4.5. EVPN Command Reference

This command enables the context to configure the BGP-EVPN parameters in the base instance.

The no form of this command disables BGP-EVPN.

Note: CFM Is not supported with 7210 SAS EVPN VPLS services.

This command specifies a 2-byte EVPN instance that is unique in the system. It is used by the service-carving algorithm for multi-homing and auto-deriving route-target and route-distinguishers.

If not specified, the value is zero and no route-distinguisher or route-targets are auto-derived from it. If the evi value is specified and no other route distinguisher or route target is configured in the service, the following rules apply:

Note: If VSI import and export policies are configured, the route target must be configured in the policies, and those values take precedence over the auto-derived route targets. If bgp-ad>vpls-id and bgp-evpn>evi are configured on the same service, the vpls-id auto-derived route-target/route-distinguisher takes precedence over the evi auto-derived ones. The operational route target for a service is shown in the show service id bgp command.

The no form of this command reverts the evi value to zero.

This command enables the context to configure the BGP EVPN MPLS parameters.

This command enables the context to configure automatic binding of a BGP-EVPN service using tunnels to MP-BGP peers.

The resolution mode must be configured to enable auto-bind resolution to tunnels in TTM. The following configurations are available.

The following tunnel types are supported in a BGP-EVPN MPLS context, in order of preference: RSVP, LDP, SR-ISIS, SR-OSPF, and BGP.

The rsvp value specifies that BGP searches for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel ID.

The ldp value specifies that BGP searches for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.

The sr-isis (sr-ospf) value specifies that an SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered ISIS (OSPF) instance.

The bgp value specifies BGP EVPN to search for a BGP LSP to the address of the BGP next hop. If the user does not enable the BGP tunnel type, the inter-area or inter-as prefixes is not resolved.

To activate the list of tunnel-types configured under resolution-filter, the resolution must be set to filter.

This command configures the resolution mode in the automatic binding of a BGP-EVPN MPLS service to tunnels to MP-BGP peers.

This command enables the context to configure the subset of tunnel types that can be used in the resolution of BGP-EVPN routes within the automatic binding of BGP-EVPN MPLS service to tunnels to MP-BGP peers.

The following tunnel types are supported in a BGP-EVPN MPLS context, in order of preference: RSVP, LDP, Segment Routing (SR), BGP, and UDP.

This command specifies the BGP tunnel type.

BGP EVPN will search for a BGP LSP to the address of the BGP next hop. If the user does not enable the BGP tunnel type, the inter-area or inter-as prefixes will not be resolved.

The no form of this command disables BGP as a tunnel type to consider.

This command specifies the LDP tunnel type.

BGP will search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next-hop.

The no form of this command disables LDP as a tunnel type to consider.

This command specifies the RSVP-TE tunnel type.

BGP will search for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

The no form of this command disables RSVP as a tunnel type to consider.

This command specifies the Segment Routing (SR) tunnel type programmed by an ISIS instance in TTM.

The no form of this command disables SR-ISIS as a tunnel type to consider.

This command specifies the SR tunnel type programmed by an OSPF instance in TTM.

The SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered ISIS (OSPF) instance.

The no form of this command disables SR-OSPF as a tunnel type to consider.

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The no form of this command places the entity into an administratively enabled state.

This command creates or edits a Virtual Private LAN Service (VPLS) instance. If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

A VPLS connects multiple customer sites together acting like a zero-hop, Layer 2 switched domain. A VPLS is always a logical full mesh.

If the create command is enabled in the environment context, the create keyword must be specified when the service is created. Specify the customer keyword and customer-id to associate the service with a customer. The customer-id must already exist (created using the customer command in the service context). After a service has been created with a customer association, it is not possible to edit the customer association. To edit the customer association, the service must be deleted and recreated with a new customer association.

After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

More than one VPLS may be created for a single customer ID.

By default, no VPLS instances exist until they are explicitly created.

The no form of this command deletes the VPLS service instance with the specified service-id. The service cannot be deleted until all SAPs and SDPs defined within the service ID have been shutdown and deleted, and the service has been shutdown.

This command enables the context to configure the BGP related parameters for BGP EVPN.

This command configures the Route Distinguisher (RD) component that will be signaled in the MP-BGP NLRI for L2VPN and EVPN families. This value is used for BGP-AD and BGP multi-homing NLRI, if these features are configured.

If this command is not configured, the RD is automatically built using the BGP-AD VPLS ID. The following rules apply:

Values and format (6 bytes, other 2 bytes of type) will be automatically generated.

