Multi-Instance VPRN with EVPN-IFL Using SRv6 Transport
This chapter provides information about multi-instance VPRN services with EVPN-IFL using SRv6 transport.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 23.10.R2.
Overview
SRv6 transport in VPRN services with EVPN-IFL is supported in SR OS Release 22.5.R1 and later. Maximum two BGP instances per VPRN are supported and these BGP instances can be associated with the same BGP address family or different BGP address families. When configuring a VPRN with EVPN in interface-less mode (EVPN-IFL) over SRv6 transport, the associated SRv6 locator must have the End.DT4, End.DT6, or End.DT46 functions which can be statically configured or dynamically allocated by the router.
- between VPN-IPv4/v6 and EVPN-IFL
- between VPN-IPv4/v6 and VPN-IPv4/v6 – when allow-export-bgp-vpn is enabled
- between EVPN-IFL and EVPN-IFL – when allow-export-bgp-vpn is enabled
- between VPN-IPv4/v6 and IPv4/v6
- between EVPN-IFL and IPv4/v6
- between VPN-IPv4/v6 and EVPN-IFF – when iff-attribute-uniform-propagation is enabled
- between EVPN-IFL and EVPN-IFF – when iff-attribute-uniform-propagation is enabled
When a VPRN is configured with allow-export-bgp-vpn, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or similar instability.
In addition, allow-export-bgp-vpn must never be used in a VPRN service with a route distinguisher that is used in other PEs attached to the same service. If the same route distinguisher is used in this case, constant route flaps will occur.
EVPN IP prefix routes readvertised between domains shows how an EVPN IP prefix route originating from PE-4 is advertised for a VPRN with EVPN-IFL configured on all nodes. The VPRN with EVPN-IFL uses SRv6 transport in domain 2 and SR-ISIS tunnels in domain 1.
PE-2 and PE-3 act as service gateways (GWs) that import routes and readvertise them between domains. On the service GWs, the VPRN has two BGP instances that are associated with the EVPN address family. The domain path attribute is used as automated loop prevention, as described in the Domain Path Attribute for VPRN BGP Routes chapter. Each service GW imports the IP prefix route and prepends the domain ID of origin when readvertising these IP prefix routes. When GW PE-2 receives the IP prefix route from PE-4, it prepends domain ID 64500:2 and advertises the IP prefix to PE-1 and PE-3. PE-1 accepts and uses this IP prefix route, but PE-3 does not install this IP prefix route in the VRF because the domain ID 64500:2 is local to PE-3.
Interworking between EVPN-IFL and IP-VPN is supported, as shown in Interworking between EVPN-IFL and IP-VPN.
On the service GWs PE-2 and PE-3, one BGP instance is associated with the EVPN address family while the other BGP instance is associated with the VPN-IPv4 address family.
When GW PE-2 receives the IP prefix route from PE-4, it prepends domain ID 64500:2 and advertises the IP prefix 10.0.2.24/32 in a VPN-IPv4 route to PE-1 and PE-3. PE-1 accepts and uses this VPN-IPv4 route, but PE-3 does not install this VPN-IPv4 route in the VRF because the domain ID 64500:2 is local to PE-3.
Configuration
- cards, MDAs, ports
- router interfaces
- IS-IS on all router interfaces: IS-IS level 1 between PE-1, PE-2, and PE-3; IS-IS level 2 between PE-2, PE-3, and PE-4
- SR-ISIS between PE-1, PE-2, and PE-3
- SRv6 between PE-2, PE-3, and PE-4
As an example, the initial configuration on PE-2 is as follows:
# on PE-2:
configure
card 1
mda 1
xconnect
mac 1 create
loopback 1 create
exit
loopback 2 create
exit
exit
exit
no shutdown
exit
exit
port-xc
pxc 1 create
port 1/1/m1/1
no shutdown
exit
pxc 2 create
port 1/1/m1/2
no shutdown
exit
exit
port pxc-1.a
ethernet
exit
no shutdown
exit
port pxc-1.b
ethernet
exit
no shutdown
exit
port pxc-2.a
ethernet
exit
no shutdown
exit
port pxc-2.b
ethernet
exit
no shutdown
exit
port 1/1/m1/1
no shutdown
exit
port 1/1/m1/2
no shutdown
exit
fwd-path-ext
fpe 1 create
path pxc 1
srv6 origination
interface-a
exit
interface-b
exit
exit
exit
fpe 2 create
path pxc 2
srv6 termination
interface-a
exit
interface-b
exit
exit
exit
exit
---snip---
