BRKMPL-2333-EVPN

EVPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN BRKMPL-2333

Jose Liste ([email protected])

Technical Marketing Engineer

© 2014 Cisco and/or its affiliates. All rights reserved. BRKMPL-2333 Cisco Public

Agenda

Technical Overview

Requirements

Flows and Use Cases

Cisco’s PBB-EVPN Implementation

Summary

3


EVPN and PBB-EVPN

xEVPN family introduces next generation solutions for Ethernet services

– BGP control-plane for Ethernet Segment and MAC distribution and learning over core

– Same principles as L3VPNs

No use of Pseudowires

– MP2P tunnels for unicast

– Multi-destination frame delivery via ingress replication (over MP2P tunnels) or LSM

All-Active Redundancy with Flow-based load-balancing

4

EVPN

EVPN

VPWS

PBB-

EVPN

Technical Overview Solution Requirements

5


Data Center Interconnect requirements not fully addressed by current

L2VPN technologies

The road towards EVPN

Ethernet Virtual Private Network (EVPN) and Provider Backbone Bridging

EVPN (PBB-EVPN) designed to address these requirements

All-active Redundancy and Load Balancing

Simplified Provisioning and Operation

Optimal Forwarding

Fast Convergence

MAC Address Scalability


Existing VPLS solutions do not offer an All-Active per-flow redundancy

Looping of Traffic Flooded from PE

Duplicate Frames from Floods from the Core

MAC Flip-Flopping over Pseudowire

– E.g. Port-Channel Load-Balancing does not produce a consistent hash-value for a frame with the same source MAC (e.g. non MAC based Hash-Schemes)

7

The road towards EVPN Solve Challenges of VPLS for All-Active Redundancy

PE1

PE2

PE3

PE4

CE1 CE2

Echo !

PE1

PE2

PE3

PE4

CE1 CE2 Duplicate !

M1

M1

M2

PE1

PE2

PE3

PE4

CE1 CE2 MAC Flip-

Flop

M1 M2


Solution Requirements

All-Active Redundancy to maximize bisectional bandwidth

Load-balance traffic among PEs and exploit core ECMP based on flow entropy (flow can be L2/L3/L4 or combinations)

Support geo-redundant PE nodes with optimal forwarding

Flexible Redundancy Grouping of PEs

All-Active Redundancy and Load Balancing

8

WAN

Site 1 Site 2

Site N

Flow-based Load

balancing

Flow-based Multi-pathing

Backdoor

Geo-Redundancy


Active / Active Multi-Homing with flow-based load balancing in CE to PE direction

– Maximize bisectional bandwidth

– Flows can be L2/L3/L4 or combinations

Flow-based load balancing in PE to PE direction

– Multiple RIB entries associated for a given MAC

– Exercises multiple links towards CE

9

Solution Requirements All-Active Redundancy and Load Balancing (cont.)

PE

PE

PE

PE

Vlan X - F1

Vlan X – F2

Flow Based Load-balancing – CE to PE direction

PE

PE

PE

PE

Flow Based Load-balancing – PE to PE direction

Vlan X - F1

Vlan X – F2


Flow-based Multi-Pathing

Load balancing across equal cost multiple paths in the MPLS core

Load balancing at PE and P routers based on Entropy MPLS labels

10

Solution Requirements All-Active Redundancy and Load Balancing (cont.)

PE

PE

PE

PE

P

P

P

P

Flow Based Multi-Pathing in the Core Vlan X - F1

Vlan X – F2

Vlan X – F3

Vlan X – F4


Solution Requirements

Server Virtualization fueling growth in MAC Address scalability: – 1 VM = 1 MAC address.

– 1 server = 10’s or 100’s of VMs

MAC address scalability most pronounced on Data Center WAN Edge for Layer 2 extensions over WAN. – Example from a live network: 1M MAC addresses in a single SP data center

MAC Address Scalability

12

WAN

DC Site 1

DC Site 2 DC Site N

1K’s

10K’s

1M’s

N * 1M

Technical Overview Highlights

13


Next generation solution for Ethernet multipoint connectivity services

– Leverage similarities with L3VPN

PEs run Multi-Protocol BGP to advertise & learn Customer MAC addresses (C-MACs) over Core

Learning on PE Access Circuits via data-plane transparent learning

No pseudowire full-mesh required – Unicast: use MP2P tunnels

– Multicast: use ingress replication over MP2P tunnels or use LSM

Under standardization at IETF – draft-ietf-l2vpn-evpn

Ethernet VPN Highlights

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

VID 100

SMAC: M1

DMAC: F.F.F

BGP MAC adv. Route

EVPN NLRI

MAC M1 via PE1

Data-plane address

learning from Access

Control-plane address

advertisement / learning

over Core


Combines Ethernet Provider Backbone Bridging (PBB - IEEE 802.1ah) with Ethernet VPN

– PEs perform as PBB Backbone Edge Bridge (BEB)

Reduces number of BGP MAC advertisements routes by aggregating Customer MACs (C-MAC) via Provider Backbone MAC (B-MAC)

– PEs advertise local Backbone MAC (B-MAC) addresses in BGP

– C-MAC to B-MAC mapping learned in data-plane

– Takes advantage of PBB encapsulation to reduce control plane operation

Under standardization at IETF – draft-ietf-l2vpn-pbb-evpn

PBB Ethernet VPN Highlights

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

B-MAC:

B-M1 B-M2

B-M2

BGP MAC adv. Route

EVPN NLRI

MAC B-M1 via PE2

B-MAC:

B-M1

Control-plane address

advertisement / learning

over Core (B-MAC)

Data-plane address

learning from Access

• Local C-MAC to local B-

MAC binding

Data-plane address

learning from Core

• Remote C-MAC to remote

B-MAC binding

Technical Overview Comparison of Solutions

16


Use Case Positioning

17

Market

Segment Use Case

xEVPN Solutions

EVPN-

VPWS EVPN PBB-EVPN

Carrier

Ethernet

E-LINE services ✔

E-LAN services ✔ ✔

Data Center

Native Ethernet DC

L2 Inter-DC ✔ ✔

NG-DC

L2 / L3 Intra-DC ✔1

NG-DC

L2 Inter-DC ✔1

✔ = primary choice

✔ = secondary choice

(1) NG-DC using MAC learning via BGP control-plane


Comparison of L2VPN Solutions

18

Requirement VPLS PBB-VPLS EVPN PBB-EVPN

Provisioning Simplicity

Core Auto-Discovery ✔ ✔ ✔ ✔

Access Auto-Sensing x x ✔ ✔

Redundancy Group Auto-Discovery x x ✔ ✔

Automatic Designated Forwarder election and Service Carving x x ✔ ✔

Multi-Homing with All-Active Forwarding

Service Based Load-balancing CE-to-PE ✔ ✔ ✔ ✔

Flow Based Load-balancing CE-to-PE x x ✔ ✔

Flow Based Load-balancing PE-to-PE x x ✔ ✔

Flow Based Multi-Pathing in the Core ✔ ✔ ✔ ✔

Service Interfaces

Port-Based / VLAN-based / VLAN Bundling ✔ ✔ ✔ ✔

VLAN-aware Bundling x x ✔ ✔

Multi-Destination Traffic Forwarding

Ingress Replication ✔ ✔ ✔ ✔

LSM with P2MP Tree ✔ ✔ ✔ ✔

LSM with MP2MP Tree x x ✔ ✔


Comparison of L2VPN Solutions (cont.)

19

Requirement VPLS PBB-VPLS EVPN PBB-EVPN

Fast Convergence

CE-PE Link Failures / PE Node Failures ✔ ✔ ✔ ✔

MAC Mobility ✔ ✔ ✔ ✔

CE-PE Link Failures with Local Repair x x ✔ ✔

MAC Scalability

Scale to Millions of C-MAC Addresses x ✔ x ✔

Confinement of C-MAC entries to PE with active flows ✔ ✔ x ✔

MAC Summarization x x ✔ ✔

MAC Summarization co-existence with C-MAC Mobility x x x ✔

Flexible VPN Policies

Per C-MAC Forwarding Control Policies x x ✔ x

Per-Segment Forwarding Control Policies x x ✔ ✔

Technical Overview Concepts

20


EVPN / PBB-EVPN Concepts

Ethernet Segment

• Represents a ‘site’

connected to one or more

PEs

• Uniquely identified by a 10-

byte global Ethernet

Segment Identifier (ESI)

• Could be a single device or

an entire network

Single-Homed Device (SHD)

Multi-Homed Device (MHD)

Single-Homed Network (SHN)

Multi-Homed Network (MHN)

BGP Routes

• EVPN and PBB-EVPN

define a single new BGP

NLRI used to carry all

EVPN routes

• NLRI has a new SAFI (70)

• Routes serve control plane

purposes, including:

MAC address reachability

MAC mass withdrawal

Split-Horizon label adv.

Aliasing

Multicast endpoint discovery

Redundancy group discovery

Designated forwarder election

EVPN Instance (EVI)

• EVI identifies a VPN in the

network

• Encompass one or more

bridge-domains, depending

on service interface type

Port-based

VLAN-based (shown above)

VLAN-bundling

VLAN aware bundling (NEW)

BGP Route Attributes

• New BGP extended

communities defined

• Expand information carried

in BGP routes, including:

MAC address moves

C-MAC flush notification

Redundancy mode

MAC / IP bindings of a GW

Split-horizon label encoding

PE

BD

BD

EV

I E

VI

PE1

PE2

CE1

CE2

SHD

MHD

ESI1

ESI2

Route Types

[1] Ethernet Auto-Discovery (AD) Route

[2] MAC Advertisement Route

[3] Inclusive Multicast Route

[4] Ethernet Segment Route

Extended Communities

ESI MPLS Label

ES-Import

MAC Mobility

Default Gateway


EVPN Instance (EVI) & Service Interfaces EVPN Instance (EVI) identifies a VPN in the MPLS/IP network

EVI may encompass one or more bridge-domains, depending on PE’s service interface type:

CE

CE UNI

UNI

UNI

Port Based Service

Interface All CE-VLANs

VPN A

PE

BD

EV

I

CE

CE UNI

UNI

UNI

VLAN Based Service

Interface

VLAN

X

VLAN

Y

VPN A

VPN B

PE

BD

BD

EV

I E

VI

CE

CE UNI

UNI

UNI

VLAN Bundling Service

Interface CE-VLAN

subset

VPN A

PE

BD

EV

I

CE

CE UNI

UNI

UNI

VLAN Aware Bundling Service

Interface CE-VLAN

subset

VPN

A

PE

BD

BD

EV

I

New!


