE-2 shows that the egress VTEP is 1.0.0.2:

[/]
A:admin@PE-2# show service id 1 vxlan destinations

===============================================================================
Egress VTEP, VNI
===============================================================================
Instance    VTEP Address                            Egress VNI  EvpnStatic Num
 Mcast       Oper State                              L2 PBR     SupBcasDom MACs
-------------------------------------------------------------------------------
1           1.0.0.2                                 1           evpn       1
 BUM         Up                                      No          No
-------------------------------------------------------------------------------
Number of Egress VTEP, VNI : 1
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
BGP EVPN-VXLAN Ethernet Segment Dest
===============================================================================
Instance  Eth SegId                       Num. Macs     Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================

Underlay IPv6 VXLAN termination

The configuration for underlay IPv6 VXLAN termination is similar to the non-system IP VXLAN termination. In the following example, R-VPLS 2 is configured; therefore, non-system VTEP addresses are configured in PE-2 as well as in PE-1. The changes required in PE-1 are as follows.

  • IPv6 must be enabled on the router interfaces

  • IPv6 native routing is configured in IS-IS

  • IPv6 addresses are loopback address 201::/127 and VTEP address 201::1

# on PE-1:
configure {
    port-xc {
        pxc 2 {
            admin-state enable
            port-id 1/2/2
        }
    }
    port pxc-2.a {
        admin-state enable
    }
    port pxc-2.b {
        admin-state enable
    }
    port 1/2/2 {
        admin-state enable
        ethernet {
            mode hybrid
            dot1x {
                tunneling true
            }
        }
    }
    fwd-path-ext {
        sdp-id-range {
            start 10000
            end 10127
        }
        fpe 2 {
            path {
                pxc 2
            }
            application {
                vxlan-termination {
                }
            }
        }
    }
    router "Base" {
        interface "int-PE-1-PE-2" {
            port 1/1/1
            ipv4 {
                primary {
                    address 192.168.12.1
                    prefix-length 30
                }
            }
            ipv6 {
            }
        }
        interface "loopback2" {
            loopback
            ipv4 {
                primary {
                    address 2.0.0.1
                    prefix-length 31
                }
            }
            ipv6 {
                address 201:: {
                    prefix-length 127
                }
            }
        }
        isis 0 {
            ipv6-routing native
            interface "loopback2" {
            }
        }
    }
    service {
        system {
            vxlan {
                tunnel-termination 201::1 {
                    fpe-id 2
                }
            }
        }
        vpls "EVI-2" {
            admin-state enable
            service-id 2
            customer "1"
            vxlan {
                source-vtep 201::1
                instance 1 {
                    vni 2
                }
            }
            routed-vpls {
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 2
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }

The service configuration on PE-2 is as follows.

# on PE-2:
configure {
    service {
        system {
            vxlan {
                tunnel-termination 202:: {
                    fpe-id 2
                }
            }
        }
        vpls "EVI-2" {
            admin-state enable
            service-id 2
            customer "1"
            vxlan {
                source-vtep 202::
                instance 1 {
                    vni 2
                }
            }
            routed-vpls {
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 2
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }

The routing table for IPv6 on PE-1 shows that an internal static route is configured for the source VTEP 201::1 using the FPE internal interface "_tmnx_fpe_2.a". The route to egress VTEP 202:: is an IS-IS route.

[/]
A:admin@PE-1# show router route-table ipv6

===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
201::/127                                     Local   Local     00h16m34s  0
       loopback2                                                    0
201::1/128                                    Remote  Static    00h11m53s  5
       fe80::201-"_tmnx_fpe_2.a"                                    1
202::/127                                     Remote  ISIS      00h00m06s  15
       fe80::14:1ff:fe01:1-"int-PE-1-PE-2"                          10
-------------------------------------------------------------------------------
No. of Routes: 3

Likewise, the routing table for IPv6 on PE-2 shows an internal static route for source VTEP 202:: using the FPE internal interface "_tmnx_fpe_2.a":

