Professional Documents
Culture Documents
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deck Update tracking
• I’m not tracking cosmetic changes or minor updates ;) be sure you always download latest version
• Feb12/2019 – Cisco Live Barcelona deck – baseline
• Jun 6/2019 – FXC, VPLS migration, VPLS&EVPN Interconnect
• Jun 7/2019 – Troubleshooting Hints
• Jun 28/2019 – VPWS&EVPN Interconnect
• Aug 1/2019 – EVPN Timers
• Nov 2019 – BGP L3 Interconnect change
• Apr 2020 – EVPN Principles – more details
• Apr 2020 – 7.1.1 EVPN Single-Active EVPN-VPWS Single-Active, evpn balancing modes, symmetric/asymmetric IRB,
centralized GW
• Jun 2020 – EVPN/EVPN-VPWS EVI best practice
• Apr 2022 – additional features section (CW NCS)
• Apr 2022 – Transport integration
• Apr 2022 – Single-Flow-Active (SFA)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
April 2022
Agenda
• EVPN Basic Principles
• EVPN L2 All-Active Multihomed Service
• EVPN Distributed L3 Anycast Gateway
• EVPN & VPNv4/6 Interconnect
• EVPN Single-Active
• EVPN Routes - Summary
• EVPN-VPWS All-Active Multihomed Service
• EVPN-VPWS Flexible Cross-Connect (FXC)
• EVPN Interconnect & Seamless Integration/Migration (L2 Services)
• EVPN Troubleshooting Hints
• EVPN Timers
• Conclusion
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
From Mac Bridging to Mac Routing
Common BGP Control Plane
EVPN, VPNv4/6 Overlay
Evolution:
Underlay
Segment Routing (SR: MPLS, SRv6) SR, VXLAN SR, VXLAN
Leaf
VM
PE1 DCI1
Spine Spine
Leaf
VM
A1 Access WAN/Core
Leaf
PE2 DCI2 VM
Compass
Unified MPLS EPN 5.0 Metro Fabric
Provisioning NETCONF NETCONF
YANG YANG
Programmability
PCE
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Next-Generation Solutions for L2VPN
Solving VPLS challenges for per-flow Redundancy
M1 M2
CE1 PE1 PE3 CE2
Echo !
• Existing VPLS solutions do not offer an All-
PE2 PE4
Active per-flow redundancy
• Looping of Traffic Flooded from PE M1 Duplicate !
M2
CE1 PE1 PE3 CE2
• Duplicate Frames from Floods from the Core
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MPLS Transport & BGP Service
BGP L3VPN/ L3 EVPN BGP L2VPN EVPN
BGP Signaling BGP Signaling BGP Signaling BGP Signaling
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Advantages:
Integrated • Integrated Layer 2 and Layer 3 VPN services
Services • L3VPN-like principles and operational experience for scalability and control
• All-active Multi-homing & PE load-balancing (ECMP)
• Fast convergence (link, node, MAC moves)
Network
• Control-Place (BGP) learning. PWs are no longer used.
Efficiency
• Optimized Broadcast, Unknown-unicast, Multicast traffic delivery
• Choice of MPLS, VxLAN or SRv6 data plane encapsulation
Service • Support existing and new services types (E-LAN, E-Line, E-TREE)
Flexibility • Peer PE auto-discovery. Redundancy group auto-sensing
Fully support IPv4 and IPv6 in the data plane and control plane
Investment •
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Concepts
EVPN Instance (EVI) Ethernet Segment BGP Routes BGP Route Attributes
SHD CE1
Route Types Extended Communities
ESI1 PE1 [1] Ethernet Auto-Discovery (AD) Route ESI MPLS Label
BD EV
I
PE2
I
• EVI identifies a VPN in the • Represents a ‘site’ connected • New SAFI [70] • New BGP extended
network to one or more PEs • Routes serve control communities defined
• Encompass one or more • Uniquely identified by a 10- plane purposes, • Expand information
bridge-domains, byte global Ethernet including: carried in BGP routes,
depending on service Segment Identifier (ESI) MAC address reachability including:
interface type • Could be a single device MAC address moves
MAC mass withdrawal
Port-based or an entire network Redundancy mode
Split-Horizon label adv.
VLAN-based (shown above) Single-Homed Device (SHD) MAC / IP bindings of a GW
Aliasing
VLAN-bundling Multi-Homed Device (MHD) Split-horizon label encoding
Multicast endpoint discovery
Single-Homed Network (SHN) Redundancy group discovery Data plane Encapsulation
Multi-Homed Network (MHN) Designated forwarder election
IP address reachability
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L2/L3 Integration
EVPN - Load-Balancing Modes
6.X.X 7.1.1 7.1.2
All-Active Single-Active Port-Active
(per flow) (per VLAN) (per port)
V1 V1 V1 V2 V1, V2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - load-balancing modes
Multi-Homed Interface Default Mode Supported Mode
Bundle Interface All-Active All-Active
Single-Active
Port-Active
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Route Distinguisher (RD) & Route Target (RT) – VPNv4/6
Reminder
• Route Distinguisher - makes IPv4/IPv6 prefix globally unique
• Route Target Extended Community – “tag” IPv4/IPv6 prefix for selective import/export
RD
1:1
VRF_A
RT
Export 10:10 VRF_A
RT
BGP VPNv4:
X.X.X.0/24 Import 10:10
1:1_X.X.X.0/24 RT:10:10
2:2_X.X.X.0/24 RT:20:20
RD X.X.X.0/24
2:2
VRF_B VRF_B
RT RT
Export 20:20 Import 20:20
X.X.X.0/24 X.X.X.0/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Route Distinguisher (RD) & Route Target (RT) – VPNv4/6
Reminder
• Route Distinguisher - makes IPv4/IPv6 prefix globally unique
• Route Target Extended Community – “tag” IPv4/IPv6 prefix for selective import/export
RD
1:1
VRF_A
RT VRF_A
Export 10:10 RT
BGP VPNv4: Import 10:10
X.X.X.0/24 1:1_X.X.X.0/24 RT:10:10
2:2_Y.Y.Y.0/24 RT:10:10 X.X.X.0/24
RD Y.Y.Y.0/24
2:2
VRF_B VRF_B
RT RT
Export 10:10 Import 20:20
Y.Y.Y.0/24 Empty
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Route Distinguisher (RD) and Route Target (RT) Allocation
.1
MAC-A RT
BE1
R36 example BGP RouterID 3.3.3.36, BGP-AS: 1, EVI 100: IP-A 1:100
BE1 - ESI1
Per-Node RD: 3.3.3.36:0,1,2 Vlan1
BE 1
MAC-B 1:101
Per-Node/Per-EVI RT: 1:100
.2
IP-B
BD2 EVI101
RD
3.3.3.36:100
BD1 EVI100
1
MAC-A RT
.
BE1
IP-A 1:100
BE1 - ESI1
Vlan1
Vlan2
RT
BE 1
MAC-B 1:101
.2
IP-B
BD2 EVI101
RD
3.3.3.36:101
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Service ID available from IOS-XR 7.1.1+
EVPN-VPWS - Instance Source/Target is used before IOS-XR 7.1.1
See more detail in “EVPN-VPWS” section
• EVPN-VPWS (ELINE) Instance is identified by EVI ID and Service ID
• Best Practice is to Autogenerate Route-Target (RT) => EVI ID becomes global unique
• IOS-XR Autogenerates RT by default
• Service ID* provides additional instance granularity under single EVI ID
R36 RD R36 RD
Different EVI ID is used per EVPN-VPWS Instance 3.3.3.36:0 Single EVI ID for multiple EVPN-VPWS Instances 3.3.3.36:0
RD RD
3.3.3.36:100 3.3.3.36:102
.1
1
MAC-A MAC-A
.
BE1
BE1
10 1:100 10 1:102
IP-A IP-A
BE1 - ESI1 BE1 - ESI1
Vlan1 Vlan1
Vlan2 Vlan2
BE 1
BE 1
Service ID RT Service ID RT
MAC-B 20 1:101 MAC-B 20 1:102
.2
.2
IP-B P2P EVI101 IP-B P2P EVI102
RD RD
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3.3.3.36:101 3.3.3.36:102
EVPN-VPWS EVI ID – Best Practice
• One EVI ID for All EVPN-VPWS Instances per Site Pair
• Example: EVI ID: 102, Service ID 10
• Site(PE1/PE2) and Site (PE3/PE4) => EVI 102 EVI ID: 102, Service ID 20
• Site(PE1/PE2) and Site (PE5) => EVI103
• Site(PE3/PE4) and Site (PE5) => EVI104
CE1 PE2 PE4 CE2
CE3
PE5 CE4
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Ethernet VPN
• Concepts are same!!! Pick your side!
C1 C2
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Ethernet-Segment for Multi-Homing
L1 and L2 (L3 and L4) have to know if they multi-home same broadcast domain
SP1 SP2
The bundle on the Leafs
connecting to a node should have
Identical ES identifier (ESI)
L1 L2 L3 L4
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Ethernet VPN
MAC address advertisement and MAC address table synchronization
Leaves run Multi-Protocol BGP to advertise & learn MAC addresses over the Network
MAC addresses are advertised to rest of Leaves
L3/4 – Learn MAC address advertised by L1
L2 – uses MAC address advertised by L1 to synchronize MAC address table
-> L2 forwards MAC via local ETH interface represented by same Ethernet Segment between L1 and L2
SP1 SP2
L1 L2 L3 L4
Data Plane learning
from the hosts
All Active multi-homing
C1 C2 Ethernet Segment
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN L2 All-Active Multihomed
Service
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Testbed
RR103 RR104
LACP R39
H2
R38 R35
H1
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Configuration CE has to receive same lacp system
MAC
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Configuration - BGP
router bgp 1
bgp router-id 3.3.3.36
address-family l2vpn evpn
!
neighbor-group rr
remote-as 1
update-source Loopback0 BGP EVPN CP
address-family l2vpn evpn
!
neighbor 3.3.3.103
use neighbor-group rr
!
neighbor 3.3.3.104
use neighbor-group rr
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ethernet Segment
R36#show evpn ethernet-segment
Mon Oct 15 13:27:44.402 UTC
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ethernet Segment
R36#show evpn ethernet-segment esi 0036.3700.0000.0000.1100 detail
.....
