EVPN IP Aliasing for IP Prefix Routes
This chapter provides information about EVPN IP aliasing for IP prefix routes.
Topics in this chapter include:
Applicability
The information and the configuration in this chapter are based on SR OS Release 24.3.R3. IP aliasing for EVPN IP prefix routes in the interface-less (EVPN IFL) or interface-ful (EVPN IFF) models are supported in SR OS Release 22.10.R2, and later. IP aliasing for IP prefix routes in the EVPN IFL model over MPLS was already supported in SR OS Release 22.10.R1.
Overview
Draft-ietf-evpn-ip-aliasing describes IP aliasing for EVPN IP prefix routes, which allows nodes to load-balance flows to multiple nodes attached to the same prefix, even to IP addresses that are not advertised as next-hop in the EVPN IP prefix routes.
EVPN IP aliasing in an EVPN IFL model shows an example with a multi-rack Virtual Network Function (VNF) connected to four Top-Of-Rack (TOR) PEs, but only two EBGP sessions are established: one between 10.10.0.1—a loopback address in the VNF—and TOR-1 and one between 10.10.0.1 and TOR-4. A VPRN is configured on all nodes. On all four TOR nodes, a Layer 3 Ethernet segment (L3 ES) is configured, which is a virtual Ethernet Segment (vES) configured with VPRN next-hop 10.10.0.1 and the EVI value of the VPRN on the border leaf and TOR nodes. Both single-active and all-active vESs are supported, but in this chapter, only all-active vESs are used.
The configuration of the all-active vES contains EVI 10 for VPRN-10 and a VPRN next-hop equal to the EVPN IP alias 10.10.0.1, which is a loopback address in the VNF, as follows;
# on TOR-1, TOR-2, TOR-3, TOR-4:
configure
service
system
bgp-evpn
ethernet-segment "AA-ES-23-10" virtual create
esi 00:00:00:23:10:00:00:00:00:00
service-carving
mode auto
exit
multi-homing all-active
vprn-next-hop 10.10.0.1 # subject of EVPN IP aliasing
evi
evi-range 10 # EVI in VPRN-10 on BL-1,TOR-1/2/3/4
exit
no shutdown
exit
In this example, all TOR nodes can reach the VPRN next-hop 10.10.0.1 via a non-EVPN route, for example, via a static route. Only TOR-1 and TOR-4 in the L3 ES have an EBGP session with loopback address 10.10.0.1 in the VNF, but the load-balancing in the ECMP set is done over all four TOR nodes. All TOR nodes with reachability to the VPRN next-hop, via a non-EVPN route, advertise their attachment to the L3 ES using the EVPN auto-discovery (AD) per ES and AD per EVI routes in the VPRN service context. If a TOR (attached to the L3 ES) no longer has reachability to the VPRN next-hop via non-EVPN route, then the TOR withdraws its AD per ES and per EVI routes for the L3 ES.
TOR-1 and TOR-4 receive BGP PE-CE routes for prefix 172.16.10.11/32 with next-hop 10.10.0.1 from the VNF. This next-hop matches the configured VPRN next-hop in the L3 ES, which triggers TOR-1 and TOR-4 to encode the ESI of the L3 ES in the EVPN IP prefix routes for prefix 172.16.10.11/32. The border leaf node and all TOR nodes receive this EVPN IP prefix route and install the prefix 172.16.10.11/32 in the route table using the next-hops of the AD per EVI routes for the L3 ES.
When the border leaf node receives multiple flows toward a subscriber prefix 172.16.10.11, the traffic is sprayed over the ECMP links to the TOR nodes. TOR-2 and TOR-3 have installed the IP prefix routes for prefix 172.16.10.11 with a next-hop that they can reach via a non-EVPN route. Instead of routing the traffic toward 172.16.10.11 to either TOR-1 and TOR-4 that have advertised EVPN IP prefix routes for prefix 172.16.10.11, TOR-2 and TOR-3 route the traffic directly to a next-hop on an infrastructure processing unit (IPU) in the VNF.
Classic VPN routing—using BGP VPN routes rather than EVPN IP prefix routes—results in tromboning the traffic to TOR-1 or TOR-4. Traffic to 172.16.10.11 arriving at TOR-2 is routed to TOR-1 even if TOR-2 is directly connected to the VNF.
IP aliasing in EVPN IP prefix routes allows to use the connections between all TORs and the VNF efficiently. The border leaf node sprays the traffic to 172.16.10.11 over the ECMP set of four TOR nodes. Traffic to 172.16.10.11 arriving at TOR-2 is directly forwarded to the VNF without tromboning to TOR-1.
It is possible to configure weighted ECMP, but that is not documented in this chapter.
Configuration
Nodes in AS 64500 with IBGP sessions shows the example topology with border leaf node PE-1 and two TOR PEs (PE-2 and PE-3) in AS 64500. IBGP sessions are established between the three nodes for the EVPN address family. Later, EBGP will be configured between a VPRN on TOR node PE-2 and a VPRN on PE-4 and PE-5 in the VNF (not shown in the figure).
- cards, MDAs, ports
- router interfaces between PE-1, PE-2, and PE-3
- IS-IS as IGP between PE-1, PE-2, and PE-3
- SR-ISIS for MPLS between PE-1, PE-2, and PE-3
- SRv6 between PE-1, PE-2, and PE-3
BGP is configured for the EVPN address family; on PE-1 as follows:
# on PE-1:
configure
router Base
autonomous-system 64500
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "TOR"
family evpn
type internal
peer-as 64500
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
The BGP configuration on PE-2 and PE-3 is similar:
# on PE-2:
configure
router Base
autonomous-system 64500
bgp
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
split-horizon
rapid-update evpn
group "BL"
family evpn
type internal
peer-as 64500
neighbor 192.0.2.1
exit
exit
group "TOR"
family evpn
type internal
peer-as 64500
neighbor 192.0.2.3
exit
exit
exit
EVPN IP aliasing for EVPN IFL over MPLS
EVPN IP alias for EVPN IFL VPRN-10 over MPLS shows an example with EVPN IP alias 10.10.0.1 used in VPRN-10.
Both TOR nodes PE-2 and PE-3 have direct connections to PE-4 and PE-5 in the VNF, but only TOR PE-2 has an EBGP session to the loopback 10.10.0.1 in the VNF. Both PE-2 and PE-3 can reach the loopback 10.10.0.1 via a non-EVPN route; in this case, via a static route configured in VPRN-10.