Ethernet Segment Definition

Ethernet Segment is a ‘site’ connected to one or more PEs

Ethernet Segment could be a single device (i.e. CE) or an entire network

– Single-Homed Device (SHD)

– Multi-Homed Device* (MHD) using Ethernet Multi-chassis Link Aggregation Group

– Single-Homed Network (SHN)

– Multi-Homed Network* (MHN)

Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI)

PE1

PE2

PE4

PE3

CE1

CE2

CE6 CE3

CE4

CE5

SHD

MHD MHN

SHN MHD

ESI1

ESI2

ESI3

ESI4

ESI5

PE5

(*) Includes Dual-Homed Device


Ethernet Segment ESI Auto-Sensing

24

MHD with Multi-chassis LAG

ESI is auto-discovered via LACP

ESI is encoded using the CE’s LACP parameters:

PE1

PE2

CE

LACPDU

LACPDU

MPLS

MHN with MST

ESI is auto-discovered via MST BPDU

snooping

ESI is encoded using the IST’s root

parameters:

PE1

PE2 MPLS MST

CE1

CE2

BPDU

BPDU

System Priority

2 bytes 6 bytes 2 bytes

System MAC Address Port Key Bridge Priority


Root Bridge MAC 0x0000

Technical Overview Forwarding Fundamentals

25


Split Horizon For Ethernet Segments – EVPN

PE advertises in BGP a split-horizon label (ESI MPLS Label) associated with each multi-homed Ethernet Segment

Split-horizon label is only used for multi-destination frames (Unknown Unicast, Multicast & Broadcast)

When an ingress PE floods multi-destination traffic, it encodes the Split-Horizon label identifying the source Ethernet Segment in the packet

Egress PEs use this label to perform selective split-horizon filtering over the attachment circuit

PE1

PE2

PE3

PE4

CE1 CE3

ESI-1 ESI-2

CE4

CE5

Challenge:

How to prevent flooded traffic from echoing back

to a multi-homed Ethernet Segment? Echo !


Split Horizon For Ethernet Segments – PBB-EVPN

PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment

– 1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)

Disposition PEs check the B-MAC source address for Split-Horizon filtering

– Frame not allowed to egress on an Ethernet Segment whose B-MAC matches the B-MAC source address in the PBB header

PE1

PE2

PE3

PE4

CE1 CE3

ESI-1 ESI-2

CE4

CE5

Challenge:

How to prevent flooded traffic from echoing back

to a multi-homed Ethernet Segment? Echo !

B-MAC1

B-MAC1


Split Horizon For Core Tunnels

28

Traffic received from an MPLS tunnel over the core is never forwarded back to the MPLS core

This is similar to the VPLS split-horizon filtering rule

PE1

PE2

PE3

PE4

CE1 CE3

ESI-1 ESI-2

CE4 CE5

Challenge:

How to prevent flooded traffic from looping back

over the core? Loop !


Designated Forwarder (DF) DF Election

PEs connected to a multi-homed Ethernet Segment discover each other via BGP

These PEs then elect among them a Designated Forwarder responsible for forwarding flooded multi-destination frames to the multi-homed Segment

DF Election granularity can be:

– Multiple DFs for load-sharing

– Per Ethernet Tag on Ethernet Segment (EVPN)

– Per I-SID on Ethernet Segment (PBB-EVPN)

PE1

PE2

PE3

PE4

CE1 CE2

ESI-1 ESI-2 Challenge:

How to prevent duplicate copies of flooded traffic

from being delivered to a multi-homed Ethernet

Segment? Duplicate !


Designated Forwarder (DF) DF Filtering

30

MHD All-Active with Per-Flow Load Balancing

PE1

PE2

CE

MPLS

MHD / MHN All-Active with Per-Service

Load Balancing

PE1

PE2 MPLS MHN

CE1

CE2

PE1

PE2

CE

MPLS

Filtering

Direction:

Core to Segment

Filtered Traffic: Flooded multi-destination

Filtering

Direction:

• Core to Segment

• Segment to Core

Filtered Traffic: • Flooded multi-

destination

• Unicast

! DF Filtering

DF Filtering

!

DF Filtering

!

Multi-destination

Traffic

Unicast Traffic

Legend


Aliasing EVPN

PEs advertise in BGP the ESIs of local multi-homed Ethernet Segments

– All-Active Redundancy Mode indicated

When PE learns MAC address on its AC, it advertises the MAC in BGP along with the ESI of the Ethernet Segment from which the MAC was learnt

Remote PEs can load-balance traffic to a given MAC address across all PEs advertising the same ESI

MAC1

PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge:

How to load-balance traffic towards a multi-

homed device across multiple PEs when MAC

addresses are learnt by only a single PE?

I can reach

ESI1 (All-Active)

I can reach

ESI1 (All-Active)

MAC1

I can reach

MAC1 via ESI1

MAC1 ESI1 PE1

PE2


Aliasing PBB-EVPN

PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment

– 1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)

PEs advertise their B-MAC addresses independent of the C-MAC learning state

Remote PEs can load-balance traffic to a given C-MAC across all PEs advertising the same associated B-MAC

MAC1

PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge:

How to load-balance traffic towards a multi-

homed device across multiple PEs when MAC

addresses are learnt by only a single PE?

