BGP and routing policy extensions for EVPN
This chapter describes extensions added to SR Linux BGP and routing policy configuration to facilitate EVPN configuration.
BGP extensions for EVPN
SR Linux supports Multi-Protocol BGP with AFI/SAFI EVPN. The following BGP features are relevant to EVPN in a VXLAN network:
The EVPN address family can use eBGP or iBGP.
eBGP multihop is supported on SR Linux; local-AS override can be used for iBGP per session.
A supported configuration or design with eBGP is eBGP with local-as override on the session to an iBGP RR.
- Rapid-update and rapid-withdrawal for EVPN family are supported and are always expected to be enabled, especially along with multihoming.Note: Rapid-update is address-family specific, while rapid-withdrawal is generic for all address families.
The BGP keep-all-routes option is supported for EVPN to avoid route-refresh messages attracting all EVPN routes when a policy changes or BGP-EVPN is enabled.
The receive-ipv6-next-hops option does not apply to the EVPN address family.
The prefix-limit max-received-routes and threshold options are supported for EVPN.
The command network-instance protocols bgp route-advertisement wait-for-fib-install does not apply to EVPN.
SR Linux BGP resolves BGP-EVPN routes’ next-hops in the network-instance default route-table. If the next-hop is resolved, BGP can mark the route as
u*>
where u is used, * is valid, and > is best) and send the route to evpn_mgr if needed or reflected to other peers.-
BGP dynamic neighbors for IPv4 and IPv6 families are fully supported in SR Linux. EVPN-VXLAN routes can be resolved to the IPv4 addresses advertised by the dynamic neighbors.
-
The command default-received-encapsulation <mpls|vxlan>, added to the BGP configuration in the default network-instance, indicates the encapsulation considered when the EVPN routes are received without a BGP encapsulation EC.
Most EVPN routes are usually received with a BGP encapsulation EC that indicates the encapsulation and therefore how to interpret the value in the received Label fields of the NLRI. If no encapsulation is received, BGP validates the route as MPLS or VXLAN (or SRv6), depending on how this command is configured. The default is vxlan.
Best path selection for EVPN IFL routes
The SR Linux fib_mgr makes the route selection across owners for the same prefix in the network-instance route-table based on the following:
- route-table PREFERENCE
- METRIC
source_id
(which is always zero for BGP-based routes)src_instance_id
(for leaked routes, the ID of the source network-instance)owner_id
, wherebgp
is preferred overbgp-evpn
, andbgp-evpn
is preferred overbgp-ipvpn
.
For example, if the same prefix 10.0.0.0/16 is received
on the same IP-VRF route table via BGP PE-CE (IPv4
family) and via EVPN-IFL, the route with lowest
route table PREFERENCE wins. If both routes have
the same PREFERENCE (for example, the default
170), the route with lowest METRIC wins (assuming
combined-ecmp
is not configured).
The metric is a measurement of the distance to the
next-hop, typically obtained from the IGP protocol
that resolves the route.
As another example, if prefix 10.0.0.0/8 is received via
BGP PE-CE and via EVPN IFL on the same IP-VRF,
with same PREFERENCE and METRIC, the router
typically selects the PE-CE route based on the
lowest owner_id
.
When an IP-VRF network-instance has multiple BGP paths to the same destination, the selection of the best path to install in the FIB is based on criteria the following table:
Route A |
Route B |
Comparison steps to select the best route |
ECMP supported? |
|
---|---|---|---|---|
VPN-IP RDx | VPN-IP RDx | Full best path selection controlled by DEFAULT network-instance network-instance.protocols.bgp.best-path-selection | Yes, with maximum paths controlled by network-instance.protocols.bgp-ipvpn.bgp-instance.ecmp (of the IP-VRF network-instance) | bgp-ipvpn |
VPN-IP RDx | VPN-IP RDy | Full best path selection controlled by DEFAULT network-instance network-instance.protocols.bgp.best-path-selection | Yes, with maximum paths controlled by network-instance.protocols.bgp-ipvpn.bgp-instance.ecmp (of the IP-VRF network-instance) | bgp-ipvpn |
EVPN-IFL RDx | EVPN-IFL RDx | Full best path selection controlled by DEFAULT network-instance network-instance.protocols.bgp.best-path-selection | Yes, with maximum paths controlled by network-instance.protocols.bgp-evpn.bgp-instance.ecmp (of the IP-VRF network-instance) | bgp-evpn |
EVPN-IFL RDx | EVPN-IFL RDy | Full best path selection controlled by DEFAULT network-instance network-instance.protocols.bgp.best-path-selection | Yes, with maximum paths controlled by network-instance.protocols.bgp-evpn.bgp-instance.ecmp (of the IP-VRF network-instance) | bgp-evpn |
VPN-IP | PE-CE BGP |
When network-instance.protocols.bgp-vpn.combined-ecmp is present:
When network-instance.protocols.bgp-vpn.combined-ecmp is not present:
|
Yes, only if network-instance.protocols.bgp-vpn.combined-ecmp is present. The maximum paths is the minimum of:
|
bgp |
EVPN-IFL | PE-CE BGP |
When network-instance.protocols.bgp-vpn.combined-ecmp is present:
When network-instance.protocols.bgp-vpn.combined-ecmp is NOT present:
|
Yes, only if network-instance.protocols.bgp-vpn.combined-ecmp is present. The maximum paths is the minimum of:
|
bgp |
PE-CE BGP | PE-CE BGP | Full BGP best path selection controlled by IP VRF network-instance network-instance.protocols.bgp.best-path-selection | Yes, with maximum paths determined only by network-instance.protocols.bgp.afi-safi.multipath.maximum-paths (of the IP-VRF network-instance) | bgp |
VPN-IP | VPN-IFL | Full BGP best path selection controlled by DEFAULT network-instance network-instance.protocols.bgp.best-path-selection |
Yes, only if network-instance.protocols.bgp-vpn.combined-ecmp is present. The maximum paths is the minimum of:
|
bgp-evpn |
Routing policy extensions for EVPN
SR Linux includes support for applying routing policies to EVPN routes. You can specify the following match conditions in a policy statement:
match routes based on EVPN route type
match routes based on IP addresses and prefixes via prefix-sets for route types 2 and 5
match routes based BGP encapsulation extended community
match routes based on configured admin-tags
For information about configuring routing policies on SR Linux, see the SR Linux Configuration Basics Guide.
The following considerations apply to routing policies for EVPN:
For IBGP neighbors, EVPN routes are imported and exported without explicit configuration of any policy at either the BGP or network-instance level.
For EBGP neighbors, by default, routes are imported or exported based on the ebgp-default-policy configuration.
When an explicit import/export route-target is configured in a network-instance bgp-instance, and an import/export policy is also configured on the same bgp-instance, the configured policy is used, and its route-target is added to the imported/exported route.
When a network-instance policy and a peer policy are applied, they are executed as follows:
For export, the network-instance export policy is applied first, and the peer policy is applied afterwards (sequentially).
For import, peer import policy is applied first and network-instance import policy is applied afterwards (sequentially).
Only one network-instance export and import policy is supported.