As discussed in the EVPN for VXLAN Tunnels (Layer 2) example, EVPN and VXLAN can be enabled on VPLS or R-VPLS services in SR OS. While that example focuses on the use of EVPN-VXLAN layer 2 services, that is how EVPN-VXLAN is configured in VPLS services, this example describes how EVPN-VXLAN can be used to provide inter-subnet forwarding in R-VPLS and VPRN services. Inter-subnet forwarding can be provided by regular R-VPLS and VPRN services, however EVPN provides an efficient and unified way to populate FDBs (Forwarding Data Bases), ARP (Address Resolution Protocol) tables and routing tables using a single BGP address family. Inter-subnet forwarding in overlay networks would otherwise require data plane learning and the use of routing protocols on a per VPRN basis.
Figure 47 shows the topology used in the first scenario.
A:PE-1>config>router>bgp# info
----------------------------------------------
vpn-apply-import
vpn-apply-export
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "DC"
family evpn
type internal
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
exit
no shutdown
----------------------------------------------
A:PE-2>config>router>bgp# info
----------------------------------------------
vpn-apply-import
vpn-apply-export
min-route-advertisement 1
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "DC"
family vpn-ipv4 evpn
type internal
neighbor 192.0.2.1
exit
neighbor 192.0.2.3
exit
exit
group "WAN"
family vpn-ipv4
type internal
neighbor 192.0.2.4
exit
neighbor 192.0.2.5
exit
exit
no shutdown
----------------------------------------------
A:PE-3>config>router>bgp# info
----------------------------------------------
vpn-apply-import
vpn-apply-export
min-route-advertisement 1
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "DC"
family vpn-ipv4 evpn
type internal
neighbor 192.0.2.1
exit
neighbor 192.0.2.2
exit
exit
group "WAN"
family vpn-ipv4
type internal
neighbor 192.0.2.4
exit
neighbor 192.0.2.5
exit
exit
no shutdown
----------------------------------------------
Figure 48 shows the BGP peering sessions among the PEs and the enabled BGP families. Note that PE-1 and PE-6 only establish an EVPN peering session with their peers (only the EVPN family is enabled on both PEs, even if the peer PEs are VPN-IPv4 capable as well).
Once the network infrastructure is running properly, the actual service configuration, as illustrated in Figure 47, can be carried out. The following CLI output shows the configuration for VPLS 101 and VPRN 10 in PE-1, PE-2 and PE-3. The other overlay network has a similar configuration. *A:PE-1# configure service vpls 101
*A:PE-1>config>service>vpls# info
----------------------------------------------
vxlan vni 101 create
exit
bgp
route-distinguisher 192.0.2.1:101
route-target export target:64500:101 import target:64500:101
exit
bgp-evpn
vxlan
no shutdown
exit
exit
proxy-arp
no shutdown
exit
stp
shutdown
exit
service-name "evi-101"
sap 1/1/1:101 create
exit
no shutdown
----------------------------------------------
*A:PE-2# configure service vpls 101
*A:PE-2>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 101 create
exit
bgp
route-distinguisher 192.0.2.2:101
route-target export target:64500:101 import target:64500:101
exit
bgp-evpn
vxlan
no shutdown
exit
exit
proxy-arp
shutdown
exit
stp
shutdown
exit
service-name "evi-101"
no shutdown
----------------------------------------------
*A:PE-2# configure service vprn 10
*A:PE-2>config>service>vprn# info
----------------------------------------------
ecmp 2
route-distinguisher 192.0.2.2:10
auto-bind mpls
vrf-target target:64500:10
interface "int-1" create
address 172.16.0.2/24
mac 00:ca:fe:ca:fe:02
vrrp 1
backup 172.16.0.254
priority 254
ping-reply
traceroute-reply
mac 00:ca:fe:ca:fe:54
exit
vrrp 2
backup 172.16.0.253
ping-reply
traceroute-reply
mac 00:ca:fe:ca:fe:53
exit
vpls "evi-101"
exit
exit
no shutdown
----------------------------------------------
*A:PE-3# configure service vpls 101
*A:PE-3>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 101 create
exit
bgp
route-distinguisher 192.0.2.3:101
route-target export target:64500:101 import target:64500:101
exit
bgp-evpn
vxlan
no shutdown
exit
exit
proxy-arp
shutdown
exit
stp
shutdown
exit
service-name "evi-101"
no shutdown
----------------------------------------------
*A:PE-3# configure service vprn 10
*A:PE-3>config>service>vprn# info
----------------------------------------------
ecmp 2
route-distinguisher 192.0.2.3:10
auto-bind mpls
vrf-target target:64500:10
interface "int-1" create
address 172.16.0.3/24
mac 00:ca:fe:ca:fe:03
vrrp 1
backup 172.16.0.254
ping-reply
traceroute-reply
mac 00:ca:fe:ca:fe:54
exit
vrrp 2
backup 172.16.0.253
priority 254
ping-reply
traceroute-reply
mac 00:ca:fe:ca:fe:53
exit
vpls "evi-101"
exit
exit
no shutdown
----------------------------------------------
•
|
The allow-ip-int-binding command is required so that the R-VPLS can be bound to VPRN 10.