I can reach

B-MAC1

I can reach

B-MAC1

MAC1

I can reach MAC1

via B-MAC1

MAC1 B-MAC1PE1

PE2

B-M1

B-M1


MAC Mass-Withdraw

PEs advertise two sets of information:

– MAC addresses along with the ESI from the address was learnt

– Connectivity to ESI(s)

If a PE detects a failure impacting an Ethernet Segment, it withdraws the route for the associated ESI

– Remote PEs remove failed PE from the path-list for all MAC addresses associated with an ESI

– This effectively is a MAC ‘mass-withdraw’ function

EVPN

34

MAC1

PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge:

How to inform remote PEs of a failure affecting

many MAC addresses quickly while the control-

plane re-converges?

MAC1,

MAC2,…

MACn

I can reach

ESI1 (All-Active)

I can reach

MAC1 via ESI1

I can reach

MAC2 via ESI1

I can reach

MACn via ESI1

I can reach

ESI1 (All-Active)

MAC1,.. MACn ESI1 PE1

PE2 I lost ESI1

X

BGP Routes and Attributes

35


BGP Routes

(PBB) EVPN defines a single new BGP NLRI used to carry all EVPN routes.

The NLRI has a new SAFI (70).

(PBB) EVPN speakers must first exchange BGP capability for EVPN AFI / SAFI per RFC4760.

Overview

Route Type

Length

Route Type Specific

1 byte

1 byte

Variable

1. Ethernet Auto-Discovery (AD) Route 2. MAC Advertisement Route 3. Inclusive Multicast Route 4. Ethernet Segment Route


BGP Routes Route Types and Usage

Route Purpose EVPN PBB-EVPN

Ethernet Auto-

Discovery (A-D)

Route

• MAC Mass-Withdraw

• Aliasing (encodes Aliasing label)

• Split-Horizon Filtering (encodes SH

label)

✔ Not Needed1

MAC

Advertisement

Route

• Advertise MAC Address Reachability

• Advertise IP/MAC Bindings ✔ ✔

Inclusive Multicast

Route • Multicast Tunnel Endpoint Discovery ✔ ✔

Ethernet Segment

Route • Redundancy Group Discovery

• Designated Forwarder (DF) Election ✔ ✔

(1) Aliasing, split-horizon and fast convergence is achieved through use of shared B-MAC /per segment for PEs on same redundancy group


BGP Routes Route Attributes and Usage

Attribute Purpose Route

Applicability

ESI MPLS Label

Extended Community

• Encode Split-Horizon Label for Ethernet Segment

• Indicate Redundancy Mode (Single-Active vs. All-

Active)

Ethernet A-D

Route

ES-Import Extended

Community

• Limit the import scope of the Ethernet Segment

routes

Ethernet

Segment Route

MAC Mobility

Extended Community

• EVPN: Indicate that a MAC address has moved

from one segment to another across PEs1

• PBB-EVPN: Signal C-MAC address flush

notification

MAC

Advertisement

Route

Default Gateway

Extended Community

• Indicate the MAC/IP bindings of a gateway MAC

Advertisement

Route (1) MAC (C-MAC) move events do not require any control plane involvement with PBB-EVPN

Flows and Use Cases PBB-EVPN Startup Sequences

39


PBB-EVPN Startup Sequence

40

Segment Auto-Discovery

ESI and B-MAC Auto-Sensing

Redundancy Group Membership Auto-Discovery

VPN Auto-Discovery

Multicast Tunnel ID / Endpoint

Discovery

Backbone MAC (B-MAC) Reachability Advertisement


PBB-EVPN Startup Sequence (cont.) ESI and B-MAC Auto-Sensing

41



MPLS

PE1

CE1

PE2

PE3

CE3

PE4

LACP PDU

exchange

Source B-MAC used at PBB-EVPN PE on a

given ESI can be auto-generated* from CE’s

LACP information -> CE’s LACP System ID

MAC with U/L** (Universal / Locally

Administered) bit flipped

Example: 0211.0022.0033

CE LACP info:

LACP System ID (MAC) (6B)

e.g. 0011.0022.0033

LACP System Priority (2B)

e.g. 0000

LACP Port Key (2B)

e.g. 0018

ESI (10B) can be auto-generated*

from CE’s LACP information ->

concatenation of CE’s LACP

System Priority + Sys ID + Port Key

Example:

0000. 0011.0022.0033.0018

(*) ESI and B-MAC can also be manually configured

(**) U/L is second-least-significant bit of most significant byte

System Priority


System MAC Address Port Key

B-MAC

B-MAC

B-MAC

B-MAC


PBB-EVPN Startup Sequence (cont.) BGP Ethernet Segment Route

42

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE 1 Eth Segment Route

RD = RD10

ESI = ESI1

ES-Import ext. comm.

e.g. 0011.0022.0033

MAC address portion

of ESI (6B)

PE 2 Eth Segment Route

RD = RD20

ESI = ESI1

ES-Import ext. comm.

