Multi-Instance VPRN with EVPN-IFL Using SRv6 Transport
This chapter provides information about multi-instance VPRN services with EVPN-IFL using SRv6 transport.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 23.10.R2.
Overview
SRv6 transport in VPRN services with EVPN-IFL is supported in SR OS Release 22.5.R1 and later. Maximum two BGP instances per VPRN are supported and these BGP instances can be associated with the same BGP address family or different BGP address families. When configuring a VPRN with EVPN in interface-less mode (EVPN-IFL) over SRv6 transport, the associated SRv6 locator must have the End.DT4, End.DT6, or End.DT46 functions which can be statically configured or dynamically allocated by the router.
- between VPN-IPv4/v6 and EVPN-IFL
- between VPN-IPv4/v6 and VPN-IPv4/v6 – when allow-export-bgp-vpn is enabled
- between EVPN-IFL and EVPN-IFL – when allow-export-bgp-vpn is enabled
- between VPN-IPv4/v6 and IPv4/v6
- between EVPN-IFL and IPv4/v6
- between VPN-IPv4/v6 and EVPN-IFF – when iff-attribute-uniform-propagation is enabled
- between EVPN-IFL and EVPN-IFF – when iff-attribute-uniform-propagation is enabled
EVPN IP prefix routes readvertised between domains shows how an EVPN IP prefix route originating from PE-4 is advertised for a VPRN with EVPN-IFL configured on all nodes. The VPRN with EVPN-IFL uses SRv6 transport in domain 2 and SR-ISIS tunnels in domain 1.
PE-2 and PE-3 act as service gateways (GWs) that import routes and readvertise them between domains. On the service GWs, the VPRN has two BGP instances that are associated with the EVPN address family. The domain path attribute is used as automated loop prevention, as described in the Domain Path Attribute for VPRN BGP Routes chapter. Each service GW imports the IP prefix route and prepends the domain ID of origin when readvertising these IP prefix routes. When GW PE-2 receives the IP prefix route from PE-4, it prepends domain ID 64500:2 and advertises the IP prefix to PE-1 and PE-3. PE-1 accepts and uses this IP prefix route, but PE-3 does not install this IP prefix route in the VRF because the domain ID 64500:2 is local to PE-3.
Interworking between EVPN-IFL and IP-VPN is supported, as shown in Interworking between EVPN-IFL and IP-VPN.
On the service GWs PE-2 and PE-3, one BGP instance is associated with the EVPN address family while the other BGP instance is associated with the VPN-IPv4 address family.
When GW PE-2 receives the IP prefix route from PE-4, it prepends domain ID 64500:2 and advertises the IP prefix 10.0.2.24/32 in a VPN-IPv4 route to PE-1 and PE-3. PE-1 accepts and uses this VPN-IPv4 route, but PE-3 does not install this VPN-IPv4 route in the VRF because the domain ID 64500:2 is local to PE-3.
Configuration
- cards, MDAs, ports
- router interfaces
- IS-IS on all router interfaces: IS-IS level 1 between PE-1, PE-2, and PE-3; IS-IS level 2 between PE-2, PE-3, and PE-4
- SR-ISIS between PE-1, PE-2, and PE-3
- SRv6 between PE-2, PE-3, and PE-4
As an example, the initial configuration on PE-2 is as follows:
# on PE-2:
configure {
card 1 {
mda 1 {
xconnect {
mac 1 {
loopback 1 {
}
loopback 2 {
}
}
}
}
}
fwd-path-ext {
fpe 1 {
path {
pxc 1
}
application {
srv6 {
type origination
}
}
}
fpe 2 {
path {
pxc 2
}
application {
srv6 {
type termination
}
}
}
}
port pxc-1.a {
admin-state enable
}
port pxc-1.b {
admin-state enable
}
port pxc-2.a {
admin-state enable
}
port pxc-2.b {
admin-state enable
}
port 1/1/m1/1 {
admin-state enable
}
port 1/1/m1/2 {
admin-state enable
}
port-xc {
pxc 1 {
admin-state enable
port-id 1/1/m1/1
}
pxc 2 {
admin-state enable
port-id 1/1/m1/2
}
}
---snip---
router "Base" {
interface "int-PE-2-PE-1" {
port 1/1/c2/1:1000
ipv4 {
primary {
address 192.168.12.2
prefix-length 30
}
}
}
interface "int-PE-2-PE-3" {
port 1/1/c3/1:1000
ipv4 {
primary {
address 192.168.23.1
prefix-length 30
}
}
ipv6 {
address 2001:db8::168:23:1 {
prefix-length 126
}
}
}
interface "int-PE-2-PE-4" {
port 1/1/c1/1:1000
ipv6 {
address 2001:db8::168:24:1 {
prefix-length 126
}
}
}
interface "system" {
ipv4 {