Only two nodes are used to simplify the example, but in real deployments, multiple nodes will be used. Typically, there will be N nodes with M BGP sessions from the VNF to the TORs, with N > M > 1. If there is only one single BGP session from the VNF and it goes down, the RT5 will be withdrawn.
Service configuration
The L3 ES must be a virtual ES. An attempt to configure a VPRN next-hop on a regular ES results in the following error message:
*A:PE-2>config>service>system>bgp-evpn>eth-seg$ vprn-next-hop 10.1.1.0
MINOR: SVCMGR #8065 Supported only on virtual ethernet segments
On PE-2 and PE-3, L3 ES "AA-ES-23-10" with ESI 00:00:00:23:10:00:00:00:00:00, VPRN next-hop 10.10.0.1, and EVI 10 is configured, as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ES-23-10" virtual create
esi 00:00:00:23:10:00:00:00:00:00
service-carving
mode auto
exit
multi-homing all-active
vprn-next-hop 10.10.0.1 # subject of EVPN IP aliasing
evi
evi-range 10 # EVI in VPRN-10 on PE-1, PE-2, PE-3
exit
no shutdown
exit
The following command shows the details of the L3 ES "AA-ES-23-10":
*A:PE-3# show service system bgp-evpn ethernet-segment name "AA-ES-23-10"
===============================================================================
Service Ethernet Segment
===============================================================================
Name : AA-ES-23-10
Eth Seg Type : Virtual
Admin State : Enabled Oper State : Up
ESI : 00:00:00:23:10:00:00:00:00:00
Oper ESI : 00:00:00:23:10:00:00:00:00:00
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : allActive Oper Multi-homing : allActive
ES Split Horizon Label : None
ES Split Horizon Arg : None
Source BMAC LSB : None
Vprn NextHop : 10.10.0.1
ES Activation Timer : 3 secs (default)
Oper Group : (Not Specified)
Svc Carving : auto Oper Svc Carving : auto
Cfg Range Type : primary
-------------------------------------------------------------------------------
Vprn NextHop Evi Ranges
-------------------------------------------------------------------------------
From To Last Update
-------------------------------------------------------------------------------
10 10 07/03/2024 07:56:12
-------------------------------------------------------------------------------
===============================================================================VPRN-10 is configured on all nodes; on border leaf PE-1 with ECMP 2, as follows:
# on PE-1:
configure
service
vprn 10 name "VPRN-10" customer 1 create
description "EVPN-IFL-MPLS"
ecmp 2
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
evi 10
route-distinguisher 192.0.2.1:10
vrf-target target:64500:10
no shutdown
exit
exit
no shutdown
The EVI value 10 corresponds to the EVI value in the L3 ES and must also be configured in VPRN-10 on PE-2 and PE-3. The VPRN configuration on PE-2 and PE-3 includes a static route toward the loopback 10.10.0.1 in the VNF. The interface toward the VNF uses broadcast domain 11 (R-VPLS "BD-11"). BFD can be used for fast failure detection on the static route toward 10.10.0.1/32. On PE-2, loopback address 10.10.0.2 is configured in VPRN-10 and used as router ID in the BGP configuration. The configuration of BD-11 and VPRN-10 on PE-2 is as follows:
# on PE-2:
configure
service
vpls 11 name "BD-11" customer 1 create
description "broadcast domain 11 connected to VPRN-10"
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:10 create
no shutdown
exit
sap 1/1/c4/1:10 create
no shutdown
exit
no shutdown
exit
vprn 10 name "VPRN-10" customer 1 create
description "EVPN-MPLS IFL VPRN-10 with static route to IP alias"
autonomous-system 64500
interface "int-BD-11-to-VNF" create
address 10.10.2.254/24
vrrp 1 owner passive
backup 10.10.2.254
exit
bfd 1000 receive 1000 multiplier 3
vpls "BD-11"
evpn
arp
no learn-dynamic
advertise dynamic
exit
exit
exit
exit
interface "lo1" create
description "loopback used in EBGP session toward VNF"
address 10.10.0.2/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
static-route-entry 10.10.0.1/32
next-hop 10.10.2.4
bfd-enable
no shutdown
exit
next-hop 10.10.2.5
bfd-enable
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
evi 10
route-distinguisher 192.0.2.2:10
vrf-target target:64500:10
no shutdown
exit
exit
bgp
router-id 10.10.0.2
rapid-withdrawal
next-hop-resolution
use-bgp-routes
exit
group "PE-CE"
family ipv4 ipv6
multihop 10
neighbor 10.10.0.1
type external
peer-as 64496
exit
exit
exit
no shutdown
exit
On PE-3, VPRN-10 does not include BGP and therefore, no local loopback interface needs to be configured. The configuration of BD-11 and VPRN-10 on PE-3 is as follows:
# on PE-3:
configure
service
vpls 11 name "BD-11" customer 1 create
description "broadcast domain 11 connected to VPRN-10"
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:10 create
no shutdown
exit
sap 1/1/c4/1:10 create
no shutdown
exit
no shutdown
exit
vprn 10 name "VPRN-10" customer 1 create
description "EVPN-MPLS IFL VPRN-10 with static route to IP alias"
interface "int-BD-11-to-VNF" create
address 10.10.3.254/24
vrrp 1 owner passive
backup 10.10.3.254
exit
vpls "BD-11"
evpn
arp
no learn-dynamic
advertise dynamic
exit
exit
exit
exit
static-route-entry 10.10.0.1/32
next-hop 10.10.3.4
no shutdown
exit
next-hop 10.10.3.5
no shutdown
exit
exit
bgp-evpn
mpls
auto-bind-tunnel
resolution any
exit
evi 10
route-distinguisher 192.0.2.3:10
vrf-target target:64500:10
no shutdown
exit
exit
no shutdown
The nodes in the VNF, PE-4 and PE-5, have a similar configuration. In this example, the subscriber IP prefixes to be exported are configured on loopback addresses on PE-4 and PE-5. The configuration on PE-4 is as follows.