e.g. 0011.0022.0033




RD – RD unique per

advertising PE


PBB-EVPN Startup Sequence Designated Forwarder (DF) Election*

43

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

Ordered List of discovered PEs

starting from zero (lowest IP add)




PE Ordered List

Position PE

0 PE1

1 PE2

Modulo Operation

I-SID

I-SID mod N

(N = # of PEs)

(e.g. I-SID mod 2)

100 0

101 1

102 0

103 1

PE Ordered List

Position PE

0 PE1

1 PE2

Modulo Operation

I-SID (I-SID mod 2)

100 0

101 1

102 0

103 1

Exchange of Ethernet

Segment Routes

Result of modulo

operation is used to

determine DF and

BDF status

DF – Designated Forwarder

BDF – Backup Designated Forwarder

I-SID – PBB 24-bit Service Instance ID

Example:

PE2 DF for I-SIDs 101, 103

PE2 BDF for I-SIDs 100, 102

Example:

PE1 DF for I-SIDs 100, 102

PE1 BDF for I-SIDs 101, 103

(*) DF election with Service Carving shown (i.e. one DF per I-SID in the segment)


PBB-EVPN Startup Sequence (cont.) BGP MAC Advertisement Route (B-MAC)

44




Backbone MAC (B-MAC) Reachability Advertisement

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE1 MAC Route

RD = RD-1a

ESI = all 1s

MAC = B-M1

Label = L1

RT ext. community

RT-a

MP2P VPN Label –

downstream allocated label

used by other PEs to send

traffic to advertised (MAC,EVI) B-MAC advertised

by route

PE3 / PE4 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

PE2 MAC Route

RD = RD-2a

ESI = all 1s

MAC = B-M1

Label = L2

RT ext. community

RT-a


advertising PE per EVI

ESI – reserved ESI

indicates advertised

MAC is a B-MAC

B-M1

B-M1

B-M2

B-M2


PBB-EVPN Startup Sequence BGP Inclusive Multicast Route

45

VPN Auto-Discovery

Multicast Tunnel ID / Endpoint

Discovery1

PE 1 Inclusive Multicast Route

RD = RD-1a

PMSI Tunnel Attribute

Tunnel Type (e.g. Ing. Repl.)

Label (e.g. L1)

RT ext. community

RT-a

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

Tunnel Type – Ingress

Replication or P2MP LSP

Mcast MPLS Label – used to

transmit BUM traffic -

downstream assigned (ing.

repl.) or upstream assigned

(Aggregate Inclusive P2MP

LSP2)

PMSI - P-Multicast Service Interface

BUM – Broadcast / Unknown Unicast / Multicast


adv. PE per EVI

RT – RT associated with a

given EVI

PE 2 Inclusive Multicast Route

RD = RD-2a


Tunnel Type (e.g. Ing. Repl.)

Label (e.g. L2)

RT ext. community

RT-a

(1) Inclusive Multicast Route advertized per I-SID

(2) Multicast MPLS label is not set for Inclusive Trees (P2MP LSP)

Flows and Use Cases PBB-EVPN Life of a Packet

46


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a Packet Ingress Replication – Multi-destination Traffic Forwarding

47

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

VID 100

SMAC: M1

DMAC: F.F.F

Mcast MPLS Label

assigned by PE3 for

incoming BUM traffic

on a given EVI

PSN MPLS label to

reach PE3

PE4 – non-DF for

given I-SID drops

BUM traffic PE2 – drops BUM

traffic originated on

same source B-

MAC (B-M1)

PE1 receives broadcast

traffic from CE1. PE1

adds PBB encapsulation

and forwards it using

ingress replication – 3

copies created PE3 – as DF, it

forwards BUM

traffic towards

segment

PE 2 Inclusive Multicast

Route

RD = RD-2a


Tunnel Type = Ing. Repl.

Label = L2

RT ext. community

RT-a

Mcast MPLS Label – used to

transmit BUM traffic -

downstream assigned (for

ingress replication)

During start-up sequence,

PE1, PE2, PE3, PE4 sent

Inclusive Multicast route

which include Mcast label

B-M1

B-M1

B-M2

B-M2

B-M1

B-M1

B-M2

B-M2

L2 PBB

L3 PBB

L4 PBB

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M1

Data-plane based

MAC learning for

C-MAC / B-MAC

association


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a Packet (cont.) Unicast Traffic Forwarding and Aliasing

48

PE1 MAC Route

RD = RD-1a

ESI = all 1s

MAC = B-M1

Label = L1

RT ext. community

RT-a

PE3 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

VID 100

SMAC: M1

DMAC: F.F.F

MP2P VPN Label –

downstream allocated label

used by other PEs to send

traffic to advertised MAC

MAC advertised by

route

B-M1

B-M1

B-M2

B-M2

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M1

During start-up sequence,

PE1 & PE2 advertised

MAC route for B-MAC (B-

M1)