primary {
address 192.0.2.2
prefix-length 32
}
}
ipv6 {
address 2001:db8::2:2 {
prefix-length 128
}
}
}
mpls-labels {
sr-labels {
start 20000
end 20099
}
}
isis 0 {
admin-state enable
advertise-passive-only true
advertise-router-capability as
ipv6-routing native
traffic-engineering true
area-address [49.0001]
traffic-engineering-options {
ipv6 true
application-link-attributes {
}
}
segment-routing {
admin-state enable
prefix-sid-range {
global
}
}
segment-routing-v6 {
admin-state enable
locator "PE2-loc" {
level-capability 2
}
}
interface "int-PE-2-PE-1" {
interface-type point-to-point
level-capability 1
}
interface "int-PE-2-PE-3" {
interface-type point-to-point
}
interface "int-PE-2-PE-4" {
interface-type point-to-point
level-capability 2
}
interface "system" {
passive true
ipv4-node-sid {
index 2
}
}
level 1 {
wide-metrics-only true
}
level 2 {
wide-metrics-only true
}
}
segment-routing {
segment-routing-v6 {
origination-fpe [1]
source-address 2001:db8::2:2
locator "PE2-loc" {
admin-state enable
block-length 48
termination-fpe [2]
prefix {
ip-prefix 2001:db8:aaaa:102::/64
}
}
base-routing-instance {
locator "PE2-loc" {
function {
end 1 {
srh-mode usp
}
end-x-auto-allocate psp protection unprotected { }
}
}
}
}
}
Multi-instance VPRN with one EVPN-IFL domain using SRv6 transport
- Multi-instance VPRN with EVPN-IFL over SRv6 and EVPN-IFL over SR-ISIS where EVPN-IFL is used in both domains and only the transport is different
- Multi-instance VPRN with EVPN-IFL over SRv6 and VPN-IPv4/v6 over SR-ISIS with interworking between EVPN-IFL and VPN-IPv4/v6 and different transport tunnels in both domains
Multi-instance VPRN with EVPN-IFL over SRv6 and EVPN-IFL over SR-ISIS
BGP configuration
BGP is configured on all nodes for the EVPN address family. The configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-mpls" {
peer-as 64500
family {
evpn true
}
}
neighbor "192.0.2.2" {
group "access-mpls"
}
neighbor "192.0.2.3" {
group "access-mpls"
}
The BGP configuration on the service GW PE-2 has two different groups. The BGP configuration for the "access-mpls" group is similar to the BGP configuration on PE-1, whereas the BGP configuration for the "core-srv6" has IPv6 peers and advertises IPv6 next hops for EVPN routes:
# on PE-2:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-mpls" {
peer-as 64500
family {
evpn true
}
}
group "core-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
neighbor "192.0.2.1" {
group "access-mpls"
}
neighbor "192.0.2.3" {
group "access-mpls"
}
neighbor "2001:db8::2:3" {
group "core-srv6"
}
neighbor "2001:db8::2:4" {
group "core-srv6"
}
The BGP configuration on PE-3 is identical, but with different peer addresses.
On PE-4, the BGP configuration is as follows:
# on PE-4:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "core-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
neighbor "2001:db8::2:2" {
group "core-srv6"
}
neighbor "2001:db8::2:3" {
group "core-srv6"
}
Service configuration
VPRN-1 is configured with EVPN-IFL. On PE-1, VPRN-1 has only one BGP instance and MPLS (SR-ISIS) tunnels are used:
# on PE-1:
configure {
service {
vprn "VPRN-1" {
admin-state enable
service-id 1
customer "1"
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.1:11"
vrf-target {
community "target:64500:11"
}
auto-bind-tunnel {
resolution any
}
}
}
interface "loopback" {
loopback true
mac 00:00:5e:00:53:11
ipv4 {
primary {
address 10.0.1.11
prefix-length 32
}
}
ipv6 {
address 2001:db8::1:11 {
prefix-length 128
}
}
}
}
On GW PE-2, the VPRN-1 service is configured as follows. The SRv6 locator from the router "Base" segment-routing segment-routing-v6 context is used and the End.DT4, End.DT6, and End.DT46 functions are configured for it. EVPN-IFL is used in domain 1 and in domain 2. The allow-export-bgp-vpn command is required between two EVPN-IFL instances. The route distinguishers and the route targets have different values in the different domains. The domain IDs are configured on the service GWs to avoid loops. For SRv6, the IPv6 system address is used as source address.
# on PE-2:
configure {
service {
vprn "VPRN-1" {
admin-state enable
service-id 1
customer "1"
allow-export-bgp-vpn true # required between two EVPN-IFL instances
segment-routing-v6 1 {
locator "PE2-loc" {
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
mpls 1 {
admin-state enable
route-distinguisher "192.0.2.2:11"
domain-id "64500:1"
vrf-target {
community "target:64500:11"
}
auto-bind-tunnel {
resolution any
}
}
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:12"
source-address 2001:db8::2:2
domain-id "64500:2"
vrf-target {
community "target:64500:12"
}
srv6 {
instance 1
default-locator "PE2-loc"
}
}
}
The service configuration on PE-3 is similar.
On PE-4, the VPRN-1 service is configured as follows:
# on PE-4:
configure {
service {
vprn "VPRN-1" {
admin-state enable
service-id 1
customer "1"
segment-routing-v6 1 {
locator "PE4-loc" {
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.4:12"
source-address 2001:db8::2:4
vrf-target {
community "target:64500:12"
}
srv6 {
instance 1
default-locator "PE4-loc"
}
}
}
interface "loopback" {
loopback true
mac 00:00:5e:00:53:14
ipv4 {
primary {
address 10.0.1.14
prefix-length 32
}
}
ipv6 {
address 2001:db8::1:14 {
prefix-length 128
}
}
}
Verification
GW PE-2 accepts and uses the IP prefix route received from PE-4:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:12
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:12 10.0.1.14/32
0 00:00:00:00:00:00
2001:db8::2:4
524288
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The details for this IP prefix route include SRv6 information such as the SID, the End.DT4 function and so on:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:12 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:12
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.4:12
MPLS Label : 524288
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m19s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:8000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
PE-2 readvertises this IP prefix route to PE-1 and PE-3 after prepending the domain ID 64500:2. PE-1 accepts the route, but PE-3 has domain ID 64500:2 locally, so it does not install the IP prefix in its VRF. The following shows that PE-3 does not use the IP prefix route for prefix 10.0.1.14/32 with RD 192.0.2.2:11 and D-path [64500:2:(evpn)] . PE-3 detects a domain path loop in VRF 1.
[/]
A:admin@PE-3# show router bgp routes evpn ip-prefix rd 192.0.2.2:11 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.23.1
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:11 bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.2:11
MPLS Label : LABEL 524280
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h04m10s
DPath Loop VRFs: 1
---snip---
Likewise, when PE-3 receives an IP prefix route for prefix 10.0.1.14/32 from PE-4, it imports the route and it readvertises this IP prefix route to PE-1 and PE-2 after prepending the domain ID 64500:2. PE-1 accepts and uses the route, but PE-2 has domain ID 64500:2 locally, so it does not install the IP prefix route in its VRF. The following shows that PE-2 does not use the IP prefix route for prefix 10.0.1.14/32 with RD 192.0.2.3:11 and D-path [64500:2:(evpn)] . PE-2 detects a domain path loop in VRF 1.
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:11 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:11 bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.3:11
MPLS Label : LABEL 524280
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h04m05s
DPath Loop VRFs: 1 # Domain ID is local --> Domain path loop detected in VRF 1
---snip---
Besides IP prefix routes, the GWs also receive IPv6 prefix routes. PE-2 receives the following IPv6 route from PE-4:
[/]
A:admin@PE-2# show router bgp routes evpn ipv6-prefix rd 192.0.2.4:12
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IPv6-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:12 2001:db8::1:14/128
0 00:00:00:00:00:00
2001:db8::2:4
524287
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The detailed information for this IPv6 prefix route shows that an SRv6 tunnel with End.DT6 function is used:
[/]
A:admin@PE-2# show router bgp routes evpn ipv6-prefix rd 192.0.2.4:12 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IPv6-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:12
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 2001:db8::1:14/128
Route Dist. : 192.0.2.4:12
MPLS Label : 524287
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h05m02s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:7fff:f000::
Behavior : End.DT6 (18)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
The IPv4 route table for VPRN-1 on PE-1 shows an EVPN-IFL route to 10.0.1.14/32 that uses an SR-ISIS tunnel to PE-2:
[/]
A:admin@PE-1# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Local Local 00h06m36s 0
loopback 0
10.0.1.14/32 Remote EVPN-IFL 00h06m11s 170
192.0.2.2 (tunneled:SR-ISIS:524290) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table for VPRN-1 on PE-2 shows an EVPN-IFL route to 10.0.1.11/32 that uses an SR-ISIS tunnel to PE-1 and an EVPN-IFL route to 10.0.1.14/32 that uses an SRv6 tunnel to PE-4:
[/]
A:admin@PE-2# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h06m19s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
10.0.1.14/32 Remote EVPN-IFL 00h06m05s 170
2001:db8:aaaa:104:8000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table for VPRN-1 on PE-3 is similar:
[/]
A:admin@PE-3# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h06m15s 170
192.0.2.1 (tunneled:SR-ISIS:524291) 10
10.0.1.14/32 Remote EVPN-IFL 00h06m09s 170
2001:db8:aaaa:104:8000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On PE-4, the route table for VPRN-1 is as follows:
[/]
A:admin@PE-4# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h06m04s 170
2001:db8:aaaa:102:7fff:c000:: (tunneled:SRV6) 10
10.0.1.14/32 Local Local 00h06m08s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 route tables for VPRN-1 on the different PEs are similar; for example, on PE-2:
[/]
A:admin@PE-2# show router service-name "VPRN-1" route-table ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:11/128 Remote EVPN-IFL 00h07m17s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
2001:db8::1:14/128 Remote EVPN-IFL 00h07m03s 170
2001:db8:aaaa:104:7fff:f000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
EVPN-IFL IPv4 routes are advertised with End.DT4 or End.DT46 in that preference order and EVPN-IFL IPv6 routes are advertised with End.DT6 or End.DT46 in that preference order. The following command shows the SID values for the End.DT4, End.DT6, and End.DT46 functions on PE-4:
[/]
A:admin@PE-4# show service id "VPRN-1" segment-routing-v6 instance 1
===============================================================================
Segment Routing v6 Instance 1 Service 1
===============================================================================
Locator
Type Function SID Status
-------------------------------------------------------------------------------
PE4-loc
End.DT4 *524288 2001:db8:aaaa:104:8000:: ok
End.DT6 *524287 2001:db8:aaaa:104:7fff:f000:: ok
End.DT46 *524286 2001:db8:aaaa:104:7fff:e000:: ok
===============================================================================
Legend: * - System allocated
The following command displays the configured BGP-EVPN parameters for MPLS and for SRv6:
[/]
A:admin@PE-2# show service id "VPRN-1" bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:11
Oper Route Dist. : 192.0.2.2:11
Oper RD Type : configured
Route Target : target:64500:11
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : 64500:1
Dyn Egr Lbl Limit : Disabled
EVI : 0
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : any Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Bgp Instance : 1
Filter Tunnel Types: (Not Specified)
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
===============================================================================
Service 1 BGP-EVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up Oper State : Up
EVI : <default>
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:12
Oper Route Dist : 192.0.2.2:12
Oper RD Type : configured
Route Target : target:64500:12
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE2-loc
Source Address : 2001:db8::2:2
Domain-Id : 64500:2
Advertise : Disabled
Weighted ECMP : Disabled
===============================================================================
Multi-instance VPRN with EVPN-IFL over SRv6 and VPN-IPv4/v6 over SR-ISIS
This section describes a use case with interworking between EVPN-IFL and VPN-IPv4.
BGP configuration
Between PE-1, PE-2, and PE-3, BGP is supported for the VPN-IPv4 and VPN-IPv6 address families. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-mpls" {
peer-as 64500
family {
vpn-ipv4 true
vpn-ipv6 true
}
}
neighbor "192.0.2.2" {
group "access-mpls"
}
neighbor "192.0.2.3" {
group "access-mpls"
}
The BGP configuration on PE-2 is as follows:
# on PE-2:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-mpls" {
peer-as 64500
family {
vpn-ipv4 true
vpn-ipv6 true
}
}
group "core-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
neighbor "192.0.2.1" {
group "access-mpls"
}
neighbor "192.0.2.3" {
group "access-mpls"
}
neighbor "2001:db8::2:3" {
group "core-srv6"
}
neighbor "2001:db8::2:4" {
group "core-srv6"
}
The BGP configuration on PE-3 is similar.
The BGP configuration on PE-4 remains unchanged.
Service configuration
On PE-1, VPRN-2 is configured as follows:
# on PE-1:
configure {
service {
vprn "VPRN-2" {
admin-state enable
service-id 2
customer "1"
bgp-ipvpn {
mpls {
admin-state enable
route-distinguisher "192.0.2.1:21"
vrf-target {
community "target:64500:21"
}
auto-bind-tunnel {
resolution any
}
}
}
interface "loopback" {
loopback true
mac 00:00:5e:00:53:21
ipv4 {
primary {
address 10.0.2.21
prefix-length 32
}
}
ipv6 {
address 2001:db8::2:21 {
prefix-length 128
}
}
}
On PE-2, VPRN-2 is configured as follows:
# on PE-2:
configure {
service {
vprn "VPRN-2" {
admin-state enable
service-id 2
customer "1"
segment-routing-v6 1 {
locator "PE2-loc" {
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:22"
source-address 2001:db8::2:2
domain-id "64500:2"
vrf-target {
community "target:64500:22"
}
srv6 {
instance 1
default-locator "PE2-loc"
}
}
}
bgp-ipvpn {
mpls {
admin-state enable
route-distinguisher "192.0.2.2:21"
domain-id "64500:1"
vrf-target {
community "target:64500:21"
}
auto-bind-tunnel {
resolution any
}
}
}
The configuration on PE-3 is similar.
On PE-4, VPRN-2 is configured as follows:
# on PE-4:
configure {
service {
vprn "VPRN-2" {
admin-state enable
service-id 2
customer "1"
segment-routing-v6 1 {
locator "PE4-loc" {
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.4:22"
source-address 2001:db8::2:4
vrf-target {
community "target:64500:22"
}
srv6 {
instance 1
default-locator "PE4-loc"
}
}
}
interface "loopback" {
loopback true
mac 00:00:5e:00:53:24
ipv4 {
primary {
address 10.0.2.24
prefix-length 32
}
}
ipv6 {
address 2001:db8::2:24 {
prefix-length 128
}
}
}
Verification
GW PE-2 receives and uses the following IP prefix route from PE-4:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:22
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:22 10.0.2.24/32
0 00:00:00:00:00:00
2001:db8::2:4
524285
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The detailed information for this IP prefix route shows that the End.DT4 function is used:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:22 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:22
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.2.24/32
Route Dist. : 192.0.2.4:22
MPLS Label : 524285
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h06m46s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:7fff:d000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
PE-2 readvertises this prefix in a VPN-IPv4 route to PE-1 and PE-3 after prepending the domain ID 64500:2. PE-1 accepts this route, but PE-3 has domain ID 64500:2 locally, so it does not add this route to its VRF. The following shows that PE-3 does not use the VPN-IPv4 route received from PE-2 and that PE-3 detects a domain path loop in VRF 2:
[/]
A:admin@PE-3# show router bgp routes vpn-ipv4 rd 192.0.2.2:21 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.0.2.24/32
Nexthop : 192.0.2.2
Route Dist. : 192.0.2.2:21 VPN Label : 524278
Path Id : None
From : 192.0.2.2
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:21
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Fwd Class : None Priority : None
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h07m36s
VPRN Imported : None
DPath Loop VRFs: 2
---snip---
The IPv4 route table on PE-1 shows a BGP-VPN route to 10.0.2.24/32 that uses an SR-ISIS tunnel to PE-2:
[/]
A:admin@PE-1# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Local Local 00h09m56s 0
loopback 0
10.0.2.24/32 Remote BGP VPN 00h08m28s 170
192.0.2.2 (tunneled:SR-ISIS:524290) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table on PE-2 shows a BGP-VPN route to 10.0.2.21/32 that uses an SR-ISIS tunnel to PE-1 and an EVPN-IFL route to 10.0.2.24/32 that uses an SRv6 tunnel to PE-4:
[/]
A:admin@PE-2# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Remote BGP VPN 00h09m18s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
10.0.2.24/32 Remote EVPN-IFL 00h08m31s 170
2001:db8:aaaa:104:7fff:d000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The route table on PE-3 is similar.