# on PE-4 (VNF):
configure
router Base
policy-options
begin
prefix-list "subs-pfx-10"
prefix 172.16.10.11/32 exact
prefix 172.16.10.12/32 exact
exit
policy-statement "export-subs-pfx-10"
entry 10
from
protocol direct
prefix-list "subs-pfx-10"
exit
action accept
exit
exit
exit
commit
exit
exit
service
vprn 10 name "VPRN-10" customer 1 create
description "IP-alias-IFL-MPLS"
autonomous-system 64496
interface "int-to-PE-2" create
address 10.10.2.4/24 # on PE-5: 10.10.2.5/24
bfd 1000 receive 1000 multiplier 3
sap 1/1/c2/1:10 create
exit
exit
interface "int-to-PE-3" create
address 10.10.3.4/24 # on PE-5: 10.10.3.5/24
sap 1/1/c1/1:10 create
exit
exit
interface "lo1" create
description "IP alias to be exported"
address 10.10.0.1/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
interface "int-subs-11" create
description "subscriber prefix to be exported"
address 172.16.10.11/32
loopback
exit
interface "int-subs-12" create
description "subscriber prefix to be exported"
address 172.16.10.12/32
loopback
exit
static-route-entry 10.10.0.2/32
next-hop 10.10.2.254
bfd-enable
no shutdown
exit
exit
bgp
rapid-withdrawal
group "PE-CE"
neighbor 10.10.0.2
type external
export "export-subs-pfx-10"
local-as 64496
peer-as 64500
exit
exit
no shutdown
exit
no shutdown
The BGP session in VPRN-10 on PE-5 remains down when the BGP session in VPRN-10 on PE-4 is established.
Verification
The VNF exports the subscriber prefixes 172.16.10.11/32 and 172.16.10.12/32 in EBGP toward PE-2. VPRN-10 on PE-2 receives the following BGP routes with next-hop 10.10.0.1 from its EBGP neighbor 10.10.0.1:
*A:PE-2# show router 10 bgp neighbor 10.10.0.1 received-routes
===============================================================================
BGP Router ID:10.10.0.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.16.10.11/32 n/a None
10.10.0.1 None 1
64496 -
u*>i 172.16.10.12/32 n/a None
10.10.0.1 None 1
64496 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The VPRN route table on PE-2 shows a static route toward 10.10.0.1/32 with next-hop 10.10.2.4 and two BGP routes for the subscriber prefixes 172.16.10.11/32 and 172.16.10.12/32. These subscriber prefixes were advertised with next-hop 10.10.0.1 and this indirect next-hop is resolved to next-hop 10.10.2.4, therefore the subscriber prefix routes also have next-hop 10.10.2.4, as follows:
*A:PE-2# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.10.0.1/32 Remote Static 00h02m00s 5
10.10.2.4 1
10.10.0.2/32 Local Local 00h02m16s 0
lo1 0
10.10.2.0/24 Local Local 00h02m16s 0
int-BD-11-to-VNF 0
10.10.3.0/24 Remote EVPN-IFL 00h02m09s 170
192.0.2.3 (tunneled:SR-ISIS:524295) 10
172.16.10.11/32 Remote BGP 00h01m13s 170
10.10.2.4 1
172.16.10.12/32 Remote BGP 00h01m13s 170
10.10.2.4 1
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================The next-hop 10.10.0.1 matches the VPRN next-hop configured in the L3 ES on PE-2. When the L3 ES is operationally up, PE-2 advertises EVPN IP prefix routes for the IP prefixes 172.16.10.11/32 and 172.16.10.12/32 with non-zero ESI and PE-1 receives the following IP prefix route for prefix 172.16.10.11/32 with ESI 00:00:00:23:10:00:00:00:00:00:
*A:PE-1# show router bgp routes evpn ip-prefix prefix 172.16.10.11/32
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.2:10 172.16.10.11/32
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
00:00:00:23:10:00:00:00:00:00
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
When the L3 ES is down on PE-2, PE-1 receives this IP prefix route with ESI-0 instead, which implies that IP aliasing cannot be used and tromboning between the TOR nodes cannot be avoided.
When the L3 ES is up on PE-2 and PE-3, AD per EVI and AD per ES routes are advertised with ESI 00:00:00:23:10:00:00:00:00:00. PE-1 receives the following two EVPN AD routes from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:10
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:10 00:00:00:23:10:00:00:00:00:00 192.0.2.2
0 LABEL 524283
u*>i 192.0.2.2:10 00:00:00:23:10:00:00:00:00:00 192.0.2.2
MAX-ET LABEL 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
When all-active mode is configured in the L3 ES, all peers that are part of the ES signal P=1 B=0 (primary, no backup) in the AD per EVI route. PE-1 receives the following AD per EVI route from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:10 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.12.2
Local Pref. : 100 Interface Name : int-PE-1-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:10
l2-attribute:MTU: 0 F: 0 C: 0 P: 1 B: 0
bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : AUTO-DISC
ESI : 00:00:00:23:10:00:00:00:00:00
Tag : 0
Route Dist. : 192.0.2.2:10
MPLS Label : LABEL 524283
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h05m42s
-------------------------------------------------------------------------------
---snip---
PE-1 also receives an AD per EVI route with ESI 00:00:00:23:10:00:00:00:00:00 and P:1 B:0 from PE-3:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.3:10 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.13.2
Local Pref. : 100 Interface Name : int-PE-1-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:10
l2-attribute:MTU: 0 F: 0 C: 0 P: 1 B: 0
bgp-tunnel-encap:MPLS
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : AUTO-DISC
ESI : 00:00:00:23:10:00:00:00:00:00
Tag : 0
Route Dist. : 192.0.2.3:10
MPLS Label : LABEL 524283
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h10m21s
-------------------------------------------------------------------------------
---snip---
When PE-1 receives EVPN IP prefix routes with non-zero ESI, it installs the prefix in an ECMP set with next-hops provided by the received AD per EVI routes with P=1. The route table for VPRN-10 on PE-1 is as follows:
*A:PE-1# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.10.0.1/32 Remote EVPN-IFL 00h13m03s 170
192.0.2.2 (tunneled:SR-ISIS:524291) 10
10.10.0.1/32 Remote EVPN-IFL 00h13m03s 170
192.0.2.3 (tunneled:SR-ISIS:524295) 10
10.10.0.2/32 Remote EVPN-IFL 00h13m18s 170
192.0.2.2 (tunneled:SR-ISIS:524291) 10
10.10.2.0/24 Remote EVPN-IFL 00h13m18s 170
192.0.2.2 (tunneled:SR-ISIS:524291) 10
