Domain Path Attribute for VPRN BGP Routes

This chapter provides information about the domain path attribute for VPRN BGP routes.

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.

Overview

The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.

The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in Loop prevention in networks with multiple IP-VPN and EVPN domains.

Figure 1. Loop prevention in networks with multiple IP-VPN and EVPN domains

All PEs in Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.

D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.

Figure 2. D-path attribute

The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:

  • 0 for local ISF routes
  • 1 for PE-CE BGP domains
  • 70 for EVPN domains
  • 128 for IP-VPN domains

The domain ID can be configured on:

  • VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
  • VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
  • R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
  • VPRN BGP neighbors (PE-CE)
  • VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.

Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.

A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.

The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.

Configuration

Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.

Figure 3. Example topology with VPRN 10 and its domain IDs

The initial configuration includes:

  • cards, MDAs, ports
  • router interfaces
  • OSPF as IGP on PE-1, PE-2, and PE-3
  • IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
  • SR-OSPF on PE-1, PE-2, and PE-3
  • SRv6 on PE-2, PE-3, and PE-4, configured as in chapter "Segment Routing over IPv6" in the 7750 SR and 7950 XRS Segment Routing and PCE Advanced Configuration Guide for Classic CLI.
  • LDP on PE-4, RR-5, PE-6, and PE-7

The BGP configuration on PE-1 is as follows:

# on PE-1:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update evpn
            group "internal1"
                family evpn
                type internal
                neighbor 192.0.2.2
                exit
                neighbor 192.0.2.3
                exit
            exit
# on PE-2 (similar configuration on PE-3):
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            router-id 192.0.2.2        # on PE-3: 192.0.2.3
            advertise-inactive
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal1"
                family evpn
                next-hop-self
                type internal
                local-address 192.0.2.2        # on PE-3: 192.0.2.3
                neighbor 192.0.2.1
                exit
                neighbor 192.0.2.3        # on PE-3: 192.0.2.2
                exit
            exit
            group "internal2"
                family vpn-ipv4 vpn-ipv6
                next-hop-self
                type internal
                local-address 2001:db8::2:2        # on PE-3: 2001:db8::2:3
                extended-nh-encoding ipv4 vpn-ipv4
                advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6
                neighbor 2001:db8::2:3        # on PE-3: 2001:db8::2:2
                exit
                neighbor 2001:db8::2:4
                exit
            exit
# on PE-4:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            router-id 192.0.2.4
            advertise-inactive
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal2"
                family vpn-ipv4 vpn-ipv6 evpn
                next-hop-self
                type internal
                local-address 2001:db8::2:4
                extended-nh-encoding ipv4 vpn-ipv4
                advertise-ipv6-next-hops vpn-ipv4 vpn-ipv6 
                neighbor 2001:db8::2:2
                exit
                neighbor 2001:db8::2:3
                exit
            exit
            group "internal3"
                family vpn-ipv4 vpn-ipv6 evpn
                next-hop-self
                type internal
                local-address 192.0.2.4
                neighbor 192.0.2.5
                exit
            exit
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6 evpn
            group "internal3"
                type internal
                cluster 192.0.2.5
                neighbor 192.0.2.4
                    family vpn-ipv4 vpn-ipv6 evpn
                exit
                neighbor 192.0.2.6
                    family evpn
                exit
                neighbor 192.0.2.7
                    family vpn-ipv4 vpn-ipv6
                exit
            exit
# on PE-6:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update evpn
            group "internal3"
                type internal
                neighbor 192.0.2.5
                    family evpn
                exit
            exit
# on PE-7:
configure
    router Base
        autonomous-system 64496
        bgp
            vpn-apply-import
            vpn-apply-export
            enable-peer-tracking
            rapid-withdrawal
            split-horizon
            rapid-update vpn-ipv4 vpn-ipv6
            group "internal3"
                type internal
                neighbor 192.0.2.5
                    family vpn-ipv4 vpn-ipv6
                exit
            exit

Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances

On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls context:

# on PE-1:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            interface "int-PE-1-CE-11" create
                address 172.31.1.1/24
                ipv6
                    address 2001:db8::31:1:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-ospf
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.1:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown
        exit

Domain ID 64496:1010 is configured in the bgp-evpn mpls context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.

On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.

# on GW PE-2:
configure
    service
         vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            segment-routing-v6 1 create
                locator "PE-2_loc"                       # on PE-3:"PE-3_loc"
                    function
                        end-dt4
                        end-dt6
                    exit
                exit
            exit
            bgp-ipvpn
                segment-routing-v6 
                    domain-id 64496:1020
                    route-distinguisher 192.0.2.2:16     # on PE-3: 192.0.2.3:16
                    srv6-instance 1 default-locator "PE-2_loc"  # on PE-3:"PE-3_loc"
                    source-address 2001:db8::2:2         # on PE-3: 2001:db8::2:3
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            sr-ospf
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1010
                    route-distinguisher 192.0.2.2:10     # on PE-3: 192.0.2.3:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.