The route table on PE-4 is as follows:
[/]
A:admin@PE-4# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Remote EVPN-IFL 00h08m26s 170
2001:db8:aaaa:102:7fff:6000:: (tunneled:SRV6) 10
10.0.2.24/32 Local Local 00h08m29s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 route tables for VPRN-2 are similar; for example, on PE-2:
[/]
A:admin@PE-2# show router service-name "VPRN-2" route-table ipv6
===============================================================================
IPv6 Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::2:21/128 Remote BGP VPN 00h10m11s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
2001:db8::2:24/128 Remote EVPN-IFL 00h09m22s 170
2001:db8:aaaa:104:7fff:c000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The next hop value 2001:db8:aaaa:104:7fff:c000:: in the preceding output corresponds to the SID value for End.DT6 in the following command on PE-4:
[/]
A:admin@PE-4# show service id "VPRN-2" segment-routing-v6 instance 1
===============================================================================
Segment Routing v6 Instance 1 Service 2
===============================================================================
Locator
Type Function SID Status
-------------------------------------------------------------------------------
PE4-loc
End.DT4 *524285 2001:db8:aaaa:104:7fff:d000:: ok
End.DT6 *524284 2001:db8:aaaa:104:7fff:c000:: ok
End.DT46 *524283 2001:db8:aaaa:104:7fff:b000:: ok
===============================================================================
Legend: * - System allocated
The following command shows the BGP-IPVPN information for VPRN-2 on PE-2:
[/]
A:admin@PE-2# show service id "VPRN-2" bgp-ipvpn
===============================================================================
Service 2 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.2:21
Oper RD Type : configured
Route Target : target:64500:21
Route Target Impor: None
Route Target Expor: None
Domain-Id : 64500:1
Dyn Egr Lbl Limit : Disabled
Auto-Bind Tunnel
Resolution : any Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: bgp
===============================================================================
The following command shows the BGP-EVPN information for VPRN-2 on PE-2:
[/]
A:admin@PE-2# show service id "VPRN-2" bgp-evpn
===============================================================================
Service 2 BGP-EVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up Oper State : Up
EVI : <default>
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:22
Oper Route Dist : 192.0.2.2:22
Oper RD Type : configured
Route Target : target:64500:22
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE2-loc
Source Address : 2001:db8::2:2
Domain-Id : 64500:2
Advertise : Disabled
Weighted ECMP : Disabled
===============================================================================
Multi-instance VPRN with two EVPN-IFL domains using SRv6 transport
EVPN IP prefix routes readvertised between SRv6 domains shows how IP prefix 10.0.3.34/32 is advertised in VPRN-3 with two BGP-EVPN instances pointing at the same SRv6 locator.
VPRN with two BGP-EVPN instances pointing at the same SRv6 locator
This section describes VPRN-3 which has two BGP-EVPN instances that both use the same locator.
SRv6 configuration
SRv6 was already configured among PE-2, PE-3, and PE-4. In this scenario and the following, SRv6 is also configured among PE-1, PE-2, and PE-3. The IS-IS configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
isis 0 {
admin-state enable
advertise-passive-only true
advertise-router-capability as
ipv6-routing native
traffic-engineering true
area-address [49.0001]
traffic-engineering-options {
ipv6 true
application-link-attributes {
}
}
segment-routing-v6 {
admin-state enable
locator "PE1-loc" {
level-capability 1 # on PE-2, PE-3: level 1/2 (default)
}
}
interface "int-PE-1-PE-2" {
interface-type point-to-point
level-capability 1
}
interface "int-PE-1-PE-3" {
interface-type point-to-point
level-capability 1
}
interface "system" {
passive true
}
level 1 {
wide-metrics-only true
}
level 2 {
wide-metrics-only true
}
}
On the GWs PE-2 and PE-3, the existing locators "PE2-loc" and "PE3-loc" are used on both SRv6 domains and these SRv6 locators are configured with level-capability 1/2, which is the default value.
BGP configuration
In this example, BGP uses IPv6 peer addresses. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
neighbor "2001:db8::2:2" {
group "access-srv6"
}
neighbor "2001:db8::2:3" {
group "access-srv6"
}
The BGP configuration on the service GWs PE-2 and PE-3 is as follows:
# on PE-2:
configure {
router "Base" {
autonomous-system 64500
bgp {
rapid-withdrawal true
peer-ip-tracking true
split-horizon true
rapid-update {
evpn true
}
group "access-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
group "core-srv6" {
peer-as 64500
family {
evpn true
}
advertise-ipv6-next-hops {
evpn true
}
}
neighbor "2001:db8::2:1" {
group "access-srv6"
}
neighbor "2001:db8::2:3" { # on PE-3: 2001:db8::2:2
group "core-srv6"
}
neighbor "2001:db8::2:4" {
group "core-srv6"
}
The BGP configuration on PE-4 remains the same as in the preceding use cases.
