EVPN-IFF BGP Attribute Propagation Between Families
This chapter provides information about EVPN-IFF BGP attribute propagation between families .
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.7.R1. EVPN Interface-ful (EVPN-IFF) BGP attribute propagation between BGP families based on uniform propagation is supported in SR OS Release 21.2.R1 and later.
For more information on routed VPLS in EVPN, see chapters EVPN for VXLAN Tunnels (Layer 3) and EVPN for MPLS Tunnels in Routed VPLS .
Overview
SR OS allows multiple BGP owners in the same VPRN service to receive or advertise IP prefixes contained in the VPRN route table. A VPRN route table can simultaneously install and process IPv4 or IPv6 prefixes for the following owners:
- EVPN Interface-ful (EVPN-IFF)
- EVPN Interface-less (EVPN-IFL)
- VPN-IP (also referred to as IP-VPN routes)
- IP (also referred to as BGP PE-CE routes)
EVPN-IFF routes are EVPN IP-prefix routes, otherwise known as route type 5 (RT-5) routes, that are imported and exported based on the configuration of the R-VPLS services attached to the VPRN. To enable the EVPN-IFF model, the command config>service>vpls>bgp-evpn>ip-route-advertisement needs to be configured. By default, BGP attributes are re-originated when a prefix is propagated to and from an EVPN-IFF route. However, BGP attributes can be used to influence routing (for example, local preference, Autonomous System (AS) path, communities, and so on), and therefore, SR OS supports EVPN-IFF BGP attribute propagation to other BGP families (uniform propagation), as described in draft-ietf-bess-evpn-ipvpn-interworking.
The following CLI command is used to enable EVPN-IFF BGP attribute propagation and EVPN-IFF best path selection:
*A:PE-4>config>service>system>bgp-evpn# ip-prefix-routes ?
- ip-prefix-routes
[no] iff-attribute-* - Enable attribute uniform propagation
[no] iff-bgp-path-s* - Enable bgp path selection
The iff-bgp-path-selection command cannot be enabled when iff-attribute-uniform-propagation is disabled.
When iff-attribute-uniform-propagation is enabled on a node:
- the following BGP path attributes are propagated:
- AS path
- domain path (D-PATH), supported in SR OS Release 21.10.R1 and later
- IBGP-only attributes, when advertising to an IBGP neighbor: local preference, originator ID, cluster ID
- Multiple Exit Discriminator (MED)
- communities, large communities, extended communities
- the following BGP path attributes are not propagated across families:
- any type 0x06 extended communities supported by RT-5 routes:
- MAC mobility extended community
- EVPN router MAC extended community
- BGP encapsulation extended community
- Route Target extended community
- BGP tunnel encapsulation attribute
- BGP prefix-SID attribute used in RT-5 routes and VPN-IP routes for Segment Routing over IPv6 dataplane (SRv6) services
- any type 0x06 extended communities supported by RT-5 routes:
- IBGP-only attributes are only propagated to IBGP neighbors; EBGP-only attributes only to EBGP neighbors
- routes received with well-known communities, such as no-advertise or no-export(-subconfed), are sent or not sent depending on the community values
- BGP path attributes are propagated even when doing route leaking between routing instances
If multiple EVPN-IFF routes for the same prefix are received for the same VPRN, they are by default ordered and selected based on the lowest R-VPLS Ifindex, Route Distinguisher (RD), and Ethernet tag.
When iff-bgp-path-selection is enabled, EVPN-IFF routes with the same or different RD are selected based on regular BGP path selection rules in the following order:
- valid route wins over invalid route (invalid routes are looped routes or routes where the originator ID matches the receiving router)
- lowest origin validation state (origin validation state: valid is preferred to origin validation state: not found; origin validation state: not found is preferred to origin validation state: invalid) – applicable to IPv4, IPv6, or BGP Labeled Unicast (BGP-LU) routes
- lowest Routing Table Manager (RTM) preference
- highest local preference
- shortest D-PATH
- lowest Accumulated Interior Gateway Protocol (AIGP) metric (AIGP is not supported for EVPN-IFL, EVPN-IFF, or IP-VPN routes)
- shortest AS path
- lowest origin (origin: IGP is preferred to origin: EGP; origin: EGP is preferred to origin: incomplete)
- lowest MED (routes without MED are considered as zero or infinity based on the configuration of the always-compare-med command)
- lowest owner type (owner type: BGP-label is preferred to owner type: BGP; owner type: BGP is preferred to owner type: BGP-VPN) with BGP-VPN referring to VPN-IP and EVPN-IFL
- EBGP wins over IBGP
- lowest route-table or tunnel-table cost to the next-hopNote: The ignore-nh-metric command is not supported for EVPN-IFF.
