EVPN for MPLS tunnels in VPLS services (EVPN-MPLS)

EVPN can be used in MPLS networks where PEs are interconnected through any type of tunnel, including RSVP-TE, Segment-Routing TE, LDP, BGP, Segment Routing IS-IS, Segment Routing OSPF, RIB-API, MPLS-forwarding-policy, SR-Policy, or MPLSoUDP. As with VPRN services, tunnel selection for a VPLS service (with BGP-EVPN MPLS enabled) is based on the auto-bind-tunnel command. The BGP EVPN routes next-hops can be IPv4 or IPv6 addresses and can be resolved to a tunnel in the IPv4 tunnel-table or IPv6 tunnel-table.

EVPN-MPLS is modeled similar to EVPN-VXLAN, that is, using a VPLS service where EVPN-MPLS ‟bindings” can coexist with SAPs and SDP bindings. The following shows an example of a VPLS service with EVPN-MPLS.

*A:PE-1>config>service>vpls# info 
----------------------------------------------
  description "evpn-mpls-service"
  bgp 
  exit
  bgp-evpn
    evi 10
    mpls bgp 1
      no shutdown
      auto-bind-tunnel resolution any
  exit
  sap 1/1/1:1 create 
  exit
  spoke-sdp 1:1 create

First configure a bgp-evpn context where vxlan must be shutdown and mpls no shutdown. In addition to the mpls no shutdown command, the minimum set of commands to be configured to set up the EVPN-MPLS instance are the evi and the auto-bind-tunnel resolution commands. The relevant configuration options are the following.

evi {1..16777215} — This EVPN identifier is unique in the system and is used for the service-carving algorithm used for multihoming (if configured), and for auto-deriving the route target and route distinguishers (if lower than 65535) in the service. It can be used for EVPN-MPLS and EVPN-VXLAN services.

The following options are supported:

• If this EVPN identifier is not specified, the value is zero and no route distinguisher or route target is automatically derived from it.
• If the specified EVPN identifier is lower than 65535 and no other route distinguisher or route target is configured in the service, the following applies:
  • The route distinguisher is derived from <system_ip>:evi.
  • The route target is derived from <autonomous-system>:evi.
• If the specified EVPN identifier is higher than 65535 and no other route distinguisher or route target is configured in the service, the following applies:
  • The route distinguisher cannot be automatically derived. An error is generated if enabling EVPN is attempted without a route distinguisher. A manual or an auto-rd route distinguisher must be configured.
  • The route target can only be automatically derived if the evi-three-byte-auto-rtcommand is configured. If configured, the route target is automatically derived in accordance with the following rules described in RFC8365.
    • The route target is composed of ASN(2-octets):A/type/D-ID/EVI.
    • The ASN is a 2-octect value configured in the system. For AS numbers exceeding the 2-byte limit, the low order 16-bit value is used.
    • The A=0 value is used for auto-derivation.
    • The type=4 (EVI-based) is used.
    • The BGP instance is encoded using D-ID= [1..2]. This allows the automatic derivation of different RTs in multi-instance services. The value is inherited from the corresponding BGP instance.
    • EVI indicates the configured EVI in the service

For example, consider a service with the following characteristics:

• ASN=64500
• VPLS with two BGP instances, bgp 1 for VXLAN-instance 1 and bgp 2 for EVPN-MPLS
• EVI=100000

The automatically derived route targets for this service are:

• bgp 1 — 64500:1090619040 (ASN:0x410186A0)
• bgp 2 — 64500:1107396256 (ASN:0x420186A0)

If this EVPN identifier is not specified, the value is zero and no route distinguisher or route targets is automatically derived from it. If specified and no other route distinguisher/route target are configured in the service:, then the following applies:

• the route distinguisher is derived from: <system_ip>:evi

• the route target is derived from: <autonomous-system>:evi

When the evi is configured, a config>service>vpls>bgp node (even empty) is required to allow the user to see the correct information about the show service id 1 bgp and show service system bgp-route-distinguisher commands.

The configuration of an evi is enforced for EVPN services with SAPs/SDP bindings in an ethernet-segment. See EVPN multihoming in VPLS services for more information about ESs.