PE2 MAC Route

RD = RD-2a

ESI = all 1s

MAC = B-M1

Label = L2

RT ext. community

RT-a

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

MP2P VPN Label

assigned by PE2 for

incoming traffic for

target EVI

PSN MPLS label to

reach PE2

PE3 forwards traffic

on a flow (flow 2) to

M1 using B-MAC B-

M1 towards PE2

VID 100

SMAC: M4

DMAC: M1

MP2P VPN

Label assigned

by PE1 for

incoming traffic

for target EVI

PSN MPLS label to

reach PE1

PE3 forwards traffic

on a flow (flow 1) to

M1 using B-MAC B-

M1 towards PE1

VID 100

SMAC: M3

DMAC: M1

B-M1

B-M1

B-M2

B-M2

L2 PBB

L1 PBB

Data-plane based

MAC learning for C-

MAC / B-MAC

association

Flows and Use Cases PBB-EVPN Operational / Failure scenarios

50


PBB-EVPN Operational Scenarios MAC Mobility

51

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

VID 100

SMAC: M1

DMAC: M2

PE1 learns C-MAC M1 on local

port and forwards across core

according to C-MAC DA to

Remote B-MAC mapping

1 Host M1 moves

from CE1 to CE3’s

location

3

M1 M1 M1

VID 100

SMAC: M1

DMAC: F.F.F

Via data-plane

learning, PE3 learns

C-MAC M1 via B-

MAC B-M1

2

After host sends traffic at

new location, PE3 updates

C-MAC M1 location (local

port.) PE3 also forwards

across core according to C-

MAC DA to Remote B-MAC

mapping

4

Via data-plane

learning, PE1

updates C-MAC M1

location (via B-MAC

B-M2)

5

B-M1

B-M1

B-M2

B-M2

L1 L2 PBB

PE1 MAC Table

I-SID xyz

C-MAC B-MAC

M1 -

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M1

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 -

PE1 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M2 1

4

1 4

2

5

B-M1

B-M1

B-M2

B-M2

L3 L4 PBB

MAC Mobility event handled entirely by data-

plane learning


PBB-EVPN Failure Scenarios / Convergence Link / Segment Failure – Active/Active per Flow

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

PE1 withdraws B-MAC

advertised for failed

segment (B-M1)

2

PE2 reruns DF election.

Becomes DF for all I-

SIDs on segment

4

PE3 / PE4

remove PE1 from

path list for B-

MAC (B-M1)

3

PE1 detects failure

of one of its

attached segments

1

PE1

B-M1

B-M1

B-M2

B-M2

PE1 withdraws Ethernet

Segment Route

2


PBB-EVPN Failure Scenarios / Convergence PE Failure

53

Core Isolation

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

BGP RR / PE2 detects

BGP session time-out

with PE1

2 PE3 / PE4

invalidate routes

from PE1

3

PE1 experiences a

node failure (e.g.

power failure)

1 BGP RR / PE3 detects


with PE1

2



SIDs on segment

4

BGP RR / PE4

detects BGP

session time-

out with PE1

2

PE1

B-M1

B-M1

B-M2

B-M2

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB

VPN MAC ESI

RT-a M1 ES1

Path List

NH

PE1

PE2

BGP RR / PE2

detects BGP

session time-

out with PE1

2 PE3 / PE4

invalidate routes

from PE1

4

BGP RR / PE3 detects


with PE1

2



SIDs on segment

5

BGP RR / PE4

detects BGP

session time-

out with PE1

2

PE1

PE1 looses

connectivity to the

core

1

LACP PDU

PE1 sends LACP

OUT_OF_SYNC for

CE1 to take port out

of the bundle

3

B-M1

B-M1

B-M2

B-M2

Flows and Use Cases EVPN VPWS

54


EVPN VPWS

xEVPN is next generation solution for Ethernet services

– Relies on BGP control-plane for Segment / MAC learning reachability among PEs

– Same principles as L3VPNs

Benefits of xEVPN solutions

– No signaling of PWs. Instead signals MP2P LSPs instead (ala L3VPN)

– All-active CE multi-homing (per-flow LB)

Solution for P2P services uses a subset of EVPN routes

– i.e. Per-EVI Ethernet Auto-Discovery route

– Handles double-sided provisioning with remote PE auto-discovery

– draft-boutros-l2vpn-evpn-vpws

55

xEVPN

EVPN PBB-EVPN EVPN-

VPWS

E-LINE E-LAN


EVPN VPWS Control-Plane Operation

56

MPLS

PE1

CE1 PE2

CE2

PE 1 Eth A-D Route

RD = RD-1a

ESI = ESI1

Label (e.g. X)

RT ext. community

RT-a

PE2 RIB

VPN MAC ESI

RT-a - ES1

Path List

NH

PE1

PE 2 Eth A-D Route

RD = RD-2a

ESI = ESI2

Label (e.g. Y)

RT ext. community

RT-a

PE1 RIB

VPN MAC ESI

RT-a - ES2

Path List

NH

PE2

ES1 ES2

RT – RT associated with a

given EVI


adv. PE per EVI MPLS Label – (downstream

assigned) used by remote

PEs to reach segment

ESI – 6-byte system id + 4-

byte local AC-ID

VPWS Service Config:

EVI = 100

Local AC ID = ES1

Remote AC ID = ES2

VPWS Service Config:

EVI = 100

Local AC ID = ES2

Remote AC ID = ES1

Use Cases

57


PBB-EVPN Model Cisco ASR 9000

BD

EVPN

Forwarder BD

BD

Physical Interface

BD I-SID x

Ethernet Flow Point (EFP):