10.10.3.0/24 Remote EVPN-IFL 00h13m12s 170
192.0.2.3 (tunneled:SR-ISIS:524295) 10
172.16.10.11/32 Remote EVPN-IFL 00h08m33s 170
192.0.2.2 (tunneled:SR-ISIS:524291) 10
172.16.10.11/32 Remote EVPN-IFL 00h08m33s 170
192.0.2.3 (tunneled:SR-ISIS:524295) 10
172.16.10.12/32 Remote EVPN-IFL 00h08m33s 170
192.0.2.2 (tunneled:SR-ISIS:524291) 10
172.16.10.12/32 Remote EVPN-IFL 00h08m33s 170
192.0.2.3 (tunneled:SR-ISIS:524295) 10
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
PE-3 receives two routes from PE-2 with ESI equal to the local ESI 00:00:00:23:10:00:00:00:00:00, as follows:
*A:PE-3# show router bgp routes evpn ip-prefix
===============================================================================
BGP Router ID:192.0.2.3 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.2:10 10.10.2.0/24
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
ESI-0
u*>i 192.0.2.2:10 10.10.0.1/32
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
ESI-0
u*>i 192.0.2.2:10 10.10.0.2/32
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
ESI-0
u*>i 192.0.2.2:10 172.16.10.11/32
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
00:00:00:23:10:00:00:00:00:00
u*>i 192.0.2.2:10 172.16.10.12/32
0 00:00:00:00:00:00
192.0.2.2
LABEL 524283
00:00:00:23:10:00:00:00:00:00
-------------------------------------------------------------------------------
Routes : 5
===============================================================================
PE-2 advertises EVPN IP prefix route 172.16.10.11/32 with ESI 00:00:00:23:10:00:00:00:00:00, which is a local ES on PE-3, so PE-3 adds the route in the route table with the next-hop for prefix 10.10.0.1/32 of the L3 ES. Traffic toward 172.16.10.11 arriving at PE-3 is forwarded directly to the local ES destination. The next-hop of routes 10.10.0.1/32, 172.16.10.11/32, and 172.16.10.12/32 is 10.10.3.4, as follows:
*A:PE-3# show router 10 route-table
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.10.0.1/32 Remote Static 00h13m16s 5
10.10.3.4 1
10.10.0.2/32 Remote EVPN-IFL 00h13m11s 170
192.0.2.2 (tunneled:SR-ISIS:524294) 10
10.10.2.0/24 Remote EVPN-IFL 00h13m11s 170
192.0.2.2 (tunneled:SR-ISIS:524294) 10
10.10.3.0/24 Local Local 00h13m16s 0
int-BD-11-to-VNF 0
172.16.10.11/32 Remote EVPN-IFL 00h08m37s 170
10.10.3.4 1
172.16.10.12/32 Remote EVPN-IFL 00h08m37s 170
10.10.3.4 1
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On PE-3, the extensive route information for prefix 172.16.10.12/32 shows the indirect next-hop 10.10.0.1 and the resolving next-hop 10.10.3.4, as follows:
*A:PE-3# show router 10 route-table 172.16.10.11/32 extensive
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix : 172.16.10.11/32
Protocol : EVPN-IFL
Age : 00h08m37s
Preference : 170
Indirect Next-Hop : 10.10.0.1
VPN Next-Hop Index : 32
QoS : Priority=n/c, FC=n/c
Source-Class : 0
Dest-Class : 0
ECMP-Weight : N/A
Resolving Next-Hop : 10.10.3.4
Interface : int-BD-11-to-VNF
Metric : 1
ECMP-Weight : N/A
-------------------------------------------------------------------------------
No. of Destinations: 1
===============================================================================
EVPN IP aliasing for EVPN IFL over SRv6
EVPN IP alias for EVPN IFL VPRN-20 over SRv6 shows an example with EVPN IP alias 10.20.0.1 used in VPRN-20. Instead of MPLS tunnels, SRv6 tunnels are used.
Service configuration
On PE-2 and PE-3, L3 ES "AA-ES-23-20" with ESI 00:00:00:23:20:00:00:00:00:00, VPRN next-hop 10.20.0.1, and EVI 20 is configured, as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ES-23-20" virtual create
esi 00:00:00:23:20:00:00:00:00:00
service-carving
mode auto
exit
multi-homing all-active
vprn-next-hop 10.20.0.1 # loopback in VPRN 20 on VNF
evi
evi-range 20 # EVI in VPRN-20 on PE-1,PE-2, PE-3
exit
no shutdown
exit
On border leaf PE-1, VPRN-20 is configured with ECMP 2, as follows:
# on PE-1:
configure
service
vprn 20 name "VPRN-20" customer 1 create
description "IP-alias-IFL-SRv6"
ecmp 2
segment-routing-v6 1 create
locator "PE1-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
evi 20
route-distinguisher 192.0.2.1:20
source-address 2001:db8::2:1
srv6-instance 1 default-locator "PE1-loc"
vrf-target target:64500:20
no shutdown
exit
exit
no shutdownOn TOR nodes PE-2 and PE-3, VPRN-20 uses broadcast domain BD-21 toward the VNF. Static routes are configured toward 10.20.0.1/32, which is a loopback interface in the VNF. On PE-2, a local loopback interface is configured with IP address 10.20.0.2, which serves as router ID in the BGP configuration of VPRN-20.
The configuration of VPRN-20 on PE-3 is similar, but without local loopback interface and without BGP.
The configuration is as follows:
# on PE-2:
configure
service
vpls 21 name "BD-21" customer 1 create
description "broadcast domain 21 connected to VPRN-20"
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:20 create
no shutdown
exit
sap 1/1/c4/1:20 create
no shutdown
exit
no shutdown
exit
vprn 20 name "VPRN-20" customer 1 create
description "EVPN IFL over SRv6"
autonomous-system 64500
interface "int-BD-21-to-VNF" create
address 10.20.2.254/24 # on PE-3: 10.20.3.254
bfd 1000 receive 1000 multiplier 3 # on PE-3: no BFD
vpls "BD-21"
exit
exit
interface "lo1" create # on PE-3: no loopback in VPRN-20
address 10.20.0.2/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
static-route-entry 10.20.0.1/32
next-hop 10.20.2.4 # on PE-3: 10.20.3.4
bfd-enable # on PE-3: no BFD
no shutdown
exit
next-hop 10.20.2.5 # on PE-3: 10.20.3.5
bfd-enable # on PE-3: no BFD
no shutdown
exit
exit
segment-routing-v6 1 create
locator "PE2-loc"
function
end-dt4
end-dt6
end-dt46
exit
exit
exit
bgp-evpn
segment-routing-v6 bgp 1
evi 20
route-distinguisher 192.0.2.2:20
source-address 2001:db8::2:2 # on PE-3: 2001:db8::2:3
srv6-instance 1 default-locator "PE2-loc" # PE-3:"PE3-loc"
vrf-target target:64500:20
no shutdown
exit
exit
bgp # on PE-3: no BGP
router-id 10.20.0.2
rapid-withdrawal
group "PE-CE"
neighbor 10.20.0.1
type external
local-as 64500
peer-as 64496
exit
exit
exit
no shutdown
The configuration of VPRN-20 on VNF nodes PE-4 and PE-5 is similar with the configuration of VPRN-10 on PE-4 and PE-5.
