Domain Path Attribute for VPRN BGP Routes

This chapter provides information about the domain path attribute for VPRN BGP routes.

Topics in this chapter include:

Applicability

The information and configuration in this chapter are based on SR OS Release 22.7.R1. The domain path (D-path) attribute is supported in SR OS Release 21.10.R1 and later.

Overview

The D-path attribute can be used for route traceability, BGP best path selection, and loop prevention in networks that expand multiple IP-VPN and EVPN domains.

The D-path attribute is a sequence of domain segments, where each domain segment is represented by a domain ID in combination with an inter-subnet forwarding (ISF) subaddress family indicator (SAFI). The D-path attribute is added or modified by gateways (GWs) that import BGP-EVPN route type 5 (RT-5) or IP-VPN routes into a VPRN route table and export these prefixes as BGP-EVPN RT-5 or IP-VPN routes to their neighbors. Any PE that imports a prefix route does not install the route in the VPRN route table if the D-path attribute contains a domain segment where the domain ID matches a local domain ID, as shown in the figure Loop prevention in networks with multiple IP-VPN and EVPN domains.

Figure 1. Loop prevention in networks with multiple IP-VPN and EVPN domains

All PEs in the figure Loop prevention in networks with multiple IP-VPN and EVPN domains are GWs. PE-4 exports local prefix 10.0.0.0/24 as an EVPN RT-5 route without the D-path attribute when no domain ID is configured for local routes. PE-3 accepts this route. Domain ID 64496:1 is defined in PE-4 and PE-3, but the domain segment 64496:1:(evpn) is only added by GW PE-3 where the prefix is exported as an IP-VPN route instead of an EVPN RT-5 route. GW PE-2 accepts this route and modifies the D-path attribute by prepending domain segment 64496:2:(ipvpn) when exporting prefix 10.0.0.0/24 as an EVPN RT-5 route. PE-1 accepts this route. When PE-1 exports the prefix as an EVPN RT-5 route to PE-4, it prepends domain segment 64496:3:(evpn) to the D-path attribute. The VRF on PE-4 cannot import this prefix because the D-path attribute contains domain ID 64496:1, which is defined on PE-4.

The figure D-path attribute shows the D-path attribute as defined in draft-ietf-bess-evpn-ipvpn-interworking.

Figure 2. D-path attribute

The D-path attribute is composed of a sequence of domain segments. Each domain segment consists of a domain ID and a SAFI type. The domain ID represents the domain and is composed of a 4-octet global administrator subfield and a 2-octet local administrator subfield. The global administrator subfield must have a value that is unique for the domain; for example, an autonomous system number (ASN). The 1-octet SAFI field can have the following values:

  • 0 for local ISF routes
  • 1 for PE-CE BGP domains
  • 70 for EVPN domains
  • 128 for IP-VPN domains

The domain ID can be configured on:

  • VPRN BGP-EVPN MPLS and BGP-EVPN SRv6 instances (EVPN interface-less (EVPN-IFL))
  • VPRN BGP-IPVPN MPLS and BGP-IPVPN SRv6 instances
  • R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances (EVPN interface-ful (EVPN-IFF))
  • VPRN BGP neighbors (PE-CE)
  • VPRN level (for local routes). When configured on the VPRN level, using the optional local-routes-domain-id command, the PE advertises its direct, static, or IGP routes with a D-path attribute.

Domain IDs can be modified while the service is operational. Modifying the domain ID initiates a route refresh for all address families associated with the VPRN.

A PE receiving a prefix route with a D-path attribute containing one of its own domain IDs detects a routing loop and does not install the route in the VPRN route table.

The D-path attribute length can influence the BGP best path selection. In the BGP decision process, the shorter D-path is preferred, unless the d-path-length-ignore command is configured.

Configuration

The figure Example topology with VPRN 10 and its domain IDs shows an example topology where PE-6 exports EVPN RT-5 routes 172.31.6.0/24 and 2001:db8::31:6:0/120 to route reflector RR-5, whereas PE-7 exports IP-VPN routes 172.31.7.0/24 and 2001:db8::31:7:0/120 to RR-5. LDP tunnels are used between PE-4, RR-5, PE-6, and PE-7; SRv6 tunnels are used between PE-2, PE-3, and PE-4; SR-OSPF tunnels are used between PE-1, PE-2, and PE-3.