|
•
|
The service-name command is required and the configured name must match the name configured in the VPRN 10 VPLS interface.
|
•
|
Even though EVPN and VXLAN are properly configured, proxy-arp cannot be enabled in VPLS 101. In an R-VPLS with EVPN-VXLAN, proxy-arp is not supported and the VPRN ARP table is used instead. When an EVPN MAC route that includes an IP address is received in an R-VPLS, the MAC-IP pair encoded in the route is added to the VPRN’s ARP table, as opposed to the proxy-arp table.
|
*A:PE-2>config>service>vpls# proxy-arp no shutdown
MINOR: SVCMGR #8007 Cannot modify proxy arp - Not supported on routed vpls services
•
|
As depicted in Figure 47 and shown in the CLI excerpts, VRRP can be configured on the VPRN 10 VPLS interfaces to provide default gateway redundancy to the hosts connected to VPLS 101. Note that two VRRP instances are configured so that VPLS 101 upstream traffic can be load-balanced to PE-2 and PE-3. With VRRP on EVPN-VXLAN R-VPLS interfaces:
|
→
|
Note that standby-forwarding, even if it were configured for VRRP, would not have any effect in this configuration: the standby PE will never see any flooded traffic sent to it, therefore this command is not applicable to this scenario.
|
*A:PE-1# show service id 101 fdb detail
===============================================================================
Forwarding Database, Service 101
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
101 00:ca:fe:ca:fe:53 vxlan: EvpnS 07/05/14 00:02:16
192.0.2.3:101
101 00:ca:fe:ca:fe:54 vxlan: EvpnS 07/05/14 00:02:16
192.0.2.2:101
101 00:ca:fe:ca:fe:01 vxlan: Evpn 07/05/14 00:02:16
192.0.2.1:101
101 00:ca:fe:ca:fe:02 vxlan: EvpnS 07/05/14 00:02:16
192.0.2.2:101
101 00:ca:fe:ca:fe:03 vxlan: EvpnS 07/05/14 00:01:54
192.0.2.3:101
-------------------------------------------------------------------------------
No. of MAC Entries: 5
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static
===============================================================================
*A:PE-2# show router 10 vrrp instance
===============================================================================
VRRP Instances
===============================================================================
Interface Name VR Id Own Adm State Base Pri Msg Int
IP Opr Pol Id InUse Pri Inh Int
-------------------------------------------------------------------------------
int-1 1 No Up Master 254 1
IPv4 Up n/a 254 No
Backup Addr: 172.16.0.254
int-1 2 No Up Backup 100 1
IPv4 Up n/a 100 No
Backup Addr: 172.16.0.253
-------------------------------------------------------------------------------
Instances : 2
===============================================================================
*A:PE-2# show router 10 arp
===============================================================================
ARP Table (Service: 10)
===============================================================================
IP Address MAC Address Expiry Type Interface
-------------------------------------------------------------------------------
172.16.0.2 00:ca:fe:ca:fe:02 00h00m00s Oth[I] int-1
172.16.0.3 00:ca:fe:ca:fe:03 00h00m00s Evp[I] int-1
172.16.0.253 00:ca:fe:ca:fe:53 00h00m00s Oth int-1
172.16.0.254 00:ca:fe:ca:fe:54 00h00m00s Oth[I] int-1
-------------------------------------------------------------------------------
No. of ARP Entries: 4
===============================================================================
Figure 49 illustrates the second inter-subnet forwarding scenario, where Layer 3 connectivity must be provided not only between the overlay networks but also within each overlay network. In the example depicted in
Figure 49, a given customer (tenant) has different subnets and connectivity must be provided across all of them (CE-1, CE-2 and CE-3 must be able to communicate), bearing in mind that EVPN-VXLAN is enabled in each overlay network and IP-VPN MPLS is used to inter-connect both overlay networks. VPLS 201 is an IRB Backhaul R-VPLS service since it provides connectivity to the VPRN instances. Only the two least significant octets of the R-VPLS interface MAC addresses are shown.