The no form of this command removes the RD component.

This command configures the route target (RT) component that will be signaled in the related MP-BGP attribute to be used for BGP auto-discovery and EVPN, if these features are configured in this VPLS service.

If this command is not used, the RT is built automatically using the VPLS ID. The ext-comm value can have the same two formats as the VPLS ID, a two-octet AS-specific extended community, IPv4 specific extended community. For BGP EVPN enabled VPLS services, the route target can also be auto-derived from the evi value (config>service>vpls>bgp-evpn>evi), if this command is not configured. See the evi command description for more information.

The no form of this command removes the RT component.

This command specifies the name of the VSI export policies to be used for BGP auto-discovery, if it is configured in this VPLS service. If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the VSI export policy.

This command specifies the name of the VSI import policies to be used for BGP auto-discovery, if it is configured in this VPLS service. If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the VSI import policy.

This command enables the advertisement in BGP of the learned MACs on SAPs and SDP bindings. When the mac-advertisement command is disabled, the local MACs will be withdrawn in BGP.

The no form of this command disables mac-advertisement.

This command enables the context to configure the BGP EVPN MAC duplication parameters.

This command modifies the default behavior of the mac-duplication feature, which is always enabled by default. The command specifies the number of moves (num-moves) to monitor within a period of time (window).

Specifies the timer after which the MAC in hold-down state is automatically flushed and the mac-duplication process starts again. This value is expected to be equal to two times or more than that of window.

If the no form of this command is configured and mac-duplication is detected, MAC updates for that MAC will be held down till the user intervenes or a network event (that flushes the MAC) occurs.

This command enables the transmission and reception of the control-word. As defined in RFC 7432, the use of the control word helps avoid frame disordering.

It is enabled or disabled for all EVPN-MPLS destinations at the same time.

The no form of this command reverts to the default value.

When configured in a VPLS service, this command controls the number of paths to reach a specified MAC address when that MAC in the FDB is associated to a remote all-active multi-homed ES.

The configuration of two or more ECMP paths to a specified MAC enables the aliasing function described in RFC 7432.

The no form of this command reverts to the default value.

This command allows the system to preserve the VLAN ID and 802.1p bits of the service-delimiting qtag in a new tag added in the customer frame before sending it to the EVPN-MPLS destinations.

This command may be used in conjunction with the sap ingress vlan-translation command. In this case, the configured translated VLAN ID is the VLAN ID sent to the EVPN-MPLS destinations as opposed to the service-delimiting tag VLAN ID. If the ingress SAP/SDP binding is null-encapsulated, the output VLAN ID and pbits are zero.

The no form of this command reverts to the default value.

This command configures the system so that a separate label is sent for Broadcast, Unknown unicast and Multicast (BUM) traffic in a specified service. By default (no ingress-replication-bum-label), the same label is used for unicast and flooded BUM packets when forwarding traffic to remote PEs.

Saving labels may cause transient traffic duplication for all-active multi-homing. If ingress-replication-bum-label is enabled, the system will advertise two labels per EVPN VPLS instance, one for unicast and one for BUM traffic. The ingress PE will use the BUM label for flooded traffic to the advertising egress PE, which allows the egress PE to determine whether unicast traffic has been flooded by the ingress PE. Depending on the scale required in the network, the user may choose between saving label space or avoiding transient packet duplication sent to an all-active multi-homed CE for certain MACs.

The no form of this command uses the same label for unicast and flooded BUM packets.

This command configures an explicit split-horizon group for all BGP-EVPN MPLS destinations that can be shared by other SAPs and spoke-SDPs. The use of explicit split-horizon groups for EVPN-MPLS and spoke-SDPs allows the integration of VPLS and EVPN-MPLS networks.

If the bgp-evpn mpls split-horizon-group command is not used, the default split-horizon group (that contains all the EVPN destinations) is still used, but it is not possible to refer to it on SAPs/spoke-SDPs.

User-configured split-horizon groups can be configured within the service context. The same group name can be associated to SAPs, spoke-SDPs, pw-templates, pw-template-bindings, and EVPN-MPLS destinations.

The configuration of the bgp-evpn mpls split-horizon-group command is only allowed if bgp-evpn>mpls is shut down; no changes are allowed when bgp-evpn>mpls is no shutdown.