Figure 3. Example topology with VPRN 10 and its domain IDs

The initial configuration includes:

  • cards, MDAs, ports
  • router interfaces
  • OSPF as IGP on PE-1, PE-2, and PE-3
  • IS-IS as IGP on PE-2, PE-3, PE-4, RR-5, PE-6, and PE-7
  • SR-OSPF on PE-1, PE-2, and PE-3
  • SRv6 on PE-2, PE-3, and PE-4, configured as in the "Segment Routing over IPv6" chapter in the 7750 SR and 7950 XRS Segment Routing and PCE Advanced Configuration Guide for MD CLI.
  • LDP on PE-4, RR-5, PE-6, and PE-7

The BGP configuration on PE-1 is as follows:

# on PE-1:
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                evpn true
            }
            group "internal1" {
                type internal
                family {
                    evpn true
                }
            }
            neighbor "192.0.2.2" {
                group "internal1"
            }
            neighbor "192.0.2.3" {
                group "internal1"
            }
        }
# on PE-2 (similar configuration on PE-3):
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            router-id 192.0.2.2             # on PE-3: 192.0.2.3
            advertise-inactive true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                vpn-ipv4 true
                vpn-ipv6 true
                evpn true
            }
            group "internal1" {
                next-hop-self true
                type internal
                local-address 192.0.2.2        # on PE-3: 192.0.2.3
                family {
                    evpn true
                }
            }
            group "internal2" {
                next-hop-self true
                type internal
                local-address 2001:db8::2:2     # on PE-3: 2001:db8::2:3
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                }
                extended-nh-encoding {
                    vpn-ipv4 true
                    ipv4 true
                }
                advertise-ipv6-next-hops {
                    vpn-ipv6 true
                    vpn-ipv4 true
                }
            }
            neighbor "192.0.2.1" {
                group "internal1"
            }
            neighbor "192.0.2.3" {            # on PE-3: 192.0.2.2
                group "internal1"
            }
            neighbor "2001:db8::2:3" {        # on PE-3: 2001:db8::2:2
                group "internal2"
            }
            neighbor "2001:db8::2:4" {
                group "internal2"
            }
        }
# on PE-4:
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            router-id 192.0.2.4
            advertise-inactive true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                vpn-ipv4 true
                vpn-ipv6 true
                evpn true
            }
            group "internal2" {
                next-hop-self true
                type internal
                local-address 2001:db8::2:4
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                }
                extended-nh-encoding {
                    vpn-ipv4 true
                    ipv4 true
                }
                advertise-ipv6-next-hops {
                    vpn-ipv6 true
                    vpn-ipv4 true
                }
            }
            group "internal3" {
                next-hop-self true
                type internal
                local-address 192.0.2.4
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                    evpn true
                }
            }
            neighbor "192.0.2.5" {
                group "internal3"
            }
            neighbor "2001:db8::2:2" {
                group "internal2"
            }
            neighbor "2001:db8::2:3" {
                group "internal2"
            }
        }
# on RR-5: only EVPN toward PE-6; only IP-VPN toward PE-7:
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                vpn-ipv4 true
                vpn-ipv6 true
                evpn true
            }
            group "internal3" {
                type internal
                cluster {
                    cluster-id 192.0.2.5
                }
            }
            neighbor "192.0.2.4" {
                group "internal3"
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                    evpn true
                }
            }
            neighbor "192.0.2.6" {
                group "internal3"
                family {
                    evpn true
                }
            }
            neighbor "192.0.2.7" {
                group "internal3"
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                }
            }
        }
# on PE-6:
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                evpn true
            }
            group "internal3" {
                type internal
            }
            neighbor "192.0.2.5" {
                group "internal3"
                family {
                    evpn true
                }
            }
        }
# on PE-7:
configure {
    router "Base" {
        autonomous-system 64496
        bgp {
            vpn-apply-export true
            vpn-apply-import true
            rapid-withdrawal true
            peer-ip-tracking true
            split-horizon true
            rapid-update {
                vpn-ipv4 true
                vpn-ipv6 true
            }
            group "internal3" {
                type internal
            }
            neighbor "192.0.2.5" {
                group "internal3"
                family {
                    vpn-ipv4 true
                    vpn-ipv6 true
                }
            }
        }

