Apricot2014 - E-VPN & Pbb-evpn the Next Generation of Mpls-based l2vpn

8/10/2019 Apricot2014 - E-VPN & Pbb-evpn the Next Generation of Mpls-based l2vpn

1/59


2/59

E-VPN & PBB-EVPN: the Next Generaof MPLS-based L2VPN

[email protected]

[email protected]

[email protected]


3/59

2014 Cisco and/or its affiliates. All rights reserved.

Agenda

Technical Overview

Flows and Use Cases Ciscos PBB-EVPN Implementation

Summary


4/59

Technical OverviewHighlights and Solution Requirements


5/59


Data Center Interconnect requirements not fully addressed by curr

L2VPN technologies

DCI Brings New Requirements

Ethernet Virtual Private Network (E-VPN) and Provider Backbone

EVPN (PBB-EVPN)designed to address these requirements

All-active Redundancy and Load

Simplified Provisioning and Oper

Optimal Forwarding

Fast Convergence

MAC Address Scalability


6/59 2014 Cisco and/or its affiliates. All rights reserved.

Towards EVPN

Existing VPLS solutions do not offer an

All-Active per-flow redundancy Looping of Traffic Flooded from PE

Duplicate Frames from Floods from theCore

MAC Flip-Flopping over Pseudowire

E.g. Port-Channel Load-Balancing does notproduce a consistent hash-value for a framewith the same source MAC (e.g. non MACbasedHash-Schemes)

Solve Challenges of VPLS for All-Active Redundancy

PE1

PE2

PCE1

Echo !

PE1

PE2

PCE1

M1

M1

PE1

PE2

PE

P

CE1MAC

Flip-Flop

M1



Solution Requirements

All-Active Redundancy to maximize bisectional bandwidth

Load-balance traffic among PEs and exploit core ECMP based on flow entbe L2/L3/L4 or combinations)

Support geo-redundant PE nodes with optimal forwarding

Flexible Redundancy Grouping of PEs

All-Active Redundancy and Load Balancing

WAN

Site 1Site 2

Site N

Flow-based Load

balancing

Flow-based Multi-pathing

Backdoor




Active / Active Multi-Homing withflow-based load balancing in CEto PE direction

Maximize bisectional bandwidth

Flows can be L2/L3/L4 or combinations

Flow-based load balancing in PEto PE direction

Multiple RIB entries associated for agiven MAC

Exercises multiple links towards CE

All-Active Redundancy and Load Balancing (cont.)

P

E

P

E

Vlan X -

F1

Vlan X

F2

Flow Based Load-balancingCE to PE dire

P

E

P

E

Flow Based Load-balancing

PE to PE dire

Vlan X -

F1Vlan X

F2



Flow-based Multi-Pathing

Load balancing acrossequal cost multiple pathsin the MPLS core

Load balancing at PE andP routers based on

Entropy MPLS labels

Solution RequirementsAll-Active Redundancy and Load Balancing (cont.)

PE

PE

P

P

P

P

Flow Based Multi-Pathing in the CoreVlan X - F1Vlan X

F2Vlan X

F3Vlan X

F4




Server Virtualization fueling growth in MAC Address scalability: 1 VM = 1 MAC address.

1 server = 10s or 100s of VMs

MAC address scalability most pronounced on Data Center WAN Edge for Lextensions over WAN.

Example from a live network: 1M MAC addresses in a single SP data center

MAC Address Scalability

WAN

DC Site 1

DC Site 2DC S

1Ks

10Ks

1Ms

N * 1M



Next generation solution for Ethernet

multipoint connectivity services Leverage similarities with L3VPN

PEs run Multi-Protocol BGP toadvertise & learn MAC addresses overCore

Learning on PE Access Circuits viadata-plane transparent learning

No pseudowire full-mesh required Unicast: use MP2P tunnels

Multicast: use ingress replication over MP2Ptunnels or use LSM

Under standardization at IETFdraft-ietf-l2vpn-evpn

Ethernet VPN

Highlights

MPLS

PE1

CE1

PE2

VID 100

SMAC: M1

DMAC: F.F.F

BGP MAC adv

E-VPN NLRI

MAC M1 via PE

Data-plane addresslearning from Access

Control-plane addr

advertisement / leaover Core



Combines Ethernet Provider Backbone Bridging

(PBB - IEEE 802.1ah) with Ethernet VPN PEs perform as PBB Backbone Edge Bridge (BEB)

