AC-Influenced DF Election on an ES
This chapter provides information about Attachment Circuit (AC) influenced Designated Forwarder (DF) election on an Ethernet Segment (ES).
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 22.5.R1. Attachment Circuit (AC) influenced Designated Forwarder (DF) election on an Ethernet Segment (ES) is always enabled in SR OS releases earlier than 21.5.R1. The AC-DF election capability can be disabled in SR OS Release 21.5.R1 and later.
Overview
RFC 8584, section “The AC-Influenced DF Election Capability”, describes the AC-DF capability that modifies the EVPN DF election process in RFC 7432. RFC 8584 states that when PEs build their candidate DF election list, they do not include PEs when no Auto-Discovery (AD) per-ES or per-EVI routes for those PEs are present. In SR OS, this behavior is default for all ESs, configured as ac-df-capability include.
The ac-df-capability command is configurable in the configure service system bgp evpn ethernet-segment context:
[ex:/configure service system bgp evpn ethernet-segment "SA-ESI-23"]
A:admin@PE-2# ac-df-capability ?
ac-df-capability <keyword>
<keyword> - (include|exclude)
Default - include
AC-influenced DF election capability
Warning: Modifying this element toggles
'configure service system bgp evpn ethernet-segment "SA-ESI-23" admin-state'
automatically for the new value to take effect.
The command ac-df-capability exclude disables AC-DF on the ES, so the presence of an AD per-ES or per-EVI does not influence the candidate DF election list. When ac-df-capability exclude is configured:
- The candidate DF election list is not influenced by the presence or absence of AD per-ES/EVI routes (type 1) from the ES peers.
- PEs are only removed from the candidate DF election list when their ES route (type 4) is not present.
- The local ES route is active if there are active SAPs on the ES.
- When the local AC is operationally down, due to admin-state disable or reason other than Multi Homing (MH) standby, this does not trigger a DF switchover.
The ac-df-capability exclude option:
- is supported with any type of service-carving (DF Election)
- is recommended in ESs that use an operational group monitored by the access LAG to signal standby LACP or power-off
- must be configured consistently on all PEs attached to the same ES
AC-DF enabled – default
The following example illustrates the default behavior, where a PE builds the list of DF candidates with nodes that have sent EVPN AD per-ES/EVI routes. This behavior is compatible with the behavior in SR OS releases earlier than 21.5.R1.
PE-4 as the DF on a single-active ES for three VPLSs shows a topology with MTU-6 connected via SDPs to the single-active ES "SA-vESI-45". PE-4 is the DF for three services: VPLS 1, VPLS 2, and VPLS 3. Traffic for these services passes via PE-4, while PE-5 is standby.
When a failure occurs on the spoke-SDP in VPLS 2 on PE-4, PE-4 sends an EVPN-AD per-EVI withdrawal and PE-4 becomes the Non-Designated Forwarder (NDF) for VPLS 2, while remaining the DF for VPLS 1 and VPLS 3, as shown in AC failure in VPLS 2 on PE-4 causes PE-5 to become the DF for VPLS 2.
VPLS 2 traffic to and from MTU-6 passes via DF PE-5, while VPLS 1 and VPLS 3 traffic will pass via DF PE-4. No traffic is dropped. The AC failure in VPLS 2 does not have an impact on the other services.
Problem with AC-DF on ES with the operational group monitored by LAG
In this example, a failure in an access circuit of a particular service also impacts other services when the AC-DF capability is enabled.
PE-2 is DF on single-active ES for three VPLSs shows a single-active ES with LAG 1 associated with it. An operational group is assigned to the ES and monitored by the LAG to signal standby LACP (default) or power off. Three VPLSs are configured on PE-2 and PE-3. PE-2 is the DF for each of these VPLSs.
On NDF PE-3, the ES is inactive which causes the operational group in the ES to go down. LAG 1 monitors this operational group, so the LAG goes standby on NDF PE-3. LAG 1 has LACP standby-signaling enabled (default). On CE-1, only the LAG port to DF PE-2 is up and all traffic for the VPLSs goes via PE-2.
When the single-active ES has the default AC-DF setting (ac-df-capability include), a failure (or an unintended admin-state disable) on SAP lag-1:2 in VPLS 2 (or on the VPLS 2 service) on PE-2 can have an impact on all three services that share LAG 1. AC failure in VPLS 2 on PE-2 causes PE-3 to become DF for VPLS 2 shows that such an AC failure in VPLS 2 on PE-2 causes PE-3 to become the DF for VPLS 2 (after receiving an AD per-EVI withdrawal from PE-2).