Matches traffic from user-

defined vlans

PBB Edge

Bridges Domain PBB Core

Bridges Domain

I-SID y

I-SID z

• Ethernet

Segment

Identifier (ESI)

• Source B-MAC

Physical Interface

• ESI

• Source B-MAC

BD

EVI aaa

EVI bbb

EoMPLS Access PW


PBB-EVPN Sample Use Access

59

Null Ethernet Segment Identifier (ESI)

PE1

CE1

MPLS Core

PE2

BMAC 1 ESI W

BMAC 1 ESI W

Dual Home Device (DHD) Active / Active Per-Flow LB

VID X

VID X

PE1

CE1

MPLS Core

PE2

BMAC 2 ESI W

BMAC 1 ESI W

Dual Home Device (DHD)

Active / Active Per-Service LB

VID X

VID Y

PE1

CE1

MPLS Core

ESI Null

Single Home Device (SHD) Single Home Network (SHN)

VID X

VID X

Identical B-MAC on PBB-

EVPN PEs (PE1 / PE2)

Identical ESI on PBB-EVPN

PEs

Different B-MAC on PBB-



PEs

Per service (I-SID) carving

(manual or automatic)

CE2

ESI Null


PBB-EVPN Sample Use Access (cont.)

60

PE1

CE1

MPLS Core

PE3

BMAC 1 ESI W

BMAC 1 ESI W

Multi Home Device (MHD) Active / Active Per-Flow LB

VID X

VID X

Multi Home Device (MHD)

Active / Active Per-Service LB

More than two (2) PEs in

redundancy group

Same as DHD Act/Act per-

flow LB

More than two (2) PEs in

redundancy group

Same as DHD Act/Act per-

service LB

PE2

PE1

CE1

MPLS Core

PE3

BMAC 3 ESI W

BMAC 1 ESI W

VID X

VID Z

PE2

VID Y VID X

BMAC 1 ESI W

BMAC 2 ESI W


PBB-EVPN Sample Use Access (cont.)

61

PE1

MPLS Core

PE2 CE2

CE1

G.8032

Open Sub-ring

Dual Home Network (DHN) ITU-T G.8032

Treated as SHN by PBB-


‒ Null ESI; No DF election / No

service carving

Ring operation controlled by

R-APS protocol

PE1

MPLS Core

PE2 CE2

CE1

REP

Dual Home Network (DHN) REP

Treated as SHN by PBB-


‒ Null ESI; No DF election / No

service carving

Segment operation controlled

by REP protocol

R-APS

RPL

Link

ALT

port

REP

Edge No

Neighbour

REP-AG REP-AG

PE1

PE2 CE2

CE1

Dual Home Network (DHN) Active / Active Per-Service LB

MPLS Core

Different B-MAC on PBB-



PEs

Per service (I-SID) carving

(manual or automatic)

ESI Null

ESI Null

ESI Null

ESI Null BMAC 2 ESI W

BMAC 1 ESI W

VID X

VID Y

VID X

VID Y

VID X

VID Y

VID X

VID Y

VID X

VID Y

PBB-EVPN IOS-XR Implementation Configuration and Examples

62


PBB-EVPN Single Home Device (SHD)

63

PE1

interface Bundle-Ether1.777 l2transport

encapsulation dot1q 777

l2vpn

bridge group gr1

bridge-domain bd1

interface Bundle-Ether1.777

pbb edge i-sid 100 core-bridge-domain core_bd1

bridge group gr2

bridge-domain core_bd1

pbb-core

evpn evi 1000

router bgp 64

address-family l2vpn evpn

!

neighbor <x.x.x.x>

remote-as 64


PE1

CE1 MPLS Core

Bundle-Eth1.777

PBB B-component

No need to define B-VLAN

Mandatory - Globally

unique identifier for all PEs

in a given EVI

PBB I-component

Includes I-SID assignment

BGP configuration with

new EVPN AF

MINIMAL Configuration

Global B-MAC SA

Auto RT for EVI

Auto RD for EVI

Auto RD for Segment Route

Note: MPLS / LDP configuration

required on core-facing interfaces (not

shown)


PBB-EVPN Dual Home Device (DHD) Active / Active per-FLOW Load Balancing

64

PE1

CE1

MPLS Core

PE2

Bundle-Eth25.1

Bundle-Eth25.1

PE1

redundancy

iccp

group 66

mlacp node 1

mlacp system mac 0aaa.0bbb.0ccc

mlacp system priority 1

mode singleton

interface Bundle-Ether25

mlacp iccp-group 66



l2vpn

bridge group gr1

bridge-domain bd1



bridge group gr2


pbb-core

evpn evi 1000

router bgp 64


neighbor <x.x.x.x> remote-as 64


ICCP in singleton mode (i.e.No

peer neighbor configuration)

PE2 should use same RG

number

PE 2 should use different mlacp

node id

PE2 should use same mlacp

system mac and system priority

PBB I-component and B-

component configuration. ISIDs

must match on both PEs


Mandatory EVI ID configuration


new EVPN AF


Auto ESI

Auto B-MAC SA

A/A Per-flow LB (default)

Auto RT for EVI

Auto RD for EVI


Note: MPLS / LDP configuration


shown)


PBB-EVPN Dual Home Device (DHD) Active / Active per-Service Load Balancing and Dynamic Service Carving

65

PE1

CE1

MPLS Core

PE2

Bundle-Eth25

Bundle-Eth25

PE1



evpn

interface Bundle-Ether25

ethernet-segment

identifier system-priority 1 system-id 0000.0b25.00ce

load-balancing-mode per-service

l2vpn

bridge group gr1

bridge-domain bd1



bridge group gr2


pbb-core

evpn evi 1000

router bgp 64


neighbor <x.x.x.x> remote-as 64



Global B-MAC SA

Default Service Carving

Auto RT for EVI

Auto RD for EVI


A/A per-service (per-ISID)

load balancing with

dynamic Service Carving

ESI must match on both

PEs


new EVPN AF

PBB I-component and B-

component configuration.