Reduces number of BGP MAC advertisementsroutes by aggregating Customer MACs (C-MAC) via Provider Backbone MAC (B-MAC)

Addresses virtualized data centers with C-MAC countinto the millions

PEs advertise local Backbone MAC (B-MAC)

addresses in BGP C-MAC and C-MAC to B-MAC mapping learned in

data-plane

Under standardization at IETFdraft-ietf-l2vpn-pbb-evpn

PBB Ethernet VPN

Highlights

MPLS

PE1

CE1

PE2

B-MAC:B-M1

BGP MAC adv.

E-VPN NLRI

MAC B-M1 via P

B-MAC:

B-M1

Control-plane

advertisemen

over Core (B-M

Data-plane address

learning from Access

Local C-MAC to local B-

MAC binding

Data-plane address

learning from Core

Remote C-MAC to remoteB-MAC binding


13/59

Technical OverviewConcepts



E-VPN / PBB-EVPN Concepts

Ethernet Segment

Represents a site

connected to one or more

PEs Uniquely identified by a

10-byte global Ethernet

Segment Identifier (ESI)

Could be a single device

or an entire network

Single-Homed Device (SHD)

Multi-Homed Device (MHD)

Single-Homed Network (SHN)

Multi-Homed Network (MHN)

BGP Routes

E-VPN and PBB-EVPN

define a single new BGP

NLRI used to carry all E-VPN routes

NLRI has a new SAFI (70)

Routes serve control

plane purposes,

including:

MAC address reachability

MAC mass withdrawal

Split-Horizon label adv.

Aliasing

Multicast endpoint discovery

Redundancy group discovery

Desi nated forwarder election

E-VPN Instance (EVI)

EVI identifies a VPN in the

network

Encompass one or morebridge-domains,

depending on service

interface type

Port-based

VLAN-based (shown above)

VLAN-bundling

VLAN aware bundling (NEW)

New

com

Expcarr

incl

MAC

C-M

Red

MAC

Spli

P

E

BD

BD

EVI

EVI

PE1

PE2

CE1

C

E2

SHD

MHD

ESI1

ESI2

Route Types

[1] Ethernet Auto-Discovery (AD) Route

[2] MAC Advertisement Route

[3] Inclusive Multicast Route

[4] Ethernet Segment Route

E

ESI MP

ES-Imp

MAC M

Default


15/59


E-VPN Instance (EVI) & Service Interfaces

E-VPN Instance (EVI) identifies a VPN in the MPLS/IP network

EVI may encompass one or more bridge-domains, depending o

interface type:

C

E

CE

U

NI

U

NI

U

NI

Port Based Service

InterfaceAll CE-

VLANs

VPN A

PE

BDEVI

C

E

C

E

U

NI

U

NI

U

NI

VLAN Based Service

Interface

VLA

N X

VLAN

Y

VPN

A VPN

B

P

E

BD

BD

EVI

EVI

C

E

C

E

U

NI

U

NI

U

NI

VLAN Bundling Service

InterfaceCE-

VLAN

subsetVPN

A

PE

BDEVI

U

NI

VLAN A

InterfacCE-

VLAN

subset


16/59


Ethernet SegmentDefinition

Ethernet Segment is a site connected to one or more PEs

Ethernet Segment could be a single device(i.e. CE) or an entire network Single-Homed Device (SHD)

Multi-Homed Device*(MHD) using Ethernet Multi-chassis Link Aggregation Group

Single-Homed Network (SHN)

Multi-Homed Network*(MHN)

Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI)

PE1

PE2

PE4

PE3

CE1

CE2

CE6CE3

CE4

CE5

SHD

MHDMHN

SHNMHD

ESI1

ESI2

ESI3

E

PE5

(*) Includes Dual-Home


17/59


Ethernet Segment

ESI Auto-Sensing

MHD with Multi-chassis LAG

ESI is auto-discovered via LACP

ESI is encoded using the CEs LACPparameters:

PE1

PE2

CE

LACPDU

LACPDU

MPLS

MHN with

ESI is auto-discove

snooping

ESI is encoded usin

parameters:

