Dual EVPN-MPLS Instance VPLS Services
This chapter provides information about the dual EVPN-MPLS instance VPLS services.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.10.R1. Dual EVPN-MPLS instance in VPLS is supported in SR OS Release 21.10.R1 and later.
Overview
One of the scale issues that low-scale access nodes or leaf PEs face in high-scale architectures is the limited number of EVPN/IP-VPN next hops, tunnels, and service labels that they support.
The following solutions reduce the number of EVPN next hops exposed to the access nodes:
- inter-AS model B, as described in the "Inter-AS VPRN Model B" chapter in the 7450 ESS, 7750 SR, and 7950 XRS Layer 2 Services and EVPN Advanced Configuration Guide for Classic CLI
- next-hop-self route reflectors (NHS-RRs)
Access nodes receive next hops from the NHS-RRs shows the NHS-RR solution reducing the number of EVPN next hops that are sent to the low-scale access nodes PE-1 and PE-2. Only the two NHS-RRs are exposed as next hops to PE-1.
The number of EVPN next hops is reduced, but the number of service labels to be learned is not. PE-1 still learns one service label per remote PE for each service it is attached to. In case of EVPN E-LAN services and broadcast, unknown unicast, and multicast (BUM) traffic, the ingress PE still needs one copy of every BUM packet per egress PE that exists in the remote domains, even if all the BUM traffic goes through one of the two NHS-RRs (or ASBRs in the case of model B).
The following solutions reduce the number of service labels:
- VPRN services on the NHS-RRs with allow-export-bgp-vpn configured
- dual EVPN-MPLS instance VPLS services on the NHS-RRs
The allow-export-bgp-vpn command applies to VPRN services using EVPN-IFL, VPN-IPv4, and VPN-IPv6 families. Routes from the WAN are imported to the VPRN service and exported to the access nodes as new VPN-IP routes. The values of the service labels, route targets (RTs), and BGP next hops of the re-advertised routes are based on the configuration of the exporting VPRN.
When a VPRN is configured with allow-export-bgp-vpn, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or similar instability.
In addition, allow-export-bgp-vpn must never be used in a VPRN service with a route distinguisher that is used in other PEs attached to the same service. If the same route distinguisher is used in this case, constant route flaps will occur.
Access nodes receive one service label per service from each NHS-RR shows a dual EVPN-MPLS instance VPLS service on the NHS-RRs, which offers a similar solution for EVPN-VPLS services to the allow-export-bgp-vpn solution for VPRN services. EVPN-MPLS routes received from the WAN are imported to the network EVPN-MPLS instance and redistributed to the access EVPN-MPLS instance with a new route distinguisher (RD), next hop, service label, and possibly a new RT. The ingress PE learns only one service label for each NHS-RR per service, as opposed to one service label per remote PE that is attached to the same EVPN service. With this solution, the replication of BUM traffic is also optimized because the ingress PE sends a single copy of each BUM packet to the NHS-RR, as opposed to one copy per egress PE.
In the example, redundant NHS-RRs are used. Redundancy is handled via anycast multihoming, which implies that two or more PEs are configured with the same service parameters as part of the same redundancy group: identical route distinguishers and RTs per instance, and the same anycast IP address. The ingress PEs set up EVPN destinations to only one PE in the anycast group for a specific service. EVPN BUM destinations are not established between PEs in the same anycast group because the received anycast peer inclusive multicast Ethernet tag (IMET) routes have the same local originating IP address. In anycast multihoming scenarios, policies are required to prevent control-plane loops.
Configuration
The following scenarios are described in this section:
- dual EVPN-MPLS instance VPLS without multihoming
- dual EPVN-MPLS instance VPLS with anycast multihoming
Dual EVPN-MPLS instance VPLS without multihoming
Example topology 1 shows EVPN-MPLS VPLS 1 configured on four PEs. PE-2 and PE-4 are EVPN gateways (GWs). RR-7 is the route reflector for PE-2 and PE-4 in the WAN network.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- IS-IS level 1 between PE-1 and PE-2 and between PE-4 and PE-6
- IS-IS level 2 between PE-2, PE-4, and RR-7
- SR-TE tunnels between PE-2 and PE-4
- MPLS LSPs between PE-1 and PE-2 and between PE-4 and PE-6
BGP is configured on all nodes for the EVPN address family. PE-1 peers with the dual-homed EVPN GW PE-2. In a similar way, PE-6 peers with EVPN GW PE-4. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access1"
family evpn
peer-as 64496
neighbor 192.0.2.2
exit
exit
EVPN GW PE-2 peers with PE-1 in BGP group "access1" and with RR-7 in BGP group "WAN":
# on PE-2:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access1"
family evpn
next-hop-self
cluster 192.0.2.2
export "drop-tag-20"
peer-as 64496
neighbor 192.0.2.1
exit
exit
group "WAN"
family evpn
next-hop-self
export "drop-tag-10"
peer-as 64496
neighbor 192.0.2.7
exit
exit
The BGP configuration on PE-4 is similar. The export policies use tags to avoid loops in topologies with redundant EVPN GWs, as described in the section Dual EVPN-MPLS instance VPLS with anycast multihoming.