Verification
TOR node PE-2 receives the following BGP routes from its EBGP peer 10.20.0.1 in the VNF:
*A:PE-2# show router 20 bgp neighbor 10.20.0.1 received-routes
===============================================================================
BGP Router ID:10.20.0.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.16.20.11/32 n/a None
10.20.0.1 None 1
64496 -
u*>i 172.16.20.12/32 n/a None
10.20.0.1 None 1
64496 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
On PE-2, the route table for VPRN-20 is as follows:
*A:PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.0.1/32 Remote Static 00h01m44s 5
10.20.2.4 1
10.20.0.2/32 Local Local 00h02m05s 0
lo1 0
10.20.2.0/24 Local Local 00h02m05s 0
int-BD-21-to-VNF 0
10.20.3.0/24 Remote EVPN-IFL 00h01m59s 170
2001:db8:aaaa:103:7b1d:b000:: (tunneled:SRV6) 10
172.16.20.11/32 Remote BGP 00h01m11s 170
10.20.2.4 1
172.16.20.12/32 Remote BGP 00h01m11s 170
10.20.2.4 1
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
On PE-2, the received BGP routes contain next-hop 10.20.0.1 which matches the L3 ES VPRN next-hop, so PE-2 advertises EVPN IP prefix routes with ESI 00:00:00:23:20:00:00:00:00:00. PE-1 receives the following EVPN IP prefix route for prefix 172.16.20.11/32:
*A:PE-1# show router bgp routes evpn ip-prefix prefix 172.16.20.11/32
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.2:20 172.16.20.11/32
0 00:00:00:00:00:00
192.0.2.2
504283
00:00:00:23:20:00:00:00:00:00
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
When the L3 ES is operationally up, PE-2 and PE-3 advertise AD per ES and AD per EVI routes. PE-1 receives the following EVPN AD routes with ESI 00:00:00:23:20:00:00:00:00:00 from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:20
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:20 00:00:00:23:20:00:00:00:00:00 192.0.2.2
0 504283
u*>i 192.0.2.2:20 00:00:00:23:20:00:00:00:00:00 192.0.2.2
MAX-ET 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
When PE-1 receives an EVPN IP prefix route with non-zero ESI, the prefix is installed in an ECMP set with next-hops equal to the SID provided by the received AD per EVI routes with P=1. PE-1 receives the following AD per EVI route from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:20 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.2
Path Id : None
From : 192.0.2.2
Res. Nexthop : 192.168.12.2
Local Pref. : 100 Interface Name : int-PE-1-PE-2
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:20
l2-attribute:MTU: 0 F: 0 C: 0 P: 1 B: 0
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.2
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : AUTO-DISC
ESI : 00:00:00:23:20:00:00:00:00:00
Tag : 0
Route Dist. : 192.0.2.2:20
MPLS Label : 504283
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h03m21s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:102::
Full Sid : 2001:db8:aaaa:102:7b1d:b000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
-------------------------------------------------------------------------------
---snip---
PE-1 receives the following EVPN AD per EVI route from PE-3:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.3:20 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : n/a
Nexthop : 192.0.2.3
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.168.13.2
Local Pref. : 100 Interface Name : int-PE-1-PE-3
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 10
Connector : None
Community : target:64500:20
l2-attribute:MTU: 0 F: 0 C: 0 P: 1 B: 0
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : AUTO-DISC
ESI : 00:00:00:23:20:00:00:00:00:00
Tag : 0
Route Dist. : 192.0.2.3:20
MPLS Label : 504283
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h07m51s
SRv6 TLV Type : SRv6 L3 Service TLV (5)
SRv6 SubTLV : SRv6 SID Information (1)
Sid : 2001:db8:aaaa:103::
Full Sid : 2001:db8:aaaa:103:7b1d:b000::
Behavior : End.DT4 (19)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len : 48 Loc-Node-Len : 16
Func-Len : 20 Arg-Len : 0
Tpose-Len : 20 Tpose-offset : 64
-------------------------------------------------------------------------------
---snip---
The route table for VPRN-20 on PE-1 is as follows:
*A:PE-1# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.0.1/32 Remote EVPN-IFL 00h09m47s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
10.20.0.1/32 Remote EVPN-IFL 00h09m47s 170
2001:db8:aaaa:103:7b1d:b000:: (tunneled:SRV6) 10
10.20.0.2/32 Remote EVPN-IFL 00h10m08s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
10.20.2.0/24 Remote EVPN-IFL 00h10m08s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
10.20.3.0/24 Remote EVPN-IFL 00h10m02s 170
2001:db8:aaaa:103:7b1d:b000:: (tunneled:SRV6) 10
172.16.20.11/32 Remote EVPN-IFL 00h05m32s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
172.16.20.11/32 Remote EVPN-IFL 00h05m32s 170
2001:db8:aaaa:103:7b1d:b000:: (tunneled:SRV6) 10
172.16.20.12/32 Remote EVPN-IFL 00h05m32s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
172.16.20.12/32 Remote EVPN-IFL 00h05m32s 170
2001:db8:aaaa:103:7b1d:b000:: (tunneled:SRV6) 10
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The route table for VPRN-20 on PE-3 shows that the route toward 10.20.0.1/32, 172.16.20.11/32, and 172.16.20.12/32 have next-hop 10.20.3.4, which corresponds to an interface in PE-4, so no tromboning to PE-2 takes place.
*A:PE-3# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.20.0.1/32 Remote Static 00h10m04s 5
10.20.3.4 1
10.20.0.2/32 Remote EVPN-IFL 00h10m00s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
10.20.2.0/24 Remote EVPN-IFL 00h10m00s 170
2001:db8:aaaa:102:7b1d:b000:: (tunneled:SRV6) 10
10.20.3.0/24 Local Local 00h10m04s 0
int-BD-21-to-VNF 0
172.16.20.11/32 Remote EVPN-IFL 00h05m34s 170
10.20.3.4 1
172.16.20.12/32 Remote EVPN-IFL 00h05m34s 170
10.20.3.4 1
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
EVPN IP aliasing for EVPN IFF over VXLAN
EVPN IP alias for EVPN IFF VPRN-30 over VXLAN shows an example with EVPN IP alias 10.30.0.1 used in VPRN-30.
R-VPLS "BD-3" is configured with EVI 3, which matches the EVI configured in the L3 ES.