PMST

CE1

CE2

BPDU

BPDU

System

Priority

2 bytes 6 bytes 2 bytes

System MAC

AddressPort Key Bridge Priority

2 bytes 6 bytes

Root Bridge M


18/59


Split Horizon

For Ethernet SegmentsE-VPN

PE advertises in BGP a split-horizon label (ESI MPLS Label) associated weach multi-homed Ethernet Segment

Split-horizon label is only used for multi-destination frames (UnknownUnicast, Multicast & Broadcast)

When an ingress PE floods multi-destination traffic, it encodes the Split-Horizon label identifying the source Ethernet Segment in the packet

Egress PEs use this label to perform selective split-horizon filtering over thattachment circuit

PE1

PE2

CE1

ESI-1

CE4

Challenge:

How to prevent flooded traffic from echoing

back to a multi-homed Ethernet Segment?Echo !


19/59


Split Horizon

For Ethernet SegmentsPBB-EVPN

PEs connected to the same MHD use the same B-MAC address for theEthernet Segment

1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based

Disposition PEs check the B-MAC source address for Split-Horizon filterin

Frame not allowed to egress on an Ethernet Segment whose B-MAC matches theMAC source address in the PBB header

PE1

PE2

CE1

ESI-1

CE4

Challenge:

How to prevent flooded traffic from echoing

back to a multi-homed Ethernet Segment?Echo !

B-MAC1

B-MAC1


20/59


Split Horizon

For Core Tunnels

Traffic received from an MPLS tunnel over the core is never forwa

back to the MPLS core This is similar to the VPLS split-horizon filtering rule

PE1

PE2

CE1

ESI-1

CE4

Challenge:

How to prevent flooded traffic from looping back

over the core?Loop !


21/59


Designated Forwarder (DF)

DF Election

PEs connected to a multi-homed Ethernet Segment discover each othBGP

These PEs then elect among them a Designated Forwarder responsibforwarding flooded multi-destination frames to the multi-homed Segm

DF Election granularity can be:

Multiple DFs for load-sharing

Per Ethernet Tag on Ethernet Segment (E-VPN)

Per I-SID on Ethernet Segment (PBB-EVPN)

PE1

PE2

CE1

ESI-1Challenge:

How to prevent duplicate copies of flooded

traffic from being delivered to a multi-homed

Ethernet Segment?


22/59


Designated Forwarder (DF)

DF FilteringMHD All-Active with Per-Flow Load Balancing

PE1

PE2

CE

MPLS

MHD / MHN All-Active with

Load Balancin

PE1

PE2 MMHNCE1

CE2

PE1

PE2

CE

MPLS

Filtering

Direction:

Core to Segment

Filtered Traffic: Flooded multi-destination

Filtering

Direction:

Core t

Segm

Filtered Traffic: Flood

destin

Unica

!DF Filtering

DF Filtering

!

DF Filtering

!

Multi-destination

Traffic

Unicast Traffic

Legend


23/59


Aliasing

E-VPN

PEs advertise in BGP the ESIs of local multi-homed Ethernet Seg

All-Active Redundancy Mode indicated

When PE learns MAC address on its AC, it advertises the MAC inalong with the ESI of the Ethernet Segment from which the MAC wlearnt

Remote PEs can load-balance traffic to a given MAC address acrPEs advertising the same ESI

MAC1

PE1

PE2

CE1

ESI-1

Challenge:

How to load-balance traffic towards a multi-

homed device across multiple PEs when MAC

addresses are learnt by only a single PE?

I can

reach

ESI1(All-Active)

I can

reach

ESI1(All-Active)

MAC1

I can

MAC1 v


24/59


Aliasing

PBB-EVPN

PEs connected to the same MHD use the same B-MAC address for the ESegment

1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based

PEs advertise their B-MAC addresses independent of the C-MAC learning

Remote PEs can load-balance traffic to a given C-MAC across all PEs advthe same associated B-MAC

MAC1

PE1

PE2

CE1

ESI-1

Challenge:

How to load-balance traffic towards a multi-

homed device across multiple PEs when MAC

addresses are learnt by only a single PE?