router Base
interface "int-PE-2-PE-1"
address 192.168.12.2/30
port 1/1/c2/1:1000
exit
interface "int-PE-2-PE-3"
address 192.168.23.1/30
port 1/1/c3/1:1000
ipv6
address 2001:db8::168:23:1/126
exit
exit
interface "int-PE-2-PE-4"
port 1/1/c1/1:1000
ipv6
address 2001:db8::168:24:1/126
exit
exit
interface "system"
address 192.0.2.2/32
ipv6
address 2001:db8::2:2/128
exit
exit
segment-routing
segment-routing-v6
origination-fpe 1
source-address 2001:db8::2:2
locator "PE2-loc"
block-length 48
termination-fpe 2
prefix
ip-prefix 2001:db8:aaaa:102::/64
exit
static-function
exit
no shutdown
exit
base-routing-instance
locator "PE2-loc"
function
end-x-auto-allocate srh-mode psp protection unprotected
end 1
srh-mode usp
exit
exit
exit
exit
exit
exit
mpls-labels
sr-labels start 20000 end 20099
exit
isis 0
area-id 49.0001
advertise-router-capability as
traffic-engineering
traffic-engineering-options
ipv6
application-link-attributes
exit
exit
advertise-passive-only
ipv6-routing native
level 1
wide-metrics-only
exit
level 2
wide-metrics-only
exit
segment-routing
prefix-sid-range global
no shutdown
exit
interface "system"
ipv4-node-sid index 2
passive
no shutdown
exit
segment-routing-v6
locator "PE2-loc"
level-capability level-2
level 1
exit
level 2
exit
exit
no shutdown
exit
interface "int-PE-2-PE-1"
level-capability level-1
interface-type point-to-point
exit
interface "int-PE-2-PE-3"
level-capability level-1/2 # default
interface-type point-to-point
exit
interface "int-PE-2-PE-4"
level-capability level-2
interface-type point-to-point
exit
no shutdown
exit
Multi-instance VPRN with one EVPN-IFL domain using SRv6 transport
- Multi-instance VPRN with EVPN-IFL over SRv6 and EVPN-IFL over SR-ISIS where EVPN-IFL is used in both domains and only the transport is different
- Multi-instance VPRN with EVPN-IFL over SRv6 and VPN-IPv4/v6 over SR-ISIS with interworking between EVPN-IFL and VPN-IPv4/v6 and different transport tunnels in both domains
Multi-instance VPRN with EVPN-IFL over SRv6 and EVPN-IFL over SR-ISIS
BGP configuration
BGP is configured on all nodes for the EVPN address family. The configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access-mpls"
family evpn
peer-as 64500
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
no shutdown
The BGP configuration on the service GW PE-2 has two different groups. The BGP configuration for the "access-mpls" group is similar to the BGP configuration on PE-1, whereas the BGP configuration for the "core-srv6" has IPv6 peers and advertises IPv6 next hops for EVPN routes:
# on PE-2:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "core-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:3
exit
neighbor 2001:db8::2:4
exit
exit
group "access-mpls"
family evpn
peer-as 64500
neighbor 192.0.2.1
exit
neighbor 192.0.2.3
exit
exit
no shutdown
The BGP configuration on PE-3 is identical, but with different peer addresses.
On PE-4, the BGP configuration is as follows:
# on PE-4:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "core-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:2
exit
neighbor 2001:db8::2:3
exit
exit
no shutdown
Service configuration
VPRN-1 is configured with EVPN-IFL. On PE-1, VPRN-1 has only one BGP instance and MPLS (SR-ISIS) tunnels are used:
# on PE-1:
configure
service
vprn 1 name "VPRN-1" customer 1 create
interface "loopback" create
address 10.0.1.11/32
ipv6
address 2001:db8::1:11/128
exit
loopback
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.1:11
vrf-target target:64500:11
no shutdown
exit
exit
no shutdown
exit
On GW PE-2, the VPRN-1 service is configured as follows. The SRv6 locator from the router Base segment-routing segment-routing-v6 context is used and the End.DT4, End.DT6, and End.DT46 functions are configured for it. EVPN-IFL is used in domain 1 and in domain 2. The allow-export-bgp-vpn command is required between two EVPN-IFL instances. The route distinguishers and the route targets have different values in the different domains. The domain IDs are configured on the service GWs to avoid loops. For SRv6, the IPv6 system address is used as source address.
# on PE-2:
configure
service
vprn 1 name "VPRN-1" customer 1 create
segment-routing-v6 1 create
locator "PE2-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
domain-id 64500:1
route-distinguisher 192.0.2.2:11
vrf-target target:64500:11
no shutdown
exit
segment-routing-v6 bgp 1
domain-id 64500:2
route-distinguisher 192.0.2.2:12
srv6-instance 1 default-locator "PE2-loc"
source-address 2001:db8::2:2
vrf-target target:64500:12
no shutdown
exit
exit
allow-export-bgp-vpn # required between two EVPN-IFL instances
no shutdown
exit
The service configuration on PE-3 is similar.
On PE-4, the VPRN-1 service is configured as follows:
# on PE-4:
configure
service
vprn 1 name "VPRN-1" customer 1 create
interface "loopback" create
address 10.0.1.14/32
ipv6
address 2001:db8::1:14/128
exit
loopback
exit
segment-routing-v6 1 create
locator "PE4-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
route-distinguisher 192.0.2.4:12
srv6-instance 1 default-locator "PE4-loc"
source-address 2001:db8::2:4
vrf-target target:64500:12
no shutdown
exit
exit
no shutdown
exit
Verification
GW PE-2 accepts and uses the IP prefix route received from PE-4:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:12
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:12 10.0.1.14/32
0 00:00:00:00:00:00
2001:db8::2:4
524288
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The details for this IP prefix route include SRv6 information such as the SID, the End.DT4 function and so on:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:12 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:12
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.4:12
MPLS Label : 524288
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m46s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:8000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
PE-2 readvertises this IP prefix route to PE-1 and PE-3 after prepending the domain ID 64500:2. PE-1 accepts the route, but PE-3 has domain ID 64500:2 locally, so it does not install the IP prefix in its VRF. The following shows that PE-3 does not use the IP prefix route for prefix 10.0.1.14/32 with RD 192.0.2.2:11 and D-path [64500:2:(evpn)] . PE-3 detects a domain path loop in VRF 1.
*A:PE-3# show router bgp routes evpn ip-prefix rd 192.0.2.2:11 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.23.1
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:11 bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.2:11
MPLS Label : LABEL 524280
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m39s
DPath Loop VRFs: 1
---snip---
Likewise, when PE-3 receives an IP prefix route for prefix 10.0.1.14/32 from PE-4, it imports the route and it readvertises this IP prefix route to PE-1 and PE-2 after prepending the domain ID 64500:2. PE-1 accepts and uses the route, but PE-2 has domain ID 64500:2 locally, so it does not install the IP prefix route in its VRF. The following shows that PE-2 does not use the IP prefix route for prefix 10.0.1.14/32 with RD 192.0.2.3:11 and D-path [64500:2:(evpn)] . PE-2 detects a domain path loop in VRF 1.
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:11 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.23.2
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:11 bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.1.14/32
Route Dist. : 192.0.2.3:11
MPLS Label : LABEL 524280
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h01m44s
DPath Loop VRFs: 1 # Domain ID is local --> Domain path loop detected in VRF 1
---snip---
Besides IP prefix routes, the GWs also receive IPv6 prefix routes. PE-2 receives the following IPv6 route from PE-4:
*A:PE-2# show router bgp routes evpn ipv6-prefix rd 192.0.2.4:12
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IPv6-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:12 2001:db8::1:14/128
0 00:00:00:00:00:00
2001:db8::2:4
524287
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The detailed information for this IPv6 prefix route shows that an SRv6 tunnel with End.DT6 function is used:
*A:PE-2# show router bgp routes evpn ipv6-prefix rd 192.0.2.4:12 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IPv6-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:12
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 2001:db8::1:14/128
Route Dist. : 192.0.2.4:12
MPLS Label : 524287
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h04m25s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:7fff:f000::
Behavior : End.DT6 (18)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
The IPv4 route table for VPRN-1 on PE-1 shows an EVPN-IFL route to 10.0.1.14/32 that uses an SR-ISIS tunnel to PE-2:
*A:PE-1# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Local Local 00h05m35s 0
loopback 0
10.0.1.14/32 Remote EVPN-IFL 00h05m02s 170
192.0.2.2 (tunneled:SR-ISIS:524290) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table for VPRN-1 on PE-2 shows an EVPN-IFL route to 10.0.1.11/32 that uses an SR-ISIS tunnel to PE-1 and an EVPN-IFL route to 10.0.1.14/32 that uses an SRv6 tunnel to PE-4:
*A:PE-2# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h05m23s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