[/]
A:admin@PE-2# show router route-table ipv6

===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
201::/127                                     Remote  ISIS      00h00m06s  15
       fe80::10:1ff:fe01:1-"int-PE-2-PE-1"                          10
202::/127                                     Local   Local     00h00m12s  0
       loopback2                                                    0
202::/128                                     Remote  Static    00h00m13s  5
       fe80::201-"_tmnx_fpe_2.a"                                    1
-------------------------------------------------------------------------------
No. of Routes: 3

When non-system IPv6 VTEP addresses are used in an R-VPLS, VTEP addresses need to be configured on ingress and egress VXLAN. The system creates an internal SDP binding for the egress processing. A range of SDP IDs has been configured from 10000 to 10127. The following command lists all SDP bindings for FPE:

[/]
A:admin@PE-2# show service sdp-using | match "Fpe"
2          10002:2            Fpe    fpe_2.b              Up    524287  524287

The internal SDP has ID 10002 and the far-end is fpe_2.b. The following command shows that the SDP source is FPE.

[/]
A:admin@PE-2# show service sdp 10002 detail | match "Sdp" pre-lines 4 post-lines 10

===============================================================================
Service Destination Point (Sdp Id : 10002) Details
===============================================================================
-------------------------------------------------------------------------------
 Sdp Id 10002  -fpe_2.b
-------------------------------------------------------------------------------
Description           : (Not Specified)
SDP Id               : 10002SDP Source         : fpe
Admin Path MTU       : 0                     Oper Path MTU      : 1552
Delivery             : MPLS
Far End              : fpe_2.b               Tunnel Far End     : n/a
Oper Tunnel Far End  : n/a
LSP Types            : FPE

Admin State          : Up                    Oper State         : Up

The following command on PE-1 shows that the source VTEP is 201::1:

[/]
A:admin@PE-1# show service id 2 vxlan
===============================================================================
VPLS VXLAN
===============================================================================
Vxlan Src Vtep IP: 201::1

===============================================================================
Vxlan Instance
===============================================================================
VXLAN Instance                VNI         AR          Oper-flags   VTEP
                                                                   security
-------------------------------------------------------------------------------
1                             2           none        none         disabled
-------------------------------------------------------------------------------
Number of Entries : 1
-------------------------------------------------------------------------------
===============================================================================

The following command on PE-1 shows that the egress VTEP is 202::.

[/]
A:admin@PE-1# show service id 2 vxlan destinations

===============================================================================
Egress VTEP, VNI
===============================================================================
Instance    VTEP Address                            Egress VNI  EvpnStatic Num
 Mcast       Oper State                              L2 PBR     SupBcasDom MACs
-------------------------------------------------------------------------------
1           202::                                   2           evpn       0
 BUM         Up                                      No          No
-------------------------------------------------------------------------------
Number of Egress VTEP, VNI : 1
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
BGP EVPN-VXLAN Ethernet Segment Dest
===============================================================================
Instance  Eth SegId                       Num. Macs     Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================

The following command on PE-2 shows that the source VTEP is 202::.

[/]
A:admin@PE-2# show service id 2 vxlan
===============================================================================
VPLS VXLAN
===============================================================================
Vxlan Src Vtep IP: 202::

===============================================================================
Vxlan Instance
===============================================================================
VXLAN Instance                VNI         AR          Oper-flags   VTEP
                                                                   security
-------------------------------------------------------------------------------
1                             2           none        none         disabled
-------------------------------------------------------------------------------
Number of Entries : 1
-------------------------------------------------------------------------------
===============================================================================

The following command on PE-2 shows that the egress VTEP is 201::1.

[/]
A:admin@PE-2# show service id 2 vxlan destinations

===============================================================================
Egress VTEP, VNI
===============================================================================
Instance    VTEP Address                            Egress VNI  EvpnStatic Num
 Mcast       Oper State                              L2 PBR     SupBcasDom MACs
-------------------------------------------------------------------------------
1           201::1                                  2           evpn       0
 BUM         Up                                      No          No
-------------------------------------------------------------------------------
Number of Egress VTEP, VNI : 1
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
BGP EVPN-VXLAN Ethernet Segment Dest
===============================================================================
Instance  Eth SegId                       Num. Macs     Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================

Conclusion

VXLAN FPE is required to terminate VXLAN tunnels on non-system IPv4/IPv6 addresses and to configure IPv6 underlay.