The following options are specific to EVPN-MPLS (and defined in bgp-evpn>mpls):

control-word

Enable or disable control-word to guarantee interoperability to other vendors; this command is required as per RFC 7432 to avoid frame disordering.

auto-bind-tunnel

Select which type of MPLS transport tunnel is used for a particular instance; this command is used in the same way as in VPRN services.

For BGP-EVPN MPLS, bgp must be explicitly added to the resolution-filter in EVPN (BGP is implicit in VPRNs).

force-vlan-vc-forwarding

This command allows the system to preserve the VLAN ID and pbits of the service-delimiting qtag in a new tag added in the customer frame before sending it to the EVPN core.

split-horizon-group

This command allows the association of a user-created split horizon group to all the EVPN-MPLS destinations. See EVPN and VPLS integration for more information.

ecmp

When this command is set to a value greater than 1, aliasing is activated to the remote PEs that are defined in the same all-active multihoming ES. See EVPN all-active multihoming for more information.

ingress-replication-bum-label

This command is only enabled when the user wants the PE to advertise a label for BUM traffic (Inclusive Multicast routes) that is different from the label advertised for unicast traffic (with the MAC/IP routes). This is useful to avoid potential transient packet duplication in all-active multihoming.

In addition to these options, the following bgp-evpn commands are also available for EVPN-MPLS services:

• [no] mac-advertisement

• mac-duplication and settings

When EVPN-MPLS is established among some PEs in the network, EVPN unicast and multicast 'bindings' are created on each PE to the remote EVPN destinations. A specified ingress PE creates:

• A unicast EVPN-MPLS destination binding to a remote egress PE as soon as a MAC/IP route is received from that egress PE.

• A multicast EVPN-MPLS destination binding to a remote egress PE, if and only if the egress PE advertises an Inclusive Multicast Ethernet Tag Route with a BUM label. That is only possible if the egress PE is configured with ingress-replication-bum-label.

Those bindings, as well as the MACs learned on them, can be checked through the following show commands. In the following example, the remote PE(192.0.2.69) is configured with no ingress-replication-bum-label and PE(192.0.2.70) is configured with ingress-replication-bum-label. Therefore, Dut has a single EVPN-MPLS destination binding to PE(192.0.2.69) and two bindings (unicast and multicast) to PE(192.0.2.70).

*A:Dut# show service id 1 evpn-mpls  

===============================================================================
BGP EVPN-MPLS Dest
===============================================================================
TEP Address     Egr Label     Num. MACs   Mcast           Last Change
                 Transport                                
-------------------------------------------------------------------------------
192.0.2.69      262118        1           Yes             06/11/2015 19:59:03
                ldp                                        
192.0.2.70      262139        0           Yes             06/11/2015 19:59:03
                ldp                                        
192.0.2.70      262140        1           No              06/11/2015 19:59:03
                ldp                                        
192.0.2.72      262140        0           Yes             06/11/2015 19:59:03
                ldp                                        
192.0.2.72      262141        1           No              06/11/2015 19:59:03
                ldp                                        
192.0.2.73      262139        0           Yes             06/11/2015 19:59:03
                ldp                                        
192.0.2.254     262142        0           Yes             06/11/2015 19:59:03
                bgp                                        
-------------------------------------------------------------------------------
Number of entries : 7
-------------------------------------------------------------------------------
===============================================================================

*A:Dut# show service id 1 fdb detail 

===============================================================================
Forwarding Database, Service 1
===============================================================================
ServId    MAC               Source-Identifier        Type     Last Change
                                                     Age      
-------------------------------------------------------------------------------
1         00:ca:fe:ca:fe:69 eMpls:                   EvpnS    06/11/15 21:53:48
                            192.0.2.69:262118
1         00:ca:fe:ca:fe:70 eMpls:                   EvpnS    06/11/15 19:59:57
                            192.0.2.70:262140
1         00:ca:fe:ca:fe:72 eMpls:                   EvpnS    06/11/15 19:59:57
                            192.0.2.72:262141
-------------------------------------------------------------------------------
No. of MAC Entries: 3
-------------------------------------------------------------------------------
Legend:  L=Learned O=Oam P=Protected-MAC C=Conditional S=Static
===============================================================================