Next-hop-self route reflector and inter-AS option B
Next-hop-self route reflectors (NHS-RR) are used in BGP networks to reduce the need for fully meshed iBGP connections within a single autonomous system (AS). In a fully meshed AS, iBGP routers do not advertise routes to their neighbors, while NHS-RR allows a route reflector (RR) to advertise learned iBGP routes to iBGP neighbors with its own address as the next hop. This feature connects different domains within the same AS and improves the overall scale.
Inter-AS option B is a method for interconnecting VPN sites located in different ASes. Using this method, autonomous system border routers (ASBRs) are directly connected and routes are exchanged on a single interface.
EVPN IFL and VPN-IPv4/IPv6 routes both support NHS-RR capability and inter-AS option B.
The preceding figure shows two different ASes that are connected via inter-AS option B ASBRs br4, br5, and br6. This method allows for the extension of EVPN and IP-VPN services across different MPLS or segement routing MPLS domains without providing services on border routers.
Egress PEs advertise EVPN and IP-VPN routes to adjacent border routers.
- Import and redistribute routes to the remote border routers or local PEs where the addresses of the remote border routers are used as the next hops and their own service MPLS labels are used.
- Program a label swap operation so that the ingress traffic service label is looked up and packets are forwarded with a new service label.
--{ + candidate shared default }--[ network-instance default ]--
A:pe1# info
type default
interface ethernet-1/10.0 {
}
interface system0.0 {
}
protocols {
bgp {
admin-state enable
autonomous-system 65001
router-id 10.0.0.1
bgp-label {
bgp-ipvpn {
next-hop-resolution {
ipv4-next-hops {
tunnel-resolution {
allowed-tunnel-types [
ldp
sr-isis
]
}
}
}
}
}
ebgp-default-policy {
import-reject-all false
export-reject-all false
}
afi-safi evpn {
admin-state enable
evpn {
keep-all-routes true
rapid-update true
}
}
afi-safi l3vpn-ipv4-unicast {
admin-state enable
l3vpn-ipv4-unicast {
keep-all-routes true
rapid-update true
}
}
group overlay-ibgp {
peer-as 65001
afi-safi evpn {
}
afi-safi l3vpn-ipv4-unicast {
}
timers {
connect-retry 1
minimum-advertisement-interval 1
}
trace-options {
flag update {
modifier detail
}
}
}
neighbor 10.0.0.4 {
peer-group overlay-ibgp
}
}
ldp {
admin-state enable
dynamic-label-block range-1-ldp
discovery {
interfaces {
interface ethernet-1/10.0 {
ipv4 {
admin-state enable
}
}
}
}
}
isis {
dynamic-label-block range-3-srgb
instance i14 {
admin-state enable
instance-id 1
level-capability L2
iid-tlv true
net [
49.0001.0000.0000.0001.00
]
trace-options {
trace [
adjacencies
interfaces
packets-all
]
}
segment-routing {
mpls {
dynamic-adjacency-sids {
all-interfaces true
}
}
}
interface ethernet-1/10.0 {
circuit-type point-to-point
ipv4-unicast {
admin-state enable
}
}
interface system0.0 {
passive true
ipv4-unicast {
admin-state enable
}
}
}
}
}
segment-routing {
mpls {
global-block {
label-range range-2-srgb
}
local-prefix-sid 1 {
interface system0.0
ipv4-label-index 1
}
}
}
--{ + candidate shared default }--[ network-instance default protocols bgp ]--
A:pe2# info
admin-state enable
autonomous-system 65023
router-id 10.0.0.2
bgp-label {
bgp-ipvpn {
next-hop-resolution {
ipv4-next-hops {
tunnel-resolution {
allowed-tunnel-types [
ldp
sr-isis
]
}
}
}
}
}
ebgp-default-policy {
import-reject-all false
export-reject-all false
}
afi-safi evpn {
admin-state enable
evpn {
keep-all-routes true
rapid-update true
}
}
afi-safi l3vpn-ipv4-unicast {
admin-state enable
l3vpn-ipv4-unicast {
keep-all-routes true
rapid-update true
}
}
group overlay-ibgp {
peer-as 65023
afi-safi evpn {
}
afi-safi l3vpn-ipv4-unicast {
}
route-reflector {
client true
cluster-id 2.2.2.2
}
timers {
connect-retry 1
minimum-advertisement-interval 1
}
trace-options {
flag update {
modifier detail
}
}
}
neighbor 10.0.0.3 {
peer-group overlay-ibgp
}
neighbor 10.0.0.5 {
peer-group overlay-ibgp
}
neighbor 10.0.0.6 {
peer-group overlay-ibgp
}
- inter-as-vpn
- next-hop-self-route-reflector
These commands affect all EVPN routes and trigger bgp_mgr
to swap the
service label for all EVPN MPLS routes. These commands also change the next hop to self
in all routes with MPLS encapsulation.
