More Related Content Similar to EVPN-Presentation.pptx Similar to EVPN-Presentation.pptx (20) 2. 2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Agenda
1. Single Homed EVPN
2. Multi-homing
Single Active (Active-Standby)
All Active
3. 3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Why EVPN?
Current L2 technologies such as VPLS does not provide a way to
support Active/Active multi-homing and it has other
disadvantages such as more flooding, slower convergence.
4. 4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
How is this different from VPLS?
EVPN is a similar technology to VPLS, except in EVPN you have the
ability to learn mac addresses in the control plane using BGP as
the transport protocol.
Data plane learning is limited to CE-PE.
5. 5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN in JUNOS
Platform support : MX-series MPC cards
Ethernet connectivity between CE's using a Layer 2 virtual bridge
(E-LAN)
One VLAN per EVPN instance – Junos 13.2
Virtual Switch/ VLAN-aware Bundle Service – Junos 14.1
P-Tunnel technology with Ingress Replication
Single Active Multi-homing – Junos 14.1
All Active Multi-homing – Junos 14.1R3
IRB solution with Default Gateway – Junos 14.1
6. 6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Terminology
EVI: An EVPN instance spanning across the PEs participating in that EVPN
MAC-VRF: A Virtual Routing and Forwarding table for MAC addresses on a PE for an
EVI
Ethernet Segment Identifier (ESI): The set of Ethernet links attaching a
CE to a PE when the CE is multi-homed to two or more PE’s. Ethernet segments MUST have a
unique non-zero identifier, the ‘Ethernet Segment Identifier’.
Ethernet Tag: An Ethernet Tag identifies a particular broadcast domain, e.g., a
VLAN. An EVPN instance consists of one or more broadcast domains. Ethernet tag(s) are
assigned to the broadcast domains of a given EVPN instance by the provider of that EVPN.
Each PE in that EVPN instance performs a mapping between broadcast domain identifier(s)
understood by each of its attached CEs and the corresponding Ethernet tag
Single-Active Redundancy Mode: When only a single PE, among a group of PEs
attached to an Ethernet segment is allowed to forward traffic to/from that Ethernet Segment,
then the Ethernet segment is defined to be operating in Single-Active redundancy mode.
All-Active Redundancy Mode: When all PEs attached to an Ethernet segment are
allowed to forward traffic to/from that Ethernet Segment, then the Ethernet segment is defined
to be operating in All-Active redundancy mode.
7. 7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Types of routes
1. Ethernet Auto-Discovery route per Ethernet Segment.
Ethernet Auto-Discovery route per ESI
Ethernet Auto-Discovery route per EVI
2. MAC Advertisement route
3. Inclusive Multicast route
4. Ethernet Segment route (only in multi-homing)
8. 8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN NLRI and route format
BGP AFI 25 (L2VPN)/ SAFI 70 (EVPN)
<route-type>:<RD>::<esi>::<route-specific>/304
EVPN route types
• 1 – Auto-Discovery route per Ethernet segment.
• 2 - MAC advertisement route
• 3 - Inclusive Multicast Route
• 4 - Ethernet segment route.
RD—Route distinguisher value.
esi—Ethernet segment identifier.
route-specific—Differs per route type
304—Maximum number of bits in an EVPN route
9. 9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 1: EVPN Auto-Discovery
AD route per ESI is advertised one per box per ESI. This route
contains the route targets of all the EVIS that are configured on
that ESI.
Carries ESI MPLS extended community that contains the ESI (split
horizon label)
The Ethernet A-D Route is not needed when ESI = 0, i.e. when CE is
single homed.
Also servers as “mass withdraw” route.
This route also has a bit set in the extended community to tell all
remote peers if are operating in single-active or all-active mode.
Single-Active, bit set to 1
All Active, bit set 0
10. 10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ESI MPLS label extended community
Transitive extended community
Advertised along with Ethernet A-D route
Helps in split-horizon for multi-homed sites
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x06 | sub-type(0x02) | flags (one octet) |reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| reserved = 0| esi mpls label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Flag low order bit: “active-standby” if set to 1
11. 11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 1 : EVPN Auto Discovery Routes
ESI label in Single-Active
Label value set to 0 for Single-Active
• Auto-Discovery per ESI Route – used for fast convergence and loop
prevention
12. 12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 1 : EVPN Auto Discovery Routes
• Auto-Discovery per EVI Route – used for Aliasing
and fast failover
13. 13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 2: EVPN MAC/IP advertisement route
Format: <route-type>:<RD>::<esi>::<etag>::<mac>::<optional-ip>/304
MPLS label per EVI
Used for remote MAC address learning, known unicast
traffic
14. 14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 3: Inclusive Multicast Ethernet Tag Route
Ingress IM label
Route Type format
Format: <route-type>:<RD>::<esi>::<etag>::<originating-router-ip>/304
Used for BUM (broadcast, unknown unicast, multicast) traffic
15. 15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 4: EVPN Ethernet Segment Route
This routes is only advertised by multi-homing PEs, in our case it
will be PE1 and PE2, this route carries the ES-Import extended
community that carries the ESI value, this ESI value is derived
from the configured Ethernet segment identifier bytes 3 to 8 are
carried.
ES-Import extended community is basically a route target extended
community, the PEs who are configured with the same ESI value will
be importing this route.
Once the PE receives a set of these ESI routes that have the same
ES-Import value, it can locally do the Designated/Backup Forwarder
election which also will be globally consistent.
16. 16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Route Type 4: EVPN Ethernet Segment Route
Route Type format
ES Import extended community
17. 17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
MAC Learning
HW
L2ALM
Kernel
L2ALD
RPD
18. 18 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Local MAC learning process
L2ALD learns these MAC addresses and applies the MAC policies.
L2ALD install the routes corresponding to these MAC routes in the
forwarding table.
L2ALD updates the MAC addresses to RPD via socket IPC.
RPD advertises these MAC addresses to peers using BGP MAC
advertisement NLRI.
