EVPN-VPWS

EVPN is an IETF technology as defined in RFC 7432, BGP MPLS-Based Ethernet VPN, which uses a specific BGP address family and allows VPLS services to operate as IP-VPNs. BGP is used to distribute MAC addresses and flooding tree setup information.

EVPN-VPWS provides Epipe point-to-point services.

See "Ethernet Virtual Private Networks" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide for detailed information about EVPN-VPWS.

See EVPN-VPWS for information about relevant verification commands.

The following figure shows the EVPN-VPWS topology for this example.

Figure 1. EVPN-VPWS topology used in this example

An EVPN-VPWS service is created to establish communication between the clients. SR-TE is used as the transport protocol. See SR-TE for information about the relevant SR-TE configuration.

Configuration

CE-facing port configuration on PE1 and PE3:

/configure port 1/1/c10/1 admin-state enable
/configure port 1/1/c10/1 ethernet mode access
/configure port 1/1/c10/1 ethernet encap-type dot1q
/configure port 1/1/c10/1 ethernet mtu 5000

BGP configuration on PE1:

/configure router "Base" bgp router-id 10.10.10.1
/configure router "Base" bgp group "pe" peer-as 64500
/configure router "Base" bgp neighbor "10.10.10.3" group "pe"
/configure router "Base" bgp neighbor "10.10.10.3" family evpn true

BGP configuration on PE3:

/configure router "Base" bgp router-id 10.10.10.3
/configure router "Base" bgp group "pe" peer-as 64500
/configure router "Base" bgp neighbor "10.10.10.1" group "pe"
/configure router "Base" bgp neighbor "10.10.10.1" family evpn true

ACL configuration on PE1:

/configure filter ip-filter "VPWS-ACL" filter-id 106
/configure filter ip-filter "VPWS-ACL" entry 10 match protocol icmp
/configure filter ip-filter "VPWS-ACL" entry 10 match dst-ip address 192.168.60.2
/configure filter ip-filter "VPWS-ACL" entry 10 match dst-ip mask 255.255.255.255
/configure filter ip-filter "VPWS-ACL" entry 10 action accept

EVPN-VPWS configuration on PE1:

/configure service epipe "VPWS-VLAN600" admin-state enable
/configure service epipe "VPWS-VLAN600" description "EVPN-VPWS-VLAN600"
/configure service epipe "VPWS-VLAN600" service-id 60
/configure service epipe "VPWS-VLAN600" customer "1"
/configure service epipe "VPWS-VLAN600" bgp 1 route-distinguisher "10.10.10.1:60"
/configure service epipe "VPWS-VLAN600" bgp 1 route-target export "target:64500:60"
/configure service epipe "VPWS-VLAN600" bgp 1 route-target import "target:64500:60"
/configure service epipe "VPWS-VLAN600" sap 1/1/c10/1:600 ingress qos sap-ingress policy-name "CE-ingress-QoS"
/configure service epipe "VPWS-VLAN600" sap 1/1/c10/1:600 ingress filter ip "VPWS-ACL"
/configure service epipe "VPWS-VLAN600" sap 1/1/c10/1:600 egress qos sap-egress policy-name "CE-egress-QoS"
/configure service epipe "VPWS-VLAN600" bgp-evpn local-attachment-circuit "local" eth-tag 1111
/configure service epipe "VPWS-VLAN600" bgp-evpn remote-attachment-circuit "remote" eth-tag 9999
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 admin-state enable
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 auto-bind-tunnel resolution filter
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 auto-bind-tunnel resolution-filter sr-te true

EVPN-VPWS configuration on PE3:

/configure service epipe "VPWS-VLAN600" admin-state enable
/configure service epipe "VPWS-VLAN600" description "EVPN-VPWS-VLAN600"
/configure service epipe "VPWS-VLAN600" service-id 60
/configure service epipe "VPWS-VLAN600" customer "1"
/configure service epipe "VPWS-VLAN600" bgp 1 route-distinguisher "10.10.10.3:60"
/configure service epipe "VPWS-VLAN600" bgp 1 route-target export "target:64500:60"
/configure service epipe "VPWS-VLAN600" bgp 1 route-target import "target:64500:60"
/configure service epipe "VPWS-VLAN600" sap 1/1/c10/1:600 { }
/configure service epipe "VPWS-VLAN600" bgp-evpn local-attachment-circuit "local" eth-tag 9999
/configure service epipe "VPWS-VLAN600" bgp-evpn remote-attachment-circuit "remote" eth-tag 1111
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 admin-state enable
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 auto-bind-tunnel resolution filter
/configure service epipe "VPWS-VLAN600" bgp-evpn mpls 1 auto-bind-tunnel resolution-filter sr-te true

Customer verification

Login to CEA:

docker exec -it cea bash

Ping CEZ VLAN 600 from CEA:

└──> ping -c 100 -Q 34 192.168.60.2
PING 192.168.60.2 (192.168.60.2) 56(84) bytes of data.
64 bytes from 192.168.60.2: icmp_seq=1 ttl=64 time=9.93 ms
64 bytes from 192.168.60.2: icmp_seq=2 ttl=64 time=5.25 ms
64 bytes from 192.168.60.2: icmp_seq=3 ttl=64 time=4.81 ms

--- 192.168.60.2 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99142ms
rtt min/avg/max/mdev = 4.488/5.589/16.327/1.665 ms

While the ping is in progress, check the SAP, ACL, and QoS statistics.