Service configuration
On PE-2 and PE-3, L3 ES "AA-ES-23-3" is configured with ESI 00:00:00:23:03:00:00:00:00:00, VPRN next-hop 10.30.0.1, and EVI 3, as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ES-23-3" virtual create
description "AA ES with EVI of R-VPLS 3"
esi 00:00:00:23:03:00:00:00:00:00
service-carving
mode auto
exit
multi-homing all-active
vprn-next-hop 10.30.0.1 # loopback in VPRN-30 on VNF
evi
evi-range 3 # = EVI in BD-3 on PE-1,PE-2, PE-3
exit
no shutdown
On border leaf PE-1, R-VPLS "BD-3" and VPRN "VPRN-30" are configured as folllows:
# on PE-1:
configure
service
vpls 3 name "BD-3" customer 1 create
allow-ip-int-bind
exit
vxlan instance 1 vni 3 create
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 3
vxlan bgp 1 vxlan-instance 1
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vprn 30 name "VPRN-30" customer 1 create
description "IP alias IFF VXLAN"
ecmp 2
interface "int-to-BD-3" create
vpls "BD-3"
evpn-tunnel
exit
exit
no shutdown
exit
On PE-2, R-VPLS "BD-3", R-VPLS "BD-31", and VPRN "VPRN-30" are configured as follows:
# on PE-2:
configure
service
vpls 3 name "BD-3" customer 1 create
description "IP-alias-IFF - EVI 3 is used in ES"
allow-ip-int-bind
exit
vxlan instance 1 vni 3 create
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement domain-id 64500:3
evi 3
vxlan bgp 1 vxlan-instance 1
auto-disc-route-advertisement
mh-mode network
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vpls 31 name "BD-31" customer 1 create
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:30 create
no shutdown
exit
sap 1/1/c4/1:30 create
no shutdown
exit
no shutdown
exit
vprn 30 name "VPRN-30" customer 1 create
description "IP-alias-IFF-VXLAN"
autonomous-system 64500
interface "int-BD-3" create
vpls "BD-3"
evpn-tunnel
exit
exit
interface "int-BD-31-to-VNF" create
address 10.30.2.254/24
bfd 1000 receive 1000 multiplier 3
vpls "BD-31"
exit
exit
interface "lo1" create
address 10.30.0.2/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
static-route-entry 10.30.0.1/32
next-hop 10.30.2.4
bfd-enable
no shutdown
exit
next-hop 10.30.2.5
bfd-enable
no shutdown
exit
exit
bgp
rapid-withdrawal
group "PE-CE"
neighbor 10.30.0.1
type external
local-as 64500
peer-as 64496
exit
exit
no shutdown
exit
no shutdown
exit
Similarly, on PE-3, R-VPLS "BD-3", R-VPLS "BD-31", and VPRN "VPRN-30" are configured, as follows:
# on PE-3:
onfigure
service
vpls 3 name "BD-3" customer 1 create
description "IP-alias-IFF - EVI 3 is used in ES"
allow-ip-int-bind
exit
vxlan instance 1 vni 3 create
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement domain-id 64500:3
evi 3
vxlan bgp 1 vxlan-instance 1
auto-disc-route-advertisement
mh-mode network
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vpls 31 name "BD-31" customer 1 create
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:30 create
no shutdown
exit
sap 1/1/c4/1:30 create
no shutdown
exit
no shutdown
exit
vprn 30 name "VPRN-30" customer 1 create
description "IP-alias-IFF-VXLAN"
autonomous-system 64500
interface "int-BD-3" create
vpls "BD-3"
evpn-tunnel
exit
exit
interface "int-BD-31-to-VNF" create
address 10.30.3.254/24
vpls "BD-31"
exit
exit
static-route-entry 10.30.0.1/32
next-hop 10.30.3.4
no shutdown
exit
next-hop 10.30.3.5
no shutdown
exit
exit
no shutdown
exit
The configuration on PE-4 is as follows:
# on PE-4:
configure
router Base
policy-options
begin
prefix-list "subs-pfx-30"
prefix 172.16.30.11/32 exact
prefix 172.16.30.12/32 exact
exit
policy-statement "export-subs-pfx-30"
entry 10
from
protocol direct
prefix-list "subs-pfx-30"
exit
action accept
exit
exit
exit
commit
exit
exit
service
vprn 30 name "VPRN-30" customer 1 create
autonomous-system 64496
interface "int-to-PE-2" create
address 10.30.2.4/24
bfd 1000 receive 1000 multiplier 3
sap 1/1/c2/1:30 create
exit
exit
interface "int-to-PE-3" create
address 10.30.3.4/24
sap 1/1/c1/1:30 create
exit
exit
interface "lo1" create
address 10.30.0.1/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
interface "int-subs1" create
address 172.16.30.11/32
loopback
exit
interface "int-subs2" create
address 172.16.30.12/32
loopback
exit
static-route-entry 10.30.0.2/32
next-hop 10.30.2.254
bfd-enable
no shutdown
exit
exit
bgp
rapid-withdrawal
group "PE-CE"
neighbor 10.30.0.2
type external
export "export-subs-pfx-30"
local-as 64496
peer-as 64500
exit
exit
no shutdown
exit
no shutdown
exit
The configuration on PE-5 is similar.
Verification
PE-2 receives the following BGP routes for the prefixes 172.16.30.11/32 and 172.16.30.12/32 with next-hop 10.40.0.1:
*A:PE-2# show router 30 bgp neighbor 10.30.0.1 received-routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.16.30.11/32 n/a None
10.30.0.1 None 1
64496 -
u*>i 172.16.30.12/32 n/a None
10.30.0.1 None 1
64496 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
On PE-2, the route table for VPRN-30 is as follows:
*A:PE-2# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.30.0.1/32 Remote Static 00h01m29s 5
10.30.2.4 1
10.30.0.2/32 Local Local 00h01m46s 0
lo1 0
10.30.2.0/24 Local Local 00h01m46s 0
int-BD-31-to-VNF 0
10.30.3.0/24 Remote EVPN-IFF 00h01m37s 169
int-BD-3 (ET-00:03:fe:ff:ff:40) 0
172.16.30.11/32 Remote BGP 00h00m46s 170
10.30.2.4 1
172.16.30.12/32 Remote BGP 00h00m46s 170
10.30.2.4 1
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The VPRN next-hop 10.30.0.1 is configured in the L3 ES "AA-ES-23-3", so PE-2 advertises an EVPN IP prefix route with non-zero ESI for prefixes 172.16.30.11/32 and 172.16.30.12/32 when the L3 ES is operationally up. PE-1 receives the following EVPN IP prefix route for prefix 172.16.30.11/32:
*A:PE-1# show router bgp routes evpn ip-prefix prefix 172.16.30.11/32
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.2:3 172.16.30.11/32
0 00:02:fe:ff:ff:40
192.0.2.2
VNI 3
00:00:00:23:03:00:00:00:00:00
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
When the L3 ES on PE-2 is operationally up, PE-2 advertises AD per EVI and AD per ES routes with ESI 00:00:00:23:03:00:00:00:00:00. PE-1 receives the following EVPN AD routes from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:3
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:3 00:00:00:23:03:00:00:00:00:00 192.0.2.2
0 VNI 3
u*>i 192.0.2.2:3 00:00:00:23:03:00:00:00:00:00 192.0.2.2
MAX-ET VNI 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The route table for VPRN-30 on PE-1 shows the following EVPN IFF routes. PE-1 installs prefixes 172.16.30.11/32 and 172.16.30.12/32 in ECMP sets with next-hop equal to the MAC next-hop of the backhaul VPLS "BD-3", as advertised in the received AD per EVI routes with P=1: PE-2 advertises MAC next-hop ET-00:02:fe:ff:ff:40 while PE-3 advertises MAC next-hop ET-00:03:fe:ff:ff:40 (ET stands for EVPN-Tunnel).