- lowest next-hop type – a next-hop resolved to a tunnel-table entry is considered as a lower type than a next-hop resolved to a route-table entry
- lowest router ID – applicable to IBGP peers
- shortest cluster list length – applicable to IBGP peers
- lowest IP address – IP address refers to the peer that advertised the route
- EVPN-IFL wins over IPVPN
- next-hop check (IPv4 next-hop wins over IPv6, then lowest next-hop wins) - The next-hop check is a tiebreaker if BGP receives the same prefix for VPN-IPv6 and EVPN-IFL. An IPv6 prefix received as VPN-IPv6 has an IPv6 next-hop whereas the same IPv6 prefix received as EVPN-IFL can have an IPv4 next-hop.
- lowest RD for route-table selection
- lowest path ID (add-path)
Configuration
Example topology shows the example topology with PE-3 as Data Center Gateway (DCGW) between an EVPN-VXLAN network and an EVPN-MPLS network. Routed VPLS is configured on PE-2, PE-3, and PE-6. Supplementary broadcast domain "SBD-12" is configured in the EVPN-VXLAN network between PE-2 and PE-3; "SBD-13" in the EVPN-MPLS network between PE-3 and PE-6. On PE-2, Ethernet VPN instance "EVI-11" is configured toward CE-1.
CE-1 advertises prefix 10.1.11.0/24 to BGP neighbor 10.0.0.2 in VPRN 10 on PE-2. PE-2 sends an EVPN-IFF route to DCGW PE-3. PE-3 forwards the prefix 10.1.11.0/24 as VPN-IPv4 route to PE-4, as EVPN-IFL route to PE-5, as EVPN-IFF route to PE-6, and as IPv4 route to PE-6.
The initial configuration includes the following:
- Cards, MDAs, ports
- Router interfaces on all PEs
- IS-IS on the router interfaces
- LDP on the router interfaces on PE-3, PE-4, PE-5, and PE-6
On the PEs, BGP is configured for the EVPN address family. Between PE-3 and PE-4, both the VPN-IPv4 and the EVPN address family are configured. The configuration on PE-3 is as follows:
# on PE-3:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "internal1"
family evpn
peer-as 64496
neighbor 192.0.2.2
exit
exit
group "internal"
peer-as 64496
neighbor 192.0.2.4
family vpn-ipv4 evpn
exit
neighbor 192.0.2.5
family evpn
exit
neighbor 192.0.2.6
family evpn
exit
exit
exit
On CE-1, BGP is configured in VPRN 11 for the IPv4 address family. The export policy adds communities "1:1" and "2:2" and sets the MED to a value of 81.
# on CE-1:
configure
router Base
policy-options
begin
community "1:1_2:2"
members "1:1" "2:2"
exit
policy-statement "export-vnf-to-all"
entry 10
from
protocol direct direct-interface
exit
action accept
community add "1:1_2:2"
bgp-med set 81
exit
exit
exit
commit
exit
exit
service
vprn 11 name "VPRN 11" customer 1 create
autonomous-system 64501
interface "int-CE-1-PE-2" create
address 10.0.0.1/24
sap 1/1/2:11 create
exit
exit
interface "test" create
address 10.1.11.1/24
sap 1/1/2:12 create
exit
exit
bgp
export "export-vnf-to-all"
split-horizon
group "CE-1-PE-2"
type external
peer-as 64496
neighbor 10.0.0.2
exit
exit
exit
no shutdown
On PE-2, VPRN 10 has R-VPLS interface "int-EVI-11" toward CE-1 and R-VPLS interface "int-SBD-12" toward PE-3. BGP is configured toward neighbor 10.0.0.1 on CE-1 and the import policy sets the local preference (LP) to 200, as follows:
# on PE-2:
configure
router Base
policy-options
begin
policy-statement "local-preference-200"
entry 10
action accept
local-preference 200
exit
exit
exit
commit
exit
exit
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-SBD-12" create
vpls "SBD-12"
evpn-tunnel
exit
exit
interface "int-EVI-11" create
address 10.0.0.2/24
vrrp 1 owner passive
backup 10.0.0.2
exit
vpls "EVI-11"
exit
exit
bgp
import "local-preference-200"
local-as 64496
split-horizon
group "PE-2-CE-1"
type external
peer-as 64501
neighbor 10.0.0.1
exit
exit
exit
no shutdown
exit
vpls 11 name "EVI-11" customer 1 create
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/1:11 create
no shutdown
exit
no shutdown
exit
vpls 12 name "SBD-12" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 12 create
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 12
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
no shutdown
exit
On PE-3, VPRN 10 is configured with:
- three interfaces:
- R-VPLS interface "int-SBD-12" toward PE-2
- R-VPLS interface "int-SBD-13" toward PE-6
- interface "int-VPRN10-PE-3-to-PE-6" to the base router of PE-6.
- BGP-IPVPN for the exchange of VPN-IPv4 routes with PE-4
- BGP-EVPN to propagate EVPN-IFL routes to PE-5 and EVPN-IFF routes to PE-6
- BGP to propagate BGP IPv4 routes to the base router on PE-6. The export policy is only required in the BGP configuration.
# on PE-3:
configure
router Base
policy-options
begin
prefix-list "10.1.0.0"
prefix 10.1.0.0/16 longer
exit
policy-statement "export-bgp"
entry 10
from
prefix-list "10.1.0.0"
exit
action accept
exit
exit
exit
commit
exit
exit
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-SBD-12" create
vpls "SBD-12"
evpn-tunnel
exit
exit
interface "int-SBD-13" create
vpls "SBD-13"
evpn-tunnel
exit
exit
interface "int-VPRN10-PE-3-to-PE-6" create
address 10.15.16.3/24
sap 1/1/3:13 create
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.3:10
vrf-target target:64496:10
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.3:10
vrf-target target:64496:10
no shutdown
exit
exit
bgp
export "export-bgp"
rapid-withdrawal
group "base router - PE-6"
family ipv4
neighbor 10.15.16.6
type internal
peer-as 64496
exit
exit
exit
no shutdown
exit
vpls 12 name "SBD-12" customer 1 create
description "EVPN-VXLAN VPLS for EVPN tunnel to PE-2"
allow-ip-int-bind
exit
vxlan instance 1 vni 12 create
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 12
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
no shutdown
exit
vpls 13 name "SBD-13" customer 1 create
description "EVPN-MPLS VPLS for EVPN tunnel to PE-6"
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 13
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
no shutdown
exit
On PE-4, VPRN 10 is configured with BGP-IPVPN, as follows. BGP between PE-3 and PE-4 is configured for the VPN-IPv4 address family.
# on PE-4:
configure
service
vprn 10 name "VPRN 10" customer 1 create
bgp-ipvpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.4:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
exit
On PE-5, VPRN 10 is configured with BGP-EVPN, as follows:
# on PE-5:
configure
service
vprn 10 name "VPRN 10" customer 1 create
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.5:10
vrf-target target:64496:10
no shutdown
exit
exit
bgp
no shutdown
exit
no shutdown
exit
In the base router of PE-6, BGP is configured to neighbor 10.15.16.3 on PE-3. VPRN 15 is configured with R-VPLS interface "int-SBD-13" toward PE-3. The configuration is as follows:
# on PE-6:
configure
router Base
interface "int-PE-6-to-VPRN10-PE-3"
address 10.15.16.6/24
port 1/1/1:13
exit
bgp
group "PE-6-CE"
family ipv4
neighbor 10.15.16.3
type internal
local-as 64496
peer-as 64496
exit
exit
exit
exit
service
vprn 15 name "VPRN 15" customer 1 create
autonomous-system 64502
interface "int-SBD-13" create
vpls "SBD-13"
evpn-tunnel
exit
exit
no shutdown
exit
vpls 13 name "SBD-13" customer 1 create
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 13
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
no shutdown
exit
Default behavior
By default, BGP path attributes are re-originated when a prefix is propagated to and from an EVPN-IFF route. EVPN-IFF BGP path attributes are re-originated by PE-2 and PE-3 shows that PE-2 receives an IPv4 route for prefix 10.1.11.0/24 with non-default BGP path attributes, whereas PE-2 propagates the prefix as an EVPN-IFF route with default path attributes.