RR-7 peers with PE-2 and PE-4 in BGP group "WAN":
# on RR-7:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "WAN"
family evpn
cluster 192.0.2.7
peer-as 64496
neighbor 192.0.2.2
exit
neighbor 192.0.2.4
exit
exit
On PE-1, VPLS 1 is configured with a single EVPN-MPLS instance. The RD 192.0.2.1:1 for BGP 1 is auto-derived from the values for the IPv4 system address and the EVI. PE-1 imports and exports routes with RT 64496:101.
# on PE-1:
configure
service
vpls 1 name "VPLS 1" customer 1 create
bgp
# route-distinguisher 192.0.2.1:1 # will be auto-derived
route-target export target:64496:101 import target:64496:101
exit
bgp-evpn
evi 1
mpls bgp 1
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
sap 1/1/c10/1:1 create
no shutdown
exit
no shutdown
exit
On PE-2, VPLS 1 is configured with two EVPN-MPLS instances: instance 1 is configured with multihoming mode access and instance 2 with the (default) multihoming mode network, as follows:
# on PE-2:
configure
service
system
bgp-auto-rd-range 192.0.2.2 comm-val 2000 to 2999
exit
vpls 1 name "VPLS 1" customer 1 create
description "dual BGP-EVPN MPLS instance VPLS 1"
bgp
# route-distinguisher 192.0.2.2:1 # will be auto-derived
route-target export target:64496:101 import target:64496:101
exit
bgp 2
route-distinguisher auto-rd # different RD (must be configured)
route-target export target:64496:100 import target:64496:100
exit
bgp-evpn
evi 1
mpls bgp 1
mh-mode access
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
no shutdown
exit
mpls bgp 2
# mh-mode network # default MH mode
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
On PE-4, the configuration is similar:
# on PE-4:
configure
service
system
bgp-auto-rd-range 192.0.2.4 comm-val 2000 to 2999
exit
vpls 1 name "VPLS 1" customer 1 create
description "dual BGP-EVPN MPLS instance VPLS"
bgp
# route-distinguisher 192.0.2.4:1 # will be auto-derived
route-target export target:64496:102 import target:64496:102
exit
bgp 2
route-distinguisher auto-rd # different RD
route-target export target:64496:100 import target:64496:100
exit
bgp-evpn
evi 1
mpls bgp 1
mh-mode access
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
no shutdown
exit
mpls bgp 2
# mh-mode network # default MH mode
auto-bind-tunnel
resolution-filter
sr-te
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
The following command on PE-2 shows BGP instances 1 and 2 in VPLS 1. RD 192.0.2.2:1 for BGP instance 1 is auto-derived from the IPv4 system address and the EVI; the RD for BGP instance 2 is configured with auto-rd and has the value 192.0.2.2:2000. The RT values are configured.