Hardware takes care of aging out the locally learned MAC addresses
and l2ald updates RPD if there are any updates.
19. 19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Remote MAC learning & aging process
MAC addresses are learned via control plane from MAC advertisement Route
RPD applies configured policies
BGP will install these MACs in global bgp.evpn.0 table and from their routes
will be imported to individual mac-vpn tables per EVI.
EVPN module in RPD will get flashed and it will pass these routes to L2ALD.
L2ALD will then program the forwarding table with these remote MAC routes.
If the MAC advertisement NLRI is withdrawn by the other end, RPD removes the
corresponding MAC route via L2ald.
These routes never ages out on their own.
20. 20 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Local MAC learning between local PE to CE
MAC learning between the local PE and CE happens through data plane.
PFE debug logs:
TAZ-TBB-0(j05-35 vty)# [Aug 29 14:49:35.661 LOG: Info] l2alm_process_mac:3757 Processing [mac aa:bb:cc:01:01:01(epoch
0) bd 2 vlan 0 pbbn bd 0]
[ifl 334 from ifl 0 ifbd-gen 0 mac-seq 0]
[Aug 29 14:49:35.661 LOG: Info] l2alm_process_mac:3757 context [opcode (1) Add flags (0x6) Msg from HAL Mac local
src reason (0) None start action(6) l2alm_mac_process_get_mac need-sync 0]
L2-learning trace-options
Aug 29 03:48:41 do_mac_process:4156 Processing [mac aa:bb:cc:01:01:01(epoch 0 stp 4) bd 2 vlan 0]
[ifl 335 from ifl 0 ifbd-gen 291 mac-seq 2 move-cnt 0]
context [opcode (1) Add flags (0x0) None reason (2) PFE L2 MAC operation start action(6)
l2ald_mac_process_get_mac]
Aug 29 03:48:41 libl2_add_mac_to_ifd_list:134 Added MAC aa:bb:cc:01:01:01 in ifd list for ae2
21. 21 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN trace-options:
Aug 29 07:49:36.720498 evpn_mac_msg_receive_from_l2ald:4174 EVPN instance evpn100 [VS, Refcount: 5, Intfs: 2 (1 up), IRBs: 1 (1 up), Remote PEs: 2,
Flags: 0x4800] Received MAC add for local MAC aa:bb:cc:01:01:01 with VLAN 100, interface ae2.100, flags 0x2, timestamp 0x55e1c67f
Aug 29 07:49:36.720783 evpn_macdb_local_mac_adv_rt_create:2399 EVPN MAC evpn100::100::aa:bb:cc:01:01:01 [Flags: 0x0] Creating MAC advertisement
route
Aug 29 07:49:36.722030 evpn_evi_esi_label_get:925 EVPN instance evpn100 [VS, Refcount: 5, Intfs: 2 (1 up), IRBs: 1 (1 up), Remote PEs: 2, Flags:
0x4800] ESI 01:00:00:00:00:00:00:00:00:02 Label 299840
Aug 29 07:49:36.722110 evpn_adv_MAC_rt:3217 EVPN route (local) [Instance: evpn100, Type: MAC advertisement (2), ESI: 01000000000000000002, VLAN: 100
Label 299840] Advertising MAC aa:bb:cc:01:01:01 per instance evpn100
BGP Trace-options:
Aug 29 07:49:36.725501 bgp_master_tsi_find: Allocating bgp_tsi_t for 2:172.19.5.26:100::100::aa:bb:cc:01:01:01
Aug 29 07:49:36.725571 bgp_rt_policy_rt, 6265: flash update group internel type Internal nlri:200000 rth(0x2e4a10c
2:172.19.5.26:100::100::aa:bb:cc:01:01:01 state:2), rtt(0x2a0b498 evpn100 state:40), rti(0x2a02aa8 evpn100) new_rt 0x2a9def0, act_rt 0x2a9def0
Aug 29 07:49:36.726005 BGP SEND 172.19.5.26+179 -> 172.19.5.30+54458
Aug 29 07:49:36.726047 BGP SEND message type 2 (Update) length 96
Aug 29 07:49:36.726072 BGP SEND Update PDU length 96
Aug 29 07:49:36.726101 BGP SEND flags 0x40 code Origin(1): IGP
Aug 29 07:49:36.726129 BGP SEND flags 0x40 code ASPath(2) length 0: <null>
Aug 29 07:49:36.726155 BGP SEND flags 0x40 code LocalPref(5): 100
Aug 29 07:49:36.726185 BGP SEND flags 0xc0 code Extended Communities(16): 2:100:100
Aug 29 07:49:36.726224 BGP SEND flags 0x90 code MP_reach(14): AFI/SAFI 25/70
Aug 29 07:49:36.726270 BGP SEND nhop 172.19.5.26 len 4
Aug 29 07:49:36.726342 BGP SEND 2:172.19.5.26:100::100::aa:bb:cc:01:01:01/304 (label 299840) (esi 01:00:00:00:00:00:00:00:00:02)
22. 22 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
MAC learning between PE devices
As MACs are locally learned and given to RPD, RPD then advertises these MACs in MAC Advertisement
routes which are advertised to all BGP neighbors. Remote BGP peers when they receive this bgp update
will extract the mac address and send it to l2ald which will then be programmed in the mac table with
nexthop pointing the advertising PE.