*A:PE-1# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.30.0.1/32 Remote EVPN-IFF 00h06m05s 169
int-to-BD-3 (ET-00:02:fe:ff:ff:40) 0
10.30.0.1/32 Remote EVPN-IFF 00h06m05s 169
int-to-BD-3 (ET-00:03:fe:ff:ff:40) 0
10.30.0.2/32 Remote EVPN-IFF 00h06m22s 169
int-to-BD-3 (ET-00:02:fe:ff:ff:40) 0
10.30.2.0/24 Remote EVPN-IFF 00h06m22s 169
int-to-BD-3 (ET-00:02:fe:ff:ff:40) 0
10.30.3.0/24 Remote EVPN-IFF 00h06m13s 169
int-to-BD-3 (ET-00:03:fe:ff:ff:40) 0
172.16.30.11/32 Remote EVPN-IFF 00h02m04s 169
int-to-BD-3 (ET-00:02:fe:ff:ff:40) 0
172.16.30.11/32 Remote EVPN-IFF 00h02m04s 169
int-to-BD-3 (ET-00:03:fe:ff:ff:40) 0
172.16.30.12/32 Remote EVPN-IFF 00h02m04s 169
int-to-BD-3 (ET-00:02:fe:ff:ff:40) 0
172.16.30.12/32 Remote EVPN-IFF 00h02m04s 169
int-to-BD-3 (ET-00:03:fe:ff:ff:40) 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
In the route table for VPRN-30 on PE-3, the routes for prefix 10.30.0.1/32, 172.16.30.11/32, and 172.16.30.12/32 have next-hop 10.30.3.4, which is an interface IP address on PE-4 in the VNF:
*A:PE-3# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.30.0.1/32 Remote Static 00h06m12s 5
10.30.3.4 1
10.30.0.2/32 Remote EVPN-IFF 00h06m10s 169
int-BD-3 (ET-00:02:fe:ff:ff:40) 0
10.30.2.0/24 Remote EVPN-IFF 00h06m10s 169
int-BD-3 (ET-00:02:fe:ff:ff:40) 0
10.30.3.0/24 Local Local 00h06m12s 0
int-BD-31-to-VNF 0
172.16.30.11/32 Remote EVPN-IFF 00h02m02s 169
10.30.3.4 0
172.16.30.12/32 Remote EVPN-IFF 00h02m02s 169
10.30.3.4 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
EVPN IP aliasing for EVPN IFF over MPLS
EVPN IP alias for EVPN IFF VPRN-40 over MPLS shows an example with EVPN IP alias 10.40.0.1 used in VPRN-40.
VPLS "BD-4" with EVPN tunnel is configured with EVI 4, which matches the EVI in the L3 ES.
Service configuration
On PE-2 and PE-3, L3 ES "AA-ES-23-4" is configured with ESI 00:00:00:23:04:00:00:00:00:00, VPRN next-hop 10.40.0.1, and EVI 4, as follows:
# on PE-2, PE-3:
configure
service
system
bgp-evpn
ethernet-segment "AA-ES-23-4" virtual create
description "AA ES with EVI of R-VPLS 4"
esi 00:00:00:23:04:00:00:00:00:00
service-carving
mode auto
exit
multi-homing all-active
vprn-next-hop 10.40.0.1 # loopback in VPRN 40 on VNF
evi
evi-range 4 # EVI in R-VPLS BD-4 on PE-1, PE-2, PE-3
exit
no shutdown
The service configuration on PE-1 is as follows:
# on PE-1:
configure
service
vpls 4 name "BD-4" customer 1 create
description "EVI 4 is used in AA-ES-23-4 on TORs"
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 4
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vprn 40 name "VPRN-40" customer 1 create
description "IP alias IFF MPLS"
ecmp 2
interface "int-to-BD-4" create
vpls "BD-4"
evpn-tunnel
exit
exit
no shutdown
The service configuration on the TOR nodes PE-2 and PE-3 is as follows:
# on PE-2:
configure
service
vpls 4 name "BD-4" customer 1 create
description "IP-alias-IFF - EVI 4 is used in ES"
allow-ip-int-bind
exit
bgp
exit
bgp-evpn
no mac-advertisement
ip-route-advertisement
evi 4
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
no shutdown
exit
vpls 41 name "BD-41" customer 1 create
allow-ip-int-bind
exit
stp
shutdown
exit
sap 1/1/c3/1:40 create
no shutdown
exit
sap 1/1/c4/1:40 create
no shutdown
exit
no shutdown
exit
vprn 40 name "VPRN-40" customer 1 create
description "IP-alias-IFF-MPLS"
autonomous-system 64500
interface "int-BD-4" create
vpls "BD-4"
evpn-tunnel
exit
exit
interface "int-BD-41-to-VNF" create
address 10.40.2.254/24 # on PE-3: 10.40.3.254/24
bfd 1000 receive 1000 multiplier 3
vpls "BD-41"
exit
exit
interface "lo1" create # on PE-3: no loopback interface
address 10.40.0.2/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
static-route-entry 10.40.0.1/32
next-hop 10.40.2.4 # on PE-3: 10.40.3.4
bfd-enable
no shutdown
exit
next-hop 10.40.2.5 # on PE-3: 10.40.3.5
bfd-enable
no shutdown
exit
exit
bgp # on PE-3: no BGP configuration in VPRN-40
rapid-withdrawal
group "PE-CE"
neighbor 10.40.0.1
type external
local-as 64500
peer-as 64496
exit
exit
no shutdown
exit
no shutdown
exit
The configuration of VPRN-40 on PE-4 is as follows:
# on PE-4:
configure
router Base
policy-options
begin
prefix-list "subs-pfx-40"
prefix 172.16.40.11/32 exact
prefix 172.16.40.12/32 exact
exit
policy-statement "export-subs-pfx-40"
entry 10
from
protocol direct
prefix-list "subs-pfx-40"
exit
action accept
exit
exit
exit
commit
exit
exit
service
vprn 40 name "VPRN-40" customer 1 create
autonomous-system 64496
interface "int-to-PE-2" create
address 10.40.2.4/24
bfd 1000 receive 1000 multiplier 3
sap 1/1/c2/1:40 create
exit
exit
interface "int-to-PE-3" create
address 10.40.3.4/24
sap 1/1/c1/1:40 create
exit
exit
interface "lo1" create