ISIDs must match on both

PEs


Mandatory EVI ID

configuration Note: MPLS / LDP configuration


shown). ICCP (singleton) config (not

shown)

Summary

66


Summary

EVPN / PBB-EVPN are next-generation L2VPN solutions based on a BGP control-plane for MAC distribution/learning over the core

EVPN / PBB-EVPN were designed to address following requirements:

– All-active Redundancy and Load Balancing

– Simplified Provisioning and Operation

– Optimal Forwarding

– Fast Convergence

In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy provides:

– Simplified control plane operation and faster convergence

– Scale to Millions of C-MAC (Virtual Machine) Addresses

– MAC summarization co-existence with C-MAC (VM) mobility

EVPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethernet use cases

67


Complete your online session evaluation

Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt

Complete Your Online Session Evaluation

68


Acronyms— IP and MPLS

70

Acronym Description

AC Attachment Circuit

AS Autonomous System

BFD Bidirectional Failure Detection

CoS Class of Service

ECMP Equal Cost Multipath

EoMPLS Ethernet over MPLS

EVPN Ethernet Virtual Private Network

EVI EVPN Instance

FRR Fast Re-Route

IGP Interior Gateway Protocol

LDP Label Distribution Protocol

LER Label Edge Router

LFIB Labeled Forwarding Information Base

LSM Label Switched Multicast

LSP Label Switched Path

LSR Label Switching Router

MPLS Multi-Protocol Label Switching

NLRI Network Layer Reachability Information

PSN Packet Switch Network

Acronym Description

PW Pseudo-Wire

PWE3 Pseudo-Wire End-to-End Emulation

QoS Quality of Service

RD Route Distinguisher

RIB Routing Information Base

RR Route Reflector

RSVP Resource Reservation Protocol

RSVP-TE RSVP based Traffic Engineering

RT Route Target

TE Traffic Engineering

tLDP Targeted LDP

VC Virtual Circuit

VCID VC Identifier

VFI Virtual Forwarding Instance

VPLS Virtual Private LAN Service

VPN Virtual Private Network

VPWS Virtual Private Wire Service

VRF Virtual Route Forwarding Instance

VSI Virtual Switching Instance


Acronyms— Ethernet/Bridging

71

Acronym Description

ACL Access Control List

BD Bridge Domain

BPDU Bridge Protocol Data Unit

CE Customer Equipment (Edge)

C-VLAN / CE-VLAN

Customer / CE VLAN

CoS Class of Service

DHD Dual Homed Device

LACP Link Aggregation Control Protocol

LAN Local Area Network

MEF Metro Ethernet Forum

MEN Metro Ethernet Network

MIRP Multiple I-Tag Registration Protocol

mLACP Multi-Chassis LACP

MST / MSTP Multiple Instance STP

MSTG-AG MST Access Gateway

Acronym Description

MVRP Multiple VLAN Registration Protocol

PE Provider Edge device

PoA Point of Attachment

REP Resilient Ethernet Protocol

REP-AG REP Access Gateway

RG Redundancy Group

STP Spanning Tree Protocol


Acronym Description

B-BEB B-Component BEB

BCB Backbone Core Bridge

B-DA Backbone Destination Address

BEB Backbone Edge Bridge

B-MAC Backbone MAC Address

B-SA Backbone Source Address

B-Tag B-VLAN Tag

B-VLAN Backbone VLAN

C-DA Customer Destination Address

CE Customer Equipment (Edge)

C-MAC Customer MAC Address

C-SA Customer Source Address

80 C-VLAN Tag

C-VLAN / CE-VLAN

Customer / CE VLAN

DA Destination MAC Address

FCS Frame Check Sequence

IB-BEB Combined I-Component & B-Component BEB

Acronym Description

I-BEB I-Component BEB

IEEE Institute of Electrical and Electronics Engineers

I-SID Instance Service Identifier

I-Tag I-SID Tag

MAC Media Access Control

N-PE Network-facing Provider Edge device

PB Provider Bridge

PBB Provider Backbone Bridge / Bridging

PBBN Provider Backbone Bridging Network

PBN Provider Bridging Network

PE Provider Edge device

Q-in-Q VLAN tunneling using two 802.1Q tags

SA Source MAC Address

S-Tag S-VLAN Tag

S-VLAN Service VLAN (Provider VLAN)

UNI User to Network Interface

U-PE User-facing Provider Edge device

VLAN Virtual LAN

Acronyms— Provider Backbone Bridging

72

Documents

BRKMPL-2333-EVPN