I can

reach B-

MAC1

I can

reach B-

MAC1

MAC1

I can

MAC1

MA

B-M1

B-M1


25/59


MAC Mass-Withdraw

PEs advertise two sets of information:

MAC addresses along with the ESI from the address was learnt

Connectivity to ESI(s)

If a PE detects a failure impacting an Ethernet Segment, it withdrawfor the associated ESI

Remote PEs remove failed PE from the path-list for all MAC addresses with an ESI

This effectively is a MAC mass-withdraw function

E-VPN

MAC1

PE1

PE2

CE1

ESI-1

Challenge:

How to inform remote PEs of a failure affecting

many MAC addresses quickly while the control-

plane re-converges?

MAC1,

MAC2,

MACn

I can

reach

ESI1(All-Active)

I can reach

MAC1 via ESI1

I can reach

MAC2 via ESI1

I can reach

MACn via ESI1

I can

reach

ESI1(All-Active)

I lost ESI1


26/59

Flows and Use CasesPBB-EVPN Startup Sequences


27/59


PBB-EVPN Startup Sequence

Segment Auto-Discovery

ESI and B-MAC Auto-Sensing

Redundancy Group Membership

Auto-Discovery

VPN Auto-Disc

Multicast Tun

Dis

Backbone MAC (B-MAC)Reachability Advertisement


28/59


PBB-EVPN Startup Sequence (cont.)




MPLS

PE1

CE1

PE2

LACP PDU

exchange

Source B-MAC used at PBB-EVPN PE on a

given ESI can be auto-generated* from CEs

LACP information -> CEs LACP System ID

MAC with U/L** (Universal / Locally

Administered) bit flipped

Example: 0211.0022.0033

CE LACP info:

LACP System ID (MAC) (6B)

e.g. 0011.0022.0033

LACP System Priority (2B)e.g. 0000

LACP Port Key (2B)

e.g. 0018

ESI (10B) can be auto-generated*

from CEs LACP information ->

concatenation of CEs LACP

System Priority + Sys ID + Port Key

Example:0000. 0011.0022.0033.0018

(*) ESI and B-MAC can als

(**) U/L is second-least-sig

System

Priority

2 bytes 6 by

Sys

A

B-MAC

B-MAC


29/59



BGP Ethernet Segment Route

MPLS

PE1

CE1

PE2

PE 1 Eth Seg

RD = R

ESI = E

ES-Import e

e.g. 0011.0

MAC address portionof ESI (6B)

PE 2 Eth S

RD

ES

ES-Impor

e.g. 001



Redundancy Group MembershipAuto-Discovery


30/59



Designated Forwarder (DF) Election*

MPLS

PE1

CE1

PE2




Modulo Operation

I-SID

I-SID mod N

(N = # of PEs)

(e.g. I-SID mod 2)

100 0

101 1

102 0

103 1

PE Ordered List

Position PE

0 PE1

1 PE2

Modulo Operation

I-SID (I-SID mod 2)

100 0

101 1

102 0

103 1

Excha

Segm

Result of modulo

operation is used todetermine DF and

BDF status

DFD

BDF

I-SID

Example:

PE2 DF for I-SIDs 101, 103

PE2 BDF for I-SIDs 100, 102

(*) DF election with Service Carving shown (i.e. one DF per I-SID in the segment)


31/59



BGP MAC Advertisement Route (B-MAC)




Backbone MAC (B-MAC)Reachability Advertisement

MPLS

PE1

CE1

PE2

PE1 MAC Rou

RD = RD-1a

ESI = all 1s

MAC = B-M1

Label = L1

RT ext. commu

RT-a

MP2P VPN Label

downstream allocated labelused by other PEs to send

traffic to advertised (MAC,EVI)

PE3 / P

VPN M

RT-a B

PE2 MAC Route

RD = RD-2a

ESI = all 1s

MAC = B-M1

Label = L2

RT ext. community

RT-a

B-M1

B-M1


32/59



BGP Inclusive Multicast Route

VPN Auto-Discovery

Multicast Tunnel ID / Endpoint

Discovery1

PE 1 Inclusive

RD =

PMSI Tun

Tunnel Type

Label

RT ext. c

R

MPLS

PE1

CE1

PE2

Tunnel TypeIngress

Replication or P2MP LSP

Mcast MPLS Labelused to

transmit BUM traffic -

downstream assigned (ing.repl.) or upstream assigned

(Aggregate Inclusive P2MP

LSP2)

PMSI - P-Multic

BUMBroadca

RTRT associated with a

given EVI

PE 2 Inclusive Multicast Route

RD = RD-2a

PMSI Tunnel Attribute

Tunnel Type (e.g. Ing. Repl.)

