Inter-domain EVPN IFL and IP-VPN in a single IP-VRF BGP instance

Note: This feature is supported on 7250 IXR Gen 2, 7250 IXR Gen 2c+, 7220 IXR-Dx, and 7730 SXR platforms.

The inter-domain EVPN IFL/IP-VPN solution is applicable to IP-VRF network instances that use a single BGP instance (enabled through either BGP-EVPN or BGP IP-VPN). This solution can be used to interconnect two domains seamlessly through a gateway.

Gateways provide IGP isolation between domains so that nodes in each domain do not need end-to-end visibility of all loopbacks in the network; they only need tunnels to the gateways. In the overlay layer, gateways provide prefix aggregation or advertise a single default route to the access domain to contain the number of routes that the access nodes need to program in their forwarding information bases (FIBs).

The following figure illustrates an example of how this inter-domain solution for Layer 3 services can be applied. In this scenario, there are two domains: an EVPN-VXLAN access domain and an EVPN-VXLAN core domain. Each domain runs its own IGP instance and loopback IP addresses are not leaked between them. This minimizes the number of VXLAN tunnels required on the access routers. Gateways GW1 and GW2 are configured with an IP-VRF that has EVPN-VXLAN IFL enabled, allowing them to redistribute EVPN IP Prefix routes between the two domains.

Figure 1. Inter-domain Layer 3 solution
The following example shows the configuration of an IP-VRF in the gateways.
--{ * candidate shared default }--[ network-instance IP-VRF ]--
A:root@srl1# info with-context
    network-instance IP-VRF {
        type ip-vrf
        vxlan-interface vxlan0.1 {
        }
        protocols {
            bgp-evpn {
                bgp-instance 1 {
                    vxlan-interface vxlan0.1
                }
            }
            bgp-vpn {
                allow-export {
                }
                bgp-instance 1 {
                }
            }
        }
    }

The configuration of allow-export is only supported in IP-VRF network instances and provides the following functionalities:

  • Received EVPN IFL or IP-VPN routes are re-exported to the configured BGP peers. In IP-VRF network instances that contain both BGP-EVPN and BGP-IPVPN instances, EVPN IFL or IP-VPN routes are automatically re-exported to the BGP-IPVPN instance without the allow-export command.

  • Received EVPN IFL routes are imported and re-advertised using the local RD/RT, next-hop, or mac-nh.

  • Local label or VNI is advertised with the routes, which preserves the VNI in VXLAN routes end-to-end.

  • Non-EVPN BGP attributes are propagated.

  • In EVPN IFL, the preceding functionality is supported regardless of the encapsulation in the network instance (VXLAN or MPLS).

Note: The allow-export command should be used with caution, as it causes the router to export IP-VRF imported routes to all BGP peers, including the peers from which the routes were originally received. To prevent re-advertising routes back to their source peers and avoid routing loops in scenarios with redundant gateways, routing policies must be applied to filter unwanted advertisements.