*A:PE-2# show service id 1 bgp
===============================================================================
BGP Information
===============================================================================
Bgp Instance : 1
Vsi-Import : None
Vsi-Export : None
Route Dist : None
Oper Route Dist : 192.0.2.2:1
Oper RD Type : derivedEvi
Rte-Target Import : 64496:101 Rte-Target Export: 64496:101
Oper RT Imp Origin : configured Oper RT Import : 64496:101
Oper RT Exp Origin : configured Oper RT Export : 64496:101
ADV Service MTU : -1
Bgp Instance : 2
Vsi-Import : None
Vsi-Export : None
Route Dist : auto-rd
Oper Route Dist : 192.0.2.2:2000
Oper RD Type : auto
Rte-Target Import : 64496:100 Rte-Target Export: 64496:100
Oper RT Imp Origin : configured Oper RT Import : 64496:100
Oper RT Exp Origin : configured Oper RT Export : 64496:100
ADV Service MTU : -1
PW-Template Id : None
-------------------------------------------------------------------------------
===============================================================================
The following command on PE-2 shows EVPN destination 192.0.2.1 in EVPN-MPLS instance 1:
*A:PE-2# show service id 1 evpn-mpls instance 1
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.1 524286 1 bum 12/09/2022 09:59:58
rsvp:1 No
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
The following command on PE-2 shows EVPN destination 192.0.2.4 in EVPN-MPLS instance 2:
*A:PE-2# show service id 1 evpn-mpls instance 2
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.4 524282 1 bum 12/09/2022 10:00:04
sr-te:655362 No
-------------------------------------------------------------------------------
Number of entries : 1
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
When traffic is sent between CE-11 and CE-16, MAC address 00:00:5e:00:53:11 of CE-11 is learned on the local SAP in VPLS 1 on PE-1 and MAC address 00:00:5e:00:53:16 of CE-16 is learned on the local SAP in VPLS 1 on PE-6. EVPN MAC routes are advertised to the BGP-EVPN peers.
The forwarding database (FDB) on PE-1 is as follows:
*A:PE-1# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 00:00:5e:00:53:11 sap:1/1/c10/1:1 L/0 12/09/22 10:06:17
1 00:00:5e:00:53:16 mpls-1: Evpn 12/09/22 10:06:17
192.0.2.2:524284
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB on PE-2 shows that an EVPN MAC route is received in EVPN-MPLS instance 1 for address 00:00:5e:00:53:11 whereas an EVPN MAC route is received in EVPN-MPLS instance 2 for address 00:00:5e:00:53:16.
*A:PE-2# show service id 1 fdb detail
===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
1 00:00:5e:00:53:11 mpls-1: Evpn 12/09/22 10:06:17
192.0.2.1:524286
rsvp:1
1 00:00:5e:00:53:16 mpls-2: Evpn 12/09/22 10:06:17
192.0.2.4:524282
sr-te:655362
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The following command shows the received EVPN-MAC routes on PE-2 for MAC address 00:00:5e:00:53:16. The route with RD 192.0.2.4:2000 is used:
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:16
===============================================================================
BGP Router ID:192.0.2.2 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.4:2000 00:00:5e:00:53:16 ESI-0
0 Seq:0 LABEL 524282
n/a
192.0.2.4
*>i 192.0.2.6:1 00:00:5e:00:53:16 ESI-0
0 Seq:0 LABEL 524286
n/a
192.0.2.6
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
Dual EVPN-MPLS instance VPLS with anycast multihoming
Example topology 2 shows example topology 2 with VPLS 2 configured on six PEs. PE-2 and PE-3 are redundant EVPN GWs with anycast address 23.23.23.23; PE-4 and PE-5 are redundant EVPN GWs with anycast address 45.45.45.45. RR-7 is the route reflector for PE-2, PE-3, PE-4, and PE-5 in the WAN network.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces
- IS-IS level 1 between PE-1, PE-2, and PE-3
- IS-IS level 1 between PE-4, PE-5, and PE-6
- IS-IS level 2 between PE-2, PE-3, PE-4, PE-5, and RR-7
- SR-ISIS between PE-2, PE-3, PE-4, and PE-5
- MPLS LSPs between PE-1 and PE-2, between PE-1 and PE-3, between PE-4 and PE-6, and between PE-5 and PE-6
The BGP configuration on PE-1 and PE-6 is similar.
# on PE-1:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access1"
family evpn
peer-as 64496
neighbor 192.0.2.2 # on PE-6: 192.0.2.4
exit
neighbor 192.0.2.3 # on PE-6: 192.0.2.5
exit
exit
The BGP configuration on PE-3 is:
# on PE-3:
configure
router Base
autonomous-system 64496
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "WAN"
family evpn
next-hop-self
export "drop-tag-10"
peer-as 64496
neighbor 192.0.2.7
exit
exit
group "access1"
family evpn
next-hop-self
cluster 192.0.2.3
export "drop-tag-20"
peer-as 64496
neighbor 192.0.2.1
exit
exit
The BGP configuration on PE-2, PE-4, and PE-5 is similar.