*A:PE-1# configure service vprn 20
*A:PE-1>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.1:20
vrf-target target:64500:20
interface "int-evi-201" create
address 172.16.1.1/24
vpls "evi-201"
exit
exit
interface "int-PE-1-CE-1" create
address 172.16.0.254/24
sap 1/1/1:20 create
exit
exit
no shutdown
----------------------------------------------
*A:PE-1# configure service vpls 201
*A:PE-1>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 201 create
exit
bgp
route-distinguisher 192.0.2.1:201
route-target export target:64500:201 import target:64500:201
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-201"
no shutdown
----------------------------------------------
*A:PE-2# configure service vprn 20
*A:PE-2>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.2:20
auto-bind mpls
vrf-target target:64500:20
interface "int-evi-201" create
address 172.16.1.2/24
vpls "evi-201"
exit
exit
no shutdown
----------------------------------------------
*A:PE-2# configure service vpls 201
*A:PE-2>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 201 create
exit
bgp
route-distinguisher 192.0.2.2:201
route-target export target:64500:201 import target:64500:201
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-201"
no shutdown
----------------------------------------------
*A:PE-3# configure service vprn 20
*A:PE-3>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.3:20
auto-bind mpls
vrf-target target:64500:20
interface "int-evi-201" create
address 172.16.1.3/24
vpls "evi-201"
exit
exit
no shutdown
----------------------------------------------
*A:PE-3# configure service vpls 201
*A:PE-3>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 201 create
exit
bgp
route-distinguisher 192.0.2.3:201
route-target export target:64500:201 import target:64500:201
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-201"
sap 1/1/1:20 create
exit
no shutdown
----------------------------------------------
As shown in the CLI excerpt, the configuration in the three nodes (PE-1/2/3) for VPLS 201 and VPRN 20 is very similar. The main difference is the auto-bind mpls command existing in PE-2/3’s VPRN 20. This command allows the VPRN 20 on PE-2/3 to receive IP-VPN routes from the core and resolve them to MPLS tunnels. VPRN 20 on PE-1 does not require such command since all its IP prefixes are resolved to local interfaces or to EVPN peers.