When PE-3 is the DF for VPLS 2, the ES operational group on PE-3 goes up. Therefore, the monitoring LAG is up on PE-3. On CE-1, both LAG ports to PE-2 and PE-3 are up. CE-1 can now send all VPLS traffic via either LAG port: DF PE-2 forwards the VPLS 1 and VPLS 3 traffic whereas NDF PE-3 drops it. PE-3 accepts VPLS 2 traffic, but PE-2 drops it. Approximately 50% of the traffic is lost.
AC-DF capability disabled
Nokia recommends disabling the AC-DF capability in ESs where the operational group is monitored by the LAG. AC failure in VPLS 2 on PE-2 has no impact on DF election shows the situation with the AC-DF disabled (ac-df-capability exclude): the PEs ignore the AD per-EVI withdrawal and PE-2 remains the DF for VPLS 2.
VPLS 2 traffic is dropped by PE-2, but the other services are not impacted.
Configuration
Example topology shows the example topology with four PEs in an EVPN-MPLS network.
The initial configuration includes:
- cards, MDAs, ports
- router interfaces on the PEs and on MTU-6
- IS-IS on the router interfaces (alternatively, OSPF can be configured)
- LDP on the router interfaces
On the PEs, BGP is configured for the EVPN address family. In this example, PE-2 is the Route Reflector (RR) with the following BGP configuration:
# on PE-2:
configure {
router "Base" {
autonomous-system 64500
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
rapid-update {
evpn true
}
group "internal" {
peer-as 64500
family {
evpn true
}
cluster {
cluster-id 192.0.2.2
}
}
neighbor "192.0.2.3" {
group "internal"
}
neighbor "192.0.2.4" {
group "internal"
}
neighbor "192.0.2.5" {
group "internal"
}
}
The BGP configuration on the clients PE-3, PE-4, and PE-5 is as follows:
# on PE-3, PE-4, PE-5:
configure {
router "Base" {
autonomous-system 64500
bgp {
vpn-apply-export true
vpn-apply-import true
rapid-withdrawal true
peer-ip-tracking true
rapid-update {
evpn true
}
group "internal" {
peer-as 64500
family {
evpn true
}
}
neighbor "192.0.2.2" {
group "internal"
}
}
AC-DF capability enabled – default
On PE-2 and PE-3, operational group "op-grp-sa-es-23" is configured. This operational group is assigned to the single-active ES "SA-ESI-23" and monitored on LAG 1.
On PE-2, LAG 1 is configured as follows. The LAG configuration on PE-3 is similar, but with port 1/1/1 instead.
# on PE-2:
configure {
lag "lag-1" {
admin-state enable
encap-type dot1q
mode access
# standby-signaling lacp # default
monitor-oper-group "op-grp-sa-es-23"
max-ports 64
lacp {
mode active
system-id 00:00:00:00:23:01
administrative-key 1
}
port 1/1/2 {
}
}
On PE-2 and PE-3, three VPLS services are configured with SAPs from LAG 1, which is associated with single-active ES "SA-ESI-23". This ES is configured with the operational group "op-grp-sa-es-23" that is monitored by LAG 1. The operational group triggers the LACP standby signaling from the NDF PE to CE-1 to avoid attracting traffic.
The service configuration on PE-2 and PE-3 is similar; only the preference value for the service carving in the ES is different.
When an operational group is associated with an ES, the hold timers for the operational group must be zero (the default value).
# on PE-2:
configure {
service {
oper-group "op-grp-sa-es-23" {
hold-time {
## down # default 0
up 0
}
}
system {
bgp {
evpn {
ethernet-segment "SA-ESI-23" {
admin-state enable
esi 01:00:00:00:00:23:01:00:00:01
multi-homing-mode single-active
oper-group "op-grp-sa-es-23"
# ac-df-capability include # default
df-election {
service-carving-mode manual
manual {
preference {
mode non-revertive
value 200 # on PE-3: preference value 100
}
}
}
association {
lag "lag-1" {
}
}
}
}
}
}
vpls "VPLS 1" {
admin-state enable
service-id 1
customer "1"
bgp 1 {
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
sap lag-1:1 {
}
}
vpls "VPLS 2" {
admin-state enable
service-id 2
customer "1"
bgp 1 {
}
bgp-evpn {
evi 2
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
sap lag-1:2 {
}
}
vpls "VPLS 3" {
admin-state enable
service-id 3
customer "1"
bgp 1 {
}
bgp-evpn {
evi 3
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
sap lag-1:3 {
}
}
On PE-4 and PE-5, single-active virtual ES "SA-vESI-45" is configured. No operational group is configured here. The service configuration on PE-4 is as follows. The configuration on PE-5 is similar, but with a different SDP and a different preference value for service carving.