If the SAPs or spoke-SDPs (manual or BGP-AD-discovered) are configured within the same split-horizon group as the EVPN-MPLS endpoints, MAC addresses will still be learned but they will not be advertised in BGP-EVPN. If an EVPN-MPLS provider-tunnel is enabled in the service, the SAPs and SDP-bindings that share the same split-horizon group of the EVPN-MPLS provider-tunnel will be brought operationally down if the point-to-multipoint tunnel is operationally up.

The no form of this command configures the EVPN-MPLS destinations to use the default split-horizon group.

This command enables the context to configure the proxy-ARP parameters in a VPLS service.

The no form of this command removes the proxy-ARP context.

This command enables the context to configure the proxy-ND parameters in a VPLS service.

The no form of this command removes the proxy-ND context.

This command specifies the aging timer per proxy-ARP and proxy-ND entry for dynamic entries. When the aging expires, the entry is flushed. The age is reset when a new ARP, GARP, or NA for the same MAC-IP is received.

If the corresponding FDB MAC entry is flushed, the proxy-ARP or proxy-ND entry becomes inactive and subsequent ARP or NS lookups are treated as "missed". EVPN withdraws the IP-to-MAC if the entry becomes inactive. The age-time should be set at the send-refresh seconds value * 3 to ensure that no active entries are unnecessarily removed.

The no form of this command disables the aging timer.

This command enables the mechanism that detects duplicate IPs and ARP/ND spoofing attacks. Attempts (relevant to dynamic and EVPN entry types) to add the same IP (different MAC) are monitored for window minutes. When count is reached within that window, the proxy-ARP or proxy-ND entry for the suspected IP is marked as duplicate. An alarm is also triggered. This condition is cleared when hold-down time expires (max does not expire) or a clear command is issued.

If the anti-spoof-mac keyword is configured, the proxy-ARP or proxy-ND MAC address of the offending entry is replaced with the configured anti-spoof mac-address and advertised in an unsolicited GARP/NA for local SAPs/SDP-bindings, and in EVPN to remote PEs. This mechanism assumes that the same anti-spoof-mac is configured in all the PEs for the same service, and that traffic with destination anti-spoof-mac received on SAPs/SDP-bindings will be dropped. An ingress mac-filter may be configured to drop traffic to the anti-spoof-mac.

This command enables the addition of dynamic entries to the proxy-ARP table.

When enabled, the system populates proxy-ARP entries from snooped GARP or ARP messages on SAPs/SDP-bindings. These entries are shown as dynamic.

When disabled, dynamic ARP entries are flushed from the proxy-ARP table. Enabling dynamic-arp-populate is only recommended in networks where this command is consistently configured in all PEs.

The no form of this command disables the addition of dynamic entries to the proxy-ARP table.

This command enables the addition of dynamic entries to the proxy-ND table.

When enabled, the system populates proxy-ND entries from snooped Neighbor Advertisement (NA) messages on SAPs or SDP-bindings, in addition to the entries coming from EVPN (if the EVPN is enabled). These entries are shown as dynamic, and not as EVPN or static entries.

When disabled, dynamic ND entries are flushed from the proxy-ND table. Enabling dynamic-nd-populate is only recommended in networks where this command is consistently configured in all PEs.

The no form of this command disables the addition of dynamic entries to the proxy-ND table.

This command enables the advertisement of static or dynamic entries that are learned as a host or router. Only one option (host or router) is possible in a specified service. This command also determines the R flag (host or router) when sending NA messages for existing EVPN entries in the proxy-ND table.

This command can only be modified if proxy-nd is shut down.

This command controls whether the system floods GARP-requests and GARP-replies to the EVPN. The GARPs impacted by this command are messages in which the sender IP is equal to the target IP and the MAC DA is broadcast.

The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations. The use of the no form is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood GARP messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

This command controls whether the system floods host unsolicited Neighbor Advertisements to the EVPN. The NA messages impacted by this command are NA messages with the following flags:

The no form of this command only floods to local SAPs/SDP-bindings but not to the EVPN destinations. The use of the no form is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood unsolicited NA messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

This command controls whether the system floods router unsolicited NAs to EVPN. The NA messages impacted by this command are NA messages with the following flags:

The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations. This is only recommended in networks where CEs are routers directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood unsolicited NA messages in EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

This command enables the system to send a refresh message at the configured time. A refresh message is an ARP-request message that uses 0s as the sender IP for the case of a proxy-ARP entry. For proxy-ND entries, a refresh is a regular NS message that uses the chassis-mac as the MAC source-address.