Domain IDs in VPRN BGP-EVPN MPLS and SRv6 instances

On PE-1, VPRN 10 is configured without domain ID in the bgp-evpn mpls 1 context:

# on PE-1:
configure {
    service {
        vprn "VPRN 10" {
            admin-state enable
            service-id 10
            customer "1"
            autonomous-system 64496
            bgp-evpn {
                mpls 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.1:10"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            sr-ospf true
                        }
                    }
                }
            }
            interface "int-PE-1-CE-11" {
                ipv4 {
                    primary {
                        address 172.31.1.1
                        prefix-length 24
                    }
                }
                sap 1/1/c5/1:10 {
                }
                ipv6 {
                    address 2001:db8::31:1:1 {
                        prefix-length 120
                    }
                }
            }
        }

Domain ID 64496:1010 is configured in the bgp-evpn mpls 1 context on GWs PE-2 and PE-3, whereas domain ID 64496:1020 is configured in the bgp-ipvpn segment-routing-v6 context on PE-2, PE-3, and PE-4. Domain ID 64496:1030 is configured for IP-VPN and for BGP-EVPN on PE-4.

On PE-2, VPRN 10 is configured as follows. The configuration on PE-3 is similar.

# on GW PE-2:
configure {
    service {
         vprn "VPRN 10" {
            admin-state enable
            service-id 10
            customer "1"
            autonomous-system 64496
            segment-routing-v6 1 {
                locator "PE-2_loc" {                      # on PE-3:"PE-3_loc"
                    function {
                        end-dt4 {
                        }
                        end-dt6 {
                        }
                    }
                }
            }
            bgp-evpn {
                mpls 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.2:10"   # on PE-3: 192.0.2.3:10
                    domain-id "64496:1010"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            sr-ospf true
                        }
                    }
                }
            }
            bgp-ipvpn {
                segment-routing-v6 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.2:16"   # on PE-3: 192.0.2.3:16
                    source-address 2001:db8::2:2         # on PE-3: 2001:db8::2:3
                    domain-id "64496:1020"
                    vrf-target {
                        community "target:64496:10"
                    }
                    srv6 {
                        instance 1
                        default-locator "PE-2_loc"       # on PE-3:"PE-3_loc"
                    }
                }
            }
        }

On GW PE-4, VPRN 10 is configured with two domain IDs: domain ID 1020 for IP-VPN over SRv6 and domain ID 1030 for IP-VPN over MPLS and for EVPN over MPLS.

# on GW PE-4:
configure {
    service {
        vprn "VPRN 10" {
            admin-state enable
            service-id 10
            customer "1"
            autonomous-system 64496
            allow-export-bgp-vpn true
            segment-routing-v6 1 {
                locator "PE-4_loc" {
                    function {
                        end-dt4 {
                        }
                        end-dt6 {
                        }
                    }
                }
            }
            bgp-evpn {
                mpls 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.4:10"
                    domain-id "64496:1030"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            ldp true
                        }
                    }
                }
            }
            bgp-ipvpn {
                mpls {
                    admin-state enable
                    route-distinguisher "192.0.2.4:10"
                    domain-id "64496:1030"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            ldp true
                        }
                    }
                }
                segment-routing-v6 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.4:16"
                    source-address 2001:db8::2:4
                    domain-id "64496:1020"
                    vrf-target {
                        community "target:64496:10"
                    }
                    srv6 {
                        instance 1
                        default-locator "PE-4_loc"
                    }
                }
            }
     
Note:

When a VPRN is configured with allow-export-bgp-vpn, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or similar instability.

In addition, allow-export-bgp-vpn must never be used in a VPRN service with a route distinguisher that is used in other PEs attached to the same service. If the same route distinguisher is used in this case, constant route flaps will occur.