# on PE-4:
configure {
service {
system {
bgp {
evpn {
ethernet-segment "SA-vESI-45" {
admin-state enable
type virtual
esi 0x01000000004501000001
multi-homing-mode single-active
# ac-df-capability include # default
df-election {
service-carving-mode manual
manual {
preference {
value 200 # on PE-5: value 100
}
}
}
association {
sdp 46 {
virtual-ranges {
vc-id 1 {
end 3
}
}
}
}
}
}
}
}
sdp 46 { # on PE-5: sdp 56
admin-state enable
delivery-type mpls
ldp true
far-end {
ip-address 192.0.2.6
}
}
vpls "VPLS 1" {
admin-state enable
service-id 1
customer "1"
bgp 1 {
}
bgp-evpn {
evi 1
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
spoke-sdp 46:1 { # on PE-5: spoke-sdp 56:1
}
}
vpls "VPLS 2" {
admin-state enable
service-id 2
customer "1"
bgp 1 {
}
bgp-evpn {
evi 2
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
spoke-sdp 46:2 { # on PE-5: spoke-sdp 56:2
}
}
vpls "VPLS 3" {
admin-state enable
service-id 3
customer "1"
bgp 1 {
}
bgp-evpn {
evi 3
mpls 1 {
admin-state enable
ingress-replication-bum-label true
ecmp 2
auto-bind-tunnel {
resolution any
}
}
}
spoke-sdp 46:3 { # on PE-5: spoke-sdp 56:3
}
}
With the AC-DF capability enabled (default), the PEs send ES routes with AC:1 in the extended community for DF election. The following ES route is received by PE-3 from PE-2:
10 2022/06/08 15:38:15.005 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.2:0 ESI: 01:00:00:00:00:23:01:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.2
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:1
target:00:00:00:00:23:01
The remainder of the chapter focuses on PE-2 and PE-3, where an AC failure in one of the services can have an impact on the other services using the same LAG.
DF election
PE-2 is the highest-preference PE in the ES and becomes the DF (preference value 200 on PE-2 versus preference value 100 on PE-3). In case of equal preference value between PE-2 and PE-3, the Don't Preempt (DP) bit is the tiebreaker (DP = 1 for non-revertive wins over DP = 0); if that is also a tie, the lowest PE IP address is the tiebreaker.
The following command shows that PE-2 is the DF for all three VPLSs. The candidate list contains both PE-2 and PE-3 for each of these VPLSs.
[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : SA-ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:01:00:00:01
Oper ESI : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : singleActive Oper Multi-homing : singleActive
ES SHG Label : 524276
Source BMAC LSB : None
Lag : lag-1
ES Activation Timer : 3 secs (default)
Oper Group : op-grp-sa-es-23
Svc Carving : manual Oper Svc Carving : manual
Cfg Range Type : lowest-pref
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference Preference Last Admin Change Oper Pref Do No
Mode Value Value Preempt
-------------------------------------------------------------------------------
non-revertive 200 06/08/2022 15:38:15 200 Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 yes
2 2 0 yes
3 3 0 yes
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.2
1 192.0.2.3
2 192.0.2.2
2 192.0.2.3
3 192.0.2.2
3 192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
The same command on PE-3 shows that PE-3 is NDF for the three VPLSs and the DF candidate list is identical to the one on PE-2:
[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : SA-ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:01:00:00:01
Oper ESI : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type : None
AC DF Capability : Include
Multi-homing : singleActive Oper Multi-homing : singleActive
ES SHG Label : 524276
Source BMAC LSB : None
Lag : lag-1
ES Activation Timer : 3 secs (default)
Oper Group : op-grp-sa-es-23
Svc Carving : manual Oper Svc Carving : manual
Cfg Range Type : lowest-pref
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference Preference Last Admin Change Oper Pref Do No
Mode Value Value Preempt
-------------------------------------------------------------------------------
non-revertive 100 06/08/2022 15:38:44 100 Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 no
2 2 0 no
3 3 0 no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.2
1 192.0.2.3
2 192.0.2.2
2 192.0.2.3
3 192.0.2.2
3 192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
Operational group status
PE-2 is the DF, so the ES "SA-ESI-23" is active, the operational group "op-grp-sa-es-23" is operationally up, and the monitoring LAG 1 is operationally up.
[/]
A:admin@PE-2# show service oper-group "op-grp-sa-es-23" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-sa-es-23
Creation Origin : manual Oper Status: up
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-23 Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
1 up up No 0 1 N/A
lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
PE-3 is NDF, so the ES "SA-ESI-23" is inactive, the operational group "op-grp-sa-es-23" is operationally down, and the monitoring LAG 1 is operationally down:
[/]
A:admin@PE-3# show service oper-group "op-grp-sa-es-23" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-sa-es-23
Creation Origin : manual Oper Status: down
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-23 Inactive
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
1 up down No 0 0 N/A
lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
LAG port status
On DF PE-2, LAG port 1/1/2 toward CE-1 is operationally up:
[/]
A:admin@PE-2# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/2 up active up yes 1 - 32768
===============================================================================
On NDF PE-3, LAG port 1/1/1 toward CE-1 is operationally down:
[/]
A:admin@PE-3# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/1 up active down yes 1 - 32768
===============================================================================
On CE-1, LAG port 1/1/1 toward DF PE-2 is operationally up while LAG port 1/1/2 toward NDF PE-3 is down:
[/]
A:admin@CE-1# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/1 up active up yes 1 - 32768
1/1/2 up active down 1 - 32768
===============================================================================
AD per-EVI route withdrawal
A failure is simulated by disabling SAP lag-1:2 in VPLS 2 on PE-2:
# on PE-2:
configure {
service {
vpls "VPLS 2" {
sap lag-1:2 {
admin-state disable
PE-2 withdraws the EVPN-AD per-EVI route. The following withdrawal is received by PE-3:
77 2022/06/08 15:44:59.536 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 69
Flag: 0x90 Type: 15 Len: 65 Multiprotocol Unreachable NLRI:
Address Family EVPN
Type: EVPN-MAC Len: 33 RD: 192.0.2.2:2 ESI: ESI-0, tag: 0, mac len: 48 mac: 00:00:00:00:02:01, IP len: 0, IP: NULL, label1: 0
Type: EVPN-AD Len: 25 RD: 192.0.2.2:2 ESI: 01:00:00:00:00:23:01:00:00:01, tag: 0 Label: 0 (Raw Label: 0x0) PathId:
"
The following command on PE-3 shows that the list of DF candidates no longer includes PE-2 in the DF candidate list for VPLS 2 and that PE-3 is the DF for VPLS 2, while remaining the NDF for VPLS 1 and VPLS 3.
[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all | match "EVI Information" pre-lines 2 post-lines 24
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 no
2 2 0 yes
3 3 0 no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.2
1 192.0.2.3
2 192.0.2.3
3 192.0.2.2
3 192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 5
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================
When PE-3 becomes the DF for one of the services, the ES "SA-ESI-23" is active and the operational group "op-grp-sa-es-23" and LAG 1 are up, as follows:
[/]
A:admin@PE-3# show service oper-group "op-grp-sa-es-23" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-sa-es-23
Creation Origin : manual Oper Status: up
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-23 Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
1 up up No 0 1 N/A
lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
On PE-3, LAG port 1/1/1 toward CE-1 is up:
[/]
A:admin@PE-3# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/1 up active up yes 1 - 32768
===============================================================================
PE-2 remains the DF for VPLS 1 and VPLS 3:
[/]
A:admin@PE-2# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all | match "EVI Information" pre-lines 2 post-lines 24
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 yes
2 2 0 no
3 3 0 yes
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.2
1 192.0.2.3
2 192.0.2.3
3 192.0.2.2
3 192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 5
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
===============================================================================
On PE-2, ES "SA-ESI-23" remains active, so the operational group "op-grp-sa-es-23" is up and the monitoring LAG is also up:
[/]
A:admin@PE-2# show service oper-group "op-grp-sa-es-23" detail
===============================================================================
Service Oper Group Information
===============================================================================
Oper Group : op-grp-sa-es-23
Creation Origin : manual Oper Status: up
Hold DownTime : 0 secs Hold UpTime: 0 secs