The no form of this command suppresses the refresh messages.

This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either learned or CStatic (conditional static MAC) to become active.

The no form of this command removes the specified static entry.

This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either dynamic or CStatic (Conditional Static MAC) to become active. Along with the IPv6 and MAC address, the entry must also be configured as either host or router. This determines whether the received NS for the entry is replied with the R flag set to 1 (router) or 0 (host).

The no form of this command removes the specified static entry.

This command adds a table-size limit per service. By default, the limit is 250; it can be set up to 16k entries per service. A non-configurable implicit high watermark of 95% and low watermark of 90% exists, per service and per system.

When those watermarks are reached, a syslog or trap is triggered. When the system or service limit is reached, entries for a specified IP can be replaced (a different MAC can be learned and added) but no new IP entries are added, regardless of the type (Static, evpn, dynamic). If the user attempts to change the table-size value to a value that cannot accommodate the number of existing entries, the attempt fails.

This command controls whether unknown ARP-requests are flooded into the EVPN network. By default, the system floods ARP-requests, including EVPN (with source squelching), if there is no active proxy-ARP entry for the requested IP.

The no form of this command only floods to local SAPs/SDP-bindings and not to EVPN destinations.

This command enables unknown Neighbor Solicitation (NS) messages to be flooded into the EVPN network. By default, the system floods NS (with source squelching) to SAPs/SDP-bindings including EVPN, if there is no active proxy-ND entry for the requested IPv6.

The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations.

This command enables and disables the proxy-ARP and proxy-ND functionalities. ARP, GARP, and ND messages are snooped and redirected to the CPM for lookup in the proxy-ARP/proxy-ND table. The proxy-ARP/proxy-ND table is populated with IP-to-MAC pairs received from different sources (EVPN, static, dynamic). When the shutdown command is issued, the system stops snooping ARP/ND frames and the dynamic/EVPN dup proxy-ARP/proxy-ND table entries are flushed. All the static entries are kept in the table as inactive, regardless of their previous Status.

The no form of this command enables the proxy-ARP and proxy-ND functionalities.

This command configures an ES instance and its corresponding name.

The no form of this command deletes the specified ES.

This command configures the ES activation timer for the specified ethernet-segment. The es-activation-timer delays the activation of a specified ethernet-segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP associated to an ethernet-segment can be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

The no form of this command specifies that the system uses the value in the config>redundancy>bgp-evpn-multi-homing>es-activation-timer context, if configured. Otherwise the system uses the default value of 3 seconds.

This command configures the 10-byte Ethernet segment identifier (ESI) associated to the ethernet-segment that will be signaled in the BGP-EVPN routes. The ESI value cannot be changed unless the ethernet-segment is shutdown. Reserved ESI values, 0 and MAX-ESI, are not allowed.

The no form of this command deletes the ESI from the Ethernet segment.

This command configures a lag ID associated to the ES When the ethernet-segment is configured as all-active, only a LAG can be associated to the ES. When the ethernet-segment is configured as single-active, a LAG or port can be associated to the ES. In either case, only one of the two objects can be configured in the ES. A specified LAG can be part of only one ES

The no form of this command removes the association of the Ethernet segment to LAG ports.

This command configures the multi-homing mode for the specified ethernet-segment as single-active or all-active multi-homing, as defined in RFC7432.

By default, the use of esi-label is enabled for all-active and single-active as defined in RFC7432 (for single-active multi-homing, the ESI label is used to avoid transient loops).

When single-active no-esi-label is specified, the system will not allocate an ESI label and hence advertise ESI label 0 to peers. Even if the ESI is configured to not send the ESI label, upon reception of an ESI label from a peer, the PE will always send traffic to that peer using the received ESI label.

The multi-homing command must be configured for the Ethernet segment to be enabled.

The no form of this command disables multi-homing on the Ethernet segment.

This command configures a port ID associated with the ES. If the ethernet-segment is configured as all-active, only a LAG can be associated to the ES. If the ethernet-segment is configured as single-active, a LAG or port can be associated to the ES. In any case, only one of the two objects can be configured in the ethernet-segment. A specified port can be part of only one ethernet-segment. Only Ethernet ports can be added to an ethernet-segment.

The no form of this command removes the Ethernet segment association to all ports.

This command enables the context to configure service-carving in the Ethernet segment. The service-carving algorithm determines the PE that is the Designated Forwarder (DF) in a specified ES and for a specific service.