For completeness, the configuration on VPRN 10 on PE-6 and PE-7 is also shown. PE-6 has no domain ID configured:

# on PE-6:
configure {
    service {
        vprn "VPRN 10" {
            admin-state enable
            service-id 10
            customer "1"
            autonomous-system 64496
            bgp-evpn {
                mpls 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.6:10"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            ldp true
                        }
                    }
                }
            }
            interface "int-PE-6-CE-16" {
                ipv4 {
                    primary {
                        address 172.31.6.1
                        prefix-length 24
                    }
                }
                sap 1/1/c5/1:10 {
                }
                ipv6 {
                    address 2001:db8::31:6:1 {
                        prefix-length 120
                    }
                }
            }
        }

PE-7 does not have a domain ID configured in the bgp-ipvpn mpls context, but it has a local domain ID configured: 64496:1007:

# on PE-7:
configure {
    service {
        vprn "VPRN 10" {
            admin-state enable
            service-id 10
            customer "1"
            autonomous-system 64496
            local-routes-domain-id "64496:1007"
            bgp-ipvpn {
                mpls {
                    admin-state enable
                    route-distinguisher "192.0.2.7:10"
                    vrf-target {
                        community "target:64496:10"
                    }
                    auto-bind-tunnel {
                        resolution filter
                        resolution-filter {
                            ldp true
                        }
                    }
                }
            }
            interface "int-PE-7-CE-17" {
                ipv4 {
                    primary {
                        address 172.31.7.1
                        prefix-length 24
                    }
                }
                sap 1/1/c5/1:10 {
                }
                ipv6 {
                    address 2001:db8::31:7:1 {
                        prefix-length 120
                    }
                }
            }
        }

The following commands on PE-4 display the domain ID for BGP-IPVPN and BGP-EVPN. For BGP-IPVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain and domain ID 64496:1020 is configured in the SRv6 domain:

[/]
A:admin@PE-4# show service id 10 bgp-ipvpn
 
===============================================================================
Service 10 BGP-IPVPN MPLS Information
===============================================================================
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : None
Oper Route Dist   : 192.0.2.4:10
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Impor: None
Route Target Expor: None
Domain-Id         : 64496:1030
Dyn Egr Lbl Limit : Disabled
 
Auto-Bind Tunnel
Resolution        : disabled            Strict Tnl Tag    : False
ECMP              : 0                   Flex Algo FB      : False
Weighted ECMP     : False
BGP Instance      : 1
Filter Tunnel Type: (Not Specified)
===============================================================================
 
===============================================================================
Service 10 BGP-IPVPN Segment-Routing-V6 Information
===============================================================================
 
Admin State       : Up
VRF Import        : None
VRF Export        : None
Route Dist.       : 192.0.2.4:16
Oper Route Dist   : 192.0.2.4:16
Oper RD Type      : configured
Route Target      : target:64496:10
Route Target Expor: None
Route Target Impor: None
Def Route Tag     : 0x0
Route Resolution  : route-table
 
Srv6 Instance     : 1
Default Locator   : PE-4_loc
Source Address    : 2001:db8::2:4
Domain-Id         : 64496:1020
 
===============================================================================

For BGP-EVPN, domain ID 64496:1030 is configured in the EVPN-MPLS domain:

[/]
A:admin@PE-4# show service id 10 bgp-evpn
 
===============================================================================
BGP EVPN MPLS Table
===============================================================================
Admin State        : Up
VRF Import         : None
VRF Export         : None
Route Dist.        : 192.0.2.4:10
Oper Route Dist.   : 192.0.2.4:10
Oper RD Type       : configured
Route Target       : target:64496:10
Route Target Import: None
Route Target Export: None
Default Route Tag  : None
Domain-Id          : 64496:1030
Dyn Egr Lbl Limit  : Disabled
 
Advertise          : Disabled
Weighted ECMP      : Disabled
 
Auto-Bind Tunnel
Resolution         : filter                 Strict Tnl Tag : False
ECMP               : 1                      Flex Algo FB   : False
BGP Instance       : 1
Filter Tunnel Types: ldp
 
Tunnel Encap
MPLS               : True                   MPLSoUDP       : False
===============================================================================

VPRN BGP routes for prefix 172.31.6.0/24

PE-6 advertises prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on PE-6:
2 2022/09/06 10:46:07.053 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 82
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS

RR-5 forwards prefix 172.31.6.0/24 as an EVPN-IFL route without the D-path attribute, as follows:

# on RR-5:
12 2022/09/06 10:46:07.053 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 96
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.6
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.6:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
"

PE-4 adds a D-path attribute when advertising prefix 172.31.6.0/24 as a VPN-IPv4 route to PE-2 (or PE-3):

29 2022/09/06 10:46:07.055 CEST MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2:2
"Peer 1: 2001:db8::2:2: UPDATE
Peer 1: 2001:db8::2:2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 98
    Flag: 0x90 Type: 14 Len: 44 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 24 NextHop 2001:db8::2:4
        172.31.6.0/24 RD 192.0.2.4:10 Label 524281 (Raw label 0x7fff91)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1030:(evpn)]
"

PE-2 prepends domain segment 64496:1020:(ipvpn) to the D-path attribute when advertising prefix 172.31.6.0/24 in an EVPN-IFL route to PE-1:

# on PE-2:
21 2022/09/06 10:46:07.056 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 115
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.6.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.6
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 16 D-PATH:[64496:1020:(ipvpn)][64496:1030:(evpn)]
"

The figure VPRN BGP routes for prefix 172.31.6.0/24 shows the D-path attribute in the BGP routes for prefix 172.31.6.0/24:

Figure 4. VPRN BGP routes for prefix 172.31.6.0/24

The figure VPRN BGP routes for prefix 172.31.7.0/24 similarly shows the D-path attribute in the BGP routes for prefix 172.31.7.0/24:

Figure 5. VPRN BGP routes for prefix 172.31.7.0/24

In VPRN 10 on PE-6, no local domain ID is configured, whereas in VPRN 10 on PE-7, the local domain ID 64496:1007 is configured for the routes local to PE-7.

The following BGP update shows that PE-7 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with a D-path attribute containing the domain segment 64496:1007:(local).

# on PE-7:
5 2022/09/06 10:46:12.896 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.5
"Peer 1: 192.0.2.5: UPDATE
Peer 1: 192.0.2.5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 72
    Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
        Address Family VPN_IPV4
        NextHop len 12 NextHop 192.0.2.7
        172.31.7.0/24 RD 192.0.2.7:10 Label 524282 (Raw label 0x7fffa1)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 8 Extended Community:
        target:64496:10
    Flag: 0xc0 Type: 36 Len: 8 D-PATH:[64496:1007:(local)]
"

RR-5 advertises prefix 172.31.7.0/24 as a VPN-IPv4 route with the same D-path attribute. PE-4 prepends the domain segment 64496:1030:(ipvpn) to the D-path attribute of the VPN-IPv4 routes for prefix 172.31.7.0/24 to PE-2 (and PE-3). PE-2 advertises prefix 172.31.7.0/24 as an EVPN-IFL route to PE-1 with domain segment 64496:1020:(ipvpn) added to the D-path attribute:

# on PE-2:
31 2022/09/06 10:46:12.900 CEST MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 123
    Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-IP-PREFIX Len: 34 RD: 192.0.2.2:10, ESI: ESI-0, tag: 0, ip_prefix: 172.31.7.0/24 gw_ip 0.0.0.0 Label: 8388528 (Raw Label: 0x7fffb0)
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
    Flag: 0x80 Type: 10 Len: 4 Cluster ID:
        192.0.2.5
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64496:10
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 36 Len: 24 D-PATH:[64496:1020:(ipvpn)][64496:1030:(ipvpn)][64496:1007:(local)]
"

Loop prevention

Besides traceability, the D-path attribute provides loop prevention in the control plane. Redundant GWs PE-2 and PE-3 cause routing loops and the D-path attribute helps preventing these loops. When PE-2 receives the EVPN-IFL route from PE-3 with a D-path containing domain IDs configured on PE-2, such as 64496:1020, it does not install the route in the VPRN route table, as shown in the figure Loop prevention between PE-2 and PE-3:

Figure 6. Loop prevention between PE-2 and PE-3

The following command on PE-2 shows that in the EVPN-IFL route for prefix 172.31.6.0/24 that was received from PE-3, a D-path loop has been detected in VPRN 10:

[/]
A:admin@PE-2# show router bgp routes evpn ip-prefix prefix 172.31.6.0/24 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : n/a
Nexthop        : 192.0.2.3
Path Id        : None
From           : 192.0.2.3
Res. Nexthop   : 192.168.23.2
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:10 bgp-tunnel-encap:MPLS
Cluster        : 192.0.2.5
Originator Id  : 192.0.2.6              Peer Router Id : 192.0.2.3
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:1020:(ipvpn)][64496:1030:(evpn)]
EVPN type      : IP-PREFIX
ESI            : ESI-0
Tag            : 0
Gateway Address: 00:00:00:00:00:00
Prefix         : 172.31.6.0/24
Route Dist.    : 192.0.2.3:10
MPLS Label     : LABEL 524283
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h11m56s
DPath Loop VRFs:  10
---snip---

The preceding EVPN-IFL route from PE-3 for prefix 172.31.6.0/24 is not installed in the VPRN route table and is not forwarded to other PEs. The route table for VPRN 10 on PE-2 only has an IP-VPN route for prefix 172.31.6.0/24 with next hop PE-4:

[/]
A:admin@PE-2# show router 10 route-table
 
===============================================================================
Route Table (Service: 10)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.31.1.0/24                                 Remote  EVPN-IFL  00h12m46s  170
       192.0.2.1 (tunneled:SR-OSPF:524290)                          10
	   172.31.6.0/24                                 Remote  BGP VPN   00h12m30s  170
       2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6)                20
172.31.7.0/24                                 Remote  BGP VPN   00h12m24s  170
       2001:db8:aaaa:104:7fff:9000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Domain IDs in R-VPLS BGP-EVPN MPLS and BGP-EVPN VXLAN instances

Loops can also be prevented in Layer 3 EVPN data center gateway (DC GW) scenarios where EVPN-IFF routes are translated into IP-VPN routes, and vice versa. Because redundant GWs are used, the scenario is subject to Layer 3 routing loops and the D-path attribute helps preventing these loops without the need for extra routing policies to tag or drop routes. The figure Example topology with R-VPLS shows a slightly modified example topology with R-VPLS with PE-2 and PE-3 acting as redundant DC GWs. PE-1 advertises an EVPN-IFF route for prefix 10.20.201.0/24 and PE-6 advertises an EVPN-IFF route for prefix 10.20.206.0/24.

Figure 7. Example topology with R-VPLS

The service configuration on PE-1 does not include a domain ID, as follows:

# on PE-1:
configure {
    service {
        vpls "SBD-21" {
            admin-state enable
            service-id 21
            customer "1"
            vxlan {
                instance 1 {
                    vni 1
                }
            }
            routed-vpls {
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 21
                routes {
                    ip-prefix {
                        advertise true
                    }
                }
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }
        vprn "VPRN 20" {
            admin-state enable
            service-id 20
            customer "1"
            autonomous-system 64496
            interface "int-PE-1-CE-21" {
                ipv4 {
                    primary {
                        address 10.20.201.1
                        prefix-length 24
                    }
                }
                sap 1/1/c5/1:20 {
                }
            }
            interface "int-SBD-21" {
                vpls "SBD-21" {
                    evpn-tunnel {
                    }
                }
            }
        }

On DC GW PE-2, domain ID 64496:2010 is configured in VPLS "SBD-21" whereas domain ID 64496:2020 is configured in VPRN 20. The configuration on DC GW PE-3 is similar.

# on PE-2:
configure {
    service {
        vpls "SBD-21" {
            admin-state enable
            service-id 21
            customer "1"
            vxlan {
                instance 1 {
                    vni 1
                }
            }
            routed-vpls {
            }
            bgp 1 {
            }
            bgp-evpn {
                evi 21
                routes {
                    ip-prefix {
                        advertise true
                        domain-id "64496:2010"
                    }
                }
                vxlan 1 {
                    admin-state enable
                    vxlan-instance 1
                }
            }
        }
        vprn "VPRN 20" {
            admin-state enable
            service-id 20
            customer "1"
            autonomous-system 64496
            segment-routing-v6 1 {
                locator "PE-2_loc" {                 # on PE-3: "PE-3_loc"
                    function {
                        end-dt46 {
                        }
                    }
                }
            }
            bgp-ipvpn {
                segment-routing-v6 1 {
                    admin-state enable
                    route-distinguisher "192.0.2.2:26"  # on PE-3; 192.0.2.3:26
                    source-address 2001:db8::2:2        # on PE-3: 2001:db8::2:3
                    domain-id "64496:2020"
                    vrf-target {
                        community "target:64496:20"
                    }
                    srv6 {
                        instance 1
                        default-locator "PE-2_loc"     # on PE-3: "PE-3_loc"
                    }
                }
            }
            interface "int-SBD-21" {
                vpls "SBD-21" {
                    evpn-tunnel {
                    }
                }
            }
        }

