Blackhole MAC for EVPN loop detection

SR OS can combine a blackhole MAC address concept and the EVPN MAC duplication procedures to provide loop protection in EVPN networks. The feature is compliant with the MAC mobility and multihoming functionality in RFC 7432, and the Loop Protection section in draft-ietf-bess-rfc7432bis. The config>service>vpls>bgp-evpn>mac-duplication>black-hole-dup-mac command enables the feature.

If enabled, there are no apparent changes in the MAC duplication; however, if a duplicated MAC is detected (for example, M1), then the router performs the following:

While the MAC type value remains EvpnD:P, the following additional operational details apply.

The following example shows an EVPN-MPLS service where black-hole-dup-mac is enabled and MAC duplication programs the duplicate MAC as a blackhole.

19 2016/12/20 19:45:59.69 UTC MINOR: SVCMGR #2331 Base 
"VPLS Service 30 has MAC(s) detected as duplicates by EVPN mac-duplication 
detection."
*A:PE-5# configure service vpls 30 
*A:PE-5>config>service>vpls# info 
----------------------------------------------
            bgp
            exit
            bgp-evpn
                evi 30
                mac-duplication
                    detect num-moves 3 window 3
                    retry 6
                    black-hole-dup-mac
                exit
                mpls bgp 1
                    ingress-replication-bum-label
                    auto-bind-tunnel
                        resolution any
                    exit
                    no shutdown
                exit
            exit
            stp
                shutdown
            exit
            sap 1/1/1:30 create
                no shutdown
            exit
            spoke-sdp 56:30 leaf-ac create
                no shutdown
            exit
            no shutdown
----------------------------------------------
*A:PE-5# show service id 30 bgp-evpn 
===============================================================================
BGP EVPN Table
===============================================================================
MAC Advertisement  : Enabled            Unknown MAC Route  : Disabled
CFM MAC Advertise  : Disabled           
VXLAN Admin Status : Disabled           Creation Origin    : manual
MAC Dup Detn Moves : 3                  MAC Dup Detn Window: 3
MAC Dup Detn Retry : 6                  Number of Dup MACs : 1
MAC Dup Detn BH    : Enabled            
IP Route Advert    : Disabled           
 
EVI                : 30                 
Ing Rep Inc McastAd: Enabled            
Accept IVPLS Flush : Disabled           
Send EVPN Encap    : Enabled            
-------------------------------------------------------------------------------
Detected Duplicate MAC Addresses             Time Detected
-------------------------------------------------------------------------------
00:11:00:00:00:01                            12/20/2016 19:46:00
-------------------------------------------------------------------------------
<snip>
...
*A:PE-5# show service id 30 fdb detail 
===============================================================================
Forwarding Database, Service 30
===============================================================================
ServId    MAC               Source-Identifier        Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
30        00:11:00:00:00:01 black-hole               EvpnD:P  12/20/16 19:46:00
-------------------------------------------------------------------------------
No. of MAC Entries: 1
-------------------------------------------------------------------------------
Legend:  L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================

If the retry time expires, the MAC is flushed from the FDB and the process starts again. The clear service id 30 evpn mac-dup-detect {ieee-address | all} command clears the duplicate blackhole MAC address.

Note: The clear service id 30 fdb command clears learned MAC addresses; blackhole MAC addresses are not cleared.

Support for the black-hole-dup-mac command and the preceding associated loop detection procedures is as follows: