Domain Path Attribute for VPRN BGP Routes
This chapter provides information about the domain path attribute for VPRN BGP routes.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.
Overview
The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.
The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in Loop prevention in networks with multiple IP-VPN and EVPN domains.
All PEs in Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.
D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.
The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:
- 0 for local ISF routes
- 1 for PE-CE BGP domains
- 70 for EVPN domains
- 128 for IP-VPN domains
The domain ID can be configured on:
- VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
- VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
- R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
- VPRN BGP neighbors (PE-CE)
- VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.
Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.
A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.
The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.
Configuration
Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- OSPF as IGP on PE-1, PE-2, and PE-3
- IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
- SR-OSPF on PE-1, PE-2, and PE-3
- SRv6 on PE-2, PE-3, and PE-4, configured as in chapter "Segment Routing over IPv6" in the 7750 SR and 7950 XRS Segment Routing and PCE Advanced Configuration Guide for Classic CLI.
- LDP on PE-4, RR-5, PE-6, and PE-7
The BGP configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "internal1"
family evpn
type internal
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
# on PE-2 (similar configuration on PE-3):
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
router-id 192.0.2.2 # on PE-3: 192.0.2.3
advertise-inactive
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal1"
family evpn
next-hop-self
type internal
local-address 192.0.2.2 # on PE-3: 192.0.2.3
neighbor 192.0.2.1
exit
neighbor 192.0.2.3 # on PE-3: 192.0.2.2
exit
exit
group "internal2"
family vpn-ipv4 vpn-ipv6
next-hop-self
type internal
local-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
extended-nh-encoding ipv4 vpn-ipv4
advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
neighbor 2001:db8::2:3 # on PE-3: 2001:db8::2:2
exit
neighbor 2001:db8::2:4
exit
exit
# on PE-4:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
router-id 192.0.2.4
advertise-inactive
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal2"
family vpn-ipv4 vpn-ipv6 evpn
next-hop-self
type internal
local-address 2001:db8::2:4
extended-nh-encoding ipv4 vpn-ipv4
advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
neighbor 2001:db8::2:2
exit
neighbor 2001:db8::2:3
exit
exit
group "internal3"
family vpn-ipv4 vpn-ipv6 evpn
next-hop-self
type internal
local-address 192.0.2.4
neighbor 192.0.2.5
exit
exit
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6 evpn
group "internal3"
type internal
cluster 192.0.2.5
neighbor 192.0.2.4
family vpn-ipv4 vpn-ipv6 evpn
exit
neighbor 192.0.2.6
family evpn
exit
neighbor 192.0.2.7
family vpn-ipv4 vpn-ipv6
exit
exit
# on PE-6:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "internal3"
type internal
neighbor 192.0.2.5
family evpn
exit
exit
# on PE-7:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update vpn-ipv4 vpn-ipv6
group "internal3"
type internal
neighbor 192.0.2.5
family vpn-ipv4 vpn-ipv6
exit
exit
Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances
On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls context:
# on PE-1:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-PE-1-CE-11" create
address 172.31.1.1/24
ipv6
address 2001:db8::31:1:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
sr-ospf
exit
resolution filter
exit
route-distinguisher 192.0.2.1:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
exit
Domain ID 64496:1010 is configured in the bgp-evpn mpls context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.
On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.
# on GW PE-2:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
segment-routing-v6 1 create
locator "PE-2_loc" # on PE-3:"PE-3_loc"
function
end-dt4
end-dt6
exit
exit
exit
bgp-ipvpn
segment-routing-v6
domain-id 64496:1020
route-distinguisher 192.0.2.2:16 # on PE-3: 192.0.2.3:16
srv6-instance 1 default-locator "PE-2_loc" # on PE-3:"PE-3_loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64496:10
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
sr-ospf
exit
resolution filter
exit
domain-id 64496:1010
route-distinguisher 192.0.2.2:10 # on PE-3: 192.0.2.3:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.
# on GW PE-4:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
segment-routing-v6 1 create
locator "PE-4_loc"
function
end-dt4
end-dt6
exit
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
domain-id 64496:1030
route-distinguisher 192.0.2.4:10
vrf-target target:64496:10
no shutdown
exit
segment-routing-v6
domain-id 64496:1020
route-distinguisher 192.0.2.4:16
srv6-instance 1 default-locator "PE-4_loc"
source-address 2001:db8::2:4 ## system IP@
vrf-target target:64496:10
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
domain-id 64496:1030
route-distinguisher 192.0.2.4:10
vrf-target target:64496:10
no shutdown
exit
exit
allow-export-bgp-vpn
no shutdown
When a VPRN is configured with allow-export-bgp-vpn, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or similar instability.
In addition, allow-export-bgp-vpn must never be used in a VPRN service with a route distinguisher that is used in other PEs attached to the same service. If the same route distinguisher is used in this case, constant route flaps will occur.