BGP trace-options:
Aug 29 07:49:36.724020 BGP RECV 172.19.5.26+179 -> 172.19.5.30+54458
Aug 29 07:49:36.724073 BGP RECV message type 2 (Update) length 96
Aug 29 07:49:36.724099 BGP RECV Update PDU length 96
Aug 29 07:49:36.727024 BGP RECV flags 0x40 code Origin(1): IGP
Aug 29 07:49:36.727067 BGP RECV flags 0x40 code ASPath(2) length 0: <null>
Aug 29 07:49:36.727095 BGP RECV flags 0x40 code LocalPref(5): 100
Aug 29 07:49:36.727270 BGP RECV flags 0xc0 code Extended Communities(16): 2:100:100
Aug 29 07:49:36.727327 BGP RECV flags 0x90 code MP_reach(14): AFI/SAFI 25/70
Aug 29 07:49:36.727376 BGP RECV nhop 172.19.5.26 len 4
Aug 29 07:49:36.728561 BGP RECV 2:172.19.5.26:100::100::aa:bb:cc:01:01:01/304 (label 299840) (esi
01:00:00:00:00:00:00:00:00:02)
23. 23 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN trace-options:
Aug 29 07:49:36.732185 evpn_process_mac_rt:1803 EVPN instance evpn100 [VS, Refcount: 4, Intfs: 2 (2 up), IRBs:
1 (1 up), Remote PEs: 2, Flags: 0x4800] Processing ADD for MAC aa:bb:cc:01:01:01 from 172.19.5.26 with ESI
01000000000000000002, VLAN 100, label 299840, default_gw 0
Aug 29 07:49:36.732690 evpn_instance_esi_enqueue_macdb_entry:1411 EVPN Instance ESI
evpn100::01:00:00:00:00:00:00:00:00:02 [Intfs: 0, PEs: 2, MACs: 2, Refcount: 2, State: Resolved-By-Remote-PE]
MAC aa:bb:cc:01:01:01 added to list, number of MACs behind ESI/PE 2
Aug 29 07:49:36.732773 evpn_macdb_remote_mac_create:3237 EVPN MAC evpn100::100::aa:bb:cc:01:01:01 [Flags: 0x0]
Created and added to MAC database
Aug 29 07:49:36.732824 evpn_macdb_esi_remote_mes_add:2925 EVPN MAC ESI
evpn100::100::aa:bb:cc:01:01:01::01:00:00:00:00:00:00:00:00:02 [Active: yes, Time Stamp: 1440859776, Flags:
0x20 <Local-Adv-Allowed>] Neighbor 172.19.5.26 added
L2-learning trace-options:
Aug 29 07:49:36 l2ald_rpdf_process_mac_route:1306 Processing cmd:1 for MAC:aa:bb:cc:01:01:01 NHID:1048581
RTRID:0 ifl:0 rtt:5 flags:0x1 ts:0x55e1c680
Aug 29 07:49:36 l2ald_server_add_mac:618 server MAC add for bd: 100+100 vlan_id:0 mac:aa:bb:cc:01:01:01
Aug 29 04:18:36 libl2_add_mac_to_learn_vlan:228 Added MAC aa:bb:cc:01:01:01 in learn vlan list for bd 100+100.0
PFE debug output:
TAZ-TBB-0(soyuz vty)# [Aug 29 14:49:35.660 LOG: Info] l2alm_process_mac:3757 Processing [mac
aa:bb:cc:01:01:01(epoch 0) bd 2 vlan 0 pbbn bd 0] [ifl -1 from ifl 0 ifbd-gen 0 mac-seq 0]
[Aug 29 14:49:35.660 LOG: Info] l2alm_process_mac:3757 context [opcode (1) Add flags (0xa) Msg from HAL
Unresolved dest reason (0) None start action(6) l2alm_mac_process_get_mac need-sync 0]
24. 24 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN basic operations overview
PE1
PE2
CE1 CE2
Data Plane
MAC Learning
Data Plane
MAC Learning
BGP Control plane based
MAC learning
Payload S MAC D MAC
Ether Tag ID = EVI EVLAN
S MAC Address = MAC1
ESI=0
MPLS Label = L1
MAC Advert
EVI routing table
MAC1:
Nexthop= PE1
Service Label=L1
25. 25 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN Multi-homing
Single-Active Multihoming
Designated Forwarder election
DF forwards all BUM traffic
Non-DF puts multi-homed A/S interfaces to blocking state
All traffic will be locally learned and forwarded by the DF
All-Active Multihoming
Uses split horizon filtering
DF election for BUM traffic, BUM traffic from non-DF PE is
encapsulated with the ESI label (split horizon label), and dropped
by DF PE
Load-balancing (aliasing) over all active paths
26. 26 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Aliasing
In the case of multi-homed CE to multiple PEs running multi-chassis
lag between them, it’s possible that only one PE learns the MAC
addresses due to the nature of hashing. This means that only the PE
learning the MAC will advertise it to remote PEs even though there
is more than one PE attached to the same segment. This behavior
prevents load balancing to the CE.
Aliasing allows a PE to signal that it has reachability to a given
Ethernet segment for a given EVI even though it hasn’t learnt any
MAC address on that given EVI/ES. The Ethernet A-D route used in
this case is per EVI, which is different than the Ethernet A-D
route per ES.
27. 27 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ALIASING
• Provides load-balancing to all-active CE even when the MAC address
is only learned by one PE
• PEs advertise the ESI in MAC routes. Additionally, a set of AD routes
tells connectivity for an ES (from all connected PEs)
• Remote PEs load-balance traffic across PEs advertising the same ESI
PE2
PE1
PE3
PE4
CE
CE
MPLS
9
PE3 and PE4:
Based on AD per EVI route they
know that a MAC is reachable on
PE1 as well as PE2
Only PE2 advertises MAC1,
based on CE-PE traffic
learning
Both PE1 and PE2 advertise AD
route per EVI with same ESI
PE3 Load balances
Traffic toward MAC1
Provides Load Balancing
28. 28 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Split horizon
In order to achieve Split Horizon every BUM frame originated from a
PE is encapsulated with an MPLS label that identifies the Ethernet
segment of origin. This label is known as the ESI label.
The ESI label is distributed by all the PEs operating in A-S and A-
A mode using the Ethernet A-D route per ES. Ethernet A-D routes are
imported by all PEs that are participating in the EVPN instance.
ESI label used for Single Active is always 0.
29. 29 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Designated & Backup Designated Forwarder
If an MES (MPLS Edge Switch) plays a DF role for a multi-homed ES,
it will forward BUM traffic to the multi-homed CE. If an MES plays
a non-DF role, it will put its corresponding A/S interface in a
blocking state.
