This example shows EVPN and IPVPN services on Inter-AS option B scenarios.
The diagram shows two different Autonomous Systems (ASes) that are connected via border routers br4, br5 and br6, which are acting as Inter-AS model B ASBRs. This model allows the operator to extend EVPN and IP-VPN services across different MPLS or Segment Routing MPLS domains, without the need for instantiating services on the border routers. Egress PEs advertise EVPN/IP-VPN routes to the adjacent border routers, and the border routers carry out two functions:
- Import the routes and, if valid, redistribute the routes to the remote border routers or local PEs, using their own address as next hop and their own locally allocated service mpls labels.
- Program a label swap operation so that ingress traffic service label is looked up and packets forwarded with a new service label that was previously received from the PE in the local domain.
The following output shows the configuration of pe1's default network-instance. ISIS is used as IGP in each of the two domains. Transport tunnels are of type LDP and SR-ISIS. And BGP neighbor br4 is configured for the exchange of EVPN and IP-VPN routes.
--{ + candidate shared default }--[ network-instance default ]-- A:pe1# info type default interface ethernet-1/10.0 { } interface system0.0 { } protocols { bgp { admin-state enable autonomous-system 65001 router-id 100.0.0.1 bgp-label { bgp-ipvpn { next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } } ebgp-default-policy { import-reject-all false export-reject-all false } afi-safi evpn { admin-state enable evpn { keep-all-routes true rapid-update true } } afi-safi l3vpn-ipv4-unicast { admin-state enable l3vpn-ipv4-unicast { keep-all-routes true rapid-update true } } group overlay-ibgp { peer-as 65001 afi-safi evpn { } afi-safi l3vpn-ipv4-unicast { } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } neighbor 100.0.0.4 { peer-group overlay-ibgp } } ldp { admin-state enable dynamic-label-block range-1-ldp discovery { interfaces { interface ethernet-1/10.0 { ipv4 { admin-state enable } } } } } isis { dynamic-label-block range-3-srgb instance i14 { admin-state enable instance-id 1 level-capability L2 iid-tlv true net [ 49.0001.0000.0000.0001.00 ] trace-options { trace [ adjacencies interfaces packets-all ] } segment-routing { mpls { dynamic-adjacency-sids { all-interfaces true } } } interface ethernet-1/10.0 { circuit-type point-to-point ipv4-unicast { admin-state enable } } interface system0.0 { passive true ipv4-unicast { admin-state enable } } } } } segment-routing { mpls { global-block { label-range range-2-srgb } local-prefix-sid 1 { interface system0.0 ipv4-label-index 1 } } } --{ + candidate shared default }--[ network-instance default ]--
Similar configurations exist on the other PEs, with the exception that pe2 is configured as a route reflector on its own domain. The configuration of the default network-instance on pe2 follows.
--{ + candidate shared default }--[ network-instance default protocols bgp ]-- A:pe2# info admin-state enable autonomous-system 65023 router-id 100.0.0.2 bgp-label { bgp-ipvpn { next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } } ebgp-default-policy { import-reject-all false export-reject-all false } afi-safi evpn { admin-state enable evpn { keep-all-routes true rapid-update true } } afi-safi l3vpn-ipv4-unicast { admin-state enable l3vpn-ipv4-unicast { keep-all-routes true rapid-update true } } group overlay-ibgp { peer-as 65023 afi-safi evpn { } afi-safi l3vpn-ipv4-unicast { } route-reflector { client true cluster-id 2.2.2.2 } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } neighbor 100.0.0.3 { peer-group overlay-ibgp } neighbor 100.0.0.5 { peer-group overlay-ibgp } neighbor 100.0.0.6 { peer-group overlay-ibgp }
The border routers are configured in a similar way, only that the IGP is not enabled in their interfaces to other border routers. In addition, border routers configured for inter-as option B, need the following two things:
- The configuration of the label block that the border router, as ASBR, will use to draw EVPN/IP-VPN labels for the service label swap operation. This is configured using the command
protocols.bgp.bgp-label.bgp-vpn.dynamic-label-block <label-block>
. - The configuration of
inter-as-vpn true
command for EVPN and IP-VPN, which triggers the router to keep the received EVPN/IP-VPN routes (even without a network-instance that imports the routes) and redistribute them to the adjacent ASN with a next hop and label change.