On PE-1, VPLS 2 is configured with a single EVPN-MPLS instance. PE-1 imports and exports routes with RT 64496:501. The configuration is as follows:
# on PE-1:
configure
service
vpls 2 name "VPLS 2" customer 1 create
bgp
# route-distinguisher 192.0.2.1:2 # will be auto-derived
route-target export target:64496:501 import target:64496:501
exit
bgp-evpn
evi 2
mpls bgp 1
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
no shutdown
exit
exit
stp
shutdown
exit
sap 1/1/c10/1:2 create
no shutdown
exit
no shutdown
exit
On PE-2 and PE-3, the following policies are used in VPLS 2:
- Export policy "vsi-501-export" adds the communities "SOO-23" for the site of origin (SOO) and "RT64496:501" for the RT.
- Export policy "vsi-502-export" adds the communities "SOO-23" and "RT64496:502".
- Import policy "vsi-501-import" prevents loops based on the SOO and accepts routes with RT 64496:501.
- Import policy "vsi-502-import" prevent loops based on the SOO and accepts routes with RT 64496:502.
# on PE-2, PE-3:
configure
router Base
policy-options
begin
community "SOO-23"
members "origin:23:23"
exit
community "RT64496:501"
members "target:64496:501"
exit
community "RT64496:502"
members "target:64496:502"
exit
policy-statement "vsi-501-export"
default-action accept
community add "RT64496:501" "SOO-23"
exit
exit
policy-statement "vsi-501-import"
entry 10
from
community "SOO-23"
family evpn
exit
action drop
exit
exit
entry 20
from
community "RT64496:501"
family evpn
exit
action accept
exit
exit
exit
policy-statement "vsi-502-export"
default-action accept
community add "RT64496:502" "SOO-23"
exit
exit
policy-statement "vsi-502-import"
entry 10
from
community "SOO-23"
family evpn
exit
action drop
exit
exit
entry 20
from
community "RT64496:502"
family evpn
exit
action accept
exit
exit
exit
commit
On PE-2 and PE-3, VPLS 2 is configured with two EVPN-MPLS instances: instance 1 is configured with multihoming mode access and instance 2 with multihoming mode network. For redundancy, anycast multihoming is configured with anycast address 23.23.23.23 and identical RDs and RTs for the same instance. The RD for BGP 1 is 192.0.2.23:2 and the RD for BGP 2 is 192.0.2.32:2. The default-route-tag 10 command is configured for service instance 1, while default-route-tag 20 is configured for service instance 2. These route tags are used in the BGP peer export policies to differentiate the different routes.On PE-2 and PE-3, VPLS 2 is configured as follows:
# on PE-2, PE-3:
configure
service
vpls 2 name "VPLS 2" customer 1 create
description "dual BGP-EVPN MPLS instance VPLS"
bgp
route-distinguisher 192.0.2.23:2
vsi-export "vsi-501-export"
vsi-import "vsi-501-import"
exit
bgp 2
route-distinguisher 192.0.2.32:2
vsi-export "vsi-502-export"
vsi-import "vsi-502-import"
exit
bgp-evpn
incl-mcast-orig-ip 23.23.23.23
evi 2
mpls bgp 1
mh-mode access
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
default-route-tag 10
no shutdown
exit
mpls bgp 2
# mh-mode network # default MH mode
auto-bind-tunnel
resolution-filter
sr-isis
exit
resolution filter
exit
default-route-tag 20
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
In datacenter GWs (DC GWs) with EVPN-VXLAN and EVPN-MPLS instances, route policies can match on the encapsulation type VXLAN or MPLS. In DC GWs with two EVPN-MPLS instances, the default route tag is used instead. The default route tag prevents a MAC/IP route that is installed in instance 1 (access) from being readvertised back to the access peers. In a similar way, MAC/IP routes installed in instance 2 are not readvertised back to peers in instance 2. On PE-2 and PE-3, the BGP peer export policy "drop-tag-10" drops routes with tag 10 and is configured in BGP group "WAN" with neighbor RR-7; BGP peer export policy "drop-tag-20" drops routes with tag 20 and is configured in BGP group "access1" with neighbor PE-1.