All traffic will be learned and forwarded by the DF.
By default a multi-homed MES shall play a non-DF role until it is
elected as DF. The DF or non-DF role of a MES will be communicated
to other daemon through an IFF message by RPD. If the MES plays a
non-DF role, the l2ald shall remove or not add the corresponding
A/S interface in the CE flooding next-hop and PFE shall put the A/S
interface into a block state and drop the traffic from this
interface.
30. 30 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
ESI label (split horizon) advertisement in type 1 route.
PE2
PE1
PE3
PE4
CE2
CE1
MPLS
Multi-homing Scenario
aa:bb:cc:01:01:01
Ethernet A-D
Route (Type 1 Per
ESI) ESI,
Flag=all-actve,
ESI MPLS Label
=L1
Ethernet A-D
Route (Type 1
Per ESI) ESI,
Flag=all-actve,
ESI MPLS Label
=L2
31. 31 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Multi-homing Scenario
PE2
PE1
PE3
PE4
CE2
CE1
MPLS
aa:bb:cc:01:01:01
Inclusive Multicast
Route (Type3)
Mcast label L1
Inclusive
Multicast Route
(Type3)
Mcast label L2
Inclusive Multicast Route
(Type3)
Mcast label L3
Inclusive Multicast
Route (Type3)
Mcast label L4
Inclusive multicast route- Type 3 route
32. EVPN Single Active multihoming – configuration
interfaces {
ge-1/0/2 {
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
esi {
01:01:02:03:04:05:00:00:00:02;
single-active;
}
unit 30 {
vlan-id 30;
family bridge;
}
}
interfaces {
ge-10/0/3 {
vlan-tagging;
encapsulation extended-vlan-bridge;
esi {
01:01:02:03:04:05:00:00:00:02;
single-active;
}
unit 20 {
vlan-id 20;
family bridge;
}
}
}
• PE1: • PE2:
33. EVPN All Active multihoming – configuration
interfaces {
ge-1/0/2 {
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
esi {
01:01:02:03:04:05:00:00:00:02;
all-active;
}
unit 30 {
vlan-id 30;
family bridge;
}
}
interfaces {
ge-10/0/3 {
vlan-tagging;
encapsulation extended-vlan-bridge;
esi {
01:01:02:03:04:05:00:00:00:02;
all-active;
}
unit 20 {
vlan-id 20;
family bridge;
}
}
}
• PE1: • PE2:
34. 34 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
PE2
PE1
PE3
CE2
CE1
MPLS
Multi-homing Single Active –BUM Traffic
BUM
aa:bb:cc:01:01:01
DF
aa:bb:cc:01:01 ff:ff:ff:ff:ff:ff
Source MAC Destination MAC
35. 35 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Multi-homing All Active –Unicast Traffic
PE2
PE1
PE3
PE4
CE
CE
MP BGP
MAC
advertisement
aa:bb:cc:01:01:01
DF
cc:cc:cc:01:01:01
aa:bb:cc:01:01 cc:cc:cc:01:01:01
Source MAC Destination MAC
MAC > Unlist
Nexthop
MAC > IFL
Unicast
36. 36 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN All Active Multihoming – Route Type 1:
Ethernet Auto-Discovery Route
ESI label in All-active
• Auto-Discovery per ESI Route – used for fast
convergence and loop prevention:
37. 37 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN All Active Multihoming – Route Type 1:
Ethernet Auto-Discovery Route
Auto-Discovery per EVI Route – used for load balancing
Aliasing Label
38. 38 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN All Active multihoming – verification: Aliasing
Aliasing label being used for load-balancing
39. 39 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN All Active multihoming – verification: Aliasing
41. 41 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
PE1
PE2
PE3
PE4
CE2
CE1
MPLS
Multi-homing All Active – BUM Traffic
aa:bb:cc:01:01:01
Dat
a
ESI
Label
Mcast
Label
Transpor
t
cc:cc:cc:01:
01:01
ff:ff:ff:ff:ff:
ff
Source MAC Destination MAC
Designated Forwarder election for BUM traffic only, only DF forwards BUM to CE
Split horizon filtering
non-DF PE floods BUM traffic to DF with ESI (split horizon) label one it
identify source ES
DF PE performs split horizon filtering and does not forward the traffic back
to the CE
PUSH ESI Label
BUM
BUM
BUM
42. 42 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Local MAC flushing
Locally learned macs have a mac-aging timer and can age out. when this happens
RPD will withdraw the earlier advertised mac route. However, remotely learned
mac via bgp never age out, they can only be withdrawn by the advertising PE.