For border router configuration, IGP is not enabled in interfaces to other border routers.
The inter-as-vpn true command allows received EVPN/IP-VPN routes to be retained in the BGP RIB and propagated to any eBGP or iBGP peer. To ensure label allocation, a dynamic label block must be configured for border routers. Label allocation re-advertises a received route into the adjacent AS with a local network instance MPLS label and ensures an MPLS label swap operation is completed.
--{ * candidate shared default }--[ ]--
A:srl1# info network-instance mgmt
network-instance mgmt {
protocols {
bgp {
bgp-label {
bgp-vpn {
dynamic-label-block 1
}
}
The label block is shared by the EVPN inter-AS model B and EVPN NHS-RR features.
The inter-as-vpn true command has the same function as the keep-all-routes command for keeping the routes in the RIB.
--{ + candidate shared default }--[ network-instance default ]--
A:br4# info
type default
interface ethernet-1/10.0 {
}
interface ethernet-1/11.0 {
}
interface ethernet-1/12.0 {
}
interface system0.0 {
}
protocols {
bgp {
autonomous-system 65001
router-id 10.0.0.4
bgp-label {
bgp-vpn {
dynamic-label-block range-6-bgp-lu
}
bgp-ipvpn {
next-hop-resolution {
ipv4-next-hops {
tunnel-resolution {
allowed-tunnel-types [
ldp
sr-isis
]
}
}
}
}
}
ebgp-default-policy {
import-reject-all false
export-reject-all false
}
afi-safi evpn {
admin-state enable
evpn {
inter-as-vpn true
rapid-update true
default-received-encapsulation mpls
next-hop-resolution {
ipv4-next-hops {
tunnel-resolution {
allowed-tunnel-types [
bgp
ldp
sr-isis
]
}
}
}
}
}
afi-safi l3vpn-ipv4-unicast {
admin-state enable
l3vpn-ipv4-unicast {
inter-as-vpn true
rapid-update true
}
}
group overlay-ebgp {
peer-as 65023
afi-safi evpn {
}
timers {
connect-retry 1
minimum-advertisement-interval 1
}
trace-options {
flag update {
modifier detail
}
}
}
group overlay-ibgp {
peer-as 65001
afi-safi evpn {
}
timers {
connect-retry 1
minimum-advertisement-interval 1
}
trace-options {
flag update {
modifier detail
}
}
}
neighbor 10.4.5.2 {
peer-group overlay-ebgp
}
neighbor 10.4.6.2 {
peer-group overlay-ebgp
}
neighbor 10.0.0.1 {
peer-group overlay-ibgp
}
}
ldp {
admin-state enable
dynamic-label-block range-1-ldp
discovery {
interfaces {
interface ethernet-1/10.0 {
ipv4 {
admin-state enable
}
}
interface ethernet-1/11.0 {
ipv4 {
admin-state enable
}
}
interface ethernet-1/12.0 {
ipv4 {
admin-state enable
}
}
}
}
}
isis {
dynamic-label-block range-3-srgb
instance i14 {
admin-state enable
instance-id 1
level-capability L2
iid-tlv true
net [
49.0001.0000.0000.0004.00
]
segment-routing {
mpls {
dynamic-adjacency-sids {
all-interfaces true
}
}
}
interface ethernet-1/10.0 {
circuit-type point-to-point
ipv4-unicast {
admin-state enable
}
}
interface system0.0 {
passive true
ipv4-unicast {
admin-state enable
}
}
}
}
}
segment-routing {
mpls {
global-block {
label-range range-2-srgb
}
local-prefix-sid 1 {
interface system0.0
ipv4-label-index 4
}
}
}
--{ + candidate shared default }--[ system mpls ]--
A:br4# info
label-ranges {
static range-2-srgb {
shared true
start-label 100001
end-label 120000
}
static range-5-static-services {
shared false
start-label 3000
end-label 4000
}
dynamic range-1-ldp {
start-label 100
end-label 200
}
dynamic range-3-srgb {
start-label 120001
end-label 120999
}
dynamic range-4-evpn {
start-label 500
end-label 699
}
dynamic range-5-services {
start-label 1000
end-label 2000
}
dynamic range-6-bgp-lu {
start-label 122001
end-label 122201
}
}
services {
evpn {
dynamic-label-block range-4-evpn
}
network-instance {
dynamic-label-block range-5-services
}
}
The next-hop-self-route-reflector command requires the configuration of a border router as a RR. The behavior of this command is equivalent to the inter-as-vpn command, with one difference: the use of next-hop-self-route-reflector allows the border router to receive and readvertise routes to RR clients within the same AS.
BGP next-hop resolution for EVPN/IP-VPN routes
- inter-as-vpn
- nhsrr-evpn
- resolution of tunnels through a fallback to FIB lookup
- resolution of local and static routes to the next hop in the absence of resolving tunnels
- For
IP-VPN:
--{ * candidate shared default }--[ ]-- A:srl1# info network-instance default network-instance default { protocols { bgp { bgp-label { bgp-ipvpn { next-hop-resolution { } } } } }
- For
EVPN:
--{ * candidate shared default }--[ ]-- A:srl3# info network-instance default network-instance default { protocols { bgp { afi-safi evpn { next-hop-resolution { } } } } }
The next-hop-resolution configuration on the ASBR on the default network instance affects EVPN-MPLS routes but not EVPN-VXLAN routes. EVPN-VXLAN routes also ignore everything under the next-hop-resolution context.
The next-hop-resolution tunnel-resolution allowed-tunnel-types leaf restricts VXLAN and only allows MPLS tunnels.
- If the EVPN route type is an ES route (route type 4) then the route is resolved to any route in the default network instance route table, regardless of encapsulation type or node type.
- If the EVPN route type is different from an ES route, the following logic is
followed:
- If the route has an encapsulation type of VXLAN or if there is no encapsulation type found and default-received-encapsulation is set to VXLAN then the route is resolved over any RTM route.
- If the route has an encapsulation type of MPLS or default-received-encapsulation is set to MPLS then the resolution is selected based on the default network instance ASBR or service configuration.
Displaying next-hop-self route reflector and inter-AS option B information
You can display the service Incoming Label Mapping (ILM) information and the next hop resolution using the info from state command.
Swapped service labels
The following example displays the swapped labels using the info from state command. The BGP-RIB provides the state information for each imported and exported route.
// example for EVPN IFL route on a model B ASBR:
--{ candidate shared default }--[ ]--
A:br4# info from state network-instance default bgp-rib evpn rib-in-out rib-in-post ip-prefix-routes 10.0.0.2:3 ethernet-tag-id 0 ip-prefix-length 24 ip-prefix 10.20.20.
0/24 neighbor 10.4.5.2
network-instance default {
bgp-rib {
evpn {
rib-in-out {
rib-in-post {
ip-prefix-routes 10.0.0.2:3 ethernet-tag-id 0 ip-prefix-length 24 ip-prefix 10.20.20.0/24 neighbor 10.4.5.2 {
esi 00:00:00:00:00:00:00:00:00:00
gateway-ip 0.0.0.0
attr-id 125
last-modified "2024-04-10T12:46:50.200Z (2 hours ago)"
used-route false
valid-route true
best-route true
stale-route false
pending-delete false
tie-break-reason none
label {
value 122010 // received service label
value-type mpls-label
}
invalid-reason {
rejected-route false
as-loop false
next-hop-unresolved false
cluster-loop false
label-allocation-failed false
fib-programming-failed false
}
}
}
}
}
}
}
--{ candidate shared default }--[ ]--
A:br4# info from state network-instance default bgp-rib evpn rib-in-out rib-out-post ip-prefix-routes 10.0.0.2:3 ethernet-tag-id 0 ip-prefix-length 24 ip-prefix 10.20.20
.0/24 neighbor 10.0.0.1
network-instance default {
bgp-rib {
evpn {
rib-in-out {
rib-out-post {
ip-prefix-routes 10.0.0.2:3 ethernet-tag-id 0 ip-prefix-length 24 ip-prefix 10.20.20.0/24 neighbor 10.0.0.1 {
esi 00:00:00:00:00:00:00:00:00:00
gateway-ip 0.0.0.0
attr-id 147
next-hop 10.0.0.4
label {
value 122007 // advertised label, 122010 is swapped to 122007
value-type mpls-label
}
}
}
}
}
}
}
Next hop state in VRF for Inter-AS Option B
The swapped label value is used to find the next hop resolution.
// The service label entry 122007 provides the NHG and next hop
--{ candidate shared default }--[ ]--
A:br4# info from state network-instance default route-table mpls label-entry 122007
network-instance default {
route-table {
mpls {
label-entry 122007 {
operation swap
entry-type bgp
last-app-update "2024-04-10T12:46:50.185Z (2 hours ago)"
next-hop-group 373030816119
}
}
}
}
--{ candidate shared default }--[ ]--
A:br4# info from state network-instance default route-table next-hop-group 373030816119
network-instance default {
route-table {
next-hop-group 373030816119 {
backup-next-hop-group 0
fib-programming {
last-successful-operation-type add
last-successful-operation-timestamp 2024-04-10T11:57:16.328Z
pending-operation-type none
last-failed-operation-type none
}
next-hop 0 {
next-hop 373030816115
resolved true
}
}
}
}
// In this example, the next hop is resolved to a local route 10.4.5.0 (ASBRs using single hop eBGP session)
--{ candidate shared default }--[ ]--
A:br4# info from state network-instance default route-table next-hop 373030816115
network-instance default {
route-table {
next-hop 373030816115 {
type indirect
ip-address 10.4.5.2
resolving-route {
ip-prefix 10.4.5.0/30
route-type local
route-owner net_inst_mgr
}
mpls {
pushed-mpls-label-stack [
122010
]
}
}
}
}
MPLS route table
The following example displays the the MPLS route table which summarizes the swap operation, incoming label, outgoing label, and associated next hop.
--{ candidate shared default }--[ ]--
A:br4# show network-instance default route-table mpls
+--------+-----------+---------+-----------+----------------------+-----------------+---------------+
| Label | Operation | Type | Next | Next-hop IP | Next-hop | Next-hop MPLS |
| | | | Net-Inst | (Type) | Subinterface | labels |
+========+===========+=========+===========+======================+=================+===============+
| 100 | POP | ldp | default | | | |
| 100002 | SWAP | sr-mpls | N/A | 10.1.4.1 (mpls) | ethernet-1/10.0 | 100002 |
| 100005 | POP | sr-mpls | default | | | |
| 120002 | SWAP | sr-mpls | N/A | 10.1.4.1 (mpls) | ethernet-1/10.0 | IMPLICIT_NULL |
| 122001 | SWAP | bgp | N/A | 10.0.0.1 (indirect) | | 1002 |
| 122002 | SWAP | bgp | N/A | 10.0.0.1 (indirect | | 1001 |
| 122003 | SWAP | bgp | N/A | 10.0.0.1 (indirect) | | 1003 |
| 122004 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122008 |
| 122005 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122011 |
| 122006 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122007 |
| 122007 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122010 |
| 122008 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122014 |
| 122009 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122009 |
| 122010 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122012 |
| 122011 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122013 |
+--------+-----------+---------+-----------+----------------------+-----------------+---------------+
// 122007 swapped with 122010 with next hop 10.4.5.2