SR OS can combine a blackhole MAC address concept and the EVPN MAC duplication procedures to provide loop protection in EVPN networks. The feature is compliant with the MAC mobility and multihoming functionality in RFC 7432, and the Loop Protection section in draft-ietf-bess-rfc7432bis. The config>service>vpls>bgp-evpn>mac-duplication>black-hole-dup-mac command enables the feature.
If enabled, there are no apparent changes in the MAC duplication; however, if a duplicated MAC is detected (for example, M1), then the router performs the following:
adds M1 to the duplicate MAC list
programs M1 in the FDB as a ‟Protected” MAC associated with a blackhole endpoint (where ‟type” is set to EvpnD:P and Source-Identifier is black-hole)
While the MAC type value remains EvpnD:P, the following additional operational details apply.
Incoming frames with MAC DA = M1 are discarded by the ingress IOM, regardless of the ingress endpoint type (SAP, SDP, or EVPN), based on an FDB MAC lookup.
Incoming frames with MAC SA = M1 are discarded by the ingress IOM or cause the router to bring down the SAP or SDP binding, depending on the restrict-protected-src setting on the SAP, SDP, or EVPN endpoint.
The following example shows an EVPN-MPLS service where black-hole-dup-mac is enabled and MAC duplication programs the duplicate MAC as a blackhole.
19 2016/12/20 19:45:59.69 UTC MINOR: SVCMGR #2331 Base
"VPLS Service 30 has MAC(s) detected as duplicates by EVPN mac-duplication
detection."
*A:PE-5# configure service vpls 30
*A:PE-5>config>service>vpls# info
----------------------------------------------
bgp
exit
bgp-evpn
evi 30
mac-duplication
detect num-moves 3 window 3
retry 6
black-hole-dup-mac
exit
mpls bgp 1
ingress-replication-bum-label
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
stp
shutdown
exit
sap 1/1/1:30 create
no shutdown
exit
spoke-sdp 56:30 leaf-ac create
no shutdown
exit
no shutdown
----------------------------------------------
*A:PE-5# show service id 30 bgp-evpn
===============================================================================
BGP EVPN Table
===============================================================================
MAC Advertisement : Enabled Unknown MAC Route : Disabled
CFM MAC Advertise : Disabled
VXLAN Admin Status : Disabled Creation Origin : manual
MAC Dup Detn Moves : 3 MAC Dup Detn Window: 3
MAC Dup Detn Retry : 6 Number of Dup MACs : 1
MAC Dup Detn BH : Enabled
IP Route Advert : Disabled
EVI : 30
Ing Rep Inc McastAd: Enabled
Accept IVPLS Flush : Disabled
Send EVPN Encap : Enabled
-------------------------------------------------------------------------------
Detected Duplicate MAC Addresses Time Detected
-------------------------------------------------------------------------------
00:11:00:00:00:01 12/20/2016 19:46:00
-------------------------------------------------------------------------------
<snip>
...
*A:PE-5# show service id 30 fdb detail
===============================================================================
Forwarding Database, Service 30
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
30 00:11:00:00:00:01 black-hole EvpnD:P 12/20/16 19:46:00
-------------------------------------------------------------------------------
No. of MAC Entries: 1
-------------------------------------------------------------------------------
Legend: L=Learned O=Oam P=Protected-MAC C=Conditional S=Static Lf=Leaf
===============================================================================
If the retry time expires, the MAC is flushed from the FDB and the process starts again. The clear service id 30 evpn mac-dup-detect {ieee-address | all} command clears the duplicate blackhole MAC address.
Support for the black-hole-dup-mac command and the preceding associated loop detection procedures is as follows:
not supported on B-VPLS, I-VPLS, or M-VPLS services
fully supported on EVPN-VXLAN and EVPN-MPLS VPLS services (including EVPN E-Tree)
fully supported with EVPN MAC mobility and EVPN-MPLS multihoming