From PFE
[Aug 29 15:27:14.734 LOG: Info] l2alm_process_mac:3757 Processing [mac
aa:bb:cc:01:01:01(epoch 0) bd 2 vlan 0 pbbn bd 0] [ifl 0 from ifl 0 ifbd-gen
0 mac-seq 0]
[Aug 29 15:27:14.734 LOG: Info] l2alm_process_mac:3757 context [opcode (2) Delete
flags (0x6) Msg from HAL Mac local src reason (0) None start action(6)
l2alm_mac_process_get_mac need-sync 0]
L2-learning Trace-options:
Aug 29 08:27:14 do_mac_process:4156 Processing [mac aa:bb:cc:01:01:01(epoch 0 stp 4)
bd 2 vlan 0]
[ifl 0 from ifl 0 ifbd-gen 169 mac-seq 2 move-cnt 0]
context [opcode (3) Delete flags (0x0) None reason (2) PFE L2 MAC
operation start action(6) l2ald_mac_process_get_mac]
Aug 29 08:27:14 libl2_delete_mac_from_learn_vlan:297 Removed MAC aa:bb:cc:01:01:01
from learn vlan list for 100+100.0
Aug 29 08:27:14 l2ald_mac_delete_rts_op:1752 DEL from RPD MAC:aa:bb:cc:01:01:01
eflags:0x1000 lmask:0x00000000
43. 43 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN MAC Aging
1. Local MAC addresses depend on MAC aging
Default MAC aging timer is 5 min
Configurable at global level
2. Remote MAC addresses never age out, but need to be withdrawn
PE-1# show protocols
l2-learning {
global-mac-table-aging-time < >;
}
44. 44 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN TRACE-OPTIONS:
AUG 29 08:27:15.809444 EVPN_MAC_MSG_RECEIVE_FROM_L2ALD:4174 EVPN INSTANCE EVPN100 [VS, REFCOUNT: 5, INTFS: 2 (1
UP), IRBS: 1 (1 UP), REMOTE PES: 2, FLAGS: 0X4800] RECEIVED MAC WITHDRAW FOR LOCAL MAC AA:BB:CC:01:01:01 WITH
VLAN 100, INTERFACE AE2.100, FLAGS 0X2, TIMESTAMP 0X55E1CD19
AUG 29 08:27:15.809618 EVPN_MACDB_LOCAL_MAC_ADV_RT_DELETE:2429 EVPN MAC EVPN100::100::AA:BB:CC:01:01:01 [FLAGS:
0X0] DELETING MAC ADVERTISEMENT ROUTE
AUG 29 08:27:15.809677 EVPN_DELETE_MAC_RT:3267 EVPN ROUTE (LOCAL) [INSTANCE: EVPN100, TYPE: MAC ADVERTISEMENT
(2), ESI: 01000000000000000002, VLAN: 100 LABEL 299840] WITHDRAWING MAC ROUTE PER INSTANCE EVPN100
AUG 29 08:27:15.813800 EVPN_MACDB_ESI_DELETE:3345 EVPN MAC ESI
EVPN100::100::AA:BB:CC:01:01:01::01:00:00:00:00:00:00:00:00:02 [ACTIVE: YES, TIME STAMP: 1440861465, FLAGS:
0X0] DELETE SOURCE (REASON: LOCAL WITHDRAW, OP-CODE: 3)
AUG 29 08:27:15.813932 EVPN_MACDB_MAC_DELETE:2597 EVPN MAC EVPN100::100::AA:BB:CC:01:01:01 [FLAGS: 0X0] DELETED
FROM MAC DATABASE
BGP TRACE-OPTIONS
AUG 29 08:27:15.814415 BGP_BIT_RESET: 2:172.19.5.26:100::100::AA:BB:CC:01:01:01 CLEARING BIT 0X50000
AUG 29 08:27:15.814471 BGP_MASTER_TSI_FREE: FREEING BGP_TSI_T FOR 2:172.19.5.26:100::100::AA:BB:CC:01:01:01
AUG 29 08:27:15.814560 RELEASE 2:172.19.5.26:100::100::AA:BB:CC:01:01:01/304 NHID 0 GW ZERO-LEN EVPN
PREF 170/0 METRIC <RELEASE DELETE INT EXT>
AUG 29 08:27:15.815063 BGP_SEND: SENDING 65 BYTES TO 172.19.5.30 (INTERNAL AS 100)
AUG 29 08:27:15.815112
AUG 29 08:27:15.815112 BGP SEND 172.19.5.26+179 -> 172.19.5.30+64030
AUG 29 08:27:15.815154 BGP SEND MESSAGE TYPE 2 (UPDATE) LENGTH 65
AUG 29 08:27:15.815180 BGP SEND UPDATE PDU LENGTH 65
AUG 29 08:27:15.815210 BGP SEND FLAGS 0X90 CODE MP_UNREACH(15): AFI/SAFI 25/70
AUG 29 08:27:15.815286 BGP SEND 2:172.19.5.26:100::100::AA:BB:CC:01:01:01/304 (ESI
00:00:00:00:00:00:00:00:00:00)
45. 45 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Designated forwarder election
For a given multi-segment that the MES is multi-homed to, it builds
an ordered list based on its own IP address and IP addresses
discovered from the corresponding ES routes. Each IP address in
the list is then assigned an ordinal number based on its position
in the list. The ordinal number starts from zero and zero is
assigned to the MES that has the least IP address. Given a total of
N MESs multi-homed to the same Ethernet segment, the MES's with the
ordinal number i is the DF if (vlan-id mod N == i).
A default wait timer of 3 seconds will be imposed before the PEs
starts the DF election process for a multi-homed Ethernet segment.
The default wait timer can also be overwritten through the CLI
"designated-forwarder-election hold-time“ under the evpn instance.
Note: DF is elected per EVI, each EVI is related to some Ethernet tag
value which often is the vlan-id value as specified above. If there
are multiple vlans on an ESI there could be a DF elected per such
vlan. There MUST be same number of EVIs and vlan-id values configured
across all multi-homed PES on a given Ethernet segment.
46. 46 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
DF election example:
PE1 : 172.19.5.26 == Position 0
PE2: 172.19.5.27 == Position 1
Vlan: 100
Number of PE devices: 2
Vlan-ID mod N == i (Position)
100 mod 2 == 0
PE1 will be DF for Vlan-ID 100.
47. 47 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
DF/BDF status
PE1
PE-1# run show evpn instance evpn100 extensive
Number of ethernet segments: 2
ESI: 01:00:00:00:00:00:00:00:00:02
Status: Resolved by IFL ae2.100
Local interface: ae2.100, Status:
Up/Forwarding
Number of remote PEs connected: 1
Remote PE MAC label Aliasing
label Mode
172.19.5.27 300112 0
single-active
Designated forwarder: 172.19.5.26
Backup forwarder: 172.19.5.27
Advertised MAC label: 300112
Advertised aliasing label: 300112
Advertised split horizon label: 0
PE2
PE-2# run show evpn instance evpn100 extensive
Number of ethernet segments: 2
ESI: 01:00:00:00:00:00:00:00:00:02
Status: Resolved by NH 1048592
Local interface: ae2.100, Status: Up/Blocking
Number of remote PEs connected: 1
Remote PE MAC label Aliasing label
Mode
172.19.5.26 300112 300112
single-active
Designated forwarder: 172.19.5.26
Backup forwarder: 172.19.5.27
Advertised MAC label: 300112
Advertised aliasing label: 300112
Advertised split horizon label: 0
48. 48 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Failure scenarios in single active multi-homing
PE1 and CE1 detect link failure based on interface down
PE1 withdraws Eth. A-D, MAC Adv., and ES routes.