Ethernet Segment Id Interface Nexthops
------------------------ ---------------------------------- --------------------
0036.3700.0000.0000.1100 BE100 3.3.3.36
3.3.3.37
ES to BGP Gates : Ready
ES to L2FIB Gates : Ready
Main port :
Interface name : Bundle-Ether100
Interface MAC : 008a.9644.d8dd
IfHandle : 0x0800001c
State : Up
Redundancy : Not Defined
ESI type : 0
Value : 36.3700.0000.0000.1100
ES Import RT : 3637.0000.0000 (from ESI)
Source MAC : 0000.0000.0000 (N/A)
Topology :
Operational : MH, All-active
Configured : All-active (AApF) (default)
Service Carving : Auto-selection
Peering Details : 3.3.3.36[MOD:P:00] 3.3.3.37[MOD:P:00]
Service Carving Results:
Forwarders : 1
Permanent : 0
Elected : 1
Not Elected : 0
MAC Flushing mode : STP-TCN
Peering timer : 3 sec [not running]
Recovery timer : 30 sec [not running]
Carving timer : 0 sec [not running]
Local SHG label : 64005
Remote SHG labels : 1
64005 : nexthop 3.3.3.37
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Instance View
R36#show evpn evi vpn-id 100 detail
Statistics:
Packets Sent Received
Total : 0 0
Unicast : 0 0
BUM : 0 0
Bytes Sent Received
Total : 0 0
Unicast : 0 0
BUM : 0 0
RD Config: none
RD Auto : (auto) 3.3.3.36:100
RT Auto : 1:100
Route Targets in Use Type
------------------------------ ---------------------
1:100 Import
1:100 Export
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – BUM Ingress Replication
Two service labels per EVPN instance
BUM Label – to forward Broadcast, Unknown Unicast and Multicast
Unicast Label – to forward Unicast
SP1 SP2
BU
BU
BU
M
M
M
L1 L2 L3 L4
BU
M
C1 C2
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN BGP - Inclusive Multicast Route 0x3
• Usage:
• Multicast tunnels used to transport Broadcast, Multicast and Unknown Unicast frames (BUM)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
PMSI Tunnel Attribute - RFC6514
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-3 Inclusive Multicast
R36#show bgp l2vpn evpn rd 3.3.3.36:100 [3][0][32][3.3.3.36]/80
Mon Oct 15 13:10:17.010 UTC
BGP routing table entry for [3][0][32][3.3.3.36]/80, Route Distinguisher: 3.3.3.36:100
Versions:
Process bRIB/RIB SendTblVer RT-3
Speaker 39774 39774
Last Modified: Aug 31 01:37:02.399 for 6w3d
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 39774
Extended community: RT:1:100 EVI 100 Route-Target
PMSI: flags 0x00, type 6, label 64120, ID 0x03030324
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Designated Forwarder (DF)
Challenge:
How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed Ethernet Segment?
If (L3 and L4) Multi-Homing access via same Ethernet Segment -> only one of them can forward traffic to access
Same for (L1 and L2)
SP1 SP2
L1 L2 L3 L4
NDF DF
C1 Duplicate C2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DF Election per EVI/ESI - Algorithm
Service Carving
Nodes Position EVIs
R36
R37
0
1
+ 100
0x06
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-4 Ethernet Segment Router
R36#show bgp l2vpn evpn rd 3.3.3.36:0 [4][0036.3700.0000.0000.1100][32][3.3.3.36]/128
Mon Oct 15 03:24:50.736 UTC
BGP routing table entry for [4][0036.3700.0000.0000.1100][32][3.3.3.36]/128, Route Distinguisher: 3.3.3.36:0
Versions:
Process bRIB/RIB SendTblVer
Ethernet Segment Identifier (ESI)
Speaker 82835 82835 RT-4
Last Modified: Oct 14 21:32:13.399 for 05:52:37
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 82835
Extended community: EVPN ES Import:3637.0000.0000 DF Election:00:0:00
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Split Horizon
Challenge:
How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Transport
BUM Label Label
SP1 SP2
SH Label
L1 L2
C1 Echo !
VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Split Horizon
Challenge:
How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Transport
BUM Label Label
SP1 SP2
SH Label
L1 L2
C1 Echo !
C11
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – MAC Mass-Withdraw
Challenge:
How to inform other Leafs of a failure affecting many MAC addresses quickly while the
control-plane re-converges?
L1 L2 L3 L4
MAC1 can NOT be
reached via ESI1
C1 C2
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ESI1 MAC1
EVPN BGP - Ethernet Auto-discovery Route 0x1
Two flavors:
Per-ESI Ethernet A-D route Per-EVI Ethernet A-D route
• Advertise Split-Horizon Label associated with
an Ethernet Segment
• Used for MAC Mass-Withdraw
• Tagged with ESI MPLS Label Extended
Community
MAX-ET=0xFFFFFFFF
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ESI Label Extended Community
Usage:
• Used to tag the Ethernet AD Route per ESI
• Advertises the Split-Horizon Label for the Ethernet Segment
• Indicates the Redundancy Mode: Single Active vs. All-Active
0x06
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-1 Per ESI Ethernet Auto-Discovery
R36#show bgp l2vpn evpn rd 3.3.3.36:0 [1][3.3.3.36:1][0036.3700.0000.0000.1100][4294967295]/184
Sun Oct 14 20:56:59.687 UTC
BGP routing table entry for [1][3.3.3.36:1][0036.3700.0000.0000.1100][4294967295]/184, Route Distinguisher: 3.3.3.36:0
Versions:
Process bRIB/RIB SendTblVer RD - unique per advertising Ethernet Segment Identifier (ESI)
Speaker 76372 76372 RT-1 node (R36 unique)
Local Label: 0
Last Modified: Sep 18 23:02:40.399 for 3w4d
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 76372
Extended community: EVPN ESI Label:0x00:64005 RT:1:100 EVI(s) Route-Target
All EVI(s) which use this ESI
RT-4 - DF Election
H1 ESI: 0036.3700.0000.0000.1100
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
RT-1 - Per ESI Ethernet AD
R38 R35
RD: 1.1.1.36:1
ESI: 0036.3700.0000.0000.1100
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-3 - Inclusive Multicast
R38 R35
RD: 1.1.1.36:100
Ext-Com: Type 6 Ingress-Replication
Multicast(BUM) Label: 64120
LACP R37 R34
Ext-Com: 1:100 (RT)
H1
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BUM Forwarding
BUM - Traffic
IR BUM - Traffic
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BUM Forwarding
X
LACP R37 R34
Transport Label R37
H1 BUM Label R37/EVI100
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN BGP - MAC Advertisement Route 0x2
Unique per Advertising PE per EVI
ESI of Ethernet Segment on which MAC
Address was learnt. All 1s ESI for PBB-
8 bytes RD EVPN
Set to VLAN or I-SID for VLAN-Aware
10 bytes Ethernet Segment Identifier
Bundling Service interface, otherwise 0
4 bytes Ethernet Tag ID
Allows for MAC Address ‘summarization’, i.e.
1 byte MAC Address Length hierarchical MAC Addresses. Typically set to
6 bytes MAC Address 48
Could be C-MAC Address (EVPN) or B-MAC
1 byte IP Address Length Address (PBB-EVPN)
To distinguish IPv4 vs. IPv6 addresses.
4 or 16 IP Address
0x06
0x00
Set to 0
2 bytes Reserved
Indicates the count of MAC address mobility
4 bytes Sequence Number events
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-2 MAC Advertisement
R36#show bgp l2vpn evpn rd 3.3.3.36:100 [2][0][48][0062.ec71.fbd7][0]/104
Mon Oct 15 04:33:39.527 UTC
BGP routing table entry for [2][0][48][0062.ec71.fbd7][0]/104, Route Distinguisher: 3.3.3.36:100
Versions:
Process bRIB/RIB SendTblVer
Speaker 83317 83317 RT-2 Advertised MAC
Local Label: 64004
Last Modified: Oct 15 04:32:31.399 for 00:01:08
Paths: (2 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 83317
Extended community: SoO:3.3.3.37:100 RT:1:100 R36 Re-Advertised
EVPN ESI: 0036.3700.0000.0000.1100
Path #2: Received by speaker 0
Not advertised to any peer
Local
3.3.3.37 (metric 30) from 3.3.3.103 (3.3.3.37)
Received Label 64004
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: SoO:3.3.3.37:100 RT:1:100 R37 MAC DP Learned and
Originator: 3.3.3.37, Cluster list: 3.3.3.103 Advertised
EVPN ESI: 0036.3700.0000.0000.1100
© 2022
Source AFI:
Cisco and/or L2VPN
its affiliates. EVPN,
All rights Source
reserved. VRF: default, Source Route Distinguisher: 3.3.3.37:100
Cisco Confidential
R36: RT-2 MAC Advertisement
R36#show evpn evi mac
Mon Oct 15 20:57:14.505 UTC
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-2 - MAC Advertisement
4. RT2: MAC Advertisement R38 R35
RD: 1.1.1.36:100
ESI: 0036.3700.0000.0000.1100
H1 Label: 64004
L2 Frame SMAC:
0062.ec71.fbd7
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unicast Forwarding
L2 Frame Flow1
Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
H1
R36
L2 Frame Flow1
DMAC: H1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Aliasing
Challenge:
How to load-balance traffic towards a multi-homed device across multiple Leafs when
MAC addresses are learnt by only a single Leaf?
L1 L2 L3 L4
MAC1 can be
reached via ESI1
C1 C2
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ESI1 MAC1
57
EVPN BGP - Ethernet Auto-discovery Route 0x1
Two flavors:
Per-ESI Ethernet A-D route Per-EVI Ethernet A-D route
• Advertise Split-Horizon Label associated with an • Advertise VPN label used for Aliasing or
Ethernet Segment Backup-Path
• Used for MAC Mass-Withdraw
• Tagged with ESI MPLS Label Extended
Community
Unique per Advertising PE per EVI
Unique per Advertising PE
8 bytes RD ESI of Ethernet Segment
ESI of Ethernet Segment
10 bytes Ethernet Segment Identifier Set to VLAN or I-SID for VLAN-
MUST be set to MAX-ET Aware Bundling Service interface,
4 bytes Ethernet Tag ID
MUST be set to 0 otherwise 0
3 bytes MPLS Label VPN (Aliasing) Label per (ESI,
Route Type specific encoding of E-VPN NLRI Ethernet Tag)
MAX-ET=0xFFFFFFFF
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-1 Per EVI Ethernet Auto-Discovery
RP/0/RP0/CPU0:R36#show bgp l2vpn evpn rd 3.3.3.36:100 [1][0036.3700.0000.0000.1100][0]/120
Mon Oct 15 03:35:13.604 UTC
BGP routing table entry for [1][0036.3700.0000.0000.1100][0]/120, Route Distinguisher: 3.3.3.36:100
Versions:
Process bRIB/RIB SendTblVer Ethernet Segment Identifier (ESI)
Speaker 79640 7964 RT-1
Last Modified: Oct 12 17:40:06.399 for 2d09h
Paths: (2 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 39769
Path #2: Received by speaker 0
Not advertised to any peer
Local
3.3.3.37 (metric 30) from 3.3.3.103 (3.3.3.37) Aliasing Label allocated by R37 for EVI 100
Received Label 64004
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:1:100 EVI 100 Route-Target
Originator: 3.3.3.37, Cluster list: 3.3.3.103
© Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.37:100
2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-1 - Per EVI Ethernet AD
4. RT2: MAC Advertisement R38 R35
RD: 1.1.1.36:100
5. RT1: Per EVI Ethernet Auto-Discovery
ESI: 0036.3700.0000.0000.1100
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unicast Forwarding
L2 Frame Flow1
Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
H1
R36
L2 Frame Flow1
DMAC: H1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unicast Forwarding
L2 Frame Flow2
DMAC: H1
L2 Frame Flow1
Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
H1
R36
L2 Frame Flow1
DMAC: H1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Unicast Forwarding
L2 Frame Flow2
DMAC: H1
L2 Frame Flow1
Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
H1
Per Flow Balancing via R36 and R37 - Aliasing
R36
L2 Frame Flow1
DMAC: H1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – MAC Mobility
Challenge:
How to detect the correct location of MAC after the movement of host from one Ethernet
Segment to another also called “MAC move”?