This command enables the context to manually configure the service-carving algorithm; that is, configure the EVIs for which the PE is DF.

This command configures the EVI ranges for which the PE is DF.

Note: Multiple individual EVI values and ranges are allowed. The PE will be non-DF for the evi values not defined as primary.

The no form of this command removes the specified EVI range.

This command configures the service-carving mode. This determines how the DF is elected for a specified ES and service.

This command changes the administrative status of the ethernet-segment.

The user can only configure no shutdown when esi, multi-homing, and lag/port are configured. If the ES or the corresponding lag/port are shutdown, the ES route and the AD per-ES routes will be withdrawn. No changes are allowed when the ethernet-segment is no shutdown.

This command configures the route distinguisher (RD) that will be signaled in EVPN Type 4 routes (Ethernet segment routes).

The no form of this command reverts to the default value.

This command enables the context to configure the global redundancy parameters.

This command enables the context to configure the BGP-EVPN global timers.

When the PE boots up, the boot-timer allows the necessary time for the control plane protocols to come up before bringing up the Ethernet segments and running the DF algorithm.

The following considerations apply to the functionality:

The no form of this command reverts to the default value.

This command configures the global Ethernet segment activation timer. The es-activation-timer delays the activation of a specified Ethernet segment on a specified PE that has been elected as the DF (Designated Forwarder). Only when the es-activation-timer has expired, can the SAP/SDP-binding associated to an Ethernet segment be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).

The es-activation-timer configured at the Ethernet-segment level supersedes this global es-activation-timer.

The no form of this command reverts to the default value.

This command shows the remote EVPN-MPLS tunnel endpoints in the system.

This command displays the bgp-evpn configured parameters for a specified service, including the admin status of MPLS, the configuration for mac-advertisement and unknown-mac-route, as well as the mac-duplication parameters. The command shows the duplicate MAC addresses that mac-duplication has detected.

If the service is BGP-EVPN MPLS, the command also shows the parameters corresponding to EVPN-MPLS.

This command displays the existing EVPN-MPLS destinations for a specified service and all related information. The command allows filtering based on esi (for EVPN multi-homing) to display the EVPN-MPLS destinations associated to an Ethernet Segment Identifier (ESI).

This command displays, in a table, the existing proxy-ARP entries for a specified service. The table is populated by EVPN MAC routes that contain a MAC and an IP address, as well as static entries or dynamic entries from snooped ARP messages on access SAPs.

A 7210 SAS that receives an ARP request from a SAP performs a lookup in the proxy-ARP table for the service. If a match is found, the router replies to the ARP and does not allow ARP flooding in the VPLS service. If a match is not found, the ARP is flooded within the service if the configuration allows it.

The command allows for specific IP addresses to be displayed. Dynamic IP entries associated to a MAC list are displayed with the corresponding MAC list and resolve timers information.

This command displays, in a table, the existing proxy-ND entries for a specified service. The table is populated by the EVPN MAC routes containing a MAC and an IPv6 address, as well as static entries or dynamic entries from snooped NA messages on access SAPs.

A 7210 SAS that receives a Neighbor Solicitation (NS) from a SAP performs a lookup in the proxy-ND table for the service. If a match is found, the router replies to the NS and does not allow NS flooding in the VPLS service. If a match is not found, the NS is flooded in the service, if the configuration allows it.

This command allows specific IPv6 addresses to be displayed. Dynamic IPv6 entries associated to a MAC list are shown with the corresponding MAC list and resolve timer information.

This command enables the context to configure the system BGP EVPN show command.

This command shows system BGP EVPN information.

This command enables the context to display the global redundancy parameters.

This command displays information related to the EVPN global timers.

This command clears all entries in the proxy-ARP table if none of the optional parameters is specified. If the duplicate parameter is specified it clears all the duplicate entries in the proxy-ARP table. If the dynamic parameter is specified it clears all the dynamic entries in the proxy-ARP table.

This command clears all entries in the proxy-ND table if none of the optional parameters is specified. If the duplicate parameter is specified it clears all the duplicate entries in the hold-down state from the proxy-ND table. If the dynamic parameter is specified it clears all the dynamic entries in the hold-down state from the proxy-ND table.

This command configures tools to display service dump information.

This command provides information about the usage and limit of the system-wide proxy-ARP table for all the services. The command also shows if the limit has been exceeded and a trap raised.

This command provides information about the usage and limit of the system-wide proxy-ND table for all the services. The command also shows if the limit has been exceeded and a trap raised.