All routers flush previously learned MAC addresses.
PE2 becomes new DF: Traffic forwarding and MAC learning via PE2 and CE2
PE2
PE1 PE3
PE4
CE1
CE2
49. 49 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Quick convergence: ES & mac withdrawal in case of
interface failure
Jun 8 18:43:35.917174 evpn_delete_AD_rt:3043 EVPN instance evpn100 [VS, Refcount: 7, Intfs: 4 (0
up), IRBs: 1 (1 up), Remote PEs: 3, Flags: 0x4800] Withdrawing AD per EVI route with ESI
01000000000000000002, VLAN 0, label 300112
Jun 8 18:43:35.917204 CHANGE 1:172.19.5.26:100::01000000000000000002::0/304 nhid 0 gw zero-len
EVPN pref 170/0 metric <Delete Int Ext>
Jun 8 18:43:35.917252 evpn_rt_instance_unlock:3095 EVPN route (local) [Instance: evpn100, Type:
ethernet AD per ESI (1), ESI: 01000000000000000002, VLAN: 0 Label 300112] Deleting from instance
evpn100
Jun 8 18:43:35.917281 evpn_esi_df_status_change_handler:367 EVPN Instance ESI
evpn100::01:00:00:00:00:00:00:00:00:02 [Intfs: 1, PEs: 1, MACs: 2, Refcount: 2, State: UnResolved]
transition to Non-DF
Jun 8 18:43:35.917296 evpn_esi_local_intf_state_change:612 EVPN Instance ESI
evpn100::01:00:00:00:00:00:00:00:00:02 [Intfs: 1, PEs: 1, MACs: 2, Refcount: 2, State: UnResolved]
Interface ae2.100 state change to Down
Jun 8 18:43:35.917340 evpn_macdb_esi_delete_ip_routes_for_ifl_down:2166 EVPN MAC ESI
evpn100::100::aa:bb:cc:01:01:01::01:00:00:00:00:00:00:00:00:02 [Active: yes, Time Stamp:
1433781616, Flags: 0xa <Local-MAC-Only Remote-Adv-Allowed>] Deleting all IP routes for L2 ifl down
Jun 8 18:43:35.917372 evpn_macdb_esi_delete_ip_routes_for_ifl_down:2166 EVPN MAC ESI
evpn100::100::00:1d:b5:92:4c:60::01:00:00:00:00:00:00:00:00:02 [Active: yes, Time Stamp:
1433781653, Flags: 0xa <Local-MAC-Only Remote-Adv-Allowed>] Deleting all IP routes for L2 ifl down
Jun 8 18:43:35.917386 evpn_instance_esi_resolution_timer_start:2117 EVPN Instance ESI
evpn100::01:00:00:00:00:00:00:00:00:02 [Intfs: 1, PEs: 1, MACs: 2, Refcount: 2, State: UnResolved]
50. 50 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Verifying Non-DF role
In Multi-homed setup, CE facing interface of Non-DF PE will be blocking state. Until, DF is in up and
forwarding state.
CE facing interface of Non-DF will be in marked down state.
51. Non DF CE facing interface will be in blocking state in single active
53. 53 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
172.19.5.27
172.19.5.26
172.19.5.30
ae0
ae0
ae0
ae0
ae2
ae2
aa:bb:cc:01:01:01
cc:cc:cc:01:01:01
Lab Topology
CE1
PE2
CE1
PE1
PE3
MPLS
54. 54 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Configuration (base EVPN)
Interface configuration
PE1# show interfaces xe-1/0/0
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 100 {
description VLAN100;
encapsulation vlan-bridge;
vlan-id 100;
55. 55 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Configuration multi-homing single-active
PE-1# show interfaces ae2
vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
esi {
01:00:00:00:00:00:00:00:00:02;
single-active;
}
unit 100 {
encapsulation vlan-bridge;
vlan-id 100;
family bridge;
}
ESI is the ethernet segment Identifier. No two ESIs can be configured with the same ESI value.