C1 C2
VM
Host move
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Distributed L3 Anycast
Gateway
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Distributed Symmetric Anycast Gateway
Leaves run Multi-Protocol BGP to advertise & learn MAC + HOST IP addresses over the Network
MAC + IP addresses are advertised to rest of Leaves
L3/4 – Learn MAC + IP HOST address advertised by L1
-> L2/L3 update MAC address table + IP Forwarding table
L2 – uses MAC address advertised by L1 to synchronize MAC address table
-> L2 forwards MAC via local ETH interface represented by same Ethernet Segment between L1 and L2
L2 – uses MAC + IP HOST address advertised by L1 to synchronize ARP/ND information
-> L2 forwards IP via local ETH interface
Identical Anycast Gateway Virtual IP
Distributed Anycast Gateway serves as and MAC address are configured on all
the gateway for connected hosts SP1 SP2 the Leafs
L1 L2 L3 L4
All the BVIs perform active forwarding in
contrast to active/standby like First-hop
routing protocol
C1 C2
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – IRB in Network Fabric
Intra-subnet
Forwarding
Inter-subnet
Forwarding
SP1 SP2
L1 L2 L3 L4
C1 C2 C3 C4
VM VM VM VM
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Distributed vs Centralized Routing
Layer2 Bridging mandatory between Leaves only Layer2 Bridging mandatory between Leaves and DCI
IRB
L4 X.X.X.H2/24 L4 X.X.X.H2/24
H2 H2
IRB
CO IRB
CO
IRB
L2 L2
DCI1 SP1 DCI1 SP1
H1 H1
X.X.X.H1/24 X.X.X.H1/24
L1 IRB L1
• Optimized forwarding of east-west traffic • All east<->west routed traffic traverses to centralized gateways
• ARP/MAC state localized to Leafs • Centralized gateways have full ARP/MAC state in the DCI
• Helps with horizontal scaling of DC • Scale challenge
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Symmetric vs Asymmetric - Integrated Routing and Bridging (IRB)
Symmetric Asymmetric
IRB
IRB IRB
L4 Y.Y.Y.H2/24 L4 Y.Y.Y.H2/24
H2 H2
IRB
CO CO IRB
IRB IRB
L2 L2
SP1 SP1
H1 H1
IRB
X.X.X.H1/24
L1 IRB
X.X.X.H1/24 L1 IRB
• Ingress and Egress Leaf – Routing and Bridging • Ingress Leaf – Routing and Bridging
• ARP/MAC Entries optimization • Egress Leaf – Bridging Only!
• L1/L2 MAC/ARP of Hosts from X.X.X.0/24 only • ARP/MAC Entries optimization
• L3/L4 MAC/ARP of Hosts from Y.Y.Y.0/24 only • L1/L2 MAC/ARP of Hosts from X.X.X.0/24 and Y.Y.Y.0/24
• • L3/L4 MAC/ARP of Hosts from Y.Y.Y.0/24 and X.X.X.0/24
Horizontally scalable solution
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Limited Scale
EVPN Distributed L3 Anycast GW - Symmetric IRB
Anycast IRB 192.168.2.1/24
RR103 RR104
IRB
LACP R39
R38 R35
IRB
LACP R37 R34
H1: 192.168.1.10/24 H1
IRB
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Configuration - IRB
cef adjacency route override rib
prefer adjacency /32 (ARP) route over RIB
evpn
no evi 100
IOS-XR 6.0+
no advertise-mac AIB has the lowest priority by default (LSD>RIB>AIB)
!
interface BVI100
host-routing MAC/IP RT2
vrf a
ipv4 address 192.168.1.1 255.255.255.0
mac-address 3637.3637.3637 Anycast Distributed IRB: Same IP and MAC
! R36,R37
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Configuration - BGP VRF
router bgp 1
bgp router-id 3.3.3.36
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor-group rr
remote-as 1
update-source Loopback0
address-family l2vpn evpn
!
neighbor 3.3.3.103
use neighbor-group rr
!
neighbor 3.3.3.104
use neighbor-group rr
!
vrf a
rd auto
address-family ipv4 unicast
additional-paths receive
maximum-paths ibgp 2 BGP Multi-Path for Inter-subnet forwarding
redistribute connected
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-2 MAC/IP Advertisement
R36#show bgp l2vpn evpn rd 3.3.3.36:100 [2][0][48][0062.ec71.fbd7][32][19$
Tue Oct 16 02:47:45.576 UTC
BGP routing table entry for [2][0][48][0062.ec71.fbd7][32][192.168.1.10]/136, Route Distinguisher: 3.3.3.36:100
Versions:
Process bRIB/RIB SendTblVer
Speaker 84847 84847 RT-2 Advertised MAC IP
Last Modified: Oct 15 23:14:52.399 for 03:32:53
Paths: (2 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (3.3.3.36)
Second Label 64008
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 84838
Extended community: SoO:3.3.3.37:100 RT:1:100 RT:100:100
EVPN ESI: 0036.3700.0000.0000.1100
RT EVI 100 and RT VRF A
Path #2: Received by speaker 0
RT-2 per-BD label
Not advertised to any peer
Local
3.3.3.37 (metric 30) from 3.3.3.103 (3.3.3.37) VRF Agg label
Received Label 64004, Second Label 64008
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: SoO:3.3.3.37:100 RT:1:100 RT:100:100 RT EVI 100 and RT VRF A
Originator: 3.3.3.37, Cluster list: 3.3.3.103
EVPN ESI: 0036.3700.0000.0000.1100
© 2022
Source
Cisco and/orAFI: L2VPN
its affiliates. EVPN,
All rights Source
reserved. VRF: default, Source Route Distinguisher: 3.3.3.37:100
Cisco Confidential
RP/0/RP0/CPU0:R36#
R36: RT-2 MAC/IP
R36#show evpn evi mac
Tue Oct 16 02:52:22.437 UTC
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: VRF Routes
R36#show route vrf a
Tue Oct 16 02:46:34.463 UTC
EVPN Learned Route BGP Multi Path to H2 connected to R38 and R39
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: AIB preference
R36#show cef vrf a 192.168.1.10
Tue Oct 16 02:48:21.376 UTC
192.168.1.10/32, version 9605, internal 0x1020001 0x0 (ptr 0x97c135fc) [1], 0x0 (0x97dda968), 0x0 (0x0)
Updated Oct 15 23:14:52.111
local adjacency 192.168.1.10
Prefix Len 32, traffic index 0, Adjacency-prefix, precedence n/a, priority 3
via 192.168.1.10/32, BVI100, 3 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0x98750da0 0x0]
next hop 192.168.1.10/32
local adjacency
IOS-XR 6.0+
AIB has the lowest priority by default (LSD>RIB>AIB)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: VRF A - CEF
R36#show cef vrf a 192.168.2.20/32
Tue Oct 16 03:15:50.092 UTC
192.168.2.20/32, version 9613, internal 0x5000001 0x0 (ptr 0x97c14154) [1], 0x0 (0x0), 0x208 (0x98a06600)
Updated Oct 15 23:18:06.305
Prefix Len 32, traffic index 0, precedence n/a, priority 3
via 3.3.3.38/32, 5 dependencies, recursive, bgp-multipath [flags 0x6080]
path-idx 0 NHID 0x0 [0x97256420 0x0]
recursion-via-/32 VRF Agg label
next hop VRF - 'default', table - 0xe0000000
next hop 3.3.3.38/32 via 16038/0/21
next hop 35.36.1.35/32 Te0/0/0/39 labels imposed {16038 64004}
next hop 34.36.1.34/32 Te0/0/0/38 labels imposed {16038 64004}
via 3.3.3.39/32, 5 dependencies, recursive, bgp-multipath [flags 0x6080]
path-idx 1 NHID 0x0 [0x97257178 0x0]
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
next hop 3.3.3.39/32 via 16039/0/21
next hop 35.36.1.35/32 Te0/0/0/39 labels imposed {16039 64004}
next hop 34.36.1.34/32 Te0/0/0/38 labels imposed {16039 64004}
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36, R37, R38, R39 - EVPN Startup
R36 - Example Anycast IRB 192.168.2.1/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
Principles
• DCI/BL provides Layer3 Interconnect
• DCI/BL participates in L3 Routing, but not in Layer2 Bridging
• DCI/BL summarization is required/recommended Layer2 Bridging Required over Leaves
IRB
L4 X.X.X.H2/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
L1 IRB
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
DCI/BL Summarization
Host-Routes are not required outside CO/DC
L3/4 VRF FIB:
PE/DCI3 VRF FIB: DCI1/2 VRF FIB: X.X.X.H1 -> L1, L2
X.X.X.H1 -> DC1, DCI2 X.X.X.H1 -> L1, L2 X.X.X.H2 -> IRB(local)
X.X.X.H2 -> DCI1, DCI2 X.X.X.H2 -> L3, L4 X.X.X.0/24 -> IRB(local)
X.X.X.0/24 -> DC1, DCI2 X.X.X.0/24 -> L1, L2, L3, L4 Z.Z.Z.0/24 -> DCI1, DCI2
Z.Z.Z.0/24 -> CE1 Z.Z.Z.0/24 -> PE3
IRB
L4 X.X.X.H2/24
H2
X.X.X.H1/24
L1 IRB
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
Control Plane
BGP - L3VPN VPNv4/6 BGP - L3VPN VPNv4/6 Option #1 – VPNv4/6 & VPNv4/6
BGP – EVPN L3 BGP – EVPN L3
Option #2 – EVPN & EVPN
BGP - L3VPN VPNv4/6 BGP – EVPN L3
Option #3 – VPNv4/6 & EVPN
IRB
L4 X.X.X.H2/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
L1 IRB
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
Option #1 – VPNv4/6 & VPNv4/6
BGP - L3VPN VPNv4/6 BGP - L3VPN VPNv4/6
VPNv4: Z.Z.Z.0/24 VPNv4: Z.Z.Z.0/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L1 IRB
BGP Layer3 Interconnect
Option #2 – EVPN & EVPN
BGP – EVPN L3 BGP – EVPN L3
RT5: Z.Z.Z.0/24 RT5 Prefix: Z.Z.Z.0/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L1 IRB
BGP Layer3 Interconnect
Option #3 – VPNv4/6 & EVPN
BGP - L3VPN VPNv4/6 BGP – EVPN L3
VPNv4: Z.Z.Z.0/24 RT5 Prefix: Z.Z.Z.0/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L1 IRB
VRF A
RT import/export RD DCI:0 RT import/export stitching
BGP - L3VPN VPNv4/6 BGP - L3VPN VPNv4/6 Option #1 – VPNv4/6 & VPNv4/6
BGP – EVPN L3 BGP – EVPN L3
Option #2 – EVPN & EVPN
BGP - L3VPN VPNv4/6 BGP – EVPN L3
Option #3 – VPNv4/6 & EVPN
IRB
L4 X.X.X.H2/24
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential L1 IRB
BGP Layer3 Interconnect
Control Plane Options Highlight
