Implementing EVPN ELAN over SRv6 Transport on NCS 500/5500

8 minutes read

Overview

In our previous tutorials, we covered SRv6 Transport with uSID on the NCS 500 and 5500 platforms, and L3/L2 P2P services on top of it. This tutorial will cover implementaion of ethernet VPN (EVPN) based multipoint layer 2 service (ELAN) over SRv6 uSID transport. As of today, only Single homed EVPN ELAN is supported on these platforms. EVPN ELAN is not supported on the NCS 5700 series platforms as of latest XR release.

Topology

elan-topo.png

NodesDevice TypeSoftware VersionLoopback0
PE1NCS 540IOS XR 7.5.2fcbb:bb00:1::1/128
P2NCS 5500IOS XR 7.5.2fcbb:bb00:2::1/128
P3NCS 5500IOS XR 7.5.2fcbb:bb00:3::1/128
PE4NCS 5500IOS XR 7.5.2fcbb:bb00:4::1/128
PE5NCS 5500IOS XR 7.5.2fcbb:bb00:5::1/128

The loopback0 IPs are chosen as per the SRv6 addressing best practice (check out segment-routing.net for more details).

In this tutorial, we will establish a multipoint L2VPN (EVPN-ELAN) connecting CE1, CE2 and CE3. The example will demonstrate VLAN based ELAN (EVPLAN) service and establish L2 stretch across CE1, CE2 and CE3 for VLAN 200.

Configuration Steps

We already covered the configuration steps for the transport in our previous tutorial. The below table summerizes the SRv6 uSID locator used (name POD0) on each node for reference.

NodesSRv6 Locator
PE1fcbb:bb00:1::/48
P2fcbb:bb00:2::/48
P3fcbb:bb00:3::/48
PE4fcbb:bb00:4::/48
PE5fcbb:bb00:5::/48

Configuration steps included in this tutorial will focus only on the service specific tasks including,

  • BGP EVPN control plane
  • EVPN ES and EVI configuration
  • Layer 2 UNI and L2VPN configuration

BGP configuration for EVPN

BGP configuration is similar to what we did in our previous tutorial. However, since we have multiple PE nodes here, we need to establish full mesh BGP with EVPN AFI. For simplicity, we are using P2 as a route-reflector (RR). In real time deployment, it is recommended to use dedicated route-reflectors in the network. The following config snippet shows the BGP configuration on all the PEs and the RR node.

PE1


router bgp 100
 bgp router-id 1.1.1.1
 address-family l2vpn evpn
 !
 neighbor fcbb:bb00:2::1
  remote-as 100
  update-source Loopback0
  address-family l2vpn evpn
  !
 !
!

PE4


router bgp 100
 bgp router-id 4.4.4.4
 address-family l2vpn evpn
 !
 neighbor fcbb:bb00:2::1
  remote-as 100
  update-source Loopback0
 address-family l2vpn evpn
  !
 !
!

PE5


router bgp 100
 bgp router-id 5.5.5.5
 address-family l2vpn evpn
 !
 neighbor fcbb:bb00:2::1
  remote-as 100
  update-source Loopback0
  address-family l2vpn evpn
  !
 !
!

P2 as RR


router bgp 100
 bgp router-id 2.2.2.2
 address-family vpnv4 unicast
 !
 address-family l2vpn evpn
 !
 neighbor fcbb:bb00:1::1
  remote-as 100
  update-source Loopback0
  address-family l2vpn evpn
   route-reflector-client
  !
 !
 neighbor fcbb:bb00:4::1
  remote-as 100
  update-source Loopback0
  address-family l2vpn evpn
   route-reflector-client
  !
 !
 neighbor fcbb:bb00:5::1
  remote-as 100
  update-source Loopback0
  address-family l2vpn evpn
   route-reflector-client
  !
 !
!

EVPN ES and EVI configuration

The next step is to configure the EVPN. It includes three steps,

  • ES configuration: Since we are not using Multihoming CE, we won’t explicitly configure any ESI but simply enable to physical PE-CE link under EVPN

evpn
 interface  TenGigE0/0/0/0
   ethernet-segment
    identifier type 0  1.1.1.1.1.1.0 
  !
 !
!

  • Enabling SRv6: we need to globally enable SRv6 for EVPN under EVPN global configuration. This step optionally includes specifying the SRv6 locator to be used for EVPN services.

evpn
 segment-routing srv6
  locator  POD0 
 !
!

  • EVI configuartion: The next important step is to configure the EVPN identifier (EVI) and enable MAC advertisement and SRv6 for the EVI. We can also specify the locator per EVI in this stage. We are using per EVI locator in this tutorial.

evpn
 evi 200 segment-routing srv6
  advertise-mac
  !
   locator POD0
 !
!