56. 56 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
BGP configuration requires EVPN NLRI
PE-1# show protocols bgp
log-updown;
group CORE-CPDs {
type internal;
local-address 172.19.5.26;
family inet-vpn {
unicast;
}
family evpn {
signaling;
}
neighbor 172.19.5.31 {
}
}
57. 57 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Instance configuration
PE-1# show routing-instances evpn100
instance-type virtual-switch;
route-distinguisher 172.19.5.26:100;
vrf-target target:100:100;
protocols {
evpn {
extended-vlan-list 100;
}
}
bridge-domains {
100 {
domain-type bridge;
vlan-id 100;
interface ae2.100;
routing-interface irb.100;
58. 58 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN MAC TABLE
PE-1# run show evpn database
Jun 09 09:07:50
Instance: evpn100
VLAN MAC address Active source Timestamp IP
address
100 00:17:cb:c1:94:5d 02:00:00:00:00:00:00:00:00:02 Jun 08 07:00:05
172.17.5.200
100 00:1d:b5:92:4c:60 01:00:00:00:00:00:00:00:00:02 Jun 09 09:06:43
172.17.5.198
100 28:8a:1c:ab:11:00 irb.100 Jun 09 08:46:55
172.17.4.10
172.17.4.250
100 aa:bb:cc:01:01:01 01:00:00:00:00:00:00:00:00:02 Jun 09 08:46:57
59. 59 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
EVPN instance MAC count
lab@PE1# run show evpn instance
Intfs IRB intfs
MH MAC addresses
Instance Total Up Total Up Nbrs
ESIs Local Remote
VFR_VF 1 1 0 0 3
2 0 0
__default_evpn__ 0 0 0 0 1
0 0 0
evpn100 1 1 1 1 3
2 2 2
60. 60 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
MAC/IP being advertised to remote Peers:
PE-1# run show route advertising-protocol bgp 172.19.5.30 table evpn100.evpn.0
evpn100.evpn.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
1:172.19.5.26:100::01000000000000000002::0/304
* Self 100 I
2:172.19.5.26:100::100::00:1d:b5:92:4c:60/304
* Self 100 I
2:172.19.5.26:100::100::28:8a:1c:ab:11:00/304
* Self 100 I
2:172.19.5.26:100::100::aa:bb:cc:01:01:01/304
* Self 100 I
2:172.19.5.26:100::100::00:1d:b5:92:4c:60::172.17.5.198/304
* Self 100 I
2:172.19.5.26:100::100::28:8a:1c:ab:11:00::172.17.4.10/304
* Self 100 I
2:172.19.5.26:100::100::28:8a:1c:ab:11:00::172.17.4.250/304
* Self 100 I
3:172.19.5.26:100::100::172.19.5.26/304
* Self 100 I
61. Troubleshooting [verifying the MAC routes]
MAC routes are maintained at multiple level:
RPD
show route table vpn …
show route advertising-protocol bgp < >
show evpn instance designated-forwarder
show evpn instance backup-forwarder
show evpn instance brief
show evpn database
show evpn database extensive mac-address < >
show evpn instance extensive
Show route protocol evpn table mpls.0
Protocol EVPN traceoptions
L2ALD
show evpn mac-table / show bridge mac-table
L2 learning trace-options
Kernel
show route forwarding-table …
L2ALM
show l2 manager mac-table
show l2 manager mac-table routing-instance
show l2 manager mac-table
show l2pd ifl #
HW (PFE)
Show l2-metro <pfe_id> mac hw
show route bridge table
show route bridge table index #
62. TAZ-TBB-0(PE1 vty)# show l2metro 0 mac hw bridge-domain 2
Hash Table Size: 524288
bd lvlan mac l2iif mg epch stp l2tkn(0x) l mid pfe/pfe fwd ctrl
rindex
<---------------------------><----------------------------------------------------------
->
2 0 aa:bb:cc:01:01:01 335 1 0 4 000061 1 7 255/255 Brg 0000 15
2 0 ff:ff:ff:ff:ff:ff 0 0 0 0 000000 0 0 0/ 0 R/B 0002 2
2 0 00:23:9c:ff:28:f0 0 0 0 0 000000 0 0 0/ 0 Rt 0002 8
2 0 01:00:5e:00:00:05 0 0 0 0 000000 0 0 0/ 0 R/B 0002 0
2 0 00:05:85:f5:70:01 335 1 0 4 000061 1 7 255/255 Brg 0000 26
2 0 cc:cc:cc:01:01:03 0 0 0 0 000000 0 0 0/ 64 Drop 0020 937
TAZ-TBB-0(PE1 vty)# show l2pd ifl 335
Input ifl 335
ifl ge-1/1/0.32767 (161.339)
iff_ifl ae2.32767 (138.334)
service key 0
ifl_encap 14(Ethernet)
num tags 0
outer vlan 0
vid range 0
inner vlan 0
native inner 0
service flags 0xc100
orw: vid 0, tpid idx 0, flags 0x00 rules 0(NO REWRITE)
irw: vid 0, tpid idx 0, flags 0x00 rules 0(NO REWRITE)
Packet/byte stats: input 2333556638996506148/5652757470631862804, output:
5652757503675465728/1118053924
PFE (HW)
63. TAZ-TBB-0(PE1 vty)# show route bridge table
Protocol: BRIDGE
Table Name Table Index (lrid ) # of Routes
LOCAL FRRP TID
------------------------------------------------------------------
------------------------
__juniper_private1__.1 1 (0 ) 2
LOCAL low ----
default-switch.4 4 (0 ) 0
LOCAL low ----
evpn100.5 5 (0 ) 7
LOCAL low ----
TAZ-TBB-0(PE1 vty)# show route bridge table index 5
BRIDGE Route Table 5, evpn100.5, 0x4000 FRR: FALSE: BUM hashing: FALSE
BD-ID Mesh-Group L2Token NH Type NH ID Interface
----- ---------- ------- ------- ------ ---------
00002 00000 00:05:85:f5:70:01/80 rifl ae2.100
00002 00000 00:05:85:f6:4f:f2/80 RNH_LE 15695872 rifl 0
00002 00000 30003/51 Compst 622
00002 00000 aa:bb:cc:01:01:01/80 rifl ae2.100
00002 00000 cc:cc:cc:01:01:01/80 RNH_LE 15695872 rifl 0
TAZ-TBB-0(PE1 vty)# show l2 manager mac-table
aa:bb:cc:01:01:01
mac address aa:bb:cc:01:01:01
bd_index 2
learn vlan 0
FwdEntry Addr 0x47580292
entry flags 0x814
need sync flag False
fwd_nhidx 0
hw_learn_entity_type 0
hw_learn_entity 0x14f
retry count 0
In ifl list, In RTT Table, Update entry in HW
entry ifl ae2.100
entry hw ifl ae2.100
entry seq number 4
entry epoch 0
hardware information
--------------------
PFE View
64. 64 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
labroot@PE1# run show route forwarding-table vpn evpn100
Routing table: evpn100.evpn
EVPN:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 531 1
user 0 indr 1048574 3
20.20.20.2 Push 299776 612 3 ae1.0
user 0 indr 1048579 3
10.10.10.2 Push 299776 620 3 ae0.0
Routing table: evpn100.evpn
Bridging domain: 100.evpn
EVPN:
Destination Type RtRef Next hop Type Index NhRef Netif