Members : 1 Monitoring : 1
===============================================================================
===============================================================================
Member Ethernet-Segment for OperGroup: op-grp-sa-es-23
===============================================================================
Ethernet-Segment Status
-------------------------------------------------------------------------------
SA-ESI-23 Active
-------------------------------------------------------------------------------
Ethernet-Segment Entries found: 1
===============================================================================
===============================================================================
Monitoring LAG for OperGroup: op-grp-sa-es-23
===============================================================================
Lag-id Adm Opr Weighted Threshold Up-Count Act/Stdby
name
-------------------------------------------------------------------------------
1 up up No 0 1 N/A
lag-1
-------------------------------------------------------------------------------
LAG Entries found: 1
===============================================================================
port option not supported with monitoring
The following commands on PE-2 shows that SAP lag-1:1 in VPLS 1 is up, SAP lag-1:2 in VPLS 2 is down (as it might be due to a failure or misconfiguration), and SAP lag-1:3 in VPLS 3 is up:
[/]
A:admin@PE-2# show service id 1 sap
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:1 1 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
[/]
A:admin@PE-2# show service id 2 sap
===============================================================================
SAP(Summary), Service 2
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:2 2 1 none 1 none Down Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
[/]
A:admin@PE-2# show service id 3 sap
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:3 3 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
On PE-3, lag-1:2 is up while lag-1:1 and lag-1:3 are down, as follows:
[/]
A:admin@PE-3# show service sap-using sap lag-1
===============================================================================
Service Access Points
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:1 1 1 none 1 none Up Down
lag-1:2 2 1 none 1 none Up Up
lag-1:3 3 1 none 1 none Up Down
-------------------------------------------------------------------------------
Number of SAPs : 3
-------------------------------------------------------------------------------
===============================================================================
On CE-1, both ports in LAG 1 are up:
[/]
A:admin@CE-1# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/1 up active up yes 1 - 32768
1/1/2 up active up 1 - 32768
===============================================================================
All traffic can take either LAG port, but PE-2 only forwards traffic for VPLS 1 and VPLS 3, while PE-3 only forwards traffic for VPLS 2. Traffic from VPLS 1 or VPLS 3 via port 1/1/2 to PE-3 is dropped by PE-3 because it is the NDF for VPLS 1 and VPLS 3. VPLS 2 traffic via LAG port 1/1/1 to PE-2 is dropped because SAP lag-1:2 is down (failure). This means that approximately 50% of the traffic is lost.
Potential loss on a single service under maintenance is acceptable but affecting other services on the same node is not acceptable. The solution is to disable the AC-DF capability.
AC-DF capability disabled
The default use of the AC-DF capability in SR OS is disabled on PE-2 and PE-3:
# on PE-2, PE-3:
configure {
service {
system {
bgp {
evpn {
ethernet-segment "SA-ESI-23" {
ac-df-capability exclude
With AC-DF disabled, ES routes contain AC:0 in the DF-election extended community, as follows:
# on PE-3:
142 2022/06/08 15:54:10.390 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.2
"Peer 1: 192.0.2.2: UPDATE
Peer 1: 192.0.2.2 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 71
Flag: 0x90 Type: 14 Len: 34 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-ETH-SEG Len: 23 RD: 192.0.2.2:0 ESI: 01:00:00:00:00:23:01:00:00:01, IP-Len: 4 Orig-IP-Addr: 192.0.2.2
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
df-election::DF-Type:Preference/DP:1/DF-Preference:200/AC:0
target:00:00:00:00:23:01
"
With the AC-DF capability disabled, the withdrawal of EVPN-AD routes does not influence the DF election. In this example, PE-2 remains the DF for all services, including VPLS 2, even when traffic for that service is dropped by PE-2. The following command shows that the DF candidate list on PE-3 contains six entries: even for VPLS 2, PE-2 is included in the list. PE-3 is the NDF for all three services.