As an example, br4's configuration of the default network instance follows:
--{ + candidate shared default }--[ network-instance default ]-- A:br4# info type default interface ethernet-1/10.0 { } interface ethernet-1/11.0 { } interface ethernet-1/12.0 { } interface system0.0 { } protocols { bgp { autonomous-system 65001 router-id 100.0.0.4 bgp-label { bgp-vpn { dynamic-label-block range-6-bgp-lu } bgp-ipvpn { next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } } ebgp-default-policy { import-reject-all false export-reject-all false } afi-safi evpn { admin-state enable evpn { inter-as-vpn true rapid-update true default-received-encapsulation mpls next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } } afi-safi l3vpn-ipv4-unicast { admin-state enable l3vpn-ipv4-unicast { inter-as-vpn true rapid-update true } } group overlay-ebgp { peer-as 65023 afi-safi evpn { } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } group overlay-ibgp { peer-as 65001 afi-safi evpn { } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } neighbor 10.4.5.2 { peer-group overlay-ebgp } neighbor 10.4.6.2 { peer-group overlay-ebgp } neighbor 100.0.0.1 { peer-group overlay-ibgp } } ldp { admin-state enable dynamic-label-block range-1-ldp discovery { interfaces { interface ethernet-1/10.0 { ipv4 { admin-state enable } } interface ethernet-1/11.0 { ipv4 { admin-state enable } } interface ethernet-1/12.0 { ipv4 { admin-state enable } } } } } isis { dynamic-label-block range-3-srgb instance i14 { admin-state enable instance-id 1 level-capability L2 iid-tlv true net [ 49.0001.0000.0000.0004.00 ] segment-routing { mpls { dynamic-adjacency-sids { all-interfaces true } } } interface ethernet-1/10.0 { circuit-type point-to-point ipv4-unicast { admin-state enable } } interface system0.0 { passive true ipv4-unicast { admin-state enable } } } } } segment-routing { mpls { global-block { label-range range-2-srgb } local-prefix-sid 1 { interface system0.0 ipv4-label-index 4 } } } --{ + candidate shared default }--[ network-instance default ]--
And br4's label allocation for transport and services is configured as follows:
--{ + candidate shared default }--[ system mpls ]-- A:br4# info label-ranges { static range-2-srgb { shared true start-label 100001 end-label 120000 } static range-5-static-services { shared false start-label 3000 end-label 4000 } dynamic range-1-ldp { start-label 100 end-label 200 } dynamic range-3-srgb { start-label 120001 end-label 120999 } dynamic range-4-evpn { start-label 500 end-label 699 } dynamic range-5-services { start-label 1000 end-label 2000 } dynamic range-6-bgp-lu { start-label 122001 end-label 122201 } } services { evpn { dynamic-label-block range-4-evpn } network-instance { dynamic-label-block range-5-services } }
Similar configurations exist in the other border routers. The configuration of br6 follows:
--{ + candidate shared default }--[ network-instance default ]-- A:br6# info type default interface ethernet-1/10.0 { } interface ethernet-1/11.0 { } interface ethernet-1/12.0 { } interface system0.0 { } protocols { bgp { autonomous-system 65023 router-id 100.0.0.6 bgp-label { bgp-vpn { dynamic-label-block range-6-bgp-lu } bgp-ipvpn { next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } } ebgp-default-policy { import-reject-all false export-reject-all false } afi-safi evpn { admin-state enable evpn { inter-as-vpn true rapid-update true default-received-encapsulation mpls next-hop-resolution { ipv4-next-hops { tunnel-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } } afi-safi l3vpn-ipv4-unicast { admin-state enable l3vpn-ipv4-unicast { inter-as-vpn true rapid-update true } } group overlay-ebgp { peer-as 65001 afi-safi evpn { } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } group overlay-ibgp { peer-as 65023 afi-safi evpn { } timers { connect-retry 1 minimum-advertisement-interval 1 } trace-options { flag update { modifier detail } } } neighbor 10.4.6.1 { peer-group overlay-ebgp } neighbor 100.0.0.2 { peer-group overlay-ibgp } } ldp { admin-state enable dynamic-label-block range-1-ldp discovery { interfaces { interface ethernet-1/10.0 { ipv4 { admin-state enable } } interface ethernet-1/11.0 { ipv4 { admin-state enable } } interface ethernet-1/12.0 { ipv4 { admin-state enable } } } } } isis { dynamic-label-block range-3-srgb instance i2356 { admin-state enable instance-id 3 level-capability L2 max-ecmp-paths 64 iid-tlv true net [ 49.0003.0000.0000.0006.00 ] segment-routing { mpls { dynamic-adjacency-sids { all-interfaces true } } } interface ethernet-1/11.0 { circuit-type point-to-point ipv4-unicast { admin-state enable } } interface ethernet-1/12.0 { circuit-type point-to-point ipv4-unicast { admin-state enable } } interface system0.0 { passive true ipv4-unicast { admin-state enable } } } } } segment-routing { mpls { global-block { label-range range-2-srgb } local-prefix-sid 1 { interface system0.0 ipv4-label-index 6 } } } --{ + candidate shared default }--[ network-instance default ]--
