Configuring EVPN

Configuring BGP-EVPN and VCS on CVX

Configuring BGP-EVPN

Configuring VNI Bundle

A VNI-aware-bundle represents a MAC-VRF that contains Layer 2 route entries from all VXLAN Network Identifiers (VNI) available across multiple DCs. Use the vni-aware-bundle command available on CVX to create a MAC-VRF.

Note: This command is not available on switches.

Example

cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1 
cvx(config-macvrf-bundle1)# 

Configuring RD and RT in VNI Bundle

Use the rd (Router-BGP VRF and VNI Configuration Modes) command to add a Route Distinguisher (RD) for uniquely identifying Layer 2 routes for the VNI bundle. Use the route-target command to configure a well-known extended community that is attached to the routes exported by BGP-EVPN; and to import routes with the specified well-known extended community into the MAC-VRF that corresponds to the VNI bundle.

Example

cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1
cvx(config-macvrf-bundle1)# rd 530:12
cvx(config-macvrf-bundle1)# route-target both 530:12

Enabling Redistribution of Bridging Information

After the VNI aware bundle is created, use the redistribute service VXLAN command to redistribute the Layer 2 bridging information received from VCS.

Example

cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1
cvx(config-macvrf-bundle1)# redistribute service VXLAN

Disabling Next-Hop Resolution in BGP-EVPN

When BGP-EVPN module receives a route from its BGP peer, it generally tries to resolve the next-hop indicated in the route. However in the DCI topology, the routes coming from a CVX in another DC contains next-hops (VTEP addresses) that may not be reachable from the CVX receiving the route. Use the next-hop resolution disabled command to disable the next-hop resolution on routes received from BGP-EVPN peers.

Note: CVX is a part of the control plane and it is only connected to the VTEPs in its own DC. It does not have IP connectivity to the VTEPs in a different DC.

Example

cvx(config)# router bgp 100
cvx(config-router-bgp)# address-family evpn
cvx(config-router-bgp-af)# next-hop resolution disabled

Configuring VCS

Enabling Redistribution of BGP-EVPN Routes

Use the redistribute bgp evpn VXLAN command to redistribute BGP-EVPN routes to VCS, which, in turn advertises them to all VTEPs within the DC.

Example

cvx(config)# cvx
cvx(config-cvx)# no shutdown
cvx(config-cvx)# service VXLAN
cvx(config-cvx-VXLAN)# no shutdown
cvx(config-cvx-VXLAN)# redistribute bgp evpn VXLAN

EVPN MPLS Virtual Private Wire Service (VPWS)

Traffic to / from a given Attachment Circuit (AC) without any MAC lookup / learning can be forwarded using EVPN MPLS VPWS, which uses BGP for signalling. Port based and VLAN based services are supported.

Configuring EVPN MPLS VPWS

Configure the patch panel to specify the connection of the ACs to the VPWS service instances, and then the VPWS service instance, which is part of BGP. Finally, configure the individual participating ACs.

Patch Panel Configuration

The following configures the local AC as Ethernet2 interface and the remote VPWS service instance as evi-1 and pseudowire pw1.
patch panel
            patch port
                connector 1 interface Ethernet2
                connector 2 pseudowire bgp vpws evi-1 pseudowire pw1
The following configures the local AC as Ethernet3.1 subinterface and the remote VPWS service instance as evi-1 and pseudowire pw2.
patch panel
             patch subintf
                 connector 1 interface Ethernet3.1
                 connector 2 pseudowire bgp vpws evi-1 pseudowire pw2
Note: Connector ID is optional.

VPWS Service Instance Configuration

The following configures the VPWS service instance with the BGP vpws sub mode. This defines an EVPN instance under which any number of VPWS service instances can be configured. The BGP configuration itself can also define multiple EVPN instances under multiple vpws blocks, each with a unique name and Route-Distinguisher (RD) value. Only the mpls control-word and mtu value configuration items are optional; the rest are required for proper operation.
router bgp 1
   neighbor 10.0.0.1 remote-as 1
   neighbor 10.0.0.1 send-community extended
   neighbor 10.0.0.1 maximum-routes 12000
   !
   vpws evi-1
      rd 10.2.2.2:2
      route-target import export evpn 0.0.0.0:1
      mpls control-word
      !
      pseudowire pw1
         evpn vpws id local 2001 remote 1001
      !
      pseudowire pw2
         evpn vpws id local 2002 remote 1002
   !
   address-family evpn
      neighbor default encapsulation mpls next-hop-self source-interface Loopback0
      neighbor 10.0.0.1 activate

  
Note:It is strongly recommended that 'mpls control-word' is always enabled, when possible, to avoid any potential mis-forwarding where the PWE frames may be incorrectly interpreted as having an IP, as opposed to Ethernet, payload.