The service configuration examples for PE-1, PE-2, and PE-3 show how a loop is detected at the DC GWs in VPN-IPv4 routes for prefix 10.20.201.0/24 received from the other DC GW. The following command on DC GW PE-2 shows that a D-path loop is detected in VPRN 20 in a VPN-IPv4 route for prefix 10.20.201.0/24 received from DC GW PE-3:

[/]
A:admin@PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt
===============================================================================
 BGP Router ID:192.0.2.2        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete
 
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : 10.20.201.0/24
Nexthop        : 2001:db8::2:3
Route Dist.    : 192.0.2.3:26           VPN Label      : 524283
Path Id        : None
From           : 2001:db8::2:3
Res. Nexthop   : n/a
Local Pref.    : 100                    Interface Name : int-PE-2-PE-3
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 10
Connector      : None
Community      : target:64496:20
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.3
Fwd Class      : None                   Priority       : None
Flags          : Valid Best IGP
Route Source   : Internal
AS-Path        : No As-Path
D-Path         : [64496:2010:(evpn)]
Route Tag      : 0
Neighbor-AS    : n/a
Orig Validation: N/A
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
Last Modified  : 00h00m51s
SRv6 TLV Type  : SRv6 L3 Service TLV (5)
SRv6 SubTLV    : SRv6 SID Information (1)
Sid            : 2001:db8:aaaa:103::
Full Sid       : 2001:db8:aaaa:103:7fff:b000::
Behavior       : End.DT46 (20)
SRv6 SubSubTLV : SRv6 SID Structure (1)
Loc-Block-Len  : 48                     Loc-Node-Len   : 16
Func-Len       : 20                     Arg-Len        : 0
Tpose-Len      : 20                     Tpose-offset   : 64
VPRN Imported  : None
DPath Loop VRFs:  20
 
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================*A:PE-2# show router bgp routes vpn-ipv4 rd 192.0.2.3:26 hunt

The figure Loop prevention between DC GW PE-2 and DC GW PE-3 shows that PE-1 sends an EVPN-IFF route for prefix 10.20.201.0/24 without D-path attribute to PE-2 and PE-3. Both PE-2 and PE-3 re-advertise prefix 10.20.201.0/24 as a VPN-IPv4 route with D-path attribute 64496:2010:(evpn). When PE-2 receives this VPN-IPv4 route from PE-3, it detects a loop based on the D-path attribute with domain segment 64496:2010:(evpn) and does not install the route in the VPRN route table. Likewise, PE-3 receives the VPN-IPv4 route from PE-2 and does not install it in the VPRN route table.

Figure 8. Loop prevention between DC GW PE-2 and DC GW PE-3

PE-2 does not use the VPN-IPv4 route for prefix 10.20.201.0/24 from PE-3. The VPRN route table on PE-2 contains the EVPN-IFF route received from PE-1 for prefix 10.20.201.0/24:

[/]
A:admin@PE-2# show router 20 route-table
 
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
10.20.201.0/24                                Remote  EVPN-IFF  00h01m59s  169
       int-SBD-21 (ET-02:0f:ff:ff:ff:52)                            0
10.20.206.0/24                                Remote  BGP VPN   00h01m43s  170
       2001:db8:aaaa:104:7fff:6000:: (tunneled:SRV6)                20
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Conclusion

The D-path attribute provides traceability for VPRN BGP routes and can be used for BGP best path selection. The D-path attribute for VPRN routes also helps preventing loops without the need for dedicated routing policies to tag and drop routes.