BGP-EVPN Configuration on NCS 5500 part-1

11 minutes read

Topic: Configure BGP-EVPN Control-Plane & Segment Routing based MPLS Forwarding-Plane

Introduction to BGP-EVPN

EVPN is the next generation L2VPN technology, it provides layer-2 as well as layer-3 VPN services in a scalable and simplified manner. The evolution of EVPN started due to the need of a scalable solution to bridge various layer-2 domains and overcome the limitations faced by VPLS such as scalability, multi-homing and per-flow load balancing.

EVPN uses MAC addresses as routable addresses and distribute them to all participating PEs via MP-BGP EVPN control-plane. EVPN is used for E-LAN, E-LINE, E-TREE services and provides data-plane and control-plane separation. This allows the use of different encapsulation mechanisms in data plane while maintaining the same control-plane. In addition, EVPN offers many advantages over existing technologies, including more efficient load-balancing of VPN traffic. Some of the prominent advantages are:

  • Multi-homing and redundancy
  • Per flow-based load balancing
  • Scalability
  • Provisioning simplicity
  • Reduced operational complexity

In this and next few posts we will cover BGP-EVPN configuration, implementation and verification on NCS 5500 Platform using IOS-XR. The goal of this tutorial is to provide familiarity to BGP-EVPN from configuration perspective and cover the following use cases.

BGP-EVPN Key Route Types for Reference

The EVPN network layer reachability information (NLRI) provides different route types. Following is the summary of the route types and their usage.

Route TypeUsage
0x1 Ethernet Auto-Discovery (A-D) RouteMAC Mass-Withdraw, Aliasing (load balancing)
0x2 MAC Advertisement RouteAdvertises Host MAC and IP address
0x3 Inclusive Multicast RouteIndicates interest of BUM traffic for attached L2 segments
0x4 Ethernet Segment RouteAuto discovery of Multi-homed Ethernet Segments and Designated Forwarder (DF) Election
0x5 IP Prefix RouteAdvertises IP prefix for a subnet via EVPN address family

Note: We are using Spine Leaf Fabric example in the configuration but essentially a Leaf is a PE and Spine is a P router as we are implementing MPLS forwarding plane with BGP-EVPN.

Configuring BGP EVPN control-plane and ISIS Segment Routing forwarding plane

In this post, we will configure the BGP EVPN control-plane and ISIS Segment Routing based forwarding plane. This will provide the basis to enable us for provisioning of EVPN based services using segment routing transport.

Reference Topology:

Task 1: Configure the Routing Protocol for Transport:

Configure IGP routing protocol between Leafs and Spines. In this tutorial we are using ISIS as the underlay routing protocol.

Loopback 0Prefix-SIDISIS Net
Spine-1 6.6.6.6/321600649.0001.0000.0000.0006.0
Spine-2 7.7.7.7/321600749.0001.0000.0000.0007.0
Leaf-1 1.1.1.1/321600149.0001.0000.0000.0001.0
Leaf-2 2.2.2.2/321600249.0001.0000.0000.0002.0
Leaf-5 5.5.5.5/321600549.0001.0000.0000.0005.0

Following is a sample config from Leaf-1 to implement ISIS routing protocol in the network. Similar configs with relevant Net address (shown in above table) and interfaces should be used on other devices to bring up the ISIS routing protocol in the network. Don’t configure ISIS on the links from host to leafs, these will be set up later as layer-2 links.


    router isis 1
     is-type level-2-only
     net 49.0001.0000.0000.0001.00
     nsr
     log adjacency changes
     address-family ipv4 unicast
      metric-style wide
    !
     interface Bundle-Ether16
      point-to-point
      address-family ipv4 unicast
    !
     interface Bundle-Ether17
      point-to-point
      address-family ipv4 unicast
    !        
     interface Loopback0
      passive
      address-family ipv4 unicast
    !

Verify that the point-to-point interfaces between the spines and leafs and other devices in the network are up and the ISIS routing adjacency is formed between the devices as per the topology. In this setup, ISIS routing protocol is configured on all the devices except the hosts, the host will be connected layer-2 dual-homed to the Leafs.