# on PE-2, PE-3:
configure
router Base
policy-options
begin
policy-statement "drop-tag-10"
description "used as export policy toward WAN BGP peers"
entry 10
from
tag 10
exit
action drop
exit
exit
default-action accept
exit
exit
policy-statement "drop-tag-20"
description "used as export policy toward DC BGP peers"
entry 10
from
tag 20
exit
action drop
exit
exit
default-action accept
exit
exit
commit
exit
bgp
group "access1"
export "drop-tag-20"
exit
group "WAN"
export "drop-tag-10"
exit
Export policies on PE-2 drop routes based on tag shows an incoming EVPN MAC route on PE-2 for CE-21's MAC address 00:00:5e:00:53:21. PE-2 receives the EVPN MAC route with RT target:64496:501 from PE-1 (BGP-EVPN peer 192.0.2.1). On PE-2, BGP 1 in VPLS 2 imports routes with this RT and the MAC address is installed in the FDB. The EVPN MAC route is redistributed to BGP 2 where the communities "RT64496:502" and "SOO-23", as well as internal tag 20, are added to the route. When PE-2’s BGP process sends an EVPN MAC route with tag 20 to BGP peer PE-1, the BGP export policy "drop-tag-20" drops the route, preventing PE-2 from re-advertising the EVPN MAC route back to the access peer 192.0.2.1. PE-2 can only send the EVPN MAC route to WAN neighbor 192.0.2.7 because the BGP export policy toward the WAN only drops the routes with tag 10, not the ones with tag 20.
For completeness, the configuration on PE-4 and PE-5 is as follows:
# on PE-4, PE-5:
configure
router Base
policy-options
begin
community "SOO-45"
members "origin:45:45"
exit
community "RT64496:502"
members "target:64496:502"
exit
community "RT64496:503"
members "target:64496:503"
exit
policy-statement "drop-tag-20"
description "used as export policy toward DC BGP peers"
entry 10
from
tag 20
exit
action drop
exit
exit
default-action accept
exit
exit
policy-statement "drop-tag-30"
description "used as export policy toward WAN BGP peers"
entry 10
from
tag 30
exit
action drop
exit
exit
default-action accept
exit
exit
policy-statement "vsi-502-export"
default-action accept
community add "RT64496:502" "SOO-45"
exit
exit
policy-statement "vsi-502-import"
entry 10
from
community "SOO-45"
family evpn
exit
action drop
exit
exit
entry 20
from
community "RT64496:502"
family evpn
exit
action accept
exit
exit
exit
policy-statement "vsi-503-export"
default-action accept
community add "RT64496:503" "SOO-45"
exit
exit
policy-statement "vsi-503-import"
entry 10
from
community "SOO-45"
family evpn
exit
action drop
exit
exit
entry 20
from
community "RT64496:503"
family evpn
exit
action accept
exit
exit
exit
commit
exit
exit
service
vpls 2 name "VPLS 2" customer 1 create
description "dual BGP-EVPN MPLS instance VPLS"
bgp
route-distinguisher 192.0.2.45:2
vsi-export "vsi-503-export"
vsi-import "vsi-503-import"
exit
bgp 2
route-distinguisher 192.0.2.54:2
vsi-export "vsi-502-export"
vsi-import "vsi-502-import"
exit
bgp-evpn
incl-mcast-orig-ip 45.45.45.45
evi 2
mpls bgp 1
mh-mode access
auto-bind-tunnel
resolution-filter
rsvp
exit
resolution filter
exit
default-route-tag 30
no shutdown
exit
mpls bgp 2
# mh-mode network # default MH mode
auto-bind-tunnel
resolution-filter
sr-isis
exit
resolution filter
exit
default-route-tag 20
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
The following command on PE-2 shows BGP instances 1 and 2 in VPLS 2. RD 192.0.2.23:2 is configured in BGP instance 1; RD 192.0.2.32:2 is configured in BGP instance 2. The RTs are defined by virtual switching instance (VSI) policies.