The ip-route-advertisement command enables:
4 2014/07/05 23:58:54.88 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.3
"Peer 1: 192.0.2.3: UPDATE
Peer 1: 192.0.2.3 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 89
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.1
Type: EVPN-IP-Prefix Len: 34 RD: 192.0.2.1:201, tag: 201, ip_prefix: 17
2.16.0.0/24 gw_ip 172.16.1.1 Label: 0
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x80 Type: 4 Len: 4 MED: 0
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 16 Extended Community:
target:64500:201
bgp-tunnel-encap:VXLAN
"
*A:PE-1# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Local Local 23h57m35s 0
int-PE-1-CE-1 0
172.16.1.0/24 Local Local 23h57m48s 0
int-evi-201 0
172.16.2.0/24 Remote BGP EVPN 00h00m17s 169
172.16.1.2 0
172.16.3.0/24 Remote BGP EVPN 00h00m17s 169
172.16.1.2 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Remote BGP EVPN 00h11m04s 169
172.16.1.1 0
172.16.1.0/24 Local Local 01d00h08m 0
int-evi-201 0
172.16.2.0/24 Remote BGP VPN 01d00h07m 170
192.0.2.4 (tunneled) 0
172.16.3.0/24 Remote BGP VPN 01d00h07m 170
192.0.2.4 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-3# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Remote BGP EVPN 00h11m23s 169
172.16.1.1 0
172.16.1.0/24 Local Local 01d00h09m 0
int-evi-201 0
172.16.2.0/24 Remote BGP VPN 01d00h08m 170
192.0.2.4 (tunneled) 0
172.16.3.0/24 Remote BGP VPN 01d00h08m 170
192.0.2.4 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
•
|
When the command ip-route-advertisement is enabled, the subnet IP prefixes are advertised in EVPN but not the “host” IP prefixes (/32 prefixes associated with the local interfaces). If the user wants to advertise the host IP prefixes as well, the incl-host keyword must be added to the ip-route-advertisement command. The following example illustrates this. The host routes can be shown with the show router route-table all command. When the incl-host keyword is added to PE-1’s VPLS 201, PE-1 advertises the host routes as well and these are installed in the remote PEs’ routing tables.
|
A:PE-1# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Local Local 01d04h17m 0
int-PE-1-CE-1 0
172.16.1.0/24 Local Local 01d04h18m 0
int-evi-201 0
172.16.2.0/24 Remote BGP EVPN 04h20m31s 169
172.16.1.2 0
172.16.3.0/24 Remote BGP EVPN 04h20m31s 169
172.16.1.2 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:PE-1# show router 20 route-table all
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Active Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Local Local 01d04h17m 0
int-PE-1-CE-1 Y 0
172.16.0.254/32 Local Host 01d04h17m 0
int-PE-1-CE-1 Y 0
172.16.1.0/24 Local Local 01d04h18m 0
int-evi-201 Y 0
172.16.1.1/32 Local Host 01d04h18m 0
int-evi-201 Y 0
172.16.2.0/24 Remote BGP EVPN 04h20m34s 169
172.16.1.2 Y 0
172.16.3.0/24 Remote BGP EVPN 04h20m34s 169
172.16.1.2 Y 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
E = Inactive best-external BGP route
===============================================================================
A:PE-1# configure service vpls 201 bgp-evpn ip-route-advertisement incl-host
A:PE-2# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Remote BGP EVPN 04h25m22s 169
172.16.1.1 0
172.16.0.254/32 Remote BGP EVPN 00h03m52s 169
172.16.1.1 0
172.16.1.0/24 Local Local 01d04h22m 0
int-evi-201 0
172.16.2.0/24 Remote BGP VPN 01d04h22m 170
192.0.2.4 (tunneled) 0
172.16.3.0/24 Remote BGP VPN 01d04h22m 170
192.0.2.4 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 5
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
*A:PE-1# configure service vprn 20 ecmp 2
*A:PE-1# show router 20 route-table
===============================================================================
Route Table (Service: 20)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Local Local 01d04h50m 0
int-PE-1-CE-1 0
172.16.1.0/24 Local Local 01d04h50m 0
int-evi-201 0
172.16.2.0/24 Remote BGP EVPN 00h00m01s 169
172.16.1.2 0
172.16.2.0/24 Remote BGP EVPN 00h00m01s 169
172.16.1.3 0
172.16.3.0/24 Remote BGP EVPN 00h00m01s 169
172.16.1.2 0
172.16.3.0/24 Remote BGP EVPN 00h00m01s 169
172.16.1.3 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The previous scenario shows how to use EVPN-VXLAN to provide inter-subnet forwarding for a given tenant, where R-VPLS services can contain hosts and also offer transit services between VPRN instances. For example, in the use case depicted in Figure 49, VPLS 201 in Overlay-Network-1 is an R-VPLS that can provide intra-subnet connectivity to all the hosts in subnet 172.16.1.0/24 (for example, CE-2 belongs to this subnet) but it can also provide “transit” or “backhaul” connectivity to hosts in subnet 172.16.0.0/24 (for example, CE-1) sending packets to subnets 172.16.2.0/24 or 172.16.3.0/24. In some cases, the R-VPLS where EVPN-VXLAN is enabled does not need to provide intra-subnet connectivity and it is purely a transit or backhaul service where VPRN IRB interfaces are connected.