VPRN 10 on PE-2 received a BGP IPv4 route for prefix 10.1.11.0/24 with LP 200, MED 81, and communities "1:1" and "2:2":
*A:PE-2# show router 10 bgp routes 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.1.11.0/24
Nexthop : 10.0.0.1
Path Id : None
From : 10.0.0.1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 10.0.0.1
Local Pref. : 200 Interface Name : int-EVI-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 0
Connector : None
Community : 1:1 2:2
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 255.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP In-RTM
Route Source : External
AS-Path : 64501
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h03m24s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-2 propagates prefix 10.1.11.0/24 as an EVPN-IFF route to PE-3 with default BGP attributes: LP 100, no MED, and without the communities "1:1" and "2:2":
*A:PE-2# show router bgp routes evpn ip-prefix prefix 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
To : 192.0.2.3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : n/a
Connector : None
Community : target:64496:12 mac-nh:02:13:ff:ff:ff:49
bgp-tunnel-encap:VXLAN
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 02:13:ff:ff:ff:49
Prefix : 10.1.11.0/24
Route Dist. : 192.0.2.2:12
MPLS Label : VNI 12
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Uniform propagation for EVPN-IFF BGP path attributes to different BGP families
Enabling iff-attribute-uniform-propagation is not allowed when there are services enabled with bgp-evpn ip-route-advertisement:
*A:PE-2>config>service>system>bgp-evpn>ip-prefix-routes# iff-attribute-uniform-propagation
MINOR: SVCMGR #1003 Inconsistent value - iff-attribute-uniform-propagation cannot be enabled/disabled when there are "bgp-evpn ip-route-advertisement" enabled services
To enable iff-attribute-uniform-propagation and iff-best-path-selection on PE-2, ip-route-advertisement must be temporarily disabled in VPLS "SBD-12", as follows:
# on PE-2
configure
service
vpls "SBD-12"
bgp-evpn
no ip-route-advertisement
exit
exit
system
bgp-evpn
ip-prefix-routes
iff-attribute-uniform-propagation
iff-bgp-path-selection
exit
exit
exit
vpls "SBD-12"
bgp-evpn
ip-route-advertisement
exit
exit
In a similar configuration, iff-attribute-uniform-propagation and iff-bgp-path-selection are enabled on the other PEs.
The following command shows that uniform propagation for EVPN-IFF BGP path attributes and BGP path selection are enabled:
*A:PE-2# show service system bgp-evpn
===============================================================================
System BGP EVPN Information
===============================================================================
Eth Seg Route Dist. : <none>
Eth Seg Oper Route Dist. : <none>
Eth Seg Oper Route Dist Type : none
Ad Per ES Route Target : evi-rt
Etree
Leaf : Disabled
Mcast Leave Sync Prop : 5
Attribute Uniform Prop : Enabled
BGP Path Selection : Enabled
D-Path Length Ignore : Disabled
===============================================================================
Uniform propagation for EVPN-IFF BGP path attributes between families shows the uniform propagation for EVPN-IFF BGP path attributes between families in the same Virtual Routing and Forwarding (VRF).
With the uniform propagation for EVPN-IFF BGP path attributes enabled, PE-2 propagates EVPN-IFF route 10.1.11.0/24 to PE-3 with LP 200, MED 81, and communities "1:1" and "2:2". The following EVPN-IFF route is received at PE-3:
*A:PE-3# show router bgp routes evpn ip-prefix prefix 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.3 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.23.1
Local Pref. : 200 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 1:1 2:2 target:64496:12 mac-nh:02:13:ff:ff:ff:49
bgp-tunnel-encap:VXLAN
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64501
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 02:13:ff:ff:ff:49
Prefix : 10.1.11.0/24
Route Dist. : 192.0.2.2:12
MPLS Label : VNI 12
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h01m30s
-------------------------------------------------------------------------------
---snip---
With the uniform propagation for EVPN-IFF BGP path attributes enabled, PE-3 propagates VPN-IPv4 route 10.1.11.0/24 to PE-4 with LP 200, MED 81, and communities "1:1" and "2:2". The following VPN-IPv4 route is received at PE-4:
*A:PE-4# show router bgp routes 10.1.11.0/24 vpn-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.1.11.0/24
Nexthop : 192.0.2.3
Route Dist. : 192.0.2.3:10 VPN Label : 524283
Path Id : None
From : 192.0.2.3
Res. Nexthop : n/a
Local Pref. : 200 Interface Name : int-PE-4-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 1:1 2:2 target:64496:10
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64501
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h01m44s
VPRN Imported : 10
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-3 propagates EVPN-IFL route 10.1.11.0/24 to PE-5 with LP 200, MED 81, and communities "1:1" and "2:2". The following EVPN-IFL route is received at PE-5:
*A:PE-5# show router bgp routes evpn ip-prefix prefix 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.5 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.35.1
Local Pref. : 200 Interface Name : int-PE-5-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 1:1 2:2 target:64496:10 bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64501
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.1.11.0/24
Route Dist. : 192.0.2.3:10
MPLS Label : LABEL 524282
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m36s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-3 propagates EVPN-IFF route 10.1.11.0/24 to PE-6 with LP 200, MED 81, and communities "1:1" and "2:2". The following EVPN-IFF route is received at PE-6:
*A:PE-6# show router bgp routes evpn ip-prefix prefix 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.36.1
Local Pref. : 200 Interface Name : int-PE-6-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 1:1 2:2 target:64496:13 mac-nh:02:17:ff:ff:ff:4a
bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64501
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 02:17:ff:ff:ff:4a
Prefix : 10.1.11.0/24
Route Dist. : 192.0.2.3:13
MPLS Label : LABEL 524281
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m01s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
PE-3 propagates BGP IPv4 route 10.1.11.0/24 to PE-6 with LP 200, MED 81, and communities "1:1" and "2:2". The following IPv4 route is received at PE-6:
*A:PE-6# show router bgp routes 10.1.11.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.6 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.1.11.0/24
Nexthop : 10.15.16.3
Path Id : None
From : 10.15.16.3
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 10.15.16.3
Local Pref. : 200 Interface Name : int-PE-6-to-VPRN10-PE*
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 81
AIGP Metric : None IGP Cost : 0
Connector : None
Community : 1:1 2:2
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Used Valid Best IGP In-RTM
Route Source : Internal
AS-Path : 64501
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h03m17s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
EVPN-IFF BGP path attributes exported to leaked EVPN routes
Example topology shows the example topology with two VPRNs on DCGW PE-3 where routes are leaked.
The uniform propagation for EVPN-IFF BGP path attributes is enabled on all PEs.
BGP path attributes are propagated in leaked EVPN routes shows that CE-1 exports an IPv4 route for prefix 10.1.1.1/32 to PE-1. This route has non-default BGP attributes; for example, MED 88, AS path 64502 64505 64504, and community "11:11" "color:00:55". PE-1 exports this route as an EVPN-IFF route to PE-3. PE-3 forwards this route as EVPN-IFL route to PE-5. On PE-3, the route is leaked from VPRN 20 to VPRN 30. The BGP path attributes are propagated to the leaked EVPN routes, except those attributes that are not expected to be propagated, such as the router’s MAC extended community. PE-3 advertises an EVPN-IFF route for prefix 10.1.1.1/32 to PE-2.