• Option #1 – VPNv4/6 & VPNv4/6
+ VPNv4/6 Industry proofed solution for Layer3 VPN
+ DCI doesn’t need to understand BGP EVPN AF
- Leaf has to peer with Route-Reflector via both BGP EVPN and VPNv4/6 AF
EVPN AF to support L2 stretch (MAC advertisement) across DC/CO between Leaves
EVPN AF to sync ARP/ND for Multi-Homed All-Active
- DC/CO Route-Reflector has to support both BGP EVPN and VPNv4/6 AF
- Leaf has to advertise VM Host-Routes via VPNv4/6
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
End-To-End MPLS Data Plane DCI1/2 VRF FIB:
X.X.X.H1 -> L1, L2
PE/DCI3 VRF FIB: X.X.X.H2 -> L3, L4
X.X.X.H1 -> DC1, DCI2 X.X.X.0/24 -> L1, L2, L3, L4
X.X.X.H2 -> DCI1, DCI2 Z.Z.Z.0/24 -> PE3 IRB
L4 X.X.X.H2/24
X.X.X.0/24 -> DC1, DCI2
Z.Z.Z.0/24 -> CE1
H2
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
L1 IRB
X.X.X.H1 DCI: VRF IP Lookup! X.X.X.H1
H2
X.X.X.H1/24
L1 IRB
Z.Z.Z.CE1 DCI: VRF IP Lookup! Z.Z.Z.CE1
CE1
PE/DCI
3 CORE CO
IRB
L2
DCI1 SP1
H1
X.X.X.H1/24
L1 IRB
X.X.X.H1 DCI: VRF IP Lookup! X.X.X.H1
H2
X.X.X.H1/24
L1 IRB
Z.Z.Z.CE1 DCI: VRF IP Lookup! Z.Z.Z.CE1
+ The packet structure is always identical, regardless of BGP VPNv4/6 or L3 EVPN Control Plane
Less Complexity, Simple Troubleshooting
+ MPLS Load-Balancing (ECMP) by Inner IP Header Lookup
+ Segment Routing provides Traffic Engineering and Fast Re-Reroute (FRR) capability
Original IP Packet
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BGP Layer3 Interconnect
Data Plane Highlight - IP
• VXLAN Data Plane – RFC7348
- EVPN Signaling only
- RFC7348 requires Inner Ethernet encapsulation => Unnecessary overhead for L3 Forwarding
Outer IP
IP + UDP Header VXLAN Header - VNI Inner ETH Header Original IP Packet
- Inner Ethernet Header encapsulation/decapsulation typically done by Integrated Routing and Bridging (IRB) Interface
IRB requires Bridge-Domain
DCI doesn’t participate in L2 Forwarding => Bridge-Domain (BD) requires unnecessary HW resources
+ VXLAN draft-ietf-nvo3-vxlan-gpe can simplify
• SRv6
+ Transport and Service is integrated in Outer IPv6 Header
+ The packet structure is always identical, regardless of BGP VPNv4/6 or L3 EVPN Control Plane
Less Complexity, Simple Troubleshooting
Outer IPv6
Original IP Packet
Header
VRF A
RD DCI:0
RT import/export: VRF A Stitching
RT import/export: VRF A
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4/6 Interconnect
EVPN to VPNv4/6 Re-Advertise
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4/6 Interconnect
VPNv4/6 to EVPN Re-Advertise
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4 InterConnect
Anycast IRB 192.168.2.1/24
RR101 Emulates R2
RR103 RR104
IRB
RR101 R2
LACP R39
VPNv4: 9.9.9.101/24
H2: 192.168.2.20/24 H2 IRB
IRB
H1: 192.168.1.10/24 H1
IRB
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-5 Prefix
R36#show bgp vpnv4 unicast
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-5 Route
R36#show bgp l2vpn evpn rd 3.3.3.37:0 [5][0][24][192.168.1.0]/80
Tue Oct 16 03:35:06.480 UTC
BGP routing table entry for [5][0][24][192.168.1.0]/80, Route Distinguisher: 3.3.3.37:0
Versions:
Process bRIB/RIB SendTblVer
Speaker 84912 84912
Last Modified: Oct 16 03:23:18.399 for 00:11:48
Paths: (2 available, best #1)
RT-5 VRF A R37 RD
prefix
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
Local
3.3.3.37 (metric 30) from 3.3.3.103 (3.3.3.37) VRF Agg label
Received Label 64008
Origin incomplete, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 1, version 84912
Extended community: Flags 0x6: RT:100:100
Originator: 3.3.3.37, Cluster list: 3.3.3.103
EVPN ESI: 0000.0000.0000.0000.0000, Gateway Address : 0.0.0.0 VRF A Route-Target
Path #2: Received by speaker 0
Not advertised to any peer
Local
3.3.3.37 (metric 30) from 3.3.3.104 (3.3.3.37) VRF Agg label
Received Label 64008
Origin incomplete, metric 0, localpref 100, valid, internal, not-in-vrf
Received Path ID 0, Local Path ID 0, version 0
Extended community: Flags 0x6: RT:100:100
Originator: 3.3.3.37, Cluster list: 3.3.3.104 VRF A Route-Target
EVPN ESI: 0000.0000.0000.0000.0000, Gateway Address : 0.0.0.0
RP/0/RP0/CPU0:R36#
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: VRF A - Routing Table
R36#show route vrf a
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DCI R26: VRF Configuration
vrf a
address-family ipv4 unicast
import route-target
100:100 stitching VRF a RT - CO
999:100
!
VRF a RT - Core
export route-target
100:100 stitching
999:100
!
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DCI R26: BGP Configuration
R26#show run router bgp 1 router bgp 1
Mon Oct 15 21:01:43.943 UTC !
router bgp 1 neighbor 1.1.1.101
bgp router-id 1.1.1.26 use neighbor-group rr-core
ibgp policy out enforce-modifications RR Next-Hop-change !
address-family vpnv4 unicast neighbor 3.3.3.103
! use neighbor-group rr
address-family l2vpn evpn !
! neighbor 3.3.3.104
neighbor-group rr use neighbor-group rr
remote-as 1 !
update-source Loopback0 vrf a
address-family l2vpn evpn EVPN AF - CO rd auto
import stitching-rt re-originate address-family ipv4 unicast
route-policy vpnv4-filter in additional-paths receive
route-policy vpnv4-community-set out maximum-paths ibgp 2
advertise vpnv4 unicast re-originated stitching-rt !
! !
! !
neighbor-group rr-core
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
import re-originate stitching-rt
route-policy evpn-filter in
route-reflector-client BGP VRF
route-policy rt2-filter out
advertise vpnv4 unicast re-originated
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DCI R26: BGP EVPN/VPNv4 Route Leaking Configuration
address-family l2vpn evpn Filter routes with VPNv4 route-policy rt2-filter
import stitching-rt re-originate community if destination in (0.0.0.0/0 ge 32) then
route-policy vpnv4-filter in drop
route-policy vpnv4-community-set out else
advertise vpnv4 unicast re-originated stitching-rt Set VPNv4 community set community evpn
! endif
end-policy
address-family vpnv4 unicast !
import re-originate stitching-rt Filter routes with EVPN
route-policy evpn-filter in community route-policy evpn-filter
route-reflector-client if community matches-any evpn then
route-policy rt2-filter out Filter /32 routes and set drop
advertise vpnv4 unicast re-originated EVPN community else
! pass
endif
end-policy
route-policy vpnv4-community-set
set community vpnv4
community-set evpn end-policy
1:111
end-set
! route-policy vpnv4-filter
community-set vpnv4 if community matches-any vpnv4 then
1:222 drop
end-set else
! pass
endif
end-policy
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DCI R26: BGP EVPN/VPNv4 Route Leaking
address-family l2vpn evpn
import stitching-rt re-originate 1. Import RT 100:100 and re-
route-policy vpnv4-filter in originate with RT 999:100
route-policy vpnv4-community-set out
advertise vpnv4 unicast re-originated stitching-rt 4. Advertise re-originated
! routes with RT 100:100
address-family vpnv4 unicast 3. Import RT 999:100 and re-
import re-originate stitching-rt originate with RT 100:100
route-policy evpn-filter in
route-reflector-client
route-policy rt2-filter out 2. Advertise re-originated
advertise vpnv4 unicast re-originated routes with RT 999:100
!
vrf a
address-family ipv4 unicast
import route-target
100:100 stitching VRF a RT - CO
999:100
! VRF a RT - Core
export route-target
100:100 stitching
999:100
!
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4 InterConnect
Anycast IRB 192.168.2.1/24
RR101 Emulates R2
RR103 RR104
IRB
RR101 R2
LACP R39
VPNv4: 9.9.9.101/24
H2: 192.168.2.20/24 H2 IRB
IRB
H1: 192.168.1.10/24 H1
IRB
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4 InterConnect
Anycast IRB 192.168.2.1/24
RR101 Emulates R2
RR103 RR104
IRB
RR101 R2
LACP R39
VPNv4: 9.9.9.101/24
H2: 192.168.2.20/24 H2 IRB
IRB
H1: 192.168.1.10/24 H1
IRB
R36
r2#show route vrf a
Anycast IRB 192.168.1.1/24
C 9.9.9.0/24 is directly connected, 2w0d, Loopback9
L 9.9.9.101/32 is directly connected, 2w0d, Loopback9
H1 - Prefix B 192.168.1.0/24 [200/0] via 1.1.1.26 (nexthop in vrf default), 15:16:22
[200/0] via 1.1.1.28 (nexthop in vrf default), 15:16:22
B 192.168.2.0/24 [200/0] via 1.1.1.26 (nexthop in vrf default), 1d07h
H2 - Prefix [200/0] via 1.1.1.28 (nexthop in vrf default), 1d07h
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN and VPNv4 InterConnect
Anycast IRB 192.168.2.1/24
RR101 Emulates R2
RR103 RR104
IRB
RR101 R2
LACP R39
VPNv4: 9.9.9.101/24
H2: 192.168.2.20/24 H2 IRB
IRB
H1: 192.168.1.10/24 H1
IRB R36#show route vrf a
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Testbed
RR103 RR104
Single-Active
R39
H2
R38 R35
H1
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
All-Active - Example
R36#show evpn internal-label
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Testbed
RR103 RR104
LACP R39
H2
R38 R35
R36/R37
R37 R34
evpn LACP
X
interface Bundle-Ether100
ethernet-segment H1
load-balancing-mode port-active
!