Figure 50 illustrates this use case.
Compared to the use case in Figure 49, in this case the R-VPLS connecting the IRB interfaces in Overlay-Network-1 (VPLS 301) does not have any connected host. If that is the case, VPLS 301 can be configured as an EVPN tunnel.
A:PE-1# configure service vprn 30
A:PE-1>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.1:30
vrf-target target:64500:30
interface "int-PE-1-CE-1" create
address 172.16.0.254/24
sap 1/1/1:30 create
exit
exit
interface "int-evi-301" create
vpls "evi-301"
evpn-tunnel
exit
exit
no shutdown
----------------------------------------------
A:PE-1# configure service vpls 301
A:PE-1>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 301 create
exit
bgp
route-distinguisher 192.0.2.1:301
route-target export target:64500:301 import target:64500:301
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-301"
no shutdown
----------------------------------------------
A:PE-2# configure service vprn 30
A:PE-2>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.2:30
auto-bind mpls
vrf-target target:64500:30
interface "int-evi-301" create
vpls "evi-301"
evpn-tunnel
exit
exit
no shutdown
----------------------------------------------
A:PE-2# configure service vpls 301
A:PE-2>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 301 create
exit
bgp
route-distinguisher 192.0.2.2:301
route-target export target:64500:301 import target:64500:301
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-301"
no shutdown
----------------------------------------------
A:PE-3# configure service vprn 30
A:PE-3>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.3:30
auto-bind mpls
vrf-target target:64500:30
interface "int-evi-301" create
vpls "evi-301"
evpn-tunnel
exit
exit
no shutdown
----------------------------------------------
A:PE-3# configure service vpls 301
A:PE-3>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 301 create
exit
bgp
route-distinguisher 192.0.2.3:301
route-target export target:64500:301 import target:64500:301
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-301"
no shutdown
----------------------------------------------
As shown in the output above, the configuration in the three nodes (PE-1/2/3) for VPLS 301 and VPRN 30 is similar to the configuration of VPLS 201 and VPRN 20 in the previous scenario, however, when the evpn-tunnel command is added to the VPRN interface, there is no need to configure an IP interface address. Note that
evpn-tunnel can be enabled independently of
ip-route-advertisement (although no route-type 5 advertisements are sent in that case).
A given VPRN supports regular IRB backhaul R-VPLS services as well as EVPN tunnel R-VPLS services. A maximum of eight R-VPLS services with ip-route-advertisement enabled per VPRN is supported (in any combination of regular IRB R-VPLS or EVPN tunnel R-VPLS services). Note that EVPN tunnel R-VPLS services do not support SAPs or SDP-binds. No frames are flooded in an EVPN tunnel R-VPLS service, and, in fact no inclusive multicast routes are exchanged in R-VPLS services that are configured as EVPN tunnels. The show service id vxlan command for an R-VPLS service configured as an EVPN tunnel shows <egress VTEP, VNI> bindings excluded from the “multicast list”, in other words, the VXLAN bindings are not used to flood BUM traffic:
*A:PE-2# show service id 301 vxlan
===============================================================================
VPLS VXLAN, Ingress VXLAN Network Id: 301
===============================================================================
Egress VTEP, VNI
===============================================================================
VTEP Address Egress VNI Num. MACs In Mcast List? Oper State
-------------------------------------------------------------------------------
192.0.2.1 301 1 No Up
192.0.2.3 301 1 No Up
-------------------------------------------------------------------------------
Number of Egress VTEP, VNI : 2
-------------------------------------------------------------------------------