The “show isis neighbor” and “show route isis” commands can be used to verify that the adjacency is formed and the routes of all the Leafs and Spines are learnt via ISIS.

Task 2: Enable ISIS Segment Routing:

Configure Segment Routing protocol under ISIS routing protocol which enables MPLS on all the non-passive ISIS interfaces. A prefix SID is associated with an IP prefix and is manually configured from the segment routing global block (SRGB) range of labels. It is configured under the loopback interface with the loopback address of the node as the prefix. The prefix SID is globally unique within the segment routing domain.

The Prefix-SID can be an absolute value or an indexed value. In this guide, we are configuring Prefix-SID as absolute value. ISIS Segment Routing is configured in the Fabric between Leafs and Spines.

Following is a sample config to enable Segment Routing in the network. Similar config with prefix-SID that is unique for each device in the network, should be configured on other devices (as per the above diagram) to enable ISIS Segment Routing. In this config prefix-SID is enabled on the “loopback 0” interface of the devices.


    Spine-1:

    router isis 1
    address-family ipv4 unicast
      segment-routing mpls
     !
     interface Loopback0
      passive
      address-family ipv4 unicast
       prefix-sid absolute 16006
    !

    Spine-2:

    router isis 1
    address-family ipv4 unicast
      segment-routing mpls
     !
     interface Loopback0
      passive
      address-family ipv4 unicast
       prefix-sid absolute 16007
    !

Verify that all devices that have ISIS Segment Routing configured have advertised their prefix-SIDs. Also verify the prefix-SIDs are learnt and programmed in the forwarding plane on each device. This output is collected from Spines; we can see that the prefix-SID labels (identified by “Pfx”) of all the Leafs and other routers are learnt and programmed in the forwarding plane along with their outgoing interfaces.


    Spine-1:
    
    RP/0/RP0/CPU0:Spine-1#show isis segment-routing label table
    Tue Sep  4 23:35:11.115 UTC

    IS-IS 1 IS Label Table
    Label         Prefix/Interface
    ----------    ----------------
    16001         1.1.1.1/32
    16002         2.2.2.2/32
    16005         5.5.5.5/32
    16006         Loopback0
    16007         7.7.7.7/32
    RP/0/RP0/CPU0:Spine-1#
    

    RP/0/RP0/CPU0:Spine-1#show mpls forwarding 
    Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
    Label  Label       or ID              Interface                    Switched    
    ------ ----------- ------------------ ------------ --------------- ------------
    16001  Pop         SR Pfx (idx 1)     BE16         192.1.6.2       0           
    16002  Pop         SR Pfx (idx 2)     BE26         192.2.6.2       0           
    16005  Pop         SR Pfx (idx 5)     BE56         192.5.6.2       0           
    16007  16007       SR Pfx (idx 7)     BE16         192.1.6.2       0           
           16007       SR Pfx (idx 7)     BE26         192.2.6.2       0           
           16007       SR Pfx (idx 7)     BE56         192.5.6.2       0           
    64000  Pop         SR Adj (idx 1)     BE16         192.1.6.2       0           
    64001  Pop         SR Adj (idx 3)     BE16         192.1.6.2       0           
    64002  Pop         SR Adj (idx 1)     BE26         192.2.6.2       0           
    64003  Pop         SR Adj (idx 3)     BE26         192.2.6.2       0           
    64004  Pop         SR Adj (idx 1)     BE56         192.5.6.2       0           
    64005  Pop         SR Adj (idx 3)     BE56         192.5.6.2       0


    Spine-2:

    RP/0/RP0/CPU0:Spine-2#show isis segment-routing label table
    Tue Sep  4 23:45:48.834 UTC

    IS-IS 1 IS Label Table
    Label         Prefix/Interface
    ----------    ----------------
    16001         1.1.1.1/32
    16002         2.2.2.2/32
    16005         5.5.5.5/32
    16006         6.6.6.6/32
    16007         Loopback0
    RP/0/RP0/CPU0:Spine-2#


    RP/0/RP0/CPU0:Spine-2#show mpls forwarding
    Tue Sep  4 23:46:40.028 UTC
    Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
    Label  Label       or ID              Interface                    Switched    
    ------ ----------- ------------------ ------------ --------------- ------------
    16001  Pop         SR Pfx (idx 1)     BE17         192.1.7.2       0      
    16002  Pop         SR Pfx (idx 2)     BE27         192.2.7.2       0      
    16005  Pop         SR Pfx (idx 5)     BE57         192.5.7.2       0      
    16006  16006       SR Pfx (idx 6)     BE17         192.1.7.2       0           
           16006       SR Pfx (idx 6)     BE27         192.2.7.2       0           
           16006       SR Pfx (idx 6)     BE57         192.5.7.2       0           
    64000  Pop         SR Adj (idx 1)     BE17         192.1.7.2       0           
    64001  Pop         SR Adj (idx 3)     BE17         192.1.7.2       0           
    64002  Pop         SR Adj (idx 1)     BE27         192.2.7.2       0           
    64003  Pop         SR Adj (idx 3)     BE27         192.2.7.2       0           
    64004  Pop         SR Adj (idx 1)     BE57         192.5.7.2       0           
    64005  Pop         SR Adj (idx 3)     BE57         192.5.7.2       0           
    RP/0/RP0/CPU0:Spine-2#

After configuring ISIS segment routing, verify that the underlay is capable of forwarding traffic using labels assigned by segment routing.

Below output shows traceroute from Leaf-1 to Leaf-5 using the loopback address. Trace from Leaf-1 reaches Leaf-5 via Spines using label forwarding where Spine is the PHP for Leaf-5.


    Ping from Leaf-1 to Leaf-5:

    RP/0/RP0/CPU0:Leaf-1#ping  sr-mpls 5.5.5.5/32
    Tue Sep  4 23:40:51.032 UTC

    Sending 5, 100-byte MPLS Echos to 5.5.5.5/32,
          timeout is 2 seconds, send interval is 0 msec:

    Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
      'L' - labeled output interface, 'B' - unlabeled output interface, 
      'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
      'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 
      'P' - no rx intf label prot, 'p' - premature termination of LSP, 
      'R' - transit router, 'I' - unknown upstream index,
      'X' - unknown return code, 'x' - return code 0

    Type escape sequence to abort.

    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/13 ms
    RP/0/RP0/CPU0:Leaf-1#


    Trace from Leaf-1 to Leaf-5
    
    RP/0/RP0/CPU0:Leaf-1#trace  sr-mpls 5.5.5.5/32  
    Tue Sep  4 23:42:06.069 UTC

    Tracing MPLS Label Switched Path to 5.5.5.5/32, timeout is 2 seconds

    Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
      'L' - labeled output interface, 'B' - unlabeled output interface, 
      'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
      'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 
      'P' - no rx intf label prot, 'p' - premature termination of LSP, 
      'R' - transit router, 'I' - unknown upstream index,
      'X' - unknown return code, 'x' - return code 0

    Type escape sequence to abort.

      0 192.1.7.2 MRU 1500 [Labels: 16005 Exp: 0]
    L 1 192.1.7.1 MRU 1500 [Labels: implicit-null Exp: 0] 121 ms
    ! 2 192.5.7.2 4 ms
    RP/0/RP0/CPU0:Leaf-1#

Task 3: Configure the BGP-EVPN Control-Plane

MP-BGP with its various address families is used to transport specific reachability information in the network. BGP’s L2VPN-EVPN address family is capable of transporting tenant-aware/VRF-aware IP (Layer-3) and MAC (Layer-2) reachability information in MP-BGP. BGP EVPN provides the learnt information to all the devices within the network through a common control plane. BGP EVPN next-hops are going to be reachable via segment routing paths.

In this configuration guide to configure EVPN in the Fabric, we will configure iBGP EVPN, however eBGP EVPN can also be configured and is support on NCS 5500 routers. Spines are configured as the BGP EVPN Route Reflectors. Leaf-1, Leaf-2 and Leaf-5 will all be Route Reflector clients.

Configure Spines as RR for BGP EVPN address family.


    Spine-1:

    router bgp 65001
     bgp router-id 6.6.6.6
    !
     address-family l2vpn evpn
     !
     neighbor-group RRC
      remote-as 65001
      update-source Loopback0
      address-family l2vpn evpn
       route-reflector-client
      !
     !
     neighbor 1.1.1.1
      use neighbor-group RRC
      description BGP session to Leaf-1
     !
     neighbor 2.2.2.2
      use neighbor-group RRC
      description BGP session to Leaf-2
     !
     neighbor 5.5.5.5
      use neighbor-group RRC
      description BGP session to Leaf-5
     !


    Spine-2:

    router bgp 65001
     bgp router-id 7.7.7.7
    !
     address-family l2vpn evpn
     !
     neighbor-group RRC
      remote-as 65001
      update-source Loopback0
      address-family l2vpn evpn
       route-reflector-client
      !
     !
    neighbor 1.1.1.1
      use neighbor-group RRC
      description BGP session to Leaf-1
     !
     neighbor 2.2.2.2
      use neighbor-group RRC
      description BGP session to Leaf-2
     !
    neighbor 5.5.5.5
      use neighbor-group RRC
      description BGP session to Leaf-5
     !
    !

Use the following configuration and apply it to configure the Leaf-1 Leaf-2 and Leaf-5 to form the BGP EVPN adjacency between Leafs and Route Reflectors.


    Leaf-1:

    router bgp 65001
     bgp router-id 1.1.1.1
    !        
     address-family l2vpn evpn
     !
     neighbor 6.6.6.6
      remote-as 65001
      description "BGP session to Spine-1"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
     neighbor 7.7.7.7
      remote-as 65001
      description "BGP session to Spine-2"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
    !


    Leaf-2:

    router bgp 65001
     bgp router-id 2.2.2.2
    !        
     address-family l2vpn evpn
     !
     neighbor 6.6.6.6
      remote-as 65001
      description "BGP session to Spine-1"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
     neighbor 7.7.7.7
      remote-as 65001
      description "BGP session to Spine-2"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
    !


    Leaf-5:

    router bgp 65001
     bgp router-id 5.5.5.5
    !        
     address-family l2vpn evpn
     !
     neighbor 6.6.6.6
      remote-as 65001
      description "BGP session to Spine-1"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
     neighbor 7.7.7.7
      remote-as 65001
      description "BGP session to Spine-2"
      update-source Loopback0
      address-family l2vpn evpn
      !
     !
    !

Use “show bgp l2vpn evpn summary” cli command to verify the evpn neighborship between Route Reflectors and Leafs. Below output from the Spines show that the BGP EVPN neighborship is formed between the Leafs and the Route Reflectors and the control-plane is up.


    Spine-1:

    RP/0/RP0/CPU0:Spine-1#show bgp l2vpn evpn summary 
    BGP router identifier 6.6.6.6, local AS number 65001 

    Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer
    Speaker               1          1          1          1           1           0

    Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
    1.1.1.1           0 65001       8       8        1    0    0 00:06:02          0
    2.2.2.2           0 65001       7       7        1    0    0 00:04:53          0
    5.5.5.5           0 65001       7       7        1    0    0 00:04:14          0


    Spine-2: 

    RP/0/RP0/CPU0:Spine-2#show bgp l2vpn evpn summary 
    BGP router identifier 7.7.7.7, local AS number 65001

    Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer
    Speaker               1          1          1          1           1           0

    Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
    1.1.1.1           0 65001       9      10        1    0    0 00:06:50          0
    2.2.2.2           0 65001       8       8        1    0    0 00:05:43          0
    5.5.5.5           0 65001       7       7        1    0    0 00:05:03          0

In this post we covered the configuration and verification of BGP-EVPN control-plane and ISIS-SR based MPLS forwarding plane. In the next post we will leverage the EVPN control-plane and ISIS-SR to provision BGP-EVPN based Multi-Homing of devices.

Leave a Comment