10.0.1.14/32 Remote EVPN-IFL 00h05m03s 170
2001:db8:aaaa:104:8000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table for VPRN-1 on PE-3 is similar:
*A:PE-3# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h05m09s 170
192.0.2.1 (tunneled:SR-ISIS:524292) 10
10.0.1.14/32 Remote EVPN-IFL 00h05m04s 170
2001:db8:aaaa:104:8000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On PE-4, the route table for VPRN-1 is as follows:
*A:PE-4# show router service-name "VPRN-1" route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.1.11/32 Remote EVPN-IFL 00h05m01s 170
2001:db8:aaaa:102:7fff:c000:: (tunneled:SRV6) 10
10.0.1.14/32 Local Local 00h05m05s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 route tables for VPRN-1 on the different PEs are similar; for example, on PE-2:
*A:PE-2# show router service-name "VPRN-1" route-table ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:11/128 Remote EVPN-IFL 00h06m24s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
2001:db8::1:14/128 Remote EVPN-IFL 00h06m03s 170
2001:db8:aaaa:104:7fff:f000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
EVPN-IFL IPv4 routes are advertised with End.DT4 or End.DT46 in that preference order and EVPN-IFL IPv6 routes are advertised with End.DT6 or End.DT46 in that preference order. The following command shows the SID values for the End.DT4, End.DT6, and End.DT46 functions on PE-4:
*A:PE-4# show service id "VPRN-1" segment-routing-v6 instance 1
===============================================================================
Segment Routing v6 Instance 1 Service 1
===============================================================================
Locator
Type Function SID Status
-------------------------------------------------------------------------------
PE4-loc
End.DT4 *524288 2001:db8:aaaa:104:8000:: ok
End.DT6 *524287 2001:db8:aaaa:104:7fff:f000:: ok
End.DT46 *524286 2001:db8:aaaa:104:7fff:e000:: ok
===============================================================================
Legend: * - System allocated
The following command displays the configured BGP-EVPN parameters for MPLS and for SRv6:
*A:PE-2# show service id "VPRN-1" bgp-evpn
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:11
Oper Route Dist. : 192.0.2.2:11
Oper RD Type : configured
Route Target : target:64500:11
Route Target Import: None
Route Target Export: None
Default Route Tag : None
Domain-Id : 64500:1
Dyn Egr Lbl Limit : Disabled
EVI : 0
Advertise : Disabled
Weighted ECMP : Disabled
Auto-Bind Tunnel
Resolution : any Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Bgp Instance : 1
Filter Tunnel Types: (Not Specified)
Tunnel Encap
MPLS : True MPLSoUDP : False
===============================================================================
===============================================================================
Service 1 BGP-EVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up Oper State : Up
EVI : <default>
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:12
Oper Route Dist : 192.0.2.2:12
Oper RD Type : configured
Route Target : target:64500:12
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE2-loc
Source Address : 2001:db8::2:2
Domain-Id : 64500:2
Advertise : Disabled
Weighted ECMP : Disabled
===============================================================================
Multi-instance VPRN with EVPN-IFL over SRv6 and VPN-IPv4/v6 over SR-ISIS
This section describes a use case with interworking between EVPN-IFL and VPN-IPv4.
BGP configuration
Between PE-1, PE-2, and PE-3, BGP is supported for the VPN-IPv4 and VPN-IPv6 address families. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access-mpls"
family vpn-ipv4 vpn-ipv6
peer-as 64500
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
The BGP configuration on PE-2 is as follows:
# on PE-2:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access-mpls"
family vpn-ipv4 vpn-ipv6
peer-as 64500
neighbor 192.0.2.1
exit
neighbor 192.0.2.3
exit
exit
group "core-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:3
exit
neighbor 2001:db8::2:4
exit
exit
exit
The BGP configuration on PE-3 is similar.
The BGP configuration on PE-4 remains unchanged.
Service configuration
On PE-1, VPRN-2 is configured as follows:
# on PE-1:
configure
service
vprn 2 name "VPRN-2" customer 1 create
interface "loopback" create
address 10.0.2.21/32
ipv6
address 2001:db8::2:21/128
exit
loopback
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution any
exit
route-distinguisher 192.0.2.1:21
vrf-target target:64500:21
no shutdown
exit
exit
no shutdown
exit
On PE-2, VPRN-2 is configured as follows:
# on PE-2:
configure
service
vprn 2 name "VPRN-2" customer 1 create
segment-routing-v6 1 create
locator "PE2-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-ipvpn
mpls
auto-bind-tunnel
resolution any
exit
domain-id 64500:1
route-distinguisher 192.0.2.2:21
vrf-target target:64500:21
no shutdown
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
domain-id 64500:2
route-distinguisher 192.0.2.2:22
srv6-instance 1 default-locator "PE2-loc"
source-address 2001:db8::2:2
vrf-target target:64500:22
no shutdown
exit
exit
no shutdown
exit
The configuration on PE-3 is similar.