Label (e.g. L2)

RT ext. community

RT-a

(1) Inclusive Multicast Route advertized per I-SID

(2) Multicast MPLS label is not set for Inclusive Trees (P2MP LSP)


33/59

Flows and Use CasesPBB-EVPN Life of a Packet


34/59


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a PacketIngress ReplicationMulti-destination Traffic Forwarding

MPLS

PE1

CE1

PE2

VID 100

SMAC: M1

DMAC: F.F.F

M

L

P

B

g

PSN MPLS labelto reach PE3

PE2drops BUM

traffic originated

on same source

B-MAC (B-M1)

PE1 receives broadcast

traffic from CE1. PE1

adds PBB encapsulation

and forwards it using

ingress replication3copies created

PE 2 Inclusive Multicast

Route

RD = RD-2a

PMSI Tunnel Attribute

Tunnel Type = Ing. Repl.

Label = L2

RT ext. community

RT-a

Mcast MPLS Labelused to

transmit BUM traffic -

downstream assigned (for

ingress replication)

During start-up sequence,

PE1, PE2, PE3, PE4 sentInclusive Multicast route

which include Mcast label

B-M1

B-M1

B-M2

B-M2

B-M1

B-M1

L2 PBB

L3 PBB

L4 PBB

PE3 MAC

I-SID xy

C-MAC B

M1 B


35/59


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a Packet (cont.)Unicast Traffic Forwarding and Aliasing

PE1 MAC Route

RD = RD-1a

ESI = all 1s

MAC = B-M1

Label = L1

RT ext. community

RT-a

PE3 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

VID 100

SMAC: M1

DMAC: F.F.F

MP2P VPN Label

downstream allocated label

used by other PEs to send

traffic to advertised MAC

MAC advertised

by route

B-M1

B-M1

B-M2

B-M2

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M1

During start-up sequence,

PE1 & PE2 advertised

MAC route for B-MAC (B-

M1)

PE2 MAC Route

RD = RD-2a

ESI = all 1s

MAC = B-M1

Label = L2

RT ext. community

RT-a

MPLS

PE1

CE1

PE2

MP

ass

for for t

PSN MPLS label

to reach PE2

MP2P VPN

Label

assigned byPE1 for

incoming traffic

for target EVI

PSN MPLS label

to reach PE1

PE

on

M1

M1

B-M1

B-M1

L2 PBB

L1 PBB

Data-plane based

MAC learning for C-

MAC / B-MAC

association


36/59

Flows and Use CasesPBB-EVPN Operational / Failure scenarios

PBB EVPN O i l S i


37/59


PBB-EVPN Operational ScenariosMAC Mobility

MPLS

PE1

CE1

PE2

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

VID 100

SMAC: M1

DMAC: M2

PE1 learns C-MAC M1 on local

port and forwards across core

according to C-MAC DA to

Remote B-MAC mapping

1Host M1 movesfrom CE1 to CE3s

location

3

M1M1

Via data-plane

learning, PE3 learnsC-MAC M1 via B-

MAC B-M1

2

Via data-plane

learning, PE1updates C-MAC M1

location (via B-MAC

B-M2)

5

B-M1

B-M1

B-M2

B-M2

L1 L2 PBB

PE1 MAC Table

I-SID xyz

C-MAC B-MAC

M1 -

PE3 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M1

PE1 MAC Table

I-SID xyz

C-MAC B-MAC

M1 B-M21

1 4

2

5

B-M1

B-M1

L3 L4 PBB

MAC Mobility event handled entirely by data-

plane learning

PBB EVPN F il S i / C


38/59


PBB-EVPN Failure Scenarios / ConvergenceLink / Segment FailureActive/Active per Flow

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

PE1 withdraws B-MACadvertised for failed

segment (B-M1)

2

PE2 reruns DF election.