core-isolation-group 1
R36
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Port-Active –Verification
R36#show bundle R37#show bundle
Bundle-Ether100 Bundle-Ether100
Status: Up Status: LACP OOS (out of service)
Local links <active/standby/configured>: 1 / 0 / 1 Local links <active/standby/configured>: 0 / 1 / 1
Local bandwidth <effective/available>: 10000000 (10000000) kbps Local bandwidth <effective/available>: 0 (0) kbps
MAC address (source): 008a.9644.d8de (Chassis pool) MAC address (source): 008a.9644.08de (Chassis pool)
Inter-chassis link: No Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64 Maximum active links: 64
Wait while timer: 2000 ms Wait while timer: 2000 ms
Load balancing: Load balancing:
Link order signaling: Not configured Link order signaling: Not configured
Hash type: Default Hash type: Default
Locality threshold: None Locality threshold: None
LACP: Operational LACP: Operational
Flap suppression timer: Off Flap suppression timer: Off
Cisco extensions: Disabled Cisco extensions: Disabled
Non-revertive: Disabled Non-revertive: Disabled
mLACP: Not configured mLACP: Not configured
IPv4 BFD: Not configured IPv4 BFD: Not configured
IPv6 BFD: Not configured IPv6 BFD: Not configured
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Single-Flow-Active (SFA)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Load-Balancing Modes
Single-Flow-Active (SFA)
7.3.1
Single-Homed Single-Flow-Active
STP/REP/G.8032 “break” L2 loop MST-AG/REP-AG/G.8032 “break” L2 loop
A3 A3
PE1 PE1
PE2 PE2
A2 A2
EVPN-MPLS EVPN-MPLS
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Load-Balancing Modes
Single-Flow-Active (SFA)
7.3.1
X
Single-Homed Single-Flow-Active (SFA)
STP/REP/G.8032 “break” L2 loop MST-AG/REP-AG/G.8032 “break” L2 loop
A3 A3
PE1 PE1
PE2 PE2
A2 A2
EVPN-MPLS EVPN-MPLS
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Single-Flow-Active (SFA) - Configuration
PE1/PE2
evpn
interface Bundle-Ether100
ethernet-segment
identifier type 0 36.37.36.37.36.37.36.37.01
load-balancing-mode single-flow-active
convergence
mac-mobility
A3 PE37
P2
X
A2
MST/REP/ MPLS PE38
G8032
P1
A1 PE36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
RT-1 Per ESI Ethernet Auto-Discovery
Single-Flow-Active (SFA)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Single-Flow-Active (SFA)
• PE36/PE37 are both DF (L2 legacy protocol must break a loop)
• PE36 advertise A2 MAC+IP EVPN RT2 with BGP Local-Preference 100
• PE37 synchronize A2 ARP/ND (EVPN RT2 MAC+IP advertised by PE36)
• FIB Next-Hop -> PE36
• PE37 Re-advertise A2 MAC+IP RT2 with BGP Local-Preference 80
• PE38 prefers A2 via PE36 (BGP LP 100)
A3 PE37
P2
X MST/REP/
A2 PE38
G8032
P1
A1 PE36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Single-Flow-Active (SFA) – MAC Move
• A2 moves because of L2 access topology change
• PE37 receives packet with source MAC A2
• PE37 advertises EVPN RT2 BGP Local-Preference 100 and MAC Mobility sequence number +1
Access ring failure PE node failure PE-CE link failure PE node restoration PE-CE link restoration
ASR9k NCS5500 ASR9k NCS5500 ASR9k NCS5500 ASR9k NCS5500 ASR9k NCS5500
L2 Service - Bridging
EVPN All-Active NA NA
EVPN Single-Active NA NA
EVPN Port-Active NA NA
EVPN Single-Flow-Active
L3 Service - IRB
EVPN All-Active NA NA
EVPN Single-Active NA NA
EVPN Port-Active NA NA
EVPN Single-Flow-Active
VPWS Service
EVPN All-Active NA NA
EVPN Single-Active NA NA
EVPN Port-Active NA NA
Sometime
Meet sub-sec Seconds
Sub-second
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Routes - Summary
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Routes – Cheat Sheet
BGP Signaling PE1 – Advertises:
PE2 PE4
PE1 RT-4 Ethernet Segment Route
CE1 MPLS CE2 • I have ESI1 in case when someone needs this information for
EVI1-L Designated Forwarder(DF) Election
PE1 PE3
BE1-SHL
Data Plane
EVI1-BUML RT-1 Per ESI Ethernet Auto-Discovery (AD) Route
Transport
L2 Frame
MPLS Label
L2 Frame
• I have ESI1
Service
• ESI1 is All-Active
BGP Label
L2 Frame
BD1 EVI1 • AC with ESI1 is connected to EVI1 and EVI2
BD1 MAC • My Split Horizon Label for ESI1 isBE1-SHL
MAC-A
.1
BVI1
MAC-A -> BE1.1
BE1
IP-A VRF1 ARP RT-1 Per EVI Ethernet Auto-Discovery (AD) Route(s)
BE1 - ESI1 • EVI1 per-EVI (Aliasing) Label isEVI1-L
Vlan1 IP-A MAC-A -> BVI1
VRF1 IP-B MAC-B -> BVI2 • EVI2 per-EVI (Aliasing) Label isEVI2-L
Vlan2 VRF1-AGGL
BD2 EVI2
RT-2 MAC/IP Advertisement Route(s)
• MAC-A in EVI1 via label
EVI1-L and IP-A in VRF1 via label VRF1-AGGL
EVI2-L
• MAC-B in EVI2 via labelEVI2-L and IP-B in VRF1 via label VRF1-AGGL
BE1-SHL
EVI2-BUML RT-5 Prefix Advertisement Route(s)
• IPv4/6 prefix of BVI1 in VRF1 via labelVRF1-AGGL
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• IPv4/6 prefix of BVI2 in VRF1 via labelVRF1-AGGL
EVPN-VPWS
Multihomed Service
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS
• Benefits of EVPN applied to point-to-point services
• No signaling of PWs. Instead signals MP2P LSPs instead
(ala L3VPN)
• All-active CE multi-homing (per-flow LB)
PE2 PE4
• Single-active CE multi-homing (per-service LB)
CE1 MPLS CE2
• Relies on a sub-set of EVPN routes to advertise
Ethernet Segment and AC reachability PE1 PE3
• PE discovery & signaling via a single protocol – BGP
• Per-EVI Ethernet Auto-Discovery route
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN vs EVPN-VPWS - Balancing Mode
Single-Active
• Both EVPN and EVPN-VPWS advertise RT1(per-ESI) PE2 PE4
• Signal All-Active or Single-Active CE1 MPLS CE2
PE1 PE3
• Remote node performs per-flow load-balancing -> All-Active mode
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS Layer 2 Attributes Extended Community
RFC8214 IOS-XR 7.1.1
+-------------------------------------------+
+-------------------------------------------+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-------------------------------------------+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| L2 MTU (2 octets) |
+-------------------------------------------+ Control-Word(C) = 4
| Reserved (2 octets) |
Primary(P) = 2
Backup(B) = 1
+-------------------------------------------+
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS
All-Active
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS - Testbed
Startup Sequence is almost identical with EVPN except:
RT3 and RT2 are not required
RR103 RR104
LACP R39
H2
R38 R35
R37 R34
H1 R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Config: EVPN-VPWS
R36 R38/R39
l2vpn l2vpn
xconnect group 500 xconnect group 500
p2p 500 p2p 500
interface Bundle-Ether100 interface Bundle-Ether100
neighbor evpn evi 500 target 3839 source 36 neighbor evpn evi 500 target 36 source 3839
! !
! !
! !
From IOS-XR 7.1.1 Simplified configuration option is available (see next slides)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: L2vpn xconnect status & Data Plane verification
R36#show l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-1 Per EVI Ethernet Auto-Discovery
R36#show bgp l2vpn evpn rd 3.3.3.36:500 [1][0038.3900.0000.0000.1100][3839]/120
Control-Word(C) = 4
BGP routing table entry for [1][0038.3900.0000.0000.1100][3839]/120, Route Distinguisher: 3.3.3.36:500 Primary(P) = 2
Versions:
Backup(B) = 1
Process bRIB/RIB SendTblVer RT-1 AC-
ESI R38/R39
Speaker 316 316 ID
Last Modified: Jan 27 08:24:37.527 for 00:01:42
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer Control-Word + Primary
Local
3.3.3.38 (metric 30) from 3.3.3.103 (3.3.3.38)
MTU 1500B
Received Label 68107
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 1, version 314
Extended community: EVPN L2 ATTRS:0x06:1500 RT:1:500
Originator: 3.3.3.38, Cluster list: 3.3.3.103
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.38:500
Path #2: Received by speaker 0
Not advertised to any peer Control-Word + Primary
Local
3.3.3.39 (metric 30) from 3.3.3.103 (3.3.3.39) MTU 1500B
Received Label 68107
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: EVPN L2 ATTRS:0x06:1500 RT:1:500
Originator: 3.3.3.39, Cluster list: 3.3.3.103
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.39:500
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: EVPN-VPWS Instance View
R36#show evpn evi vpn-id 500 detail
Statistics:
Packets Sent Received
Total : 0 0
Unicast : 0 0
BUM : 0 0
Bytes Sent Received
Total : 0 0
Unicast : 0 0
BUM : 0 0
RD Config: none
RD Auto : (auto) 3.3.3.36:500
RT Auto : 1:500
Route Targets in Use Type
------------------------------ ---------------------
1:500 Import
1:500 Export
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Config: EVPN-VPWS
R36 R38/R39
l2vpn l2vpn
xconnect group 500 xconnect group 500
p2p 500 p2p 500
interface Bundle-Ether100 interface Bundle-Ether100
neighbor evpn evi 500 target 333 source 333 neighbor evpn evi 500 target 333 source 333
! !
! !
! !
R36 R38/R39
l2vpn l2vpn
xconnect group 500 xconnect group 500
p2p 500 p2p 500
interface Bundle-Ether100 interface Bundle-Ether100
neighbor evpn evi 500 service 333 neighbor evpn evi 500 service 333
! !
! !
! !
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS
Single-Active
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS - Testbed
Startup Sequence is almost identical with EVPN except:
RT3 and RT2 are not required
RR103 RR104
Single-Active
R39
H2
R38 R35
H1
R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Config: EVPN-VPWS
R36 R38/R39
l2vpn l2vpn
xconnect group 500 xconnect group 500
p2p 500 p2p 500
interface Bundle-Ether100 interface Bundle-Ether100
neighbor evpn evi 500 target 3839 source 3637 neighbor evpn evi 500 target 3637 source 3839
! !
! !
! !
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: L2vpn xconnect status & Data Plane verification
R36#show l2vpn xconnect
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-1 Per EVI Ethernet Auto-Discovery
R36#show bgp l2vpn evpn rd 3.3.3.36:500 [1][0038.3900.0000.0000.1100][3839]/120
Tue Apr 14 07:47:20.033 UTC Control-Word(C) = 4
BGP routing table entry for [1][0038.3900.0000.0000.1100][3839]/120, Route Distinguisher: 3.3.3.36:500 Primary(P) = 2
Versions:
Backup(B) = 1
Process bRIB/RIB SendTblVer RT-1 AC-
ESI R38/R39
Speaker 430 430 ID
Last Modified: Apr 14 07:47:09.651 for 00:00:10
Paths: (2 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer Control-Word + Backup
Local
3.3.3.38 (metric 30) from 3.3.3.103 (3.3.3.38)
MTU 1500B
Received Label 28127
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 1, version 428
Extended community: EVPN L2 ATTRS:0x05:1500 RT:1:500
Originator: 3.3.3.38, Cluster list: 3.3.3.103
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.38:500
Path #2: Received by speaker 0
Not advertised to any peer Control-Word + Primary
Local
3.3.3.39 (metric 30) from 3.3.3.103 (3.3.3.39) MTU 1500B
Received Label 28127
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: EVPN L2 ATTRS:0x06:1500 RT:1:500
Originator: 3.3.3.39, Cluster list: 3.3.3.103
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.39:500
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS
Flexible Cross-Connect (FXC)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Flexible Cross-Connect Service
Challenge:
How to bring multiple access services from different sources using a single EVPN E-LINE tunnel?