On PE-4, VPRN-2 is configured as follows:
# on PE-4:
configure
service
vprn 2 name "VPRN-2" customer 1 create
interface "loopback" create
address 10.0.2.24/32
ipv6
address 2001:db8::2:24/128
exit
loopback
exit
segment-routing-v6 1 create
locator "PE4-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
route-distinguisher 192.0.2.4:22
srv6-instance 1 default-locator "PE4-loc"
source-address 2001:db8::2:4
vrf-target target:64500:22
no shutdown
exit
exit
no shutdown
exit
no shutdown
Verification
GW PE-2 receives and uses the following IP prefix route from PE-4:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:22
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.4:22 10.0.2.24/32
0 00:00:00:00:00:00
2001:db8::2:4
524285
ESI-0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
The detailed information for this IP prefix route shows that the End.DT4 function is used:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.4:22 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:4
Path Id : None
From : 2001:db8::2:4
Res. Nexthop : fe80::1a:1ff:fe01:b
Local Pref. : 100 Interface Name : int-PE-2-PE-4
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:22
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.4
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.2.24/32
Route Dist. : 192.0.2.4:22
MPLS Label : 524285
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m27s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:104::
Full Sid : 2001:db8:aaaa:104:7fff:d000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
---snip---
PE-2 readvertises this prefix in a VPN-IPv4 route to PE-1 and PE-3 after prepending the domain ID 64500:2. PE-1 accepts this route, but PE-3 has domain ID 64500:2 locally, so it does not add this route to its VRF. The following shows that PE-3 does not use the VPN-IPv4 route received from PE-2 and that PE-3 detects a domain path loop in VRF 2:
*A:PE-3# show router bgp routes vpn-ipv4 rd 192.0.2.2:21 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Original Attributes
Network : 10.0.2.24/32
Nexthop : 192.0.2.2
Route Dist. : 192.0.2.2:21 VPN Label : 524276
Path Id : None
From : 192.0.2.2
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:21
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Fwd Class : None Priority : None
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m32s
VPRN Imported : None
DPath Loop VRFs: 2
---snip---
The IPv4 route table on PE-1 shows a BGP-VPN route to 10.0.2.24/32 that uses an SR-ISIS tunnel to PE-2:
*A:PE-1# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Local Local 00h06m02s 0
loopback 0
10.0.2.24/32 Remote BGP VPN 00h05m25s 170
192.0.2.2 (tunneled:SR-ISIS:524290) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv4 route table on PE-2 shows a BGP-VPN route to 10.0.2.21/32 that uses an SR-ISIS tunnel to PE-1 and an EVPN-IFL route to 10.0.2.24/32 that uses an SRv6 tunnel to PE-4:
*A:PE-2# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Remote BGP VPN 00h05m51s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
10.0.2.24/32 Remote EVPN-IFL 00h05m42s 170
2001:db8:aaaa:104:7fff:d000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The route table on PE-3 is similar.
The route table on PE-4 is as follows:
*A:PE-4# show router service-name "VPRN-2" route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.2.21/32 Remote EVPN-IFL 00h06m18s 170
2001:db8:aaaa:102:7fff:8000:: (tunneled:SRV6) 10
10.0.2.24/32 Local Local 00h06m22s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 route tables for VPRN-2 are similar; for example, on PE-2:
*A:PE-2# show router service-name "VPRN-2" route-table ipv6
===============================================================================
IPv6 Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::2:21/128 Remote BGP VPN 00h06m48s 170
192.0.2.1 (tunneled:SR-ISIS:524290) 10
2001:db8::2:24/128 Remote EVPN-IFL 00h06m38s 170
2001:db8:aaaa:104:7fff:c000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The next hop value 2001:db8:aaaa:104:7fff:c000:: in the preceding output corresponds to the SID value for End.DT6 in the following command on PE-4:
*A:PE-4# show service id "VPRN-2" segment-routing-v6 instance 1
===============================================================================
Segment Routing v6 Instance 1 Service 2
===============================================================================
Locator
Type Function SID Status