Below is the config snippet from all the PE nodes. (we have the exact same configuration on all three PEs as the topology is symmetric i.e same interfaces are used on each PE)

PE1, PE4 and PE5


evpn
 evi 200 segment-routing srv6
  advertise-mac
  !
  locator POD0
 !
 interface TenGigE0/0/0/0
 !
 segment-routing srv6
 !
!

Configuring Layer2 Attachment Circuits & Bridge-Domain

We need to configure l2transport sub-interface (on the PE-CE link) with appropriate VLAN encapsulations. This tutorial is showing VLAN based service with VLAN ID 200. We are not showing any VLAN translation operation (rewrite commands) as they are out of scope of this tutorial.

PE1, PE4 and PE5


interface TenGigE0/0/0/0.2 l2transport
 encapsulation dot1q 200

The layer2 sub interface created now needs to be stitched with the EVI by using the l2vpn bridge-domain service construct as shown below. Note that the segment-routing srv6 keyword is must here . We can also specify a locator if we wish to use a different locator for the bridge-domain.

PE1, PE4 and PE5


l2vpn
 bridge group POD0
  bridge-domain POD0
   interface TenGigE0/0/0/0.2
   !
   evi 200 segment-routing srv6
   !
  !
 !
!

Verification Steps

Verifying EVPN ELAN control Plane

The very first step is to verify whether the configured bridge-domain is in Up state on all the PE nodes. For brevity we have included the verification outputs only from PE5.


RP/0/RP0/CPU0:LABSP-3393-PE5#show  l2vpn bridge-domain brief 
Fri May 12 04:35:22.647 UTC
Legend: pp = Partially Programmed.
Bridge Group:Bridge-Domain Name  ID    State          Num ACs/up   Num PWs/up    Num PBBs/up Num VNIs/up
-------------------------------- ----- -------------- ------------ ------------- ----------- -----------
POD0:POD0                        1     up             1/1          0/0           0/0         0/0   

The next step is to see the programmed SRv6 SIDs for the service we configured. For each EVI , there are two SRv6 SID programmed, uDT2U and uDT2M for Unicast and BUM traffic respectively.



RP/0/RP0/CPU0:LABSP-3393-PE5#show  segment-routing  srv6  sid 
Fri May 12 04:38:57.345 UTC

*** Locator: 'POD0' *** 

SID                         Behavior          Context                           Owner               State  RW
--------------------------  ----------------  --------------------------------  ------------------  -----  --
fcbb:bb00:5::               uN (PSP/USD)      'default':5                       sidmgr              InUse  Y 
fcbb:bb00:5:e000::          uA (PSP/USD)      [BE35, Link-Local]:0:P            isis-1              InUse  Y 
fcbb:bb00:5:e001::          uA (PSP/USD)      [BE35, Link-Local]:0              isis-1              InUse  Y 
fcbb:bb00:5:e002::          uA (PSP/USD)      [BE25, Link-Local]:0:P            isis-1              InUse  Y 
fcbb:bb00:5:e003::          uA (PSP/USD)      [BE25, Link-Local]:0              isis-1              InUse  Y 
fcbb:bb00:5:e004::          uA (PSP/USD)      [BE45, Link-Local]:0:P            isis-1              InUse  Y 
fcbb:bb00:5:e005::          uA (PSP/USD)      [BE45, Link-Local]:0              isis-1              InUse  Y 
 fcbb:bb00:5:e006::          uDT2U             200:0                             l2vpn_srv6          InUse  Y
fcbb:bb00:5:e007::          uDT2M             200:0                             l2vpn_srv6          InUse  Y

The same SIDs can also be verified using the EVI detail CLI.



RP/0/RP0/CPU0:LABSP-3393-PE5#show  evpn  evi  vpn-id  200 detail 
Fri May 12 06:04:53.970 UTC

VPN-ID     Encap      Bridge Domain                Type               
---------- ---------- ---------------------------- -------------------
 200        SRv6       POD0                         EVPN               
   Stitching: Regular
   Unicast SID:  fcbb:bb00:5:e006::                  
   Multicast SID:  fcbb:bb00:5:e007::                     
   E-Tree: Root
   Forward-class: 0
   Advertise MACs: Yes
   Advertise BVI MACs: No
   Aliasing: Enabled
   UUF: Enabled
   Re-origination: Enabled
   Multicast:
     Source connected   : No
     IGMP-Snooping Proxy: No
     MLD-Snooping Proxy : No
   BGP Implicit Import: Enabled
   VRF Name: 
   SRv6 Locator Name: POD0
   Preferred Nexthop Mode: Off
   BVI Coupled Mode: No
   BVI Subnet Withheld: ipv4 No, ipv6 No
   RD Config: none
   RD Auto  : (auto) 5.5.5.5:200
   RT Auto  : 100:200
   Route Targets in Use           Type                 
   ------------------------------ ---------------------
   100:200                        Import               
   100:200                        Export 