Attachment Circuit Configuration (double-tagged L3 subinterfaces)

The following configures the AC in Port mode.
interface Ethernet2
   no switchport
Note:Use Ethernet or Port-channel interface for Port mode.
The following configures the AC in VLAN mode.
interface Ethernet3
   no switchport
interface Ethernet3.1
   encapsulation dot1q vlan 1
Note:Use subinterfaces for VLAN mode.
The following configures the AC in Flexible Encapsulation mode. The client after 'network' preserves the corresponding client encapsulation specification.
interface Ethernet3
   no switchport
interface Ethernet3.1
   encapsulation vlan
   client dot1q 11 network client

Flexible Encapsulation EVPN MPLS VPWS

Flexible encapsulation enables the following actions for tags.
  • Remove incoming encapsulation tag(s) and forward
  • Preserve incoming encapsulation tag(s) and forward
  • Replace one or two tags when forwarding in encapsulation and decapsulation directions

Thetable below explains the encapsulation and decapsulation behaviors for the various FlexEncap options. Applying a Flexible Encapsulation with a network specification to a subinterface creates a bidirectional mapping table that is applied to the sub-interface. The mapping embodied in this table is applied from client to network in the encap direction, and network to client in the decap direction.

Example Behavior
client dot1q 10

From Client: match VLAN ID 10, consume and forward

To Client: add VLAN ID 10 before transmit

client dot1q 10 inner 20

From Client: match VLAN IDs 10, 20 consume and forward

To Client: add VLAN ID 10, 20 before transmit

client dot1q 10 network client

From Client: match VLAN ID 10 and retain it.

From Network: match vlan=10, retain.

client dot1q outer 10 inner 20 network client

From Client: match VLAN IDs 10, 20 and retain both.

From Network: match vlan=10,20, retain both.

client dot1q 10 network dot1q 100
client dot1q 10 network dot1q 100

From Client: match VLAN ID 10, consume. Before forwarding, write vlan=100.

From Network: match vlan=100, consume. Before transmit, write vlan=10.

client dot1q outer 10 inner 20 network dot1q outer 100 inner 200

From Client: match VLAN IDs 10, 20, and consume them. Before forwarding, write vlan=100,200.

From Network: match vlan=100, 200, consume. Before transmit, write vlan=10, 20.

The following configures FlexEncap ona subinterface as a local connector and LDP pseudowire as remote connector.
  • Packets received on Ethernet3/1 with outermost 802.1q VLAN tag of 1000 get mapped to sub-interface Ethernet3/1.1000.
  • The tag of 1000 is preserved and forwarded to pseudowire PW1.
  • Packets terminating on PW1 get forwarded to Et3/1.1000 and get transmitted out with VLAN tag of 1000.
interface Ethernet3/1.1000
   encapsulation vlan
      client dot1q 1000 network client
patch panel
   patch patch-1
      connector 1 interface Ethernet3/1.1000
      connector 2 pseudowire ldp PW1

Displaying EVPN MPLS VPWS Configuration

This command shows both the client encapsulation and network encapsulation configured on sub-interfaces.
switch(config-if-Et3/1.1003)# show interfaces encapsulation vlan
Interface                 Status       Client Encapsulation      Network Encapsulation
------------------------- ------------ ---------------------------------------------------
Ethernet3/1.1000       active       dot1q outer 1000
Ethernet3/1.1001       active       dot1q outer 1001             client
Ethernet3/1.1002       active       dot1q outer 1002 inner 102
Ethernet3/1.1003       active       dot1q outer 1003 inner 103   client
Ethernet3/1.1004       active       dot1q outer 1004             dot1q 2004
Ethernet3/1.1005       active       dot1q outer 1005 inner 104   dot1q outer 2005 inner 204
This command shows output of a patch with sub-interface as the local connector and VPWS as the remote connector.
switch(config-if-Et3/1.1003)# show patch panel PP_1000

Patch   Connector                             Status
------- ------------------------------------- ------
PP_1000 1: Ethernet3/1.1000                Up
        2: BGP VPWS VPWS_1 Pseudowire PW_1000

tg481.12:19:52(s2)(config-if-Et3/1.1003)#show patch panel PP_1000 detail
PW Fault Legend:
   ET-IN - Ethernet receive fault
   ET-OUT - Ethernet transmit fault
   TUN-IN - Tunnel receive fault
   TUN-OUT - Tunnel transmit fault
   NF - Pseudowire not forwarding (other reason)

Patch: PP_1000, Status: Up
   Connector 1: Ethernet3/1.1000
      Status: Up
   Connector 2: BGP VPWS VPWS_1 Pseudowire PW_1000
      Status: Up
      Local MPLS label: 135363
         MTU: 1600, Control word: Y
      Neighbor 103.37.123.72, MPLS label: 136350
         Tunnel type: SR-TE Policy, Tunnel index: 132
         MTU: 1600, Control word: Y
      EVPN VPWS type: VLAN-based

Tag Matching Semantics

The matching rules are applied on a 'longest matching tag sequence' basis when rules are configured for multiple subinterfaces of a parent port. Considering the following rules on the same parent, the receive (encap) and transmit (decap) rule application is shown in the following tables.

Rule 1:
interface Ethernet 10.1
  encapsulation vlan
    client dot1q 11 network client
Rule 2:
interface Ethernet 10.2
  encapsulation vlan
    client dot1q 11 inner 20 network client

The receive (encap) matching behavior is as follows.

Received Packet Matching Rule
outer=11, inner=20 Rule #2
single tag with 11 Rule #1
double tag with 11, not 20 Rule #1

The transmit (decap) matching behavior is as follows.

Forwarded Packet Matching Rule
outer=11, inner=20 Rule #2
single tag with 11 Rule #1
double tag with 11, not 20 Rule #1