[/]
A:admin@PE-3# show service system bgp-evpn ethernet-segment name "SA-ESI-23" all
===============================================================================
Service Ethernet Segment
===============================================================================
Name : SA-ESI-23
Eth Seg Type : None
Admin State : Enabled Oper State : Up
ESI : 01:00:00:00:00:23:01:00:00:01
Oper ESI : 01:00:00:00:00:23:01:00:00:01
Auto-ESI Type : None
AC DF Capability : Exclude
Multi-homing : singleActive Oper Multi-homing : singleActive
ES SHG Label : 524275
Source BMAC LSB : None
Lag : lag-1
ES Activation Timer : 3 secs (default)
Oper Group : op-grp-sa-es-23
Svc Carving : manual Oper Svc Carving : manual
Cfg Range Type : lowest-pref
-------------------------------------------------------------------------------
DF Pref Election Information
-------------------------------------------------------------------------------
Preference Preference Last Admin Change Oper Pref Do No
Mode Value Value Preempt
-------------------------------------------------------------------------------
non-revertive 100 06/08/2022 15:38:44 100 Enabled
-------------------------------------------------------------------------------
EVI Ranges: <none>
ISID Ranges: <none>
===============================================================================
===============================================================================
EVI Information
===============================================================================
EVI SvcId Actv Timer Rem DF
-------------------------------------------------------------------------------
1 1 0 no
2 2 0 no
3 3 0 no
-------------------------------------------------------------------------------
Number of entries: 3
===============================================================================
-------------------------------------------------------------------------------
DF Candidate list
-------------------------------------------------------------------------------
EVI DF Address
-------------------------------------------------------------------------------
1 192.0.2.2
1 192.0.2.3
2 192.0.2.2
2 192.0.2.3
3 192.0.2.2
3 192.0.2.3
-------------------------------------------------------------------------------
Number of entries: 6
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
---snip---
On NDF PE-3, the single-active ES "SA-ESI-23" is inactive and the ES operational group is down. The monitoring LAG is also operationally down.
On CE-1, LAG port 1/1/2 toward PE-3 is down:
[/]
A:admin@CE-1# show lag "lag-1" port
===============================================================================
Lag Port States
LACP Status: e - Enabled, d - Disabled
===============================================================================
Name
Id Port-id Adm Act/ Opr Primary Sub-group Forced Prio
Stdby
-------------------------------------------------------------------------------
lag-1
1(e) 1/1/1 up active up yes 1 - 32768
1/1/2 up active down 1 - 32768
===============================================================================
CE-1 sends all traffic via LAG port 1/1/1 to PE-2. VPLS 1 and VPLS 3 traffic is forwarded by DF PE-2, whereas VPLS 2 traffic is dropped. Therefore, the failure does not have an impact on the other services.
On PE-2, SAP lag-1:1 in VPLS 1 and SAP lag-1:3 in VPLS 3 are operationally up:
[/]
A:admin@PE-2# show service id 1 sap
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:1 1 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
[/]
A:admin@PE-2# show service id 3 sap
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:3 3 1 none 1 none Up Up
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
On PE-3, all SAPs in the VPLSs are down:
[/]
A:admin@PE-3# show service id 2 base
===============================================================================
Service Basic Information
===============================================================================
Service Id : 2 Vpn Id : 0
Service Type : VPLS
MACSec enabled : no
Name : VPLS 2
---snip---
Admin State : Up Oper State : Up
---snip---
-------------------------------------------------------------------------------
Service Access & Destination Points
-------------------------------------------------------------------------------
Identifier Type AdmMTU OprMTU Adm Opr
-------------------------------------------------------------------------------
sap:lag-1:2 q-tag 1518 1518 Up Down
===============================================================================
* indicates that the corresponding row element may have been truncated.
[/]
A:admin@PE-3# show service id 1 sap
===============================================================================
SAP(Summary), Service 1
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:1 1 1 none 1 none Up Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
[/]
A:admin@PE-3# show service id 3 sap
===============================================================================
SAP(Summary), Service 3
===============================================================================
PortId SvcId Ing. Ing. Egr. Egr. Adm Opr
QoS Fltr QoS Fltr
-------------------------------------------------------------------------------
lag-1:3 3 1 none 1 none Up Down
-------------------------------------------------------------------------------
Number of SAPs : 1
-------------------------------------------------------------------------------
===============================================================================
Conclusion
By default, the AC-DF capability is enabled. Disabling the AC-DF capability is recommended in ESs that use an operational group monitored by the access LAG to signal standby LACP or power-off.