In a similar way, CE-2 exports IPv4 prefix 10.2.2.2/32 to PE-2 with non-default BGP path attributes. PE-2 advertises this prefix as an EVPN-IFF route with the same BGP path attributes. PE-3 leaks the route from VPRN 30 to VPRN 20 while preserving the BGP path attributes. PE-3 advertises an EVPN-IFF route for prefix 10.2.2.2/32 to PE-1 with the same BGP path attributes. PE-3 also advertises the prefix as EVPN-IFL route to PE-5 with the same BGP path attributes. For brevity, the routes for prefix 10.2.2.2/32 are not shown here.
In this example, VPRN "CE-1" is configured as follows. The export policy sets the MED, prepends some AS numbers to the AS path, and adds the communities "11:11" and "color:00:55".
# CE-1:
configure
router Base
policy-options
begin
community "11:11"
members "11:11"
exit
community "color:00:55"
members "color:00:55"
exit
policy-statement "export-vnf-to-all-2"
entry 10
from
protocol direct direct-interface
exit
action next-entry
community add "11:11" "color:00:55"
as-path-prepend 64504
bgp-med set 88
exit
exit
entry 20
from
protocol direct direct-interface
exit
action accept
as-path-prepend 64505
exit
exit
exit
commit
exit
exit
service
vprn 23 name "CE-1" customer 1 create
autonomous-system 64502
interface "int-CE-1-PE-1" create
address 10.2.0.1/24
sap 1/2/2:21 create
exit
exit
interface "loopback" create
address 10.1.1.1/32
loopback
exit
bgp
export "export-vnf-to-all-2"
local-as 64502
group "PE-1-CE-1"
neighbor 10.2.0.254
type external
peer-as 64496
exit
exit
exit
no shutdown
exit
On PE-1, an import policy sets the LP to a value of 200. VPRN 20 has R-VPLS interface "int-EVI-21" toward CE-1 and R-VPLS interface "int-SBD-22" toward PE-2.
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "local-preference-200"
entry 10
action accept
local-preference 200
exit
exit
exit
commit
exit
exit
service
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-22" create
vpls "SBD-22"
evpn-tunnel
exit
exit
interface "int-EVI-21" create
address 10.2.0.254/24
vrrp 1 owner passive
backup 10.2.0.254
exit
vpls "EVI-21"
exit
exit
bgp
import "local-preference-200"
local-as 64496
group "PE-1-CE"
type external
peer-as 64502
neighbor 10.2.0.1
exit
exit
exit
no shutdown
exit
vpls 21 name "EVI-21" customer 1 create
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/2/1:21 create
exit
no shutdown
exit
vpls 22 name "SBD-22" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 22 create
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 22
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
The configuration on PE-2 is similar with VPRN 30, R-VPLS "EVI-31", and R-VPLS "SBD-32".
PE-3 has two VPRNs: "VPRN 20" and "VPRN 30". Export policy "leak-color-55-into-30" is used to leak routes with color community "color:00:55" from VPRN 20 to VPRN 30. The configuration is as follows:
# on PE-3:
configure
router Base
policy-options
begin
community "color:00:55"
members "color:00:55"
exit
community "RT64496:20"
members "target:64496:20"
exit
community "RT64496:30"
members "target:64496:30"
exit
policy-statement "leak-color-55-into-20"
entry 10
from
community "color:00:55"
exit
action accept
community add "RT64496:20" "RT64496:30"
exit
exit
exit
policy-statement "leak-color-55-into-30"
entry 10
from
community "color:00:55"
exit
action accept
community add "RT64496:20" "RT64496:30"
exit
exit
exit
commit
exit
exit
service
vpls 22 name "SBD-22" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 22 create
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 22
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-22" create
vpls "SBD-22"
evpn-tunnel
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.3:20
vrf-export "leak-color-55-into-30"
vrf-target import target:64496:20
no shutdown
exit
exit
no shutdown
exit
vpls 32 name "SBD-32" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 32 create
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 32
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vprn 30 name "VPRN 30" customer 1 create
autonomous-system 64496
interface "int-SBD-32" create
vpls "SBD-32"
evpn-tunnel
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.3:30
vrf-export "leak-color-55-into-20"
vrf-target import target:64496:30
no shutdown
exit
exit
no shutdown
exit
PE-3 exports the prefix route as EVPN-IFL to PE-5. On PE-5, VPRN 40 is configured as follows:
# on PE-5:
configure
router Base
policy-options
begin
community "RT64496:20"
members "target:64496:20"
exit
community "RT64496:30"
members "target:64496:30"
exit
policy-statement "vrf-40-import"
entry 10
from
community "RT64496:20"
exit
action accept
exit
exit
entry 20
from
community "RT64496:30"
exit
action accept
exit
exit
exit
policy-statement "vrf-40-export"
entry 10
from
protocol direct direct-interface
exit
action accept
community add "RT64496:20" "RT64496:30"
exit
exit
exit
commit
exit
exit
service
vprn 40 name "VPRN 40" customer 1 create
autonomous-system 64496
interface "loopback" create
address 10.5.5.5/32
loopback
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.5:40
vrf-export "vrf-40-export"
vrf-import "vrf-40-import"
no shutdown
exit
exit
no shutdown
CE-1 exports an IPv4 route for prefix 10.1.1.1/32 to PE-1 with community "color:00:55" and other non-default BGP path attributes. The route table for VPRN 20 on PE-1 includes an BGP IPv4 route for prefix 10.1.1.1/32:
*A:PE-1# show router 20 route-table 10.1.1.1/32
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Remote BGP 00h01m57s 170
10.2.0.1 0
-------------------------------------------------------------------------------
No. of Routes: 1
PE-1 propagates prefix 10.1.1.1/32 in an EVPN-IFF route. On PE-3, the route table includes an EVPN-IFF route for prefix 10.1.1.1/32:
*A:PE-3# show router 20 route-table 10.1.1.1/32
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Remote EVPN-IFF 00h01m58s 169
int-SBD-22 (ET-02:0f:ff:ff:ff:53) 0
-------------------------------------------------------------------------------
No. of Routes: 1
PE-3 forwards prefix 10.1.1.1/32 as an EVPN-IFL to PE-5. On PE-5, the route table includes an EVPN-IFL route for prefix 10.1.1.1/32:
*A:PE-5# show router 40 route-table
===============================================================================
Route Table (Service: 40)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Remote EVPN-IFL 00h02m07s 170
192.0.2.3 (tunneled) 10
10.2.2.2/32 Remote EVPN-IFL 00h02m39s 170
192.0.2.3 (tunneled) 10
10.5.5.5/32 Local Local 00h03m24s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 3
In a similar way, PE-5 received an EVPN-IFL route for prefix 10.2.2.2/32. Prefix 10.5.5.5/32 is local to VPRN 40 on PE-5 and is advertised to PE-3 as EVPN-IFL route.
On PE-3, routes with community "color:00:55" are leaked between VPRN 20 and VPRN 30. PE-1 and PE-3 have forwarded the route with the original BGP path attributes, so this community is preserved and the route for prefix 10.1.1.1/32 is leaked to VPRN 30, as shown in the following route table. The next hop is R-VPLS "SBD-22" in local VPRN 20.