The above output shows the two SIDs for two types of traffic for the EVI. We can check details of the SIDs using show segment-routing srv6 sid <> detail commands as below:



RP/0/RP0/CPU0:LABSP-3393-PE5#show  segment-routing  srv6  sid  fcbb:bb00:5:e006:: detail 
Fri May 12 06:11:15.177 UTC

*** Locator: 'POD0' *** 

SID                         Behavior          Context                           Owner               State  RW
--------------------------  ----------------  --------------------------------  ------------------  -----  --
fcbb:bb00:5:e006::          uDT2U             200:0                             l2vpn_srv6          InUse  Y 
   SID Function: 0xe006
  SID context: { evi=200, opaque-id=0 }
  Locator: 'POD0'
  Allocation type: Dynamic
  Created: May 11 06:29:44.913 (23:41:30 ago)
  

Verifying EVPN ELAN Data Plane and MAC Learnings

The CE nodes are configured in the same L2 subnets which we want to stitch using the EVPN service. Below are the IP configurations on each CE.

CE1CE2CE3
			
	interface TenGigE0/0/0/0.2
 	ipv4 address 200.0.0.1 255.255.255.0
 	encapsulation dot1q 200
	!
			
		
			
	interface TenGigE0/0/0/0.2
 	ipv4 address 200.0.0.2 255.255.255.0
 	encapsulation dot1q 200
	!
			
		
			
	interface TenGigE0/0/0/0.2
 	ipv4 address 200.0.0.3 255.255.255.0
 	encapsulation dot1q 200
	!
			
		

We can now try verifying end-to-end ping from CE1 to the other CE nodes to confirm the working of the EVPN service.

			
RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.1
Fri May 12 05:22:43.472 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.2
Fri May 12 05:22:44.911 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.3
Fri May 12 05:22:46.593 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
			
		

As the packets went through the EVPN PEs, we will see the respective MAC addresses learnt locally and via EVPN. The below CLI snippets shows the learnings on PE5.

			
RP/0/RP0/CPU0:LABSP-3393-PE5#show  evpn  evi  vpn-id 200 mac 
Fri May 12 06:32:40.216 UTC

VPN-ID     Encap      MAC address    IP address                               Nexthop                                 Label    SID                                    
---------- ---------- -------------- ---------------------------------------- --------------------------------------- -------- ---------------------------------------
200        SRv6       00bc.6016.5800 ::                                       fcbb:bb00:1::1                                 IMP-NULL fcbb:bb00:1:e000::                     
200        SRv6       00bc.6024.c400 ::                                       fcbb:bb00:4::1                                IMP-NULL fcbb:bb00:4:e000::                     
200        SRv6       00bc.6027.6400 ::                                       TenGigE0/0/0/0.2                        0        fcbb:bb00:5:e006::    
		
		

We can see one locally learnt MAC on the UNI side and two remote MACs learnt from the peer PEs. The same can also be seen in the EVPN RT2 received.

			
RP/0/RP0/CPU0:LABSP-3393-PE5# show  bgp  l2vpn evpn  rd 1.1.1.1:200
Fri May 12 06:36:10.445 UTC
BGP router identifier 5.5.5.5, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0
BGP main routing table version 218
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:200
*>i[2][0][48][00bc.6016.5800][0]/104
                      fcbb:bb00:1::1                      100      0 i
*>i[3][0][32][1.1.1.1]/80
                      fcbb:bb00:1::1                       100      0 i

Processed 2 prefixes, 2 paths

RP/0/RP0/CPU0:LABSP-3393-PE5#show  bgp  l2vpn evpn  rd 4.4.4.4:200
Fri May 12 06:36:28.768 UTC
BGP router identifier 5.5.5.5, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0
BGP main routing table version 218
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 4.4.4.4:200
*>i[2][0][48][00bc.6024.c400][0]/104
                      fcbb:bb00:4::1                       100      0 i
*>i[3][0][32][4.4.4.4]/80
                      fcbb:bb00:4::1                       100      0 i

Processed 2 prefixes, 2 paths

Summary

This concludes Part 6 of our SRv6 tutorial series explaining multipoint L2 service over SRv6 transport with EVPN control Plane (EVPN ELAN). Stay tuned for our upcoming tutorials.

Updated:

Leave a Comment