Service configuration
On PE-1 and PE-4, the configuration of VPRN-3 is similar. VPRN-3 is configured on PE-1 as follows:
# on PE-1:
configure {
service {
vprn "VPRN-3" {
admin-state enable
service-id 3
customer "1"
segment-routing-v6 1 {
locator "PE1-loc" { # on PE-4: "PE4-loc"; same functions
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.1:31" # on PE-4: 192.0.2.4:32
source-address 2001:db8::2:1 # on PE-4: 2001:db8::2:4
vrf-target {
community "target:64500:31" # on PE-4: target:64500:32
}
srv6 {
instance 1
default-locator "PE1-loc" # on PE-4: "PE4-loc"
}
}
}
interface "loopback" {
loopback true
ipv4 {
primary {
address 10.0.3.31 # on PE-4: 10.0.3.34
prefix-length 32
}
}
ipv6 {
address 2001:db8::3:31 { # on PE-4: 2001:db8::3:34
prefix-length 128
}
}
}
On GWs PE-2 and PE-3, VPRN-3 has two BGP-EVPN instances that both point to the same locator, as follows:
# on PE-2:
configure {
service {
vprn "VPRN-3" {
admin-state enable
service-id 3
customer "1"
allow-export-bgp-vpn true
segment-routing-v6 1 {
locator "PE2-loc" { # on PE-3: "PE3-loc"; same functions
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:31" # on PE-3: 192.0.2.3:31
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64500:1"
vrf-target {
community "target:64500:31"
}
srv6 {
instance 1
default-locator "PE2-loc" # on PE-3: "PE3-loc"
}
}
segment-routing-v6 2 {
admin-state enable
route-distinguisher "192.0.2.2:32" # on PE-3: 192.0.2.3:32
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64500:2"
vrf-target {
community "target:64500:32"
}
srv6 {
instance 1
default-locator "PE2-loc" # on PE-3: "PE3-loc"
}
}
}
Verification
The domain path attribute is used for loop prevention. GW PE-2 does not use the IP prefix routes readvertised by GW PE-3:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:31
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
*>i 192.0.2.3:31 10.0.3.31/32
0 00:00:00:00:00:00
2001:db8::2:3
524288
ESI-0
*>i 192.0.2.3:31 10.0.3.34/32
0 00:00:00:00:00:00
2001:db8::2:3
524288
ESI-0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The detailed output of the preceding command on PE-2 shows that the End.DT4 function is used and that PE-2 detects a domain path loop in VRF 3 for EVPN IP prefix routes with RD 192.0.2.3:31:
[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:31 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:3
Path Id : None
From : 2001:db8::2:3
Res. Nexthop : fe80::14:1ff:fe01:15
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:31
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:1:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.3.31/32
Route Dist. : 192.0.2.3:31
MPLS Label : 524288
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m05s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:8000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
DPath Loop VRFs: 3
---snip---
The IPv4 route table for VPRN-3 on PE-2 is as follows:
[/]
A:admin@PE-2# show router service-name "VPRN-3" route-table
===============================================================================
Route Table (Service: 3)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.3.31/32 Remote EVPN-IFL 00h04m03s 170
2001:db8:aaaa:101:8000:: (tunneled:SRV6) 10
10.0.3.34/32 Remote EVPN-IFL 00h03m51s 170
2001:db8:aaaa:104:7fff:a000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The behavior is the same as in the preceding use cases. The same show commands can be used to verify that.
VPRN with two BGP-EVPN instances pointing at different SRv6 locators
This section describes VPRN-4, which has two BGP-EVPN instances pointing at different locators.
SRv6 locator configuration
On PE-2, PE-3, and PE-4, an additional SRv6 locator is configured. In this example, the only difference is the IP prefix. On PE-2, the "PE2-loc" locator was already configured and the "PE2-loc-2" locator is added:
# on PE-2:
configure {
router "Base" {
isis 0 {
segment-routing-v6 {
admin-state enable
locator "PE2-loc" {
}
locator "PE2-loc-2" {
}
}
---snip---
segment-routing {
segment-routing-v6 {
origination-fpe [1]
source-address 2001:db8::2:2
locator "PE2-loc" {
admin-state enable
block-length 48
termination-fpe [2]
prefix {
ip-prefix 2001:db8:aaaa:102::/64
}
}
locator "PE2-loc-2" {
admin-state enable
block-length 48
termination-fpe [2]
prefix {
ip-prefix 2001:db8:aaaa:122::/64
}
}
base-routing-instance {
locator "PE2-loc" {
function {
end 1 {
srh-mode usp
}
end-x-auto-allocate psp protection unprotected { }
}
}
locator "PE2-loc-2" {
function {
end 1 {
srh-mode usp
}
end-x-auto-allocate psp protection unprotected { }
}
}
}
}
}
Likewise, PE-3 gets additional locator "PE3-loc-2" and PE-4 gets additional locator "PE4-loc-2".
BGP configuration
The BGP configuration is the same as for VPRN-3: BGP is enabled for the EVPN address family and the peer addresses are the IPv6 system addresses.