Once the default network-instance is configured on all the routers, reachability and the setup of tunnels can be checked as follows:
// route-table and tunnel-table in pe1
A:pe1# show route-table
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 unicast route table of network instance default
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+------------------------------------+-------+------------+----------------------+----------+----------+---------+------------+----------------------+----------------------+----------------------+---------------------------------------------+
| Prefix | ID | Route Type | Route Owner | Active | Origin | Metric | Pref | Next-hop (Type) | Next-hop Interface | Backup Next-hop | Backup Next-hop Interface |
| | | | | | Network | | | | | (Type) | |
| | | | | | Instance | | | | | | |
+====================================+=======+============+======================+==========+==========+=========+============+======================+======================+======================+=============================================+
| 10.1.4.0/30 | 4 | local | net_inst_mgr | True | default | 0 | 0 | 10.1.4.1 (direct) | ethernet-1/10.0 | | |
| 10.1.4.1/32 | 4 | host | net_inst_mgr | True | default | 0 | 0 | None (extract) | None | | |
| 10.1.4.3/32 | 4 | host | net_inst_mgr | True | default | 0 | 0 | None (broadcast) | | | |
| 100.0.0.1/32 | 6 | host | net_inst_mgr | True | default | 0 | 0 | None (extract) | None | | |
| 100.0.0.4/32 | 1 | isis | isis_mgr | True | default | 10 | 18 | 10.1.4.2 (direct) | ethernet-1/10.0 | | |
+------------------------------------+-------+------------+----------------------+----------+----------+---------+------------+----------------------+----------------------+----------------------+---------------------------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 routes total : 5
IPv4 prefixes with active routes : 5
IPv4 prefixes with active ECMP routes: 0
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ + candidate shared default }--[ network-instance default ]--
A:pe1# show tunnel-table
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 tunnel table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+---------------------------------------------+--------+----------------+----------+-----+----------+---------+--------------------------+---------------------------+---------------------------+
| IPv4 Prefix | Encaps | Tunnel Type | Tunnel | FIB | Metric | Prefere | Last Update | Next-hop (Type) | Next-hop |
| | Type | | ID | | | nce | | | |
+=============================================+========+================+==========+=====+==========+=========+==========================+===========================+===========================+
| 10.1.4.2/32 | mpls | sr-isis | 120001 | Y | 0 | 11 | 2024-06-21T10:39:09.687Z | 10.1.4.2 (mpls) | ethernet-1/10.0 |
| 100.0.0.4/32 | mpls | ldp | 65537 | Y | 10 | 9 | 2024-06-21T10:39:15.491Z | 10.1.4.2 (mpls) | ethernet-1/10.0 |
| 100.0.0.4/32 | mpls | sr-isis | 100005 | Y | 10 | 11 | 2024-06-21T10:39:15.097Z | 10.1.4.2 (mpls) | ethernet-1/10.0 |
+---------------------------------------------+--------+----------------+----------+-----+----------+---------+--------------------------+---------------------------+---------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2 SR-ISIS tunnels, 2 active, 0 inactive
1 LDP tunnels, 1 active, 0 inactive
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv6 tunnel table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<no_entries>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ + candidate shared default }--[ network-instance default ]--
// route-table and tunnel-table in pe2
--{ + candidate shared default }--[ network-instance default ]--
A:pe2# show route-table
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 unicast route table of network instance default
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+---------------------------------------+-------+------------+----------------------+----------+----------+---------+------------+------------------------+------------------------+------------------------+------------------------------------------------+