*A:PE-3# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Remote EVPN-IFL 00h02m19s 169
Local VRF [20:int-SBD-22] 0
10.2.2.2/32 Remote EVPN-IFF 00h02m52s 169
int-SBD-32 (ET-02:13:ff:ff:ff:5d) 0
10.3.0.0/24 Remote EVPN-IFF 00h03m42s 169
int-SBD-32 (ET-02:13:ff:ff:ff:5d) 0
10.5.5.5/32 Remote EVPN-IFL 00h03m36s 170
192.0.2.5 (tunneled) 10
-------------------------------------------------------------------------------
No. of Routes: 4
PE-3 propagates prefix 10.1.1.1/32 as an EVPN-IFF route to PE-2, so the route table for VPRN 30 on PE-2 includes an entry for prefix 10.1.1.1/32 with next hop "SBD-32" toward VPRN 30 on PE-3:
*A:PE-2# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Remote EVPN-IFF 00h02m30s 169
int-SBD-32 (ET-02:17:ff:ff:ff:5d) 0
10.2.2.2/32 Remote BGP 00h03m02s 170
10.3.0.1 0
10.3.0.0/24 Local Local 00h04m00s 0
int-EVI-31 0
10.5.5.5/32 Remote EVPN-IFF 00h03m47s 169
int-SBD-32 (ET-02:17:ff:ff:ff:5d) 0
-------------------------------------------------------------------------------
No. of Routes: 4
The following show commands illustrate that the BGP path attributes are propagated. VPRN 20 on PE-1 receives an IPv4 route for prefix 10.1.1.1/32 from CE-1 with LP 200, MED 88, AS path 64502 64505 64504, and communities "1:1" "color:00:55", as follows:
*A:PE-1# show router 20 bgp routes 10.1.1.1/32 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.1.1.1/32
Nexthop : 10.2.0.1
Path Id : None
From : 10.2.0.1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 10.2.0.1
Local Pref. : 200 Interface Name : int-EVI-21
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 88
AIGP Metric : None IGP Cost : 0
Connector : None
Community : 11:11 color:00:55
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.1
Fwd Class : None Priority : None
Flags : Used Valid Best IGP In-RTM
Route Source : External
AS-Path : 64502 64505 64504
Route Tag : 0
Neighbor-AS : 64502
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h02m35s
-------------------------------------------------------------------------------
---snip---
PE-1 forwards an EVPN-IFF route to PE-3 for prefix 10.1.1.1/32 with the original BGP path attributes, as follows:
*A:PE-1# show router bgp routes 10.1.1.1/32 evpn ip-prefix hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
---snip---
Network : n/a
Nexthop : 192.0.2.1
Path Id : None
To : 192.0.2.3
Res. Nexthop : n/a
Local Pref. : 200 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 88
AIGP Metric : None IGP Cost : n/a
Connector : None
Community : 11:11 target:64496:22 mac-nh:02:0f:ff:ff:ff:53
bgp-tunnel-encap:VXLAN color:00:55
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
AS-Path : 64502 64505 64504
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 02:0f:ff:ff:ff:53
Prefix : 10.1.1.1/32
Route Dist. : 192.0.2.1:22
MPLS Label : VNI 22
Route Tag : 0
Neighbor-AS : 64502
Orig Validation: N/A
Source Class : 0 Dest Class : 0
---snip---
PE-3 forwards an EVPN-IFL route for prefix 10.1.1.1/32 to PE-5, so PE-5 receives the following route with the original BGP path attributes:
*A:PE-5# show router bgp routes evpn ip-prefix prefix 10.1.1.1/32 hunt
===============================================================================
BGP Router ID:192.0.2.5 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.35.1
Local Pref. : 200 Interface Name : int-PE-5-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 88
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 11:11 target:64496:20 target:64496:30
bgp-tunnel-encap:MPLS color:00:55
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64502 64505 64504
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.1.1.1/32
Route Dist. : 192.0.2.3:20
MPLS Label : LABEL 524280
Route Tag : 0
Neighbor-AS : 64502
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m09s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
On PE-3, the route for prefix 10.1.1.1/32 is leaked from VPRN 20 to VPRN 30. Prefix 10.1.1.1/32 is then advertised to PE-2 in the new context but preserves the BGP path attributes, so PE-2 receives the following route:
*A:PE-2# show router bgp routes evpn ip-prefix prefix 10.1.1.1/32 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
---snip---
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 200 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 88
AIGP Metric : None IGP Cost : 10
Connector : None
Community : 11:11 target:64496:32 mac-nh:02:17:ff:ff:ff:5d
bgp-tunnel-encap:VXLAN color:00:55
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64502 64505 64504
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 02:17:ff:ff:ff:5d
Prefix : 10.1.1.1/32
Route Dist. : 192.0.2.3:32
MPLS Label : VNI 32
Route Tag : 0
Neighbor-AS : 64502
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m50s
---snip---
Conclusion
SR OS nodes can be configured to propagate EVPN-IFF BGP path attributes between families to influence the path selection, as per draft-ietf-bess-evpn-ipvpn-interworking.