-------------------------------------------------------------------------------
PE4-loc
End.DT4 *524285 2001:db8:aaaa:104:7fff:d000:: ok
End.DT6 *524284 2001:db8:aaaa:104:7fff:c000:: ok
End.DT46 *524283 2001:db8:aaaa:104:7fff:b000:: ok
===============================================================================
Legend: * - System allocatedThe following command shows the BGP-IPVPN information for VPRN-2 on PE-2:
*A:PE-2# show service id "VPRN-2" bgp-ipvpn
===============================================================================
Service 2 BGP-IPVPN MPLS Information
===============================================================================
Admin State : Up Oper State : Up
VRF Import : None
VRF Export : None
Route Dist. : None
Oper Route Dist : 192.0.2.2:21
Oper RD Type : configured
Route Target : target:64500:21
Route Target Impor: None
Route Target Expor: None
Domain-Id : 64500:1
Dyn Egr Lbl Limit : Disabled
Auto-Bind Tunnel
Resolution : any Strict Tnl Tag : False
ECMP : 1 Flex Algo FB : False
Weighted ECMP : False
BGP Instance : 1
Filter Tunnel Type: bgp
===============================================================================
The following command shows the BGP-EVPN information for VPRN-2 on PE-2:
*A:PE-2# show service id "VPRN-2" bgp-evpn
===============================================================================
Service 2 BGP-EVPN Segment-Routing-V6 Information
===============================================================================
Admin State : Up Oper State : Up
EVI : <default>
VRF Import : None
VRF Export : None
Route Dist. : 192.0.2.2:22
Oper Route Dist : 192.0.2.2:22
Oper RD Type : configured
Route Target : target:64500:22
Route Target Expor: None
Route Target Impor: None
Def Route Tag : 0x0
Route Resolution : route-table
Srv6 Instance : 1
Default Locator : PE2-loc
Source Address : 2001:db8::2:2
Domain-Id : 64500:2
Advertise : Disabled
Weighted ECMP : Disabled
===============================================================================
Multi-instance VPRN with two EVPN-IFL domains using SRv6 transport
EVPN IP prefix routes readvertised between SRv6 domains shows how IP prefix 10.0.3.34/32 is advertised in VPRN-3 with two BGP-EVPN instances pointing at the same SRv6 locator.
For a VPRN with two BGP-EVPN instances pointing at different SRv6 locators, the behavior is identical but the SRv6 SID on PE-4 is different for a different SRv6 locator.
VPRN with two BGP-EVPN instances pointing at the same SRv6 locator
This section describes VPRN-3 which has two BGP-EVPN instances that both use the same locator.
SRv6 configuration
SRv6 was already configured among PE-2, PE-3, and PE-4. In this scenario and the following, SRv6 is also configured among PE-1, PE-2, and PE-3. The IS-IS configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
isis 0
area-id 49.0001
traffic-engineering
traffic-engineering-options
ipv6
application-link-attributes
exit
exit
advertise-passive-only
advertise-router-capability as
ipv6-routing native
level 1
wide-metrics-only
exit
level 2
wide-metrics-only
exit
segment-routing-v6
locator "PE1-loc"
level-capability level-1 # on PE-2, PE-3: level-1/2 (default)
level 1
exit
level 2
exit
exit
no shutdown
exit
interface "system"
passive
no shutdown
exit
interface "int-PE-1-PE-2"
level-capability level-1
interface-type point-to-point
no shutdown
exit
interface "int-PE-1-PE-3"
level-capability level-1
interface-type point-to-point
no shutdown
exit
no shutdown
On the GWs PE-2 and PE-3, the existing locators "PE2-loc" and "PE3-loc" are used on both SRv6 domains and these SRv6 locators are configured with level-capability level-1/2, which is the default value.
BGP configuration
In this example, BGP uses IPv6 peer addresses. The BGP configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "access-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:2
exit
neighbor 2001:db8::2:3
exit
exit
no shutdown
The BGP configuration on the service GWs PE-2 and PE-3 is as follows:
# on PE-2:
configure
router Base
autonomous-system 64500
bgp
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "core-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:3 # on PE-3: 2001:db8::2:2
exit
neighbor 2001:db8::2:4
exit
exit
group "access-srv6"
family evpn
peer-as 64500
advertise-ipv6-next-hops evpn
neighbor 2001:db8::2:1
exit
exit
no shutdown
The BGP configuration on PE-4 remains the same as in the preceding use cases.