*A:PE-2# show service id 2 bgp
===============================================================================
BGP Information
===============================================================================
Bgp Instance : 1
Vsi-Import : vsi-501-import
Vsi-Export : vsi-501-export
Route Dist : 192.0.2.23:2
Oper Route Dist : 192.0.2.23:2
Oper RD Type : configured
Rte-Target Import : None Rte-Target Export: None
Oper RT Imp Origin : vsi Oper RT Import : Policy Based
Oper RT Exp Origin : vsi Oper RT Export : Policy Based
ADV Service MTU : -1
Bgp Instance : 2
Vsi-Import : vsi-502-import
Vsi-Export : vsi-502-export
Route Dist : 192.0.2.32:2
Oper Route Dist : 192.0.2.32:2
Oper RD Type : configured
Rte-Target Import : None Rte-Target Export: None
Oper RT Imp Origin : vsi Oper RT Import : Policy Based
Oper RT Exp Origin : vsi Oper RT Export : Policy Based
ADV Service MTU : -1
PW-Template Id : None
-------------------------------------------------------------------------------
===============================================================================
The following command shows that EVPN destination 192.0.2.1 is reachable via an RSVP tunnel and EVPN destination 192.0.2.4 via an SR-ISIS tunnel. In EVPN-MPLS instance 2 of VPLS 2 on PE-2, the EVPN destination 192.0.2.4 is reachable via an SR-ISIS tunnel:
*A:PE-2# show service id 2 evpn-mpls
===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address Egr Label Num. Mcast Last Change
Transport:Tnl MACs Sup BCast Domain
-------------------------------------------------------------------------------
192.0.2.1 524284 1 bum 12/09/2022 10:11:04
rsvp:1 No
192.0.2.4 524278 1 bum 12/09/2022 10:11:17
isis:524291 No
-------------------------------------------------------------------------------
Number of entries : 2
-------------------------------------------------------------------------------
===============================================================================
===============================================================================
BGP EVPN-MPLS Ethernet Segment Dest
===============================================================================
Eth SegId Num. Macs Last Change
-------------------------------------------------------------------------------
No Matching Entries
===============================================================================
When traffic is sent between CE-21 and CE-26, the FDB in PE-1 shows that traffic toward MAC address 00:00:5e:00:53:26 is sent via RSVP tunnel 1 toward PE-2:
*A:PE-1# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 sap:1/1/c10/1:2 L/120 12/09/22 10:10:20
2 00:00:5e:00:53:26 mpls-1: Evpn 12/09/22 10:11:36
192.0.2.2:524281
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The following command on PE-1 shows that only the EVPN MAC route received from PE-2 is used, not the one from PE-3 in the same anycast group. This is due to the best path selection done by BGP for the two routes, which have the same route key:
*A:PE-1# show router bgp routes evpn mac mac-address 00:00:5e:00:53:26
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN MAC Routes
===============================================================================
Flag Route Dist. MacAddr ESI
Tag Mac Mobility Label1
Ip Address
NextHop
-------------------------------------------------------------------------------
u*>i 192.0.2.23:2 00:00:5e:00:53:26 ESI-0
0 Seq:0 LABEL 524281
n/a
192.0.2.2
*>i 192.0.2.23:2 00:00:5e:00:53:26 ESI-0
0 Seq:0 LABEL 524283
n/a
192.0.2.3
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The FDB for VPLS 2 on PE-2 shows that MAC address 00:00:5e:00:53:21 can be reached using EVPN-MPLS instance 1 whereas MAC address 00:00:5e:00:53:26 can be reached using EVPN-MPLS instance 2:
*A:PE-2# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-1: Evpn 12/09/22 10:11:04
192.0.2.1:524284
rsvp:1
2 00:00:5e:00:53:26 mpls-2: Evpn 12/09/22 10:11:36
192.0.2.4:524278
isis:524291
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB for VPLS 2 on PE-4 is as follows:
*A:PE-4# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-2: Evpn 12/09/22 10:11:20
192.0.2.2:524280
isis:524290
2 00:00:5e:00:53:26 mpls-1: Evpn 12/09/22 10:11:36
192.0.2.6:524284
rsvp:1
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
The FDB for VPLS 2 on PE-6 is as follows:
*A:PE-6# show service id 2 fdb detail
===============================================================================
Forwarding Database, Service 2
===============================================================================
ServId MAC Source-Identifier Type Last Change
Transport:Tnl-Id Age
-------------------------------------------------------------------------------
2 00:00:5e:00:53:21 mpls-1: Evpn 12/09/22 10:11:39
192.0.2.4:524279
rsvp:1
2 00:00:5e:00:53:26 sap:1/1/c10/1:2 L/30 12/09/22 10:11:36
-------------------------------------------------------------------------------
No. of MAC Entries: 2
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
Conclusion
Dual-instance EVPN-MPLS GWs reduce the number of service labels to be learned at the access nodes, and optimizes the replication of BUM traffic from the access nodes.