address 10.40.0.1/32
bfd 1000 receive 1000 multiplier 3
loopback
exit
interface "int-subs1" create
address 172.16.40.11/32
loopback
exit
interface "int-subs2" create
address 172.16.40.12/32
loopback
exit
static-route-entry 10.40.0.2/32
next-hop 10.40.2.254
bfd-enable
no shutdown
exit
exit
bgp
rapid-withdrawal
group "PE-CE"
neighbor 10.40.0.2
type external
export "export-subs-pfx-40"
local-as 64496
peer-as 64500
exit
exit
no shutdown
exit
no shutdown
exit
Verification
PE-2 receives BGP routes with the subscriber prefixes 172.16.40.11/32 and 172.16.40.12/32 from EBGP peer 10.40.0.1, as follows:
*A:PE-2# show router 40 bgp neighbor 10.40.0.1 received-routes
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 172.16.40.11/32 n/a None
10.40.0.1 None 1
64496 -
u*>i 172.16.40.12/32 n/a None
10.40.0.1 None 1
64496 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
The VPRN next-hop 10.40.0.1 is configured in the L3 ES, therefore, PE-2 advertises the prefixes in EVPN IP prefix routes with ESI 00:00:00:23:04:00:00:00:00:00. PE-1 receives the following IP prefix route for prefix 172.16.40.11/32:
*A:PE-1# show router bgp routes evpn ip-prefix prefix 172.16.40.11/32
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
Flag Route Dist. Prefix
Tag Gw Address
NextHop
Label
ESI
-------------------------------------------------------------------------------
u*>i 192.0.2.2:4 172.16.40.11/32
0 00:02:fe:ff:ff:41
192.0.2.2
LABEL 524279
00:00:00:23:04:00:00:00:00:00
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
When the L3 ES is operationally up on PE-2, PE-1 receives the following EVPN AD routes with ESI 00:00:00:23:04:00:00:00:00:00 from PE-2:
*A:PE-1# show router bgp routes evpn auto-disc rd 192.0.2.2:4
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP EVPN Auto-Disc Routes
===============================================================================
Flag Route Dist. ESI NextHop
Tag Label
-------------------------------------------------------------------------------
u*>i 192.0.2.2:4 00:00:00:23:04:00:00:00:00:00 192.0.2.2
0 LABEL 524279
u*>i 192.0.2.2:4 00:00:00:23:04:00:00:00:00:00 192.0.2.2
MAX-ET LABEL 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
For the EVPN IP prefix routes received with non-zero ESI, PE-1 installs the prefix in an ECMP set with next-hops equal to the MAC next-hop of the backhaul VPLS "BD-4", as provided in the received AD per EVI routes with P=1: PE-2 advertises MAC next-hop ET-00:02:fe:ff:ff:41 while PE-3 advertises MAC next-hop ET-00:03:fe:ff:ff:41. The route-table for VPRN-40 on PE-1 is as follows:
*A:PE-1# show router 40 route-table
===============================================================================
Route Table (Service: 40)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.40.0.1/32 Remote EVPN-IFF 00h06m59s 169
int-to-BD-4 (ET-00:02:fe:ff:ff:41) 0
10.40.0.1/32 Remote EVPN-IFF 00h06m59s 169
int-to-BD-4 (ET-00:03:fe:ff:ff:41) 0
10.40.0.2/32 Remote EVPN-IFF 00h07m17s 169
int-to-BD-4 (ET-00:02:fe:ff:ff:41) 0
10.40.2.0/24 Remote EVPN-IFF 00h07m17s 169
int-to-BD-4 (ET-00:02:fe:ff:ff:41) 0
10.40.3.0/24 Remote EVPN-IFF 00h07m10s 169
int-to-BD-4 (ET-00:03:fe:ff:ff:41) 0
172.16.40.11/32 Remote EVPN-IFF 00h02m36s 169
int-to-BD-4 (ET-00:02:fe:ff:ff:41) 0
172.16.40.11/32 Remote EVPN-IFF 00h02m36s 169
int-to-BD-4 (ET-00:03:fe:ff:ff:41) 0
172.16.40.12/32 Remote EVPN-IFF 00h02m36s 169
int-to-BD-4 (ET-00:02:fe:ff:ff:41) 0
172.16.40.12/32 Remote EVPN-IFF 00h02m36s 169
int-to-BD-4 (ET-00:03:fe:ff:ff:41) 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The route table for VPRN-40 on PE-3 shows that the traffic toward 172.16.40.11/32 is forwarded to 10.40.3.4 on PE-4 in the VNF, without any tromboning to PE-2.
*A:PE-3# show router 40 route-table
===============================================================================
Route Table (Service: 40)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.40.0.1/32 Remote Static 00h07m09s 5
10.40.3.4 1
10.40.0.2/32 Remote EVPN-IFF 00h07m06s 169
int-BD-4 (ET-00:02:fe:ff:ff:41) 0
10.40.2.0/24 Remote EVPN-IFF 00h07m06s 169
int-BD-4 (ET-00:02:fe:ff:ff:41) 0
10.40.3.0/24 Local Local 00h07m09s 0
int-BD-41-to-VNF 0
172.16.40.11/32 Remote EVPN-IFF 00h02m34s 169
10.40.3.4 0
172.16.40.12/32 Remote EVPN-IFF 00h02m34s 169
10.40.3.4 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Conclusion
EVPN IP aliasing allows nodes to load-balance flows to multiple nodes attached to the same prefix, even if not all of them advertise reachability to the prefix in EVPN IP prefix routes. EVPN IP aliasing requires the use of an L3 ES, which is a vES configured with a VPRN next-hop and an EVI.