Service configuration
On PE-1 and PE-4, the configuration of VPRN-3 is similar. VPRN-3 is configured on PE-1 as follows:
# on PE-1:
configure
service
vprn 3 name "VPRN-3" customer 1 create
interface "loopback" create
address 10.0.3.31/32 # on PE-4: 10.0.3.34/32
ipv6
address 2001:db8::3:31/128 # on PE-4: 2001:db8::3:34/128
exit
loopback
exit
segment-routing-v6 1 create
locator "PE1-loc" # on PE-4: "PE4-loc"; same functions
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
route-distinguisher 192.0.2.1:31 # on PE-4: 192.0.2.4:32
srv6-instance 1 default-locator "PE1-loc" # on PE-4: "PE4-loc"
source-address 2001:db8::2:1 # on PE-4: 2001:db8::2:4
vrf-target target:64500:31 # on PE-4: target:64500:32
no shutdown
exit
exit
no shutdown
On GWs PE-2 and PE-3, VPRN-3 has two BGP-EVPN instances that both point to the same locator, as follows:
# on PE-2:
configure
service
vprn 3 name "VPRN-3" customer 1 create
segment-routing-v6 1 create
locator "PE2-loc" # on PE-3: "PE3-loc"; same functions
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
domain-id 64500:1
route-distinguisher 192.0.2.2:31 # on PE-3: 192.0.2.3:31
srv6-instance 1 default-locator "PE2-loc" # on PE-3: "PE3-loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64500:31
no shutdown
exit
segment-routing-v6 bgp 2
domain-id 64500:2
route-distinguisher 192.0.2.2:32 # on PE-3: 192.0.2.3:32
srv6-instance 1 default-locator "PE2-loc" # on PE-3: "PE3-loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64500:32
no shutdown
exit
exit
allow-export-bgp-vpn
no shutdown
Verification
The domain path attribute is used for loop prevention. GW PE-2 does not use the IP prefix routes readvertised by GW PE-3:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:31
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
*>i 192.0.2.3:31 10.0.3.31/32
0 00:00:00:00:00:00
2001:db8::2:3
524281
ESI-0
*>i 192.0.2.3:31 10.0.3.34/32
0 00:00:00:00:00:00
2001:db8::2:3
524281
ESI-0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The detailed output of the preceding command on PE-2 shows that the End.DT4 function is used and that PE-2 detects a domain path loop in VRF 3 for EVPN IP prefix routes with RD 192.0.2.3:31:
*A:PE-2# show router bgp routes evpn ip-prefix rd 192.0.2.3:31 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:3
Path Id : None
From : 2001:db8::2:3
Res. Nexthop : fe80::203:feff:fe00:0
Local Pref. : 100 Interface Name : int-PE-2-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:31
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:1:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.3.31/32
Route Dist. : 192.0.2.3:31
MPLS Label : 524281
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 18h46m24s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:7fff:9000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
DPath Loop VRFs: 3
---snip---
The IPv4 route table for VPRN-3 on PE-2 is as follows:
*A:PE-2# show router service-name "VPRN-3" route-table
===============================================================================
Route Table (Service: 3)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.3.31/32 Remote EVPN-IFL 19h55m28s 170
2001:db8:aaaa:101:8000:: (tunneled:SRV6) 10
10.0.3.34/32 Remote EVPN-IFL 19h55m28s 170
2001:db8:aaaa:104:7fff:a000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The behavior is the same as in the preceding use cases. The same show commands can be used to verify that.
VPRN with two BGP-EVPN instances pointing at different SRv6 locators
This section describes VPRN-4, which has two BGP-EVPN instances pointing at different locators.
SRv6 locator configuration
On PE-2, PE-3, and PE-4, an additional SRv6 locator is configured. In this example, the only difference is the IP prefix. On PE-2, the "PE2-loc" locator was already configured and the "PE2-loc-2" locator is added:
# on PE-2:
configure
router Base
segment-routing
segment-routing-v6
origination-fpe 1
source-address 2001:db8::2:2
locator "PE2-loc"
block-length 48
termination-fpe 2
prefix
ip-prefix 2001:db8:aaaa:102::/64
exit
static-function
exit
no shutdown
exit
locator "PE2-loc-2"
block-length 48
termination-fpe 2
prefix
ip-prefix 2001:db8:aaaa:122::/64
exit
static-function
exit
no shutdown
exit
base-routing-instance
locator "PE2-loc"
function
end-x-auto-allocate srh-mode psp protection unprotected
end 1
srh-mode usp
exit
exit
exit
locator "PE2-loc-2"
function
end-x-auto-allocate srh-mode psp protection unprotected
end 1
srh-mode usp
exit
exit
exit
exit
exit
exit
isis 0
segment-routing-v6
locator "PE2-loc"
level 1
exit
level 2
exit
exit
locator "PE2-loc-2"
level 1
exit
level 2
exit
exit
no shutdown
exit
Likewise, PE-3 gets additional locator "PE3-loc-2" and PE-4 gets additional locator "PE4-loc-2".
BGP configuration
The BGP configuration is the same as for VPRN-3: BGP is enabled for the EVPN address family and the peer addresses are the IPv6 system addresses.