00:05:85:f5:70:01/48 user 0 ucst 596 6 ae2.100
00:05:85:f6:4f:f2/48 user 0 chain 15695871 3
0x30002/51 user 0 comp 624 2
aa:bb:cc:01:01:01/48 user 0 ucst 596 6 ae2.100
cc:cc:cc:01:01:01/48 user 0 chain 15695871 3
ae2.100 intf 0 ucst 596 6 ae2.100
ge-1/1/3.1 intf 0 ucst 607 2 ge-1/1/3.1
65. 65 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
labroot@PE1# run show bridge mac-table
Aug 30 09:47:10
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -
Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote
PE MAC)
Routing instance : evpn100
Bridging domain : 100, VLAN : 100
MAC MAC Logical NH RTR
address flags interface Index ID
00:05:85:f5:70:01 D ae2.100
00:05:85:f6:4f:f2 DC 1048579 1048579
aa:bb:cc:01:01:01 D ae2.100
cc:cc:cc:01:01:01 DC 1048579 1048579
L2ALD view
66. labroot@PE1# run show evpn instance
designated-forwarder
Instance: evpn100
Number of ethernet segments: 1
ESI: 01:00:00:00:00:00:00:00:00:02
Designated forwarder: 172.19.5.26
[edit]
labroot@PE1# run show evpn instance
backup-forwarder
Instance: evpn100
Number of ethernet segments: 1
ESI: 01:00:00:00:00:00:00:00:00:02
Backup forwarder: 172.19.5.27
labroot@PE1# run show evpn database
Instance: evpn100
VLAN MAC address Active source
Timestamp IP address
100 00:05:85:f5:70:01 01:00:00:00:00:00:00:00:00:02
Aug 30 09:27:15 100.100.100.2
100 00:05:85:f6:4f:f2 172.19.5.30
Aug 30 09:27:24 100.100.100.1
100 00:23:9c:ff:28:f0 172.19.5.30
Aug 30 09:27:24 100.100.100.102
100 08:81:f4:83:93:e0 172.19.5.27
Aug 30 09:27:12 100.100.100.101
100 a8:d0:e5:55:d5:00 irb.100
Aug 30 09:26:27 100.100.100.100
100 aa:bb:cc:01:01:01 01:00:00:00:00:00:00:00:00:02
Aug 30 09:27:15
100 cc:cc:cc:01:01:01 172.19.5.30
Aug 30 09:27:24 100.100.100.11
RPD View
67. On PE1:
labroot@PE1# run show evpn database mac-address aa:bb:cc:01:01:01 extensive
Aug 30 10:10:03
Instance: evpn100
VLAN ID: 100, MAC address: aa:bb:cc:01:01:01
Source: 01:00:00:00:00:00:00:00:00:02, Rank: 1, Status: Active
Local origin: ae2.100
Timestamp: Aug 30 09:27:15 (0x55e32ee3)
State: <Local-MAC-Only Remote-Adv-Allowed>
On PE2:
labroot@PE2# run show evpn database mac-address aa:bb:cc:01:01:01 extensive
Aug 30 10:11:19
Instance: evpn100
VLAN ID: 100, MAC address: aa:bb:cc:01:01:01
Source: 01:00:00:00:00:00:00:00:00:02, Rank: 1, Status: Active
Remote origin: 172.19.5.26
Timestamp: Aug 30 09:27:16 (0x55e32ee4)
State: <Local-Adv-Allowed Local-Adv-Done>
70. 70 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Limitations
GRES/NSR is not supported
Auto derivation of ESI
IPV6 is not supported
ISSU is not supported
No Logical System support
Supported only on Trio based platforms
71. 71 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Some known Issues:
PR916036 - EVPN+VS: Tracking PR to restore single label for all
VLAN IM advertisements
PR936324- EVPN : Basic : Inclusive Multicast ( type 3 ) routes
not updated with changed router-id
PR1081524 - Backup Designated Forwarder in Multi-homed EVPN
learning & Advertising MAC and causing traffic loop between BDF
and DF
PR1082287 - EVPN Single-Active: After active CE-PE link flap L3
EVPN routes points to label 0 on remote Pes
Editor's Notes AD route per ESI is advertised one per box per ESI. This route contains the route targets of all the EVIS that are configured on that ESI. This route also contains the ESI MPLS extended community that contains the ESI (split horizon label) for Single-Active multi-homing supported as part of this RLI this label will be set to zero.
This route also has a bit set in the extended community to tell all remote peers if are operating in single-active or all-active mode in our case this bit will be set signifying that we are only doing single-active Type 4 routes are saved in default evpn route table and can be viewed using the below command
> show route table __default_evpn__.evpn.0 MAC addresses between CE-PE are learned dynamically using h/w based learning.
Layer 2 Address Learning Deamon learns these MAC addresses and applies the MAC policies (like maximum number of MAC addresses per instance, per interface, security related polices)
L2ALD install the routes corresponding to these MAC routes in the forwarding table.
L2ALD updates the MAC addresses to RPD via socket IPC mechanism
RPD advertises these MAC addresses to peers using BGP MAC advertisement NLRI
Hardware takes care of aging out the locally learned MAC addresses and l2ald updates RPD if there are any updates. If DMAC is unknown:
a) If unknown unicast flooding is not allowed, then drop it
b) If unknown unicast flooding is allowed, then use the all flood route to
forward it
-If DMAC is multicast/broadcast, then use the all flood route to forward it - Learn the Source MAC
- If DMAC is known unicast, then forward the packet using the indirect next hop for the route
Every PE participating in an EVI will advertises its mcast labels during its startup sequence via Inclusive Multicast routes. Inclusive Multicast routes are BGP route type 3. Once a PE has received mcast routes from all the other PEs and a BUM frame arrives, the PE will do ingress replication by attaching the respective PEs mcast label.
PE2 (L1) and PE3 (L3) advertise their multicast label to PE1. When PE1 receives a broadcast packet, it adds the mcast label L3+ the label to reach PE3 and sends the packet to PE3. PE1 also forwards the packet to PE2 by adding the ESI label + label L2+ label to reach PE2. PE3 receives the packet and sees the mcast label; it treats the packet as a BUM frame. When PE2 receives the packet, it notices the ESI label which was advertised as part of Ethernet A-D route and drops the packet