Service configuration
On PE-1, VPRN-4 is configured as follows:
# on PE-1:
configure {
service {
vprn "VPRN-4" {
admin-state enable
service-id 4
customer "1"
segment-routing-v6 1 {
locator "PE1-loc" {
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.1:41"
source-address 2001:db8::2:1
vrf-target {
community "target:64500:41"
}
srv6 {
instance 1
default-locator "PE1-loc"
}
}
}
interface "loopback" {
loopback true
ipv4 {
primary {
address 10.0.4.41
prefix-length 32
}
}
ipv6 {
address 2001:db8::4:41 {
prefix-length 128
}
}
}
On PE-2, VPRN-4 is configured with two SRv6 instances that use different locators, as follows. The configuration on PE-3 is similar.
# on PE-2:
configure {
service {
vprn "VPRN-4" {
admin-state enable
service-id 4
customer "1"
allow-export-bgp-vpn true
segment-routing-v6 1 {
locator "PE2-loc" { # on PE-3: "PE3-loc"; same functions
function {
end-dt4 {
}
end-dt6 {
}
end-dt46 {
}
}
}
}
segment-routing-v6 2 {
locator "PE2-loc-2" { # on PE-3: "PE3-loc-2"; same functions
function {
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.2:41" # on PE-3: 192.0.2.3:41
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64500:1"
vrf-target {
community "target:64500:41"
}
srv6 {
instance 1
default-locator "PE2-loc" # on PE-3: "PE3-loc"
}
}
segment-routing-v6 2 {
admin-state enable
route-distinguisher "192.0.2.2:42" # on PE-3: 192.0.2.3:42
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
domain-id "64500:2"
vrf-target {
community "target:64500:42"
}
srv6 {
instance 2
default-locator "PE2-loc-2" # on PE-3: "PE3-loc-2"
}
}
}
On PE-4, VPRN-4 is configured as follows:
# on PE-4:
configure {
service {
vprn "VPRN-4" {
admin-state enable
service-id 4
customer "1"
segment-routing-v6 1 {
locator "PE4-loc-2" {
function {
end-dt46 {
}
}
}
}
bgp-evpn {
segment-routing-v6 1 {
admin-state enable
route-distinguisher "192.0.2.4:42"
source-address 2001:db8::2:4
vrf-target {
community "target:64500:42"
}
srv6 {
instance 1
default-locator "PE4-loc-2"
}
}
}
interface "loopback" {
loopback true
ipv4 {
primary {
address 10.0.4.44
prefix-length 32
}
}
ipv6 {
address 2001:db8::4:44 {
prefix-length 128
}
}
}
Verification
The behavior is similar as in the preceding use cases. Loops are prevented using the domain path attribute. The following shows that PE-3 detects a domain path loop in VRF 4 for a route originating from PE-2:
[/]
A:admin@PE-3# show router bgp routes evpn ip-prefix rd 192.0.2.2:41 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:2
Path Id : None
From : 2001:db8::2:2
Res. Nexthop : fe80::e:1ff:fe01:15
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:41
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.4.44/32
Route Dist. : 192.0.2.2:41
MPLS Label : 524285
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m24s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:102::
Full Sid : 2001:db8:aaaa:102:7fff:d000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
DPath Loop VRFs: 4
---snip---
The route tables for IPv4 and IPv6 are similar to the ones in the preceding use cases. The IPv4 route tables for VPRN-4 are the following:
[/]
A:admin@PE-1# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Local Local 00h06m09s 0
loopback 0
10.0.4.44/32 Remote EVPN-IFL 00h05m45s 170
2001:db8:aaaa:102:7fff:d000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
[/]
A:admin@PE-2# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 00h05m54s 170
2001:db8:aaaa:101:7fff:b000:: (tunneled:SRV6) 10
10.0.4.44/32 Remote EVPN-IFL 00h05m40s 170
2001:db8:aaaa:124:7fff:7000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
[/]
A:admin@PE-3# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 00h05m49s 170
2001:db8:aaaa:101:7fff:b000:: (tunneled:SRV6) 10
10.0.4.44/32 Remote EVPN-IFL 00h05m43s 170
2001:db8:aaaa:124:7fff:7000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
[/]
A:admin@PE-4# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 00h05m40s 170
2001:db8:aaaa:122:7fff:2000:: (tunneled:SRV6) 10
10.0.4.44/32 Local Local 00h05m44s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
Multi-instance VPRN services with EVPN-IFL can use SRv6 transport as well as MPLS transport. Interworking between EVPN-IFL and IP-VPN is supported. Multi-instance VPRN services can be used as Service Gateways to connect two SRv6 domains together.