Service configuration
On PE-1, VPRN-4 is configured as follows:
# on PE-1:
configure
service
vprn 4 name "VPRN-4" customer 1 create
interface "loopback" create
address 10.0.4.41/32
ipv6
address 2001:db8::4:41/128
exit
loopback
exit
segment-routing-v6 1 create
locator "PE1-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
route-distinguisher 192.0.2.1:41
srv6-instance 1 default-locator "PE1-loc"
source-address 2001:db8::2:1
vrf-target target:64500:41
no shutdown
exit
exit
no shutdown
On PE-2, VPRN-4 is configured with two SRv6 instances that use different locators, as follows. The configuration on PE-3 is similar.
# on PE-2:
configure
service
vprn 4 name "VPRN-4" customer 1 create
segment-routing-v6 1 create
locator "PE2-loc" # on PE-3: "PE3-loc"; same functions
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
segment-routing-v6 2 create
locator "PE2-loc-2" # on PE-3: "PE3-loc-2"; same function
function
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
domain-id 64500:1
route-distinguisher 192.0.2.2:41 # on PE-3: 192.0.2.3:41
srv6-instance 1 default-locator "PE2-loc" # on PE-3: "PE3-loc"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64500:41
no shutdown
exit
segment-routing-v6 bgp 2
domain-id 64500:2
route-distinguisher 192.0.2.2:42 # on PE-3: 192.0.2.3:42
srv6-instance 2 default-locator "PE2-loc-2" # on PE-3: "PE3-loc-2"
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
vrf-target target:64500:42
no shutdown
exit
exit
allow-export-bgp-vpn
no shutdown
On PE-4, VPRN-4 is configured as follows:
# on PE-4:
configure
service
vprn 4 name "VPRN-4" customer 1 create
interface "loopback" create
address 10.0.4.44/32
ipv6
address 2001:db8::4:44/128
exit
loopback
exit
segment-routing-v6 1 create
locator "PE4-loc-2"
function
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
route-distinguisher 192.0.2.4:42
srv6-instance 1 default-locator "PE4-loc-2"
source-address 2001:db8::2:4
vrf-target target:64500:42
no shutdown
exit
exit
no shutdown
Verification
The behavior is similar as in the preceding use cases. Loops are prevented using the domain path attribute. The following shows that PE-3 detects a domain path loop in VRF 4 for a route originating from PE-2:
*A:PE-3# show router bgp routes evpn ip-prefix rd 192.0.2.2:41 detail
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
---snip---
-------------------------------------------------------------------------------
Original Attributes
Network : n/a
Nexthop : 2001:db8::2:2
Path Id : None
From : 2001:db8::2:2
Res. Nexthop : fe80::202:feff:fe00:0
Local Pref. : 100 Interface Name : int-PE-3-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:41
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Valid Best
Route Source : Internal
AS-Path : No As-Path
D-Path : [64500:2:(evpn)]
EVPN type : IP-PREFIX
ESI : ESI-0
Tag : 0
Gateway Address: 00:00:00:00:00:00
Prefix : 10.0.4.44/32
Route Dist. : 192.0.2.2:41
MPLS Label : 524278
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 02h23m15s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:102::
Full Sid : 2001:db8:aaaa:102:7fff:6000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
DPath Loop VRFs: 4
---snip---
The route tables for IPv4 and IPv6 are similar to the ones in the preceding use cases. The IPv4 route tables for VPRN-4 are the following:
*A:PE-1# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Local Local 22h51m57s 0
loopback 0
10.0.4.44/32 Remote EVPN-IFL 02h25m28s 170
2001:db8:aaaa:102:7fff:6000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-2# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 22h50m43s 170
2001:db8:aaaa:101:7fff:f000:: (tunneled:SRV6) 10
10.0.4.44/32 Remote EVPN-IFL 02h25m29s 170
2001:db8:aaaa:124:7fff:7000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-3# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 22h43m18s 170
2001:db8:aaaa:101:7fff:f000:: (tunneled:SRV6) 10
10.0.4.44/32 Remote EVPN-IFL 02h25m30s 170
2001:db8:aaaa:124:7fff:7000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-4# show router service-name "VPRN-4" route-table
===============================================================================
Route Table (Service: 4)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.4.41/32 Remote EVPN-IFL 02h16m56s 170
2001:db8:aaaa:122:7fff:3000:: (tunneled:SRV6) 10
10.0.4.44/32 Local Local 22h48m18s 0
loopback 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
Multi-instance VPRN services with EVPN-IFL can use SRv6 transport as well as MPLS transport. Interworking between EVPN-IFL and IP-VPN is supported. Multi-instance VPRN services can be used as Service Gateways to connect two SRv6 domains together.