| Prefix | ID | Route Type | Route Owner | Active | Origin | Metric | Pref | Next-hop (Type) | Next-hop Interface | Backup Next-hop (Type) | Backup Next-hop Interface |
| | | | | | Network | | | | | | |
| | | | | | Instance | | | | | | |
+=======================================+=======+============+======================+==========+==========+=========+============+========================+========================+========================+================================================+
| 10.2.3.0/30 | 5 | local | net_inst_mgr | True | default | 0 | 0 | 10.2.3.1 (direct) | ethernet-1/11.0 | | |
| 10.2.3.1/32 | 5 | host | net_inst_mgr | True | default | 0 | 0 | None (extract) | None | | |
| 10.2.3.3/32 | 5 | host | net_inst_mgr | True | default | 0 | 0 | None (broadcast) | | | |
| 10.2.5.0/30 | 4 | local | net_inst_mgr | True | default | 0 | 0 | 10.2.5.1 (direct) | ethernet-1/10.0 | | |
| 10.2.5.1/32 | 4 | host | net_inst_mgr | True | default | 0 | 0 | None (extract) | None | | |
| 10.2.5.3/32 | 4 | host | net_inst_mgr | True | default | 0 | 0 | None (broadcast) | | | |
| 10.3.6.0/30 | 3 | isis | isis_mgr | True | default | 20 | 18 | 10.2.3.2 (direct) | ethernet-1/11.0 | | |
| 10.5.6.0/30 | 3 | isis | isis_mgr | True | default | 20 | 18 | 10.2.5.2 (direct) | ethernet-1/10.0 | | |
| 100.0.0.2/32 | 7 | host | net_inst_mgr | True | default | 0 | 0 | None (extract) | None | | |
| 100.0.0.3/32 | 3 | isis | isis_mgr | True | default | 10 | 18 | 10.2.3.2 (direct) | ethernet-1/11.0 | | |
| 100.0.0.5/32 | 3 | isis | isis_mgr | True | default | 10 | 18 | 10.2.5.2 (direct) | ethernet-1/10.0 | | |
| 100.0.0.6/32 | 3 | isis | isis_mgr | True | default | 20 | 18 | 10.2.3.2 (direct) | ethernet-1/11.0 | | |
| | | | | | | | | 10.2.5.2 (direct) | ethernet-1/10.0 | | |
+---------------------------------------+-------+------------+----------------------+----------+----------+---------+------------+------------------------+------------------------+------------------------+------------------------------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 routes total : 12
IPv4 prefixes with active routes : 12
IPv4 prefixes with active ECMP routes: 1
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ + candidate shared default }--[ network-instance default ]--
A:pe2# show tunnel-table
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 tunnel table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+------------------------------------------------+--------+----------------+----------+-----+----------+---------+--------------------------+-----------------------------+-----------------------------+
| IPv4 Prefix | Encaps | Tunnel Type | Tunnel | FIB | Metric | Prefere | Last Update | Next-hop (Type) | Next-hop |
| | Type | | ID | | | nce | | | |
+================================================+========+================+==========+=====+==========+=========+==========================+=============================+=============================+
| 10.2.3.2/32 | mpls | sr-isis | 120001 | Y | 0 | 11 | 2024-06-21T10:39:09.125Z | 10.2.3.2 (mpls) | ethernet-1/11.0 |
| 10.2.5.2/32 | mpls | sr-isis | 120002 | Y | 0 | 11 | 2024-06-21T10:39:09.895Z | 10.2.5.2 (mpls) | ethernet-1/10.0 |
| 100.0.0.3/32 | mpls | ldp | 65537 | Y | 10 | 9 | 2024-06-21T10:39:11.546Z | 10.2.3.2 (mpls) | ethernet-1/11.0 |
| 100.0.0.3/32 | mpls | sr-isis | 100004 | Y | 10 | 11 | 2024-06-21T10:39:10.769Z | 10.2.3.2 (mpls) | ethernet-1/11.0 |
| 100.0.0.5/32 | mpls | ldp | 65538 | Y | 10 | 9 | 2024-06-21T10:39:11.977Z | 10.2.5.2 (mpls) | ethernet-1/10.0 |
| 100.0.0.5/32 | mpls | sr-isis | 100006 | Y | 10 | 11 | 2024-06-21T10:39:10.769Z | 10.2.5.2 (mpls) | ethernet-1/10.0 |
| 100.0.0.6/32 | mpls | ldp | 65539 | Y | 20 | 9 | 2024-06-21T10:39:13.315Z | 10.2.3.2 (mpls) | ethernet-1/11.0 |
| 100.0.0.6/32 | mpls | sr-isis | 100007 | Y | 20 | 11 | 2024-06-21T10:39:10.769Z | 10.2.3.2 (mpls) | ethernet-1/11.0 |
| | | | | | | | | 10.2.5.2 (mpls) | ethernet-1/10.0 |
+------------------------------------------------+--------+----------------+----------+-----+----------+---------+--------------------------+-----------------------------+-----------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5 SR-ISIS tunnels, 5 active, 0 inactive
3 LDP tunnels, 3 active, 0 inactive
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv6 tunnel table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
<no_entries>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ + candidate shared default }--[ network-instance default ]--
A:pe2#
In addition, the following outputs show that the BGP sessions for EVPN and IP-VPN families are established.
// BGP neighbors on pe1
--{ + candidate shared default }--[ network-instance default ]--
A:pe1# show protocols bgp neighbor
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BGP neighbor summary for network-instance "default"
Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+--------------------------+--------------------------------------+--------------------------+---------+--------------+---------------------+---------------------+------------------+--------------------------------------+
| Net-Inst | Peer | Group | Flags | Peer-AS | State | Uptime | AFI/SAFI | [Rx/Active/Tx] |
+==========================+======================================+==========================+=========+==============+=====================+=====================+==================+======================================+
| default | 100.0.0.4 | overlay-ibgp | S | 65001 | established | 0d:0h:41m:35s | evpn | [16/12/3] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
+--------------------------+--------------------------------------+--------------------------+---------+--------------+---------------------+---------------------+------------------+--------------------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Summary:
1 configured neighbors, 1 configured sessions are established, 0 disabled peers
0 dynamic peers
--{ + candidate shared default }--[ network-instance default ]--
// bgp neighbors on pe2
--{ + candidate shared default }--[ network-instance default ]--
A:pe2# show protocols bgp neighbor
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BGP neighbor summary for network-instance "default"
Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+---------------------------+----------------------------------------+---------------------------+---------+--------------+----------------------+----------------------+-------------------+----------------------------------------+
| Net-Inst | Peer | Group | Flags | Peer-AS | State | Uptime | AFI/SAFI | [Rx/Active/Tx] |
+===========================+========================================+===========================+=========+==============+======================+======================+===================+========================================+
| default | 100.0.0.3 | overlay-ibgp | S | 65023 | established | 0d:0h:46m:29s | evpn | [8/8/11] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
| default | 100.0.0.5 | overlay-ibgp | S | 65023 | established | 0d:0h:40m:27s | evpn | [3/3/16] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
| default | 100.0.0.6 | overlay-ibgp | S | 65023 | established | 0d:0h:40m:47s | evpn | [3/0/19] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
+---------------------------+----------------------------------------+---------------------------+---------+--------------+----------------------+----------------------+-------------------+----------------------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Summary:
3 configured neighbors, 3 configured sessions are established, 0 disabled peers
0 dynamic peers
--{ + candidate shared default }--[ network-instance default ]--
// bgp neighbors on br4
--{ + candidate shared default }--[ network-instance default ]--
A:br4# show protocols bgp neighbor
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BGP neighbor summary for network-instance "default"
Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+-----------------------+---------------------------------+-----------------------+--------+------------+------------------+------------------+----------------+---------------------------------+
| Net-Inst | Peer | Group | Flags | Peer-AS | State | Uptime | AFI/SAFI | [Rx/Active/Tx] |
+=======================+=================================+=======================+========+============+==================+==================+================+=================================+
| default | 10.4.5.2 | overlay-ebgp | S | 65023 | established | 0d:0h:40m:29s | evpn | [16/0/3] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
| default | 10.4.6.2 | overlay-ebgp | S | 65023 | established | 0d:0h:40m:49s | evpn | [16/0/19] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
| default | 100.0.0.1 | overlay-ibgp | S | 65001 | established | 0d:0h:41m:43s | evpn | [3/0/16] |
| | | | | | | | l3vpn- | [0/0/0] |
| | | | | | | | ipv4-unicast | |
+-----------------------+---------------------------------+-----------------------+--------+------------+------------------+------------------+----------------+---------------------------------+
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Summary:
3 configured neighbors, 3 configured sessions are established, 0 disabled peers
0 dynamic peers
--{ + candidate shared default }--[ network-instance default ]--
After the IGP, tunnels and BGP sessions are properly configured and operating, services are configured on the PE routers. In this example we have VPWS, MAC-VRF and IP-VRF services across the two domains. The first service we are looking at is VPWS. This is the configuration on pe1 and pe2 (same configuration on pe3):
// config on pe1 --{ candidate shared default }--[ network-instance VPWS-1 ]-- A:pe1# info type vpws interface ethernet-1/1.1 { connection-point A } protocols { bgp-evpn { bgp-instance 1 { encapsulation-type mpls evi 1 ecmp 8 vpws-attachment-circuits { local { local-attachment-circuit ac1 { ethernet-tag 1 connection-point B } } remote { remote-attachment-circuit ac23 { ethernet-tag 23 connection-point B } } } mpls { next-hop-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } bgp-vpn { bgp-instance 1 { route-target { export-rt target:65000:1 import-rt target:65000:1 } } } } connection-point A { } connection-point B { } // config on pe2 --{ candidate shared default }--[ network-instance VPWS-1 ]-- A:pe2# info type vpws interface ethernet-1/3.1 { connection-point A } protocols { bgp-evpn { bgp-instance 1 { encapsulation-type mpls evi 1 vpws-attachment-circuits { local { local-attachment-circuit ac23 { ethernet-tag 23 connection-point B } } remote { remote-attachment-circuit ac1 { ethernet-tag 1 connection-point B } } } mpls { next-hop-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } bgp-vpn { bgp-instance 1 { route-target { export-rt target:65000:1 import-rt target:65000:1 } } } } connection-point A { } connection-point B { } // Ethernet Segment config on pe2/pe3 --{ candidate shared default }--[ system network-instance protocols evpn ethernet-segments bgp-instance 1 ethernet-segment ES231 ]-- A:pe2# info admin-state enable esi 01:23:01:00:00:00:00:00:00:00 multi-homing-mode single-active interface ethernet-1/3 { } df-election { interface-standby-signaling-on-non-df { } algorithm { type preference preference-alg { preference-value 2 } } }
With the configuration above, the EVPN ES destination can be checked on pe1, and the received AD per EVI routes.
--{ * candidate shared default }--[ network-instance VPWS-1 protocols bgp-evpn bgp-instance 1 vpws-attachment-circuits remote ]--
A:pe1# info from state remote-attachment-circuit * destinations mpls es-destination *
remote-attachment-circuit ac23 {
destinations {
mpls {
es-destination 01:23:01:00:00:00:00:00:00:00 {
destination-index 254026092128
destination 100.0.0.4 evi-label 122077 tunnel-id 254026092080 {
}
}
}
}
}
The destination is established to br4 since br4 is changing the next hop of the received AD routes:
--{ * candidate shared default }--[ ]--
A:pe1# show network-instance default protocols bgp routes evpn route-type 1 summary
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Show report for the BGP route table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Status codes: u=used, *=valid, >=best, x=stale
Origin codes: i=IGP, e=EGP, ?=incomplete
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BGP Router ID: 100.0.0.1 AS: 65001 Local AS: 65001
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Type 1 Ethernet Auto-Discovery Routes
+--------+-----------------------------------+--------------------------------+------------+-----------------------------------+-----------------------------------+-----------------------------------+
| Status | Route-distinguisher | ESI | Tag-ID | neighbor | Next-hop | Label |
+========+===================================+================================+============+===================================+===================================+===================================+
| u*> | 100.0.0.2:1 | 01:23:01:00:00:00:00:00:00:00 | 23 | 100.0.0.4 | 100.0.0.4 | 122080 | <-- AD per EVI route from pe2
| u*> | 100.0.0.2:1 | 01:23:01:00:00:00:00:00:00:00 | 4294967295 | 100.0.0.4 | 100.0.0.4 | - | with NHop br4
| u*> | 100.0.0.2:2 | 01:23:02:00:00:00:00:00:00:00 | 0 | 100.0.0.4 | 100.0.0.4 | 122082 |
| u*> | 100.0.0.2:2 | 01:23:02:00:00:00:00:00:00:00 | 4294967295 | 100.0.0.4 | 100.0.0.4 | - |
| u*> | 100.0.0.3:1 | 01:23:01:00:00:00:00:00:00:00 | 23 | 100.0.0.4 | 100.0.0.4 | 122077 |
| u*> | 100.0.0.3:1 | 01:23:01:00:00:00:00:00:00:00 | 4294967295 | 100.0.0.4 | 100.0.0.4 | - |
| u*> | 100.0.0.3:2 | 01:23:02:00:00:00:00:00:00:00 | 0 | 100.0.0.4 | 100.0.0.4 | 122081 |
| u*> | 100.0.0.3:2 | 01:23:02:00:00:00:00:00:00:00 | 4294967295 | 100.0.0.4 | 100.0.0.4 | - |
+--------+-----------------------------------+--------------------------------+------------+-----------------------------------+-----------------------------------+-----------------------------------+
8 Ethernet Auto-Discovery routes 8 used, 8 valid
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ * candidate shared default }--[ ]--
And the label that is received from br4 for the vpws service with tag 23, i.e. label 122080, is associated to a SWAP opration on br4:
--{ candidate shared default }--[ ]--
A:br4# show network-instance default route-table mpls
+---------+-----------+-------------+-----------------+------------------------+----------------------+------------------+
| Label | Operation | Type | Next Net-Inst | Next-hop IP (Type) | Next-hop | Next-hop MPLS |
| | | | | | Subinterface | labels |
+=========+===========+=============+=================+========================+======================+==================+
| 100 | POP | ldp | default | | | |
| 100002 | SWAP | sr-mpls | N/A | 10.1.4.1 (mpls) | ethernet-1/10.0 | 100002 |
| 100005 | POP | sr-mpls | default | | | |
| 120001 | SWAP | sr-mpls | N/A | 10.1.4.1 (mpls) | ethernet-1/10.0 | IMPLICIT_NULL |
| 122074 | SWAP | bgp | N/A | 100.0.0.1 (indirect) | | 1001 |
| 122075 | SWAP | bgp | N/A | 100.0.0.1 (indirect) | | 1002 |
| 122076 | SWAP | bgp | N/A | 100.0.0.1 (indirect) | | 1003 |
| 122077 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122045 |
| 122078 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122048 |
| 122079 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122052 |
| 122080 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122053 |
| 122081 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122046 |
| 122082 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122054 |
| 122084 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122055 |
| 122087 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122060 |
| 122088 | SWAP | bgp | N/A | 100.0.0.1 (indirect) | | 1004 |
+---------+-----------+-------------+-----------------+------------------------+----------------------+------------------+
--{ candidate shared default }--[ ]--
A:br4# show network-instance default route-table mpls | grep 122080
| 122080 | SWAP | bgp | N/A | 10.4.5.2 (indirect) | | 122053 |
--{ candidate shared default }--[ ]--
EVPN Layer 2 Broadcast Domains can also be stretched across different ASNs. Similar to VPWS, the MAC-VRFs with EVPN are configured on the pe nodes, and the br nodes are do not need to be touched when a new service needs to be attached to pe nodes in different domains. On pe1, all the multicast and unicast destinations are created to br4 as expected, but with different service labels:
--{ * candidate shared default }--[ network-instance MAC-VRF-2 ]-- A:pe1# info type mac-vrf interface ethernet-1/2.1 { } protocols { bgp-evpn { bgp-instance 1 { encapsulation-type mpls evi 2 ecmp 8 mpls { bridge-table { } next-hop-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } bgp-vpn { bgp-instance 1 { route-target { export-rt target:65000:2 import-rt target:65000:2 } } } }
--{ * candidate shared default }--[ network-instance MAC-VRF-2 ]--
A:pe1# info from state protocols bgp-evpn bgp-instance 1 mpls bridge-table
ingress-multicast-mpls-label 1001
ingress-unicast-mpls-label 1000
multicast-destinations {
multicast-limit {
maximum-entries 1024
current-usage 2
}
destination 100.0.0.4 evi-label 122078 tunnel-id 254026092080 {
multicast-forwarding BUM
destination-index 254026092138
}
destination 100.0.0.4 evi-label 122079 tunnel-id 254026092080 {
multicast-forwarding BUM
destination-index 254026092139
}
}
Finally to illustrate that Inter-AS model B is also supported with EVPN-IFL and IPVPN, we configure IP-VRF-3 in pe1, pe2 and pe3. Node pe2 is configured for EVPN IFL:
--{ candidate shared default }--[ network-instance IP-VRF-3 ]-- A:pe2# info type ip-vrf interface ethernet-1/1.1 { } protocols { bgp-evpn { bgp-instance 1 { encapsulation-type mpls evi 3 ecmp 10 mpls { next-hop-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } bgp-vpn { bgp-instance 1 { route-target { export-rt target:65000:3 import-rt target:65000:3 } } } }
Node pe3 belongs to the same customer but it is configured for IPVPN:
--{ + candidate shared default }--[ network-instance IP-VRF-3 ]-- A:pe3# info type ip-vrf interface ethernet-1/3.1 { } protocols { bgp-ipvpn { bgp-instance 2 { ecmp 10 mpls { next-hop-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } bgp-vpn { bgp-instance 2 { route-distinguisher { rd 100.0.0.3:3 } route-target { export-rt target:65000:3 import-rt target:65000:3 } } } }
And node pe1 uses multi-instance EVPN/IPVPN:
--{ * candidate shared default }--[ network-instance IP-VRF-3 ]-- A:pe1# info type ip-vrf interface ethernet-1/3.1 { } protocols { bgp-evpn { bgp-instance 1 { encapsulation-type mpls evi 3 ecmp 10 mpls { next-hop-resolution { allowed-tunnel-types [ bgp ldp sr-isis ] } } } } bgp-ipvpn { bgp-instance 2 { ecmp 10 mpls { next-hop-resolution { allowed-tunnel-types [ ldp sr-isis ] } } } } bgp-vpn { bgp-instance 1 { route-target { export-rt target:65000:3 import-rt target:65000:3 } } bgp-instance 2 { route-distinguisher { rd 100.0.0.11:3 } route-target { export-rt target:65000:3 import-rt target:65000:3 } } } }
With this configuration Client13 can communicate with Client21 and Client31 via EVPN IFL and IPVPN, respectively, however, Client21 cannot communicate with Client31. This is because, even though Client21 EVPN IFL routes are programmed in pe1 route-table and redistributed into IPVPN, the AS-PATH is maintained during the redistribution and when the route gets to an ASBR connected to the ASN of origin, an AS-loop will be detected.
--{ * candidate shared default }--[ network-instance IP-VRF-3 ]--
A:pe1# show route-table
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 unicast route table of network instance IP-VRF-3
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+----------------------------+-------+------------+----------------------+----------+----------+---------+------------+-----------------+-----------------+-----------------+--------------------------+
| Prefix | ID | Route Type | Route Owner | Active | Origin | Metric | Pref | Next-hop (Type) | Next-hop | Backup Next-hop | Backup Next-hop |
| | | | | | Network | | | | Interface | (Type) | Interface |
| | | | | | Instance | | | | | | |
+============================+=======+============+======================+==========+==========+=========+============+=================+=================+=================+==========================+
| 10.10.10.0/24 | 3 | local | net_inst_mgr | True | IP-VRF-3 | 0 | 0 | 10.10.10.254 | ethernet-1/3.1 | | |
| | | | | | | | | (direct) | | | |
| 10.10.10.254/32 | 3 | host | net_inst_mgr | True | IP-VRF-3 | 0 | 0 | None (extract) | None | | |
| 10.10.10.255/32 | 3 | host | net_inst_mgr | True | IP-VRF-3 | 0 | 0 | None | | | |
| | | | | | | | | (broadcast) | | | |
| 20.20.20.0/24 | 0 | bgp-evpn | bgp_evpn_mgr | True | IP-VRF-3 | 10 | 170 | 100.0.0.4/32 | | | |<-- route from client21 (evpn IFL)
| | | | | | | | | (indirect/ldp) | | | |
| 30.30.30.0/24 | 0 | bgp-ipvpn | bgp_ipvpn_mgr | True | IP-VRF-3 | 10 | 170 | 100.0.0.4/32 | | | |<-- route from client31 (ipvpn)
| | | | | | | | | (indirect/ldp) | | | |
+----------------------------+-------+------------+----------------------+----------+----------+---------+------------+-----------------+-----------------+-----------------+--------------------------+
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IPv4 routes total : 5
IPv4 prefixes with active routes : 5
IPv4 prefixes with active ECMP routes: 0
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--{ * candidate shared default }--[ network-instance IP-VRF-3 ]--
# route 20.20.20.0/24 is detected as invalid due to the AS-loop
--{ candidate shared default }--[ network-instance default ]--
A:br5# info from state bgp-rib afi-safi l3vpn-ipv4-unicast l3vpn-ipv4-unicast rib-in-out rib-in-post
route 100.0.0.3:3 prefix 30.30.30.0/24 neighbor 100.0.0.2 path-id 0 {
last-modified "2024-06-21T17:57:33.300Z (10 minutes ago)"
used-route false
valid-route true
best-route true
stale-route false
pending-delete false
neighbor-as 65023
group-best true
tie-break-reason none
attr-id 305
received-mpls-label [
1004
]
}
route 100.0.0.11:3 prefix 10.10.10.0/24 neighbor 10.4.5.1 path-id 0 {
last-modified "2024-06-21T17:59:30.100Z (8 minutes ago)"
used-route false
valid-route true
best-route true
stale-route false
pending-delete false
neighbor-as 65001
group-best true
tie-break-reason none
attr-id 308
received-mpls-label [
122088
]
}
route 100.0.0.11:3 prefix 20.20.20.0/24 neighbor 10.4.5.1 path-id 0 {
last-modified "2024-06-21T17:59:30.100Z (8 minutes ago)"
used-route false
valid-route false
best-route false
stale-route false
pending-delete false
neighbor-as 65001
group-best false
tie-break-reason none
attr-id 307
received-mpls-label [
122088
]
invalid-reason {
rejected-route false
as-loop true <---- AS loop!
next-hop-unresolved false
cluster-loop false
label-allocation-failed false
fib-programming-failed false
}
}
Note that the next hop of the EVPN IFL and IPVPN routes is br4, as expected.