===============================================================================
A:PE-1# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Local Local 00h06m15s 0
int-PE-1-CE-1 0
172.16.3.0/24 Remote BGP EVPN 00h05m31s 169
int-evi-301 (ET-d8:45:ff:00:00:6a) 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
A:PE-1# show service id 301 fdb detail
===============================================================================
Forwarding Database, Service 301
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
301 d8:45:ff:00:00:6a vxlan: EvpnS 07/05/14 00:02:46
192.0.2.2:301
301 d8:47:ff:00:00:6a cpm Intf 07/05/14 00:01:48
301 d8:48:ff:00:00:6a vxlan: EvpnS 07/05/14 00:02:18
192.0.2.3:301
-------------------------------------------------------------------------------
No. of MAC Entries: 3
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static
===============================================================================
*A:PE-2# show router 30 interface detail | match MAC
MAC Address : d8:45:ff:00:00:6a Mac Accounting : Disabled
*A:PE-2# configure service vpls 301 bgp-evpn ip-route-advertisement
*A:PE-2#
6 2014/07/05 00:29:41.79 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.1
"Peer 1: 192.0.2.1: UPDATE
Peer 1: 192.0.2.1 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 105
Flag: 0x90 Type: 14 Len: 45 Multiprotocol Reachable NLRI:
Address Family EVPN
NextHop len 4 NextHop 192.0.2.2
Type: EVPN-IP-Prefix Len: 34 RD: 192.0.2.2:301, tag: 301, ip_prefix: 17
2.16.3.0/24 gw_ip 0.0.0.0 Label: 0
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x80 Type: 4 Len: 4 MED: 0
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0xc0 Type: 16 Len: 32 Extended Community:
origin:69:1
target:64500:301
mac-nh:d8:45:ff:00:00:6a
bgp-tunnel-encap:VXLAN
"
*A:PE-2# show router 30 route-table
===============================================================================
Route Table (Service: 30)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.0.0/24 Remote BGP EVPN 00h31m34s 169
int-evi-301 (ET-d8:47:ff:00:00:6a) 0
172.16.3.0/24 Remote BGP VPN 00h59m09s 170
192.0.2.4 (tunneled) 0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-2# show router 30 arp
===============================================================================
ARP Table (Service: 30)
===============================================================================
IP Address MAC Address Expiry Type Interface
-------------------------------------------------------------------------------
No Matching Entries Found
===============================================================================
*A:PE-2# show router 30 arp summary
============================================================
ARP Table Summary (Service: 30)
============================================================
Local ARP Entries : 1
Static ARP Entries : 0
Dynamic ARP Entries : 0
Managed ARP Entries : 0
Internal ARP Entries : 0
BGP-EVPN ARP Entries : 1
------------------------------------------------------------
No. of ARP Entries : 2
============================================================
The number of BGP-EVPN ARP Entries in the show router 30 arp summary command matches the number of remote valid GW-MACs for VPRN 30.
Figure 51 illustrates how vpn-ipv4 routes are imported into the RTM and then passed onto EVPN for its own processing. Note that vpn-ipv4 routes can be tagged at ingress and this tag is preserved throughout the RTM and EVPN processing so that the tag can be “matched” by the egress BGP routing policy. In this particular example, egress EVPN routes matching tag 10, are modified to add a site-of-origin community origin:64500:1.
<tag> : accepts in decimal or hex
[0x1..0xFFFFFFFF]H (for OSPF and ISIS)
[0x1..0xFFFF]H (for RIP)
[0x1..0xFF]H (for BGP)
Figure 52 illustrates the reverse workflow: routes imported from EVPN and exported from RTM to BGP vpn-ipv4. In this example, EVPN routes received with community VM-mob are tagged with TAG 200. At the egress vpn-ipv4 peers, only the routes with TAG 200 are advertised.
The above behavior and the use of tags is also valid for vsi-import and
vsi-export policies. The behavior can be summarized in the following statements:
This use case refers to scenarios with redundant PEs and VPRNs connected to the same R-VPLS with ip-route-advertisement. The scenarios in
Figure 49 (EVPN-VXLAN for IRB Backhaul R-VPLS services) and
Figure 50 (EVPN-VXLAN in EVPN tunnel R-VPLS services) are examples of this use case. In both scenarios the following process causes a routing loop:
*A:PE-2>config>router>bgp# info
----------------------------------------------
vpn-apply-import
vpn-apply-export
min-route-advertisement 1
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "DC"
family vpn-ipv4 evpn
type internal
neighbor 192.0.2.1
import "add-tag_to_bgp-evpn_routes"
exit
neighbor 192.0.2.3
import "reject_based_on_SOO"
export "add-SOO_on_export"
exit
exit
group "WAN"
family vpn-ipv4
type internal
neighbor 192.0.2.4
import "add-tag_to_bgp-vpn_routes"
exit
neighbor 192.0.2.5
import "add-tag_to_bgp-vpn_routes"
exit
exit
no shutdown
----------------------------------------------
*A:PE-2>config>router>policy-options# info
----------------------------------------------
community "SOO-PE-2" members "origin:2:1"
community "SOO-PE-3" members "origin:3:1"
policy-statement "add-SOO_on_export"
entry 10
from
tag 0x1
exit
action accept
community add "SOO-PE-2"
exit
exit
entry 20
from
tag 0x2
exit
action accept
community add "SOO-PE-3"
exit
exit
exit
policy-statement "reject_based_on_SOO"
entry 10
from
community "SOO-PE-2"
exit
action reject
exit
entry 20
from
community "SOO-PE-3"
exit
action reject
exit
exit
policy-statement "add-tag_to_bgp-vpn_routes"
entry 10
from
protocol bgp-vpn
exit
action accept
tag 0x1
exit
exit
exit
policy-statement "add-tag_to_bgp-evpn_routes"
entry 10
from
family evpn
exit
action accept
tag 0x1
exit
exit
exit
----------------------------------------------
If a given VPRN is connected to more than one R-VPLS with ip-route-advertisement enabled, IP prefixes that belong to one R-VPLS are advertised into the other R-VPLS and vice versa. When redundant PEs are used, a routing loop will occur.
Figure 53 illustrates this use case. Note that the example shows R-VPLS with an EVPN tunnel configuration but the same routing loop occurs for regular IRB backhaul R-VPLS services.
*A:PE-2# configure service vprn 50
*A:PE-2>config>service>vprn# info
----------------------------------------------
route-distinguisher 192.0.2.2:50
interface "int-evi-501" create
vpls "evi-501"
evpn-tunnel
exit
exit
interface "int-evi-502" create
vpls "evi-502"
evpn-tunnel
exit
exit
no shutdown
----------------------------------------------
*A:PE-2# configure service vpls 501
*A:PE-2>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 501 create
exit
bgp
route-distinguisher 192.0.2.2:501
vsi-export "vsi-export-policy-501"
vsi-import "vsi-import-policy-501"
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-501"
no shutdown
----------------------------------------------
*A:PE-2>config>service>vpls# info
----------------------------------------------
allow-ip-int-binding
vxlan vni 502 create
exit
bgp
route-distinguisher 192.0.2.2:502
vsi-export "vsi-export-policy-502"
vsi-import "vsi-import-policy-502"
exit
bgp-evpn
ip-route-advertisement
vxlan
no shutdown
exit
exit
stp
shutdown
exit
service-name "evi-502"
no shutdown
----------------------------------------------
*A:PE-2>config>router>policy-options# info
----------------------------------------------
community "exp_RVPLS501" members "origin:2:11" "target:64500:501"
community "exp_RVPLS502" members "origin:2:11" "target:64500:502"
community "SOO-PE-2-RVPLS" members "origin:2:11"
community "SOO-PE-3-RVPLS" members "origin:3:11"
community "SOO_PE-3_RVPLS501" members "origin:3:11" "target:64500:501"
community "SOO_PE-3_RVPLS502" members "origin:3:11" "target:64500:502"
policy-statement "vsi-export-policy-501"
entry 10
from
tag 0x5
exit