For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:
# on PE-6:
configure
service
vprn 10 name "VPRN 10" customer 1 create
autonomous-system 64496
interface "int-PE-6-CE-16" create
address 172.31.6.1/24
ipv6
address 2001:db8::31:6:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
route-distinguisher 192.0.2.6:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:
# on PE-7:
configure
service
vprn 10 name "VPRN 10" customer 1 create
local-routes-domain-id 64496:1007
autonomous-system 64496
interface "int-PE-7-CE-17" create
address 172.31.7.1/24
ipv6
address 2001:db8::31:7:1/120
exit
sap 1/1/c5/1:10 create
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution-filter
ldp
exit
resolution filter
exit
route-distinguisher 192.0.2.7:10
vrf-target target:64496:10
no shutdown
exit
exit
no shutdown
The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:
*A:PE-4# show service id 10 bgp-ipvpn
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Auto-Bind Tunnel
Resolution : disabled Strict Tnl Tag : False
ECMP : 0 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:16
Oper Route Dist : 192.0.2.4:16
Oper RD Type : configured
Route Target : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE-4_loc
Source Address : 2001:db8::2:4
Domain-Id : 64496:1020
===============================================================================
For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:
*A:PE-4# show service id 10 bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.4:10
Oper Route Dist. : 192.0.2.4:10
Oper RD Type : configured
Route Target : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : 64496:1030
Dyn Egr Lbl Limit : Disabled
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : filter Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
BGP Instance : 1
Filter Tunnel Types: ldp
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
VPRN BGP routes for prefix 172.31.6.0/24
PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on PE-6:
1 2022/09/05 14:07:07.846 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 82
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:
# on RR-5:
34 2022/09/05 14:07:11.660 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 156
Flag: 0x90 Type: 14 Len: 105 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.6
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Type: EVPN-IP-PREFIX Len: 58 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 2001:db8::31:6:0/120 gw_ip :: Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
"
PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):
53 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 98
Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 24 NextHop 2001:db8::2:4
172.31.6.0/24 RD 192.0.2.4:10 Label 524280 (Raw label 0x7fff81)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"
PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:
# on PE-2:
40 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 115
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"
VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:
VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:
In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.
The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).
# on PE-7:
1 2022/09/05 14:07:07.879 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 72
Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
Address Family VPN_IPV4
NextHop len 12 NextHop 192.0.2.7
172.31.7.0/24 RD 192.0.2.7:10 Label 524283 (Raw label 0x7fffb1)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 8 Extended Community:
target:64496:10
Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"
RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:
# on PE-2:
41 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 123
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
192.0.2.5
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64496:10
bgp-tunnel-encap:MPLS
Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"
Loop prevention
Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in Loop prevention between PE-2 and PE-3:
The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:
*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:10 bgp-tunnel-encap:MPLS
Cluster : 192.0.2.5
Originator Id : 192.0.2.6 Peer Router Id : 192.0.2.3
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 172.31.6.0/24
Route Dist. : 192.0.2.3:10
MPLS Label : LABEL 524283
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h24m27s
DPath Loop VRFs: 10
---snip---
The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:
*A:PE-2# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.31.1.0/24 Remote EVPN-IFL 00h26m24s 170
192.0.2.1 (tunneled:SR-OSPF:524290) 10
172.31.6.0/24 Remote BGP VPN 00h26m24s 170
2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6) 20
172.31.7.0/24 Remote BGP VPN 00h26m24s 170
2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances
Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.
The service configuration on PE-1 does not include a domain ID, as follows:
# on PE-1:
configure
service
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-21" create
vpls "SBD-21"
evpn-tunnel
exit
exit
interface "int-PE-1-CE-21" create
address 10.20.201.1/24
sap 1/1/c5/1:20 create
exit
exit
no shutdown
exit
vpls 21 name "SBD-21" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 1 create
exit
bgp
exit
bgp-evpn
ip-route-advertisement
evi 21
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.
# on PE-2:
configure
service
vprn 20 name "VPRN 20" customer 1 create
autonomous-system 64496
interface "int-SBD-21" create
vpls "SBD-21"
evpn-tunnel
exit
exit
segment-routing-v6 1 create
locator "PE-2_loc" # on PE-3: "PE3_loc"
function
end-dt46
exit
exit
exit
bgp-ipvpn
segment-routing-v6
domain-id 64496:2020
route-distinguisher 192.0.2.2:26 # on PE-3; 192.0.2.3:26
srv6-instance 1 default-locator "PE-2_loc" # on PE-3: "PE3_loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64496:20
no shutdown
exit
exit
no shutdown
exit
vpls 21 name "SBD-21" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 1 create
exit
bgp
exit
bgp-evpn
ip-route-advertisement domain-id 64496:2010
evi 21
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:
*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.20.201.0/24
Nexthop : 2001:db8::2:3
Route Dist. : 192.0.2.3:26 VPN Label : 524286
Path Id : None
From : 2001:db8::2:3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64496:20
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
D-Path : [64496:2010:(evpn)]
Route Tag : 0
Neighbor-AS : n/a
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h07m49s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:7fff:e000::
Behavior : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
VPRN Imported : None
DPath Loop VRFs: 20
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.
PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:
*A:PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.201.0/24 Remote EVPN-IFF 00h18m36s 169
int-SBD-21 (ET-02:0f:ff:ff:ff:52) 0
10.20.206.0/24 Remote BGP VPN 00h18m36s 170
2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6) 20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.