A1
CE1 CE1
A1
EVPN
CE2 PE
CE2 MPLS PE Forwarder
MUX
A2 CEn DEMUX
CEn
Normalized VLAN
VLAN translation over unique tunnel
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
150
EVPN – Flexible Cross-Connect Service
Request:
Can local switching preferred over ELINE tunnel?
A1
CE1
EVPN
CE2 PE
Forwarder
MUX
CEn DEMUX
Normalized VLAN
VLAN translation over unique tunnel
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
151
Flexible Cross-Connect Service: Local Switching
Purpose:
Bring access services (e.g OLT) into BNG with redundancy
VRFs
BNG
Local Switching is
VLANs EVPN preferred on matching
VLAN
A1 MPLS A2
rewrite
VLANs
Backup connectivity
over EVPN ELINE
ELINE
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
(backup tunnel)
Flexible Cross-Connect (FXC) - Testbed
Startup Sequence is almost identical with EVPN except:
RT3 and RT2 are not required
RR103 RR104
LACP R39
H2
R38 R35
R37 R34
H1 R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Config: FXC VLAN-Unaware & VLAN-Aware
R36/R38/R39 VLAN-Unaware
l2vpn
RR103 RR104
flexible-xconnect-service vlan-unaware 600
interface Bundle-Ether100.10
interface Bundle-Ether100.20 LACP R39
neighbor evpn evi 600 target 363839
!
H2
H1 R36
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: L2vpn xconnect status & Data Plane verification
VLAN-Unaware VLAN-Aware
R36#show l2vpn flexible-xconnect-service R36#show l2vpn flexible-xconnect-service
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved, Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
Local Outgoing Prefix Outgoing Next Hop Bytes VPN-ID Encap Ethernet Segment Id EtherTag Label
Label Label or ID Interface Switched ---------- ------ --------------------------- -------- --------
------ ----------- ------------------ ------------ --------------- ------------
64011 64039 EVPN:600 3.3.3.38 0 600 MPLS 0038.3900.0000.0000.1100 10 64012
64037 EVPN:600 3.3.3.39 0 Summary pathlist:
0x02000006 3.3.3.38 64041
0x02000007 3.3.3.39 64040
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: RT-1 Per EVI Ethernet Auto-Discovery
VLAN-Unaware VLAN-Aware
R36#show bgp l2vpn evpn rd 3.3.3.36:600 [1][0038.3900.0000.0000.1100][363839]/120 R36#show bgp l2vpn evpn rd 3.3.3.36:600
Thu Jun 6 05:40:06.781 UTC
BGP routing table entry for [1][0038.3900.0000.0000.1100][363839]/120, Route Distinguisher: 3.3.3.36:600 Status codes: s suppressed, d damped, h history, * valid, > best
Versions: i - internal, r RIB-failure, S stale, N Nexthop-discard
Process bRIB/RIB SendTblVer Origin codes: i - IGP, e - EGP, ? - incomplete
Speaker 105 105 RT-1 Target/Service-id Network Next Hop Metric LocPrf Weight Path
Last Modified: Jun 6 05:32:38.947 for 00:07:28 Route Distinguisher: 3.3.3.36:600 (default for vrf fxc:evi:600)
Paths: (2 available, best #1) ESI R38/R39 *> [1][0036.3700.0000.0000.1100][10]/120
Not advertised to any peer 0.0.0.0 0 i
Path #1: Received by speaker 0 *> [1][0036.3700.0000.0000.1100][20]/120
Not advertised to any peer 0.0.0.0 0 i
Local *>i[1][0038.3900.0000.0000.1100][10]/120
3.3.3.38 (metric 30) from 3.3.3.103 (3.3.3.38) 3.3.3.38 100 0 i
Received Label 64039 * i 3.3.3.39 100 0 i
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported, rib-install *>i[1][0038.3900.0000.0000.1100][20]/120
Received Path ID 0, Local Path ID 1, version 103 3.3.3.38 100 0 i
Extended community: RT:1:600 * i 3.3.3.39 100 0 i
Originator: 3.3.3.38, Cluster list: 3.3.3.103
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.38:600
Path #2: Received by speaker 0
Not advertised to any peer
Local
3.3.3.39 (metric 30) from 3.3.3.103 (3.3.3.39)
Received Label 64037
Dot1q tag
dot1q tag ID
ID
Origin IGP, localpref 100, valid, internal, import-candidate, imported, rib-install
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:1:600
What will be tag ID value in case of QinQ?
Originator: 3.3.3.39, Cluster list: 3.3.3.103 example:
Source AFI: L2VPN EVPN, Source VRF: default, Source Route Distinguisher: 3.3.3.39:600
interface Bundle-Ether100.10 l2transport
encapsulation dot1q 10 second-dot1q 100
!
[1][0038.3900.0000.0000.1100][41060]/120
Formula: tag ID
(first_tag_value * 4096) + second_tag_value
(10 * 4096) + 100 = 41060
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
R36: EVPN-VPWS Instance View
R36#show evpn evi vpn-id 600 detail R36#show evpn evi vpn-id 600 detail
Thu Jun 6 06:25:06.940 UTC
VPN-ID Encap Bridge Domain Type
---------- ------ ---------------------------- ------------------- VPN-ID Encap Bridge Domain Type
600 MPLS VPWS:600 VPWS (vlan-unaware) ---------- ------ ---------------------------- -------------------
Stitching: Regular 600 MPLS fxc:600 VPWS (vlan-aware)
Unicast Label : 0 Stitching: Regular
Multicast Label: 0 Unicast Label : 0
Flow Label: N EVPN-VPWS Multicast Label: 0
Control-Word: Enabled
• No RT2 – MAC Flow Label: N EVPN-VPWS
Forward-class: 0 Control-Word: Enabled • No RT2 – MAC
Advertise MACs: No • No RT3 - BUM Forward-class: 0
Advertise BVI MACs: No Advertise MACs: No • No RT3 - BUM
Aliasing: Enabled Advertise BVI MACs: No
UUF: Enabled Aliasing: Enabled
Re-origination: Enabled UUF: Enabled
Multicast source connected: No Re-origination: Enabled
Multicast source connected: No
Statistics: Statistics:
Packets Sent Received Packets Sent Received
Total : 0 0 Total : 0 0
Unicast : 0 0 Unicast : 0 0
BUM : 0 0 BUM : 0 0
Bytes Sent Received Bytes Sent Received
Total : 0 0 Total : 0 0
Unicast : 0 0 Unicast : 0 0
BUM : 0 0 BUM : 0 0
RD Config: none RD Config: none
RD Auto : (auto) 3.3.3.36:600 RD Auto : (auto) 3.3.3.36:600
RT Auto : 1:600 RT Auto : 1:600
Route Targets in Use Type Route Targets in Use Type
------------------------------ --------------------- ------------------------------ ---------------------
1:600 Import 1:600 Import
©
20221:600 its
Cisco and/or affiliates.
All rights
reserved.
Cisco
Export
Confidential 1:600 Export
EVPN Interconnect/Migration
(L2 Services)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN L2 Interconnect – Let’s connect everything together
Everything in one Bridge Domain
• Legacy L2: REP, G8032, STP, etc.
LACP
• VPLS VPWS
• EVPN-VXLAN/EVPN-MPLS CE A3
• EoMPLS(PW)
• Ethernet – MultiHomed, SingleHomed
Leaf
VM
A3 DCI/PE DCI/PE
Spine Spine
PE1
Leaf
VM
STP/REP/ MPLS MPLS Core
A1 G.8032…. Core
Leaf
VM DCI/PE DCI/PE
PE2
A2 EVPN - VXLAN
EVPN-MPLS
EVPN - MPLS
A1 A2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPLS
EVPN & VPLS Seamless
Integration - Migration
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPLS & EVPN Seamless Integration - Migration
VFI1 is by default in Split Horizon Group 1
CE2 R37 R39 CE4
• SHG1 protects loops in MPLS Core
• Full Mesh of pseudowires(PW) is required
for Any-to-Any forwarding
R36 MPLS
VFI1
PW_R37 UP
BD1 PW_R38 UP
PW_R39 UP
CE1
R38 CE3
l2vpn
bridge group 100
bridge-domain 100
vfi 1
neighbor x.x.x.37 pw-id 37
!
neighbor x.x.x.38 pw-id 38
!
neighbor x.x.x.39 pw-id 39
!
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPLS & EVPN Seamless Integration - Migration
VFI1 is by default in Split Horizon Group 1
CE2 R37 R39 CE4
• SHG1 protects loops in MPLS Core
• Full Mesh of pseudowires(PW) is required
for Any-to-Any forwarding
R36 MPLS
VFI1
PW_R37 UP
EVI100 is also by default in Split Horizon Group 1
BD1 PW_R38 UP • R36 doesn’t forward data between VFI1 and EVI100
CE1 X PW_R39 UP
l2vpn
bridge group 100
bridge-domain 100
vfi 1
neighbor x.x.x.37 pw-id 37
!
neighbor x.x.x.38 pw-id 38
!
neighbor x.x.x.39 pw-id 39
!
evi 100
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VPLS & EVPN Seamless Integration - Migration
VFI1 is by default in Split Horizon Group 1
CE2 R37 R39 CE4
• SHG1 protects loops in MPLS Core
• Full Mesh of pseudowires(PW) is required
for Any-to-Any forwarding
R36 MPLS
VFI1
PW_R37 UP
EVI1 is also by default in Split Horizon Group 1
BD1 PW_R38 DOWN • R36 doesn’t forward data between VFI1 and EVI100
CE1 X PW_R39 UP
BGP EVPN
EVI100 R38 CE3 R36&R38 run BGP EVPN
• PW_R38 goes DOWN
• Data Forwarding between R36 and R38 via EVI100
l2vpn
bridge group 100
bridge-domain 100
vfi 1
neighbor x.x.x.37 pw-id 37
!
neighbor x.x.x.38 pw-id 38
!
neighbor x.x.x.39 pw-id 39
!