# on GW PE-4:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            segment-routing-v6 1 create
                locator "PE-4_loc"
                    function
                        end-dt4
                        end-dt6
                    exit
                exit
            exit
            bgp-ipvpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1030
                    route-distinguisher 192.0.2.4:10
                    vrf-target target:64496:10
                    no shutdown
                exit
                segment-routing-v6 
                    domain-id 64496:1020
                    route-distinguisher 192.0.2.4:16
                    srv6-instance 1 default-locator "PE-4_loc"
                    source-address 2001:db8::2:4          ## system IP@
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    domain-id 64496:1030
                    route-distinguisher 192.0.2.4:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            allow-export-bgp-vpn        
            no shutdown
Note:

When a VPRN is configured with allow-export-bgp-vpn, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or similar instability.

In addition, allow-export-bgp-vpn must never be used in a VPRN service with a route distinguisher that is used in other PEs attached to the same service. If the same route distinguisher is used in this case, constant route flaps will occur.

For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:

# on PE-6:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            autonomous-system 64496
            interface "int-PE-6-CE-16" create
                address 172.31.6.1/24
                ipv6
                    address 2001:db8::31:6:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-evpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.6:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:

# on PE-7:
configure
    service
        vprn 10 name "VPRN 10" customer 1 create
            local-routes-domain-id 64496:1007
            autonomous-system 64496
            interface "int-PE-7-CE-17" create
                address 172.31.7.1/24
                ipv6
                    address 2001:db8::31:7:1/120
                exit
                sap 1/1/c5/1:10 create
                exit
            exit
            bgp-ipvpn
                mpls
                    auto-bind-tunnel
                        resolution-filter
                            ldp
                        exit
                        resolution filter
                    exit
                    route-distinguisher 192.0.2.7:10
                    vrf-target target:64496:10
                    no shutdown
                exit
            exit
            no shutdown

The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:

*A:PE-4# show service id 10 bgp-ipvpn
 
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : None
Oper Route Dist   : 192.0.2.4:10
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id         : 64496:1030
Dyn Egr Lbl Limit : Disabled
 
Auto-Bind Tunnel
Resolution        : disabled            Strict Tnl Tag    : False
ECMP              : 0                   Flex Algo FB      : False
Weighted ECMP     : False
BGP Instance      : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
 
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
 
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : 192.0.2.4:16
Oper Route Dist   : 192.0.2.4:16
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag     : 0x0
Route Resolution  : route-table
 
Srv6 Instance     : 1
Default Locator   : PE-4_loc
Source Address    : 2001:db8::2:4
Domain-Id         : 64496:1020
 
===============================================================================

For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:

*A:PE-4# show service id 10 bgp-evpn
 
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State        : Up
VRF Import         : None
VRF Export         : None
Route Dist.        : 192.0.2.4:10
Oper Route Dist.   : 192.0.2.4:10
Oper RD Type       : configured
Route Target       : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag  : None
Domain-Id          : 64496:1030
Dyn Egr Lbl Limit  : Disabled
 
Advertise          : Disabled
Weighted ECMP      : Disabled
 
Auto-Bind Tunnel
Resolution         : filter                 Strict Tnl Tag : False
ECMP               : 1                      Flex Algo FB   : False
BGP Instance       : 1
Filter Tunnel Types: ldp
 
Tunnel Encap
MPLS               : True                   MPLSoUDP       : False
===============================================================================

VPRN BGP routes for prefix 172.31.6.0/24

PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on PE-6:
1 2022/09/05 14:07:07.846 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 82
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS

RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on RR-5:
34 2022/09/05 14:07:11.660 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 156
    Flag: 0x90 Type: 14 Len: 105 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
        Type: EVPN-IP-PREFIX Len: 58 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 2001:db8::31:6:0/120 gw_ip :: Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
"

PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):

53 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 98
    Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 24 NextHop 2001:db8::2:4
        172.31.6.0/24 RD 192.0.2.4:10 Label 524280 (Raw label 0x7fff81)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"

PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:

# on PE-2:
40 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 115
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"

VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:

Figure 4. VPRN BGP routes for prefix 172.31.6.0/24

VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:

Figure 5. VPRN BGP routes for prefix 172.31.7.0/24

In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.

The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).