action accept
community add "SOO_PE-3_RVPLS501"
exit
exit
entry 20
action accept
community add "exp_RVPLS501"
exit
exit
exit
policy-statement "vsi-export-policy-502"
entry 10
from
tag 0x5
exit
action accept
community add "SOO_PE-3_RVPLS502"
exit
exit
entry 20
action accept
community add "exp_RVPLS502"
exit
exit
exit
policy-statement "vsi-import-policy-501"
entry 10
from
community "SOO-PE-2-RVPLS"
exit
action reject
exit
entry 20
from
community "SOO_PE-3_RVPLS501"
exit
action accept
tag 0x5
exit
exit
default-action accept
exit
exit
policy-statement "vsi-import-policy-502"
entry 10
from
community "SOO-PE-2-RVPLS"
exit
action reject
exit
entry 20
from
community "SOO_PE-3_RVPLS502"
exit
action accept
tag 0x5
exit
exit
default-action accept
exit
exit
A:PE-1# traceroute router 30 172.16.3.3
traceroute to 172.16.3.3, 30 hops max, 40 byte packets
1 192.0.2.2 (192.0.2.2) 1.79 ms 1.60 ms 1.51 ms
2 0.0.0.0 * * *
3 192.0.2.6 (192.0.2.6) 3.15 ms 3.20 ms 2.93 ms
4 172.16.3.3 (172.16.3.3) 4.24 ms 3.28 ms 3.31 ms
*A:PE-2# traceroute router 30 172.16.0.1
traceroute to 172.16.0.1, 30 hops max, 0 byte packets
Send failed. Unable to find local ip address
A:PE-1# tools dump service id 501 evpn usage
Evpn Tunnel Interface IP Next Hop: 2/8189
*A:PE-2# show router bgp routes evpn ?
- evpn <evpn-type>
inclusive-mcast - Display BGP EVPN Inclusive-Mcast Routes
ip-prefix - Display BGP EVPN IP-Prefix Routes
mac - Display BGP EVPN Mac Routes
*A:PE-2# show router bgp routes evpn ip-prefix ?
- ip-prefix [hunt|detail] [rd <rd>] [prefix <ip-prefix/mask>] [community
<comm-id>] [tag <vni-id>] [next-hop <ip-address>]
...
*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.16.0.0/24 hunt community origin:69:11
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
...
Network : N/A
Nexthop : 192.0.2.2
To : 192.0.2.1
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 0
AIGP Metric : None
Connector : None
Community : origin:2:11 target:64500:502
mac-nh:d8:45:ff:00:01:33 bgp-tunnel-encap:VXLAN
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.1
Origin : IGP
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : N/A Tag : 502
Gateway Address: d8:45:ff:00:01:33
Prefix : 172.16.0.0/24 Route Dist. : 192.0.2.2:502
MPLS Label : 0
Route Tag : 0
Neighbor-AS : N/A
Orig Validation: N/A
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
*A:PE-2# show router bgp routes evpn ip-prefix prefix 172.16.0.0/24 detail
===============================================================================
BGP Router ID:192.0.2.2 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP EVPN IP-Prefix Routes
===============================================================================
-------------------------------------------------------------------------------
Original Attributes
Network : N/A
Nexthop : 192.0.2.1
From : 192.0.2.1
Res. Nexthop : N/A
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 0
AIGP Metric : None
Connector : None
Community : target:64500:201 bgp-tunnel-encap:VXLAN
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.1
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : N/A Tag : 201
Gateway Address: 172.16.1.1
Prefix : 172.16.0.0/24 Route Dist. : 192.0.2.1:201
MPLS Label : 0
Route Tag : 0
Neighbor-AS : N/A
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Modified Attributes
Network : N/A
Nexthop : 192.0.2.1
From : 192.0.2.1
Res. Nexthop : N/A
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 0
AIGP Metric : None
Connector : None
Community : target:64500:201 bgp-tunnel-encap:VXLAN
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.1
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : No As-Path
EVPN type : IP-PREFIX
ESI : N/A Tag : 201
Gateway Address: 172.16.1.1
Prefix : 172.16.0.0/24 Route Dist. : 192.0.2.1:201
MPLS Label : 0
Route Tag : 1
Neighbor-AS : N/A
Orig Validation: N/A
Source Class : 0 Dest Class : 0
------------------------------------------------------------------------------
...