evi 100
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
PW -> EVPN-VPWS Seamless
Migration
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS/Legacy-PW Seamless Migration
Supported Modes
CE1 PE38 MPLS PE39 CE2 Discovery: Static/BGP-AD
Signaling: LDP, BGP
LDP based PW
R38 Configuration
l2vpn
xconnect group test
p2p test
interface TenGigE0/0/0/0
neighbor ipv4 3.3.3.39 pw-id 10
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS/Legacy-PW Seamless Migration
CE1 PE38 MPLS PE39 CE2
LDP based PW
R38 Configuration
l2vpn
xconnect group test Allows Tengig0/0/0/0 to be migrated
p2p test
vpws-seamless-integration
interface TenGigE0/0/0/0
neighbor ipv4 3.3.3.39 pw-id 10
Existing LDP based PW is UP and forwarding data
New EVPN-VPWS service is ready and is signaled via BGP EVPN AF
p2p test-new
interface TenGigE0/0/0/0
neighbor evpn evi 1000 service 10
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS/Legacy-PW Seamless Migration
Usecases
Active/Backup PW – Multi-Homed CE
• CE Ethernet Bundle to PE39/40 with maximum link = 1
LDP PW • Link to PE40 is not active
CE1 PE38 PE39 CE2
Backu #1 PE38 EVPN-VPWS Seamless Migration configuration
p PW #2 PE40 EVPN-VPWS Configuration
PE40 PE40 -> CE2 AC is down (not active)
PE38 <-> PE39 LDP PW is UP
#3 CE2 changes ethernet bundle link priorities
PE38 <-> PE39 PW DOWN
PE40 -> Signal EVPN-VPWS
CE1 PE38 LDP PW PE39 CE2 # PE38 <-> PE40 EVPN-VPWS UP
EVP
N -VPW
S PE40
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN & VPLS/VPWS
Interconnect
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN & VPLS Interconnect
R36 PE1
CE1 A1
VPLS EVPN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Virtual Ethernet-Segment (vES)
R36#show evpn ethernet-segment detail
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN & VPWS (Active/Backup) Interconnect
R37 PE2
Backup-PW LACP
Active-PW
R36 PE1
EVPN
• VPWS Active/Backup is Single-Homed from EVPN point of view => VPWS ESI = 0
• A1 Configuration without modification
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN & VPWS (Static-Anycast) Interconnect
Anycast Pseudonode R3637
R37 PE2
MPLS Core/Access LACP
Active-PW
R36 PE1
EVPN
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE – RT Constrains (Scenario 1a) 7.2.1
• Host connected to Leaf can talk ONLY to device connected to Root
Leaf3
MPLS Root1 H4
H2
Leaf2
Leaf Configuration
evpn
H1 evi 100
bgp
route-target export 1:100
Leaf1 route-target import 1:1000
!
etree
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential rt-leaf <- MAC Synchronization
!
EVPN ETREE Leaf Label (Scenario 1b)
Root Configuration
No specific Root Configuration
l2vpn
bridge group test • ASR9k/NCS add Leaf ACs to SHG2 automatically
Leaf4 bridge-domain test => Prevents local Leaf to Leaf AC forwarding
interface Bundle-Ether100
!
evi 300
H3
Leaf3
MPLS Root1 H4
H2
Leaf2
Leaf Configuration
l2vpn
H1 bridge group test
bridge-domain test
etree
leaf
Leaf1 !
interface Bundle-Ether100
!
evi 300
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE Leaf Label (Scenario 1b) - BUM
Leaf Configuration
l2vpn
Each Leaf (device with at least one Leaf AC) advertises RT1 per-ESI
bridge group test with ESI 0 with ETREE extended community to distribute ETREE Label
bridge-domain test
etree R28#show bgp l2vpn evpn rd 1.1.1.28:0 [1][1.1.1.28:1][0000.0000.0000.0000.0000][4294967295]/184
leaf Wed Mar 23 03:41:36.734 UTC
BGP routing table entry for [1][1.1.1.28:1][0000.0000.0000.0000.0000][4294967295]/184, Route Distinguisher: 1.1.1.28:0
! Versions:
interface Bundle-Ether100 Process bRIB/RIB SendTblVer
! Speaker 1481327 1481327
Local Label: 0
evi 300 Last Modified: Mar 23 03:21:20.580 for 00:20:17
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Leaf4 Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (1.1.1.28)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
H3 Received Path ID 0, Local Path ID 1, version 1481327
Extended community: EVPN E-TREE:0x00:24010 RT:1:3000
Leaf1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE Leaf Label (Scenario 1b) - Unicast
Leaf Configuration
l2vpn
Leaf Advertises local MAC with ETREE extended community
bridge group test Same extended community was used to distribute ETREE Label
bridge-domain test
RP/0/RSP0/CPU0:R28#show bgp l2vpn evpn bridge-domain test [2][0][48][682c.7b24.c63d][0]/104
etree
Wed Mar 23 04:13:10.244 UTC
leaf BGP routing table entry for [2][0][48][682c.7b24.c63d][0]/104, Route Distinguisher: 1.1.1.28:300
! Versions:
Process bRIB/RIB SendTblVer
interface Bundle-Ether100
Speaker 1481349 1481349
! Local Label: 24012
evi 300 Last Modified: Mar 23 03:21:48.580 for 00:51:22
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
0.2
Path #1: Received by speaker 0
Leaf4 Advertised to update-groups (with more than one peer):
0.2
Local
0.0.0.0 from 0.0.0.0 (1.1.1.28)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
H3 Received Path ID 0, Local Path ID 1, version 1481349
Extended community: SoO:1.1.1.28:300 EVPN E-TREE:0x01:0 RT:1:300
EVPN ESI: 0026.2826.2826.2826.2802
H1
Leaf1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE Leaf Label (Scenario 2) per-AC
ASR9k only Root/Leaf Configuration
l2vpn
bridge group test
bridge-domain test
interface Bundle-Ether100 <- interface to H4
Leaf4 interface Bundle-Ether200 <- interface to H5
etree
leaf
!
H3 !
evi 300
H5
Leaf3 AC
af
Le
MPLS
H2 Root
Leaf2 Leaf R H4
oot A Leaf Configuration
C
Same as Scenario 1b
H1
l2vpn
bridge group test
bridge-domain test
Leaf1 etree
leaf
!
interface Bundle-Ether100
!
evi 300
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ETREE Leaf Label (Scenario 2) per-AC
ASR9k only
Root/Leaf Configuration Leaf node works same as Leaf in Scenario 1b
NCS interoperate with ASR9k leaf/root (scenario 2)
l2vpn
bridge group test
bridge-domain test Root/Leaf node advertises RT1 per-ESI
interface Bundle-Ether100 <- interface to H4 with ESI 0 with ETREE extended community to distribute ETREE Label
interface Bundle-Ether200 <- interface to H5
etree
leaf BUM Traffic from Leaf to Root/Leaf must be tagged by ETREE label
!
! Root/Leaf node forward this traffic to root AC (H4)
evi 300 Root/Leaf node prevents forwarding to leaf AC (H5)
Scenario 1b: Simple configuration, but additional ETREE label must be imposed for BUM
BUM filtered by egress node
Support IRB
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN FRR
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (FRR Data Plane) - Core
Core Failure (Link/Node) – PIC Core
Technology: RSVP-TE/LFA/rLFA/TI-LFA
Transport: IGP -> MPLS, SRv6
Overlay Service: Service Independent
Device: P-Router, Spine
PE2 PE4 L2
X P2 X S2
X
P1 X
S1
PE1 PE3 L1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (FRR Control Plane) – DC Leaf/TOR
MAC Mobility
VM/MAC Move
Technology: EVPN Mac Mobility (EVPN RT-2)
Transport: Transport Independent
Overlay Service: EVPN MAC IP ESI Seq. Next-Hop
Device: Leaf/TOR MAC-1 IP-1 0 1 Leaf-3/4
VM1
L3 S2
Move
Sequence number and Next-Hop value
will be changed after the host move
L2 S1
VM1
MAC IP ESI Seq. Next-Hop
MAC-1 IP-1 0 0 Leaf-1/2 L1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (FRR CP/DP) – Edge/Leaf/TOR
I1 PE2 PE4 X
MAC-CE1 -> ESI1 -> PE1
ES -> PE2
P2
CE1
X P1
ES
I1 PE1 PE3
RT1 ESI1 Mass Withdraw
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (FRR Data Plane) – Edge L3VPN
B GP
e PE2
P2
CE1 L3VPN
X P1
eB PE1
G P
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (FRR Data Plane) – Edge L2VPN NEW!
Available in IOS-XR 7.3.1
All-Active Single-Active
PE2 PE2
P2 P2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Fast Convergence (EVPN FRR Data Plane) – Edge
All-Active Single-Active
PE2 F PE2
ND
P2 P2
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN FRR - Configuration
All-Active Single-Active
evpn evpn
interface Bundle-Ether100 interface Bundle-Ether100
ethernet-segment ethernet-segment
identifier type 0 36.37.36.37.36.37.36.37.01 identifier type 0 36.37.36.37.36.37.36.37.01
convergence load-balancing-mode single-active
reroute convergence
reroute
Local Bypass
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
RT-1 Per EVI/ESI Ethernet Auto-Discovery
FRR Label
EVI
RT
FRR Label
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DF Election Convergence Improvements
evpn
interface Bundle-Ether100
ethernet-segment
identifier type 0 36.37.36.37.36.37.36.37.01
load-balancing-mode single-active BGP Next-Hop Tracking for RT4
convergence Node Failure Convergence Improvement
nexthop-tracking
reroute
NTP Timestamping for RT4
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Virtual Ethernet Segment (vESI) AC-based
Regular Main-Port based ESI is configured per-main port => BE100
ESI1
CE1 PE25 BE100.10 and BE100.20 inherit BE100 main-port ESI
PE28 is not able to split same ESI between PE25 and PE30
BE100.10
L2 ESI1
MPLS vESI allows to configure ESI per-AC => each sub-interface has own ESI
Switch
PE28 Each Sub-interface BE100.10 and BE100.20 runs DF Election independently
BE100.20
ESI2
ESI2
CE2 PE30
PE28 - Configuration
evpn
virtual interface Bundle-Ether100.10
ethernet-segment
identifier type 0 28.28.28.28.28.28.28.28.28
!