# on PE-7:
1 2022/09/05 14:07:07.879 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 72
    Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 12 NextHop 192.0.2.7
        172.31.7.0/24 RD 192.0.2.7:10 Label 524283 (Raw label 0x7fffb1)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"

RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:

# on PE-2:
41 2022/09/05 14:07:11.662 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 123
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"

Loop prevention

Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in Loop prevention between PE-2 and PE-3:

Figure 6. Loop prevention between PE-2 and PE-3

The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:

*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : n/a
Nexthop        : 192.0.2.3
Path Id        : None
From           : 192.0.2.3
Res. Nexthop   : 192.168.23.2
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:10 bgp-tunnel-encap:MPLS
Cluster        : 192.0.2.5
Originator Id  : 192.0.2.6              Peer Router Id : 192.0.2.3
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type      : IP-PREFIX
ESI            : ESI-0
Tag            : 0
Gateway Address: 00:00:00:00:00:00
Prefix         : 172.31.6.0/24
Route Dist.    : 192.0.2.3:10
MPLS Label     : LABEL 524283
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h24m27s
DPath Loop VRFs:  10
---snip---

The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:

*A:PE-2# show router 10 route-table 
 
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
172.31.1.0/24                                 Remote  EVPN-IFL  00h26m24s  170
       192.0.2.1 (tunneled:SR-OSPF:524290)                          10
172.31.6.0/24                                 Remote  BGP VPN   00h26m24s  170
       2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6)                20
172.31.7.0/24                                 Remote  BGP VPN   00h26m24s  170
       2001:db8:aaaa:104:7fff:b000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances

Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.

Figure 7. Example topology with R-VPLS

The service configuration on PE-1 does not include a domain ID, as follows:

# on PE-1:
configure
    service
        vprn 20 name "VPRN 20" customer 1 create
            autonomous-system 64496
            interface "int-SBD-21" create
                vpls "SBD-21"
                    evpn-tunnel
                exit
            exit
            interface "int-PE-1-CE-21" create
                address 10.20.201.1/24
                sap 1/1/c5/1:20 create
                exit
            exit
            no shutdown
        exit
        vpls 21 name "SBD-21" customer 1 create
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 1 create
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement 
                evi 21
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit    

On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.

# on PE-2:
configure
    service
        vprn 20 name "VPRN 20" customer 1 create
            autonomous-system 64496
            interface "int-SBD-21" create
                vpls "SBD-21"
                    evpn-tunnel
                exit
            exit
            segment-routing-v6 1 create
                locator "PE-2_loc"        # on PE-3: "PE3_loc"
                    function
                        end-dt46
                    exit
                exit
            exit
            bgp-ipvpn
                segment-routing-v6
                    domain-id 64496:2020
                    route-distinguisher 192.0.2.2:26        # on PE-3; 192.0.2.3:26
                    srv6-instance 1 default-locator "PE-2_loc"  # on PE-3: "PE3_loc"
                    source-address 2001:db8::2:2            # on PE-3: 2001:db8::2:3
                    vrf-target target:64496:20
                    no shutdown
                exit
            exit
            no shutdown
        exit
        vpls 21 name "SBD-21" customer 1 create
            allow-ip-int-bind
            exit
            vxlan instance 1 vni 1 create
            exit
            bgp
            exit
            bgp-evpn
                ip-route-advertisement domain-id 64496:2010
                evi 21
                vxlan bgp 1 vxlan-instance 1
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            no shutdown
        exit  

The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:

*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete
 
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : 10.20.201.0/24
Nexthop        : 2001:db8::2:3
Route Dist.    : 192.0.2.3:26           VPN Label      : 524286
Path Id        : None
From           : 2001:db8::2:3
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:20
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.3
Fwd Class      : None                   Priority       : None
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:2010:(evpn)]
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h07m49s
SRv6 TLV Type  : SRv6 L3 Service TLV (5)
SRv6 SubTLV    : SRv6 SID Information (1)
Sid            : 2001:db8:aaaa:103::
Full Sid       : 2001:db8:aaaa:103:7fff:e000::
Behavior       : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len  : 48                     Loc-Node-Len   : 16
Func-Len       : 20                     Arg-Len        : 0
Tpose-Len      : 20                     Tpose-offset   : 64
VPRN Imported  : None
DPath Loop VRFs:  20
 
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================

Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.

Figure 8. Loop prevention between DC GW PE-2 and DC GW PE-3

PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:

*A:PE-2# show router 20 route-table
 
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
10.20.201.0/24                                Remote  EVPN-IFF  00h18m36s  169
       int-SBD-21 (ET-02:0f:ff:ff:ff:52)                            0
10.20.206.0/24                                Remote  BGP VPN   00h18m36s  170
       2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Conclusion

The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.