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Virtual Ethernet Segment (vESI) AC-based
R28#show bgp l2vpn evpn rd 1.1.1.28:0 [1][1.1.1.28:1][0028.2828.2828.2828.2828][4294967295]/184
BGP routing table entry for [1][1.1.1.28:1][0028.2828.2828.2828.2828][4294967295]/184, Route Distinguisher: 1.1.1.28:0
Versions:
Process bRIB/RIB SendTblVer
ESI1
Speaker 1481392 1481392
CE1 PE25 Local Label: 0
Last Modified: Mar 23 05:11:53.580 for 00:01:05
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
BE100.10 0.2
ESI1
L2 MPLS
Path #1: Received by speaker 0
Switch
PE28 Advertised to update-groups (with more than one peer):
0.2
BE100.20
Local
ESI2
0.0.0.0 from 0.0.0.0 (1.1.1.28)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 1481392
Extended community: EVPN ESI Label:0x00:24014 Router MAC:00a7.4213.3f2c RT:1:300
ESI2
CE2 PE30
RP/0/RSP0/CPU0:R28#show bgp l2vpn evpn rd 1.1.1.28:0 [4][0028.2828.2828.2828.2828][32][1.1.1.28]/128
Wed Mar 23 05:14:31.116 UTC
BGP routing table entry for [4][0028.2828.2828.2828.2828][32][1.1.1.28]/128, Route Distinguisher: 1.1.1.28:0
Versions:
Process bRIB/RIB SendTblVer
PE28 - Configuration Speaker 1481388 1481388
Last Modified: Mar 23 05:11:50.580 for 00:02:41
Paths: (1 available, best #1)
Advertised to update-groups (with more than one peer):
evpn 0.2
virtual interface Bundle-Ether100.10 Path #1: Received by speaker 0
ethernet-segment Advertised to update-groups (with more than one peer):
0.2
identifier type 0 28.28.28.28.28.28.28.28.28 Local
! 0.0.0.0 from 0.0.0.0 (1.1.1.28)
Origin IGP, localpref 100, valid, redistributed, best, group-best, import-candidate, rib-install
Received Path ID 0, Local Path ID 1, version 1481388
Extended community: EVPN ES Import:2828.2828.2828 Router MAC:00a7.4213.3f2c DF Election:0:0x0008:0
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Virtual Ethernet Segment (vESI) AC-based
RT1 per-ESI and RT4 are allocated for each sub-interface
ESI1 In case of main port BE100 failure BGP must withdraw:
CE1 PE25 RT1 and RT4 for each sub-interface
BE100.10
ESI1
Convergence would be affected!
L2 MPLS
Switch
PE28
BE100.20
ESI2 Both RT1 per-ESI and RT4 are tagged by Router MAC
ESI2
PE28 generates also Grouping ESI (gESI)
CE2 PE30 gESI is autogenerated, but can be also configured manually
BE100.10
MAC_CE1 -> vESI_BE100.10 -> PE28
MPLS Remote
ESI1
L2
Switch
PE28 PE -> PE25
BE100.20
ESI2
With gESI:
ESI2
CE2 PE30 MAC_CE1 -> gESI_BE100 -> vESI_BE100.10 -> PE28
-> PE25
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Multicast sync
RT7/8
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Native Multicast in the Network Fabric
Source
BL BL
PIM State sync
in EVPN
SP SP
L3
---
L2 L L L L
EVI-x
IGMP Join / Leave
EVI-y
C C
IRB
mcast Receiver Receiver
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
evpn 199
EVPN Selective Multicast
RT6
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN ELAN L2 Selective Multicast – Route-Type 6
RT6 to IGMP Join (Proxy) not supported
Receiver1
Multicast must be received by PE5/6 from source without IGMP join
PE2 PE5
I1
Receiver3
Source1
PE3 PE6
Receiver7
PE4
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Centralized GW
CGW
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Centralized Gateway (CGW)
CGW - Configuration
evpn
virtual access-evi
ethernet-segment
A1 identifier type 0 77.77.77.77.77.77.77.77.77
l2vpn
bridge group test
CE1 bridge-domain test
access-evi 300
routed interface BVI300
A2 CGW1
L2 EVPN L3 VPN
Core
l2vpn
A4 bridge group test
bridge-domain test
interface Bundle-Ether100
!
evi 300
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Centralized Gateway (CGW)
R28#show evpn ethernet-segment
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Distributed vs Centralized Gateway
• Distributed Anycast Gateway is our priority!
• Best Scalable solution
• Optimal L2/L3 forwarding
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Headend
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
L3 EVPN-Headend Vlan-Unaware
HE Modes (PE):
1. Single-Active/Port-Active from Access and All-Active from Core (default)
2. All-Active
A2 PE2
PE1/PE2 Configuration
HE evpn
2. Port-Active EVPN-VPWS
3. Single-Active (main port only)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pref-Based/AC Driven DF
election
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Access-Driven DF Election
EVPN-VPWS only!!!!
PE3
PE1/PE2/PE3 Configuration
evpn
interface Bundle-Ether100
CE1 PE2 EVPN ethernet-segment
identifier type 0 36.37.36.37.36.37.36.37.01
load-balancing-mode port-active
service-carving preference-based
access-driven
weight <value>
PE1
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Transport Integration
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN & EVPN-VPWS On-Demand Next Hops (ODN) 7.2.1
DNX Platform
• RT1 and RT3 are advertised with color (color specifies SLA)
R37 R39
R37 R39
R36 R38
R36/37 Configuration
class-map match-any test
match cos 5
end-class-map segment-routing
traffic-eng
on-demand color 100
policy-map per-flow dynamic
class test metric
set forward-class 5 type igp
!
!
interface Bundle-Ether999 !
l2transport on-demand color 1000
service-policy input per-flow per-flow
forward-class 5 color 100
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Troubleshooting Hints
#1. Don’t fix what’s not broken….
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #2
Transport Verification
• Verify End-To-End Label-Switched Path (LSP)
• show route, show cef, show mpls forwarding, etc.
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #3
BGP Control Plane
• BGP Session Status
• show bgp l2vpn evpn summary
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #4
EVPN Control Plane – L2
• Ethernet Segment Verification
• show evpn ethernet-segment [detail]
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #5
EVPN Data Plane – L2
• Nexthop Verification - Unicast
• show evpn evi mac
• show l2route evpn mac all
• show evpn internal-label
• Bridge-Domain Status
• show l2vpn bridge-domain bd-name [bd name]
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #6
EVPN Control Plane – L3
• Received and Advertised Host Routes
• show evpn evi mac
• show l2route evpn mac-ip all
• Routes in VRF
• show route vrf [vrf name]
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting Hint #7
EVPN Data Plane – L3
• Nexthop Verification
• show route vrf [vrf name]
• show cef vrf [vrf name]
• + all L3VPN troubleshooting hints
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Timers
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Timers
Default
Timer Range Value Trigger Applicability Action Sequence
• Available in EVPN global configuration mode and in evpn interface sub-configuration mode
• Startup-cost-in is available in EVPN global configuration mode only
• Timers are triggered in sequence (if applicable)
• Cost-out in EVPN global configuration mode brings down AC link(s) to prepare node for reload/SW upgrade
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential *node recovered – All required SW components are loaded
*interface recovered – link status is up
Summary
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN – Service Layering Access Aggregation Core
A AG PE P PE
Multicast CE
FXC
EVPN-HE
E-TREE A AG PE P PE
P2P
L2 Bridging
L3 Routing BL BL
IRB
SP SP
SP SP
SP SP
SP SP
L L L
L L L
L L L
L L L L
L L L L
L L L L
C
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
C CE CE
Conclusion
• EVPN is an very important complement to BGP based services
• BGP is Unified Services Control Plane across SP Network
• EVPN All-Active Multihomed Service with Distributed Anycast Gateway & Integration to
L3VPN simplifies SPDC/NextGen-CO/WAN Integration
NETCONF
Provisioning YANG
Programmability PCE
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN - Stay Up-To-Date
• https://e-vpn.io/
• Upcoming Conferences: https://e-vpn.io/conferences/
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Additional services related
features
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MPLS L3VPN Service
PE1 MPLS PE3
CE1 P1 CE2
PE2 PE4
IP Packet
• P-Node doesn’t know about overlay service (no signaling)
• P-Node identifies overlay service (L2/L3) based on inner header
• If inner payload starts
• 0x4 => L3 IPv4 Header
IP/UDP/TCP header hash to provide per-flow ECMP
• 0x6 => L3 IPv6 Header
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
MPLS L2VPN Service – Without Control-Word
PE1 MPLS PE3
CE1 P1 CE2
PE2 PE4
CE1 P1 CE2
PE2 PE4
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN-VPWS Layer 2 Attributes Extended Community
RFC8214 IOS-XR 7.1.1
+-------------------------------------------+
+-------------------------------------------+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-------------------------------------------+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| L2 MTU (2 octets) |
+-------------------------------------------+ Control-Word(C) = 4
| Reserved (2 octets) |
Primary(P) = 2
Backup(B) = 1
+-------------------------------------------+
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
EVPN Control-Word (CW)
• In IOS-XR Control-Word for L2VPN EVPN services is enabled by default
• Control-Word can be disabled per EVI
evpn
evi 100
control-word-disable
• EVPN ELAN doesn’t provide Control Word signaling! (IETF work in progress)
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
DNX FEC optimization
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NCS LER ECMP-FEC Optimization (L2/L3 Recursive Services)
• Forwarding chain programing of BGP multipath requires use of ECMP-FEC
• We can refer to these as “Overlay/Service/VPN” ECMP-FECs
Overlay ECMP-FECs are different from those used to program the Underlay
•
• IOS-XR implementation allocates one EVPN label per local EVI
• Equivalent to per-VRF label allocation in L3 VPN
• ECMP-FEC consumption for EVPN active/active multi-homing
• One (1) ECMP-FEC per EVI per remote active/active multi-homed UNI
• Example:
• EVPN service spanning total of 10 sites with A/A MH
• At any given PE: Overlay (service-related) ECMP-FEC consumption == 9 ECMP-FECs
• Any other MH cases (single-homed/single active), do not require an ECMP-FEC
Disclaimer: ECMP-FEC Optimization slides are stolen from Jose Liste ppt
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Example: EVPN Active-Active Multi-Homing – KNOWN Unicast Segment Routing
WITHOUT ECMP-FEC LER opt. enabled
MAC (EVI X)
ECMP-FEC
d46d.5040.0001 ID=20007 Push [EVPN_label L1]
Overlay
ID=4
num_entries=2
d47d.5050.0002 ID=20008 Push [EVPN_label L2]
“Overlay” ECMP-FEC for
BGP multipath
ip2mpls
Underlay
ECMP-FEC ID=20010 Push 16008
1.1.1.8/32 ID=7
num_entries=2 ID=20011
16008, swap 16008
Push 16008
mpls2mpls
ip2mpls
ECMP-FEC ID=20012 Push 16009
1.1.1.9/32 ID=8
num_entries=2 ID=20013
16009, swap 16009
Push 16009
shared ECMP-FEC ID=20014
mpls2mpls
ID=9
num_entries=2 ID=20015
Local-OIF-node_4-arp
ASIC Resources Local-OIF-node_5-arp
Dedicated ECMP-FEC per
labeled destination / BGP LEM
NHs !!! ECMP-FEC
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential FEC
EEDB [*] Effective EEDB size for MPLS = 72K
Example: EVPN Active-Active Multi-Homing – KNOWN Unicast Segment Routing
WITH ECMP-FEC LER opt. enabled
MAC (EVI X)
ECMP-FEC
d46d.5040.0001 ID=4 ID=20007 Push [EVPN_label L1, 16008]
num_entries=2
Overlay
d47d.5050.0002 ID=20008 Push [EVPN_label L2, 16009]
“Overlay” ECMP-FEC for
BGP multipath
Underlay
VPN and Transport labels
ip2mpls
shared ECMP-FEC ID=20009 Local-OIF-node_4-arp
1.1.1.8/32; push 16008 ID=7
num_entries=2 ID=20010
16008; swap 16008
Local-OIF-node_5-arp
mpls2mpls
© 2022 Cisco and/or its affiliates. All rights reserved. Cisco Confidential