Becomes DF for all I-

SIDs on segment

4

PE3 / PE4

remove PE1 frompath list for B-

MAC (B-M1)

3

PE1 detects failureof one of its

attached segments

1

PE1

B-M1

B-M1

B-M2

B-M2PE1 withdraws EthernetSegment Route

2

PBB EVPN F il S i / C


39/59


PBB-EVPN Failure Scenarios / Convergence

PE Failure Core Isolation

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB

VPN MAC ESI

RT-a B-M1 n/a

Path List

NH

PE1

PE2

BGP RR / PE2 detects

BGP session time-out

with PE1

2PE3 / PE4

invalidate routes

from PE1

3

PE1 experiences a

node failure (e.g.

power failure)

1BGP RR / PE3 detects

BGP session time-outwith PE1

2



SIDs on segment

4

BGP RR / PE4

detects BGP

session time-

out with PE1

2

PE1

B-M1

B-M1

B-M2

B-M2

MPLS

PE1

CE1

PE2

P

VPN

RT-a

BGP RR / PE2

detects BGP

session time-

out with PE1

2



SIDs on segment

5

BGP RR / PE4

detects BGP

session time-

out with PE1

2

PE1 looses

connectivity to thecore

1

LACP PDU

PE1 sends LACP

OUT_OF_SYNC forCE1 to take port out

of the bundle

3

B-M1

B-M1


40/59

Use Cases

PBB-EVPN Model


41/59


PBB-EVPN Model

BD

BD

I-ComponentB-Component

E-VPN

Forwarder

BD

BD

Ethernet

SegmentIdentifier

ESI 1

ESI 2

BD

BD

B-MAC1

B-MAC2

EFP

Customer Bridge

Domain Core Bridge

Domain

PBB EVPN


42/59


PBB-EVPNSample Use Access

Null Ethernet SegmentIdentifier (ESI)

PE1

CE1

MPLSCore

PE2

BMAC1ESI W

BMAC1ESI W

Dual Home Device (DHD)Active / Active Per-Flow LB

VIDX

VIDX

PE1

CE1

PE2

BMAC2ESI W

BMAC1ESI W

Dual Home DevActive / Active Pe

VIDX

VIDY

PE1

CE1

MPLSCore

ESI Null

Single Home Device (SHD)Single Home Network (SHN)

VID X

VID X

Identical B-MAC on PBB-

EVPN PEs (PE1 / PE2)

Identical ESI on PBB-EVPN

PEs

Different B-M

EVPN PEs (P

Identical ESI

PEs

Per service (

(manual or a

CE2

ESI Null

PBB EVPN


43/59


PBB-EVPNSample Use Access (cont.)

PE1

CE1

MPLSCore

PE3

BMAC 1ESI W

BMAC 1ESI W

Multi Home Device (MHD)Active / Active Per-Flow LB

VID X

VID X

Multi Home Device (MHD)

Active / Active Per-Service LB

More than two (2) PEs in

redundancy group

Same as DHD Act/Act

per-flow LB

More than two (2) PEs in

redundancy group

Same as DHD Act/Act

per-service LB

PE2

PE1

CE1

MPLSCore

PE3

BMAC 3ESI W

BMAC 1ESI W

VID X

VID Z

PE2

VID YVID X

BMAC 1ESI W

BMAC 2ESI W

PBB EVPN


44/59


PBB-EVPNSample Use Access (cont.)

PE1

MPLSCore

PE2CE2

CE1

G.8032

Open Sub-ring

Dual Home Network (DHN)ITU-T G.8032

Treated as SHN by PBB-

EVPN PEs (PE1 / PE2)

Null ESI; No DF election / No

service carving

Ring operation controlled by

R-APS protocol

PE1

MPLSCore

PE2CE2

CE1

REP

Dual Home Network (DHN)REP

Treated as SHN by PBB-EVPN PEs (PE1 / PE2)

Null ESI; No DF election / No

service carving

Segment operation

controlled by REP protocol

R-APS

RPL

Link

ALT

port

REP

Edge NoNeighbou

r

REP-AGREP-AG

CE2

CE1

Dual Home Active / Activ

Different

EVPN P

Identical

PEs

Per serv

(manual

ESI Null

ESI Null

ESI Null

ESI Null BMAC 2

ESI W

BMAC 1

ESI W

VID X

VID Y

VID X

VID Y

VID X

VID Y

VID X

VID Y

VID X

VID Y


45/59

PBB-EVPN IOS-XR ImplementationConfiguration and Examples

PBB-EVPN Single Home Device (SHD)


46/59


PBB EVPN Single Home Device (SHD)

PE1

interface Bundle-Ether1.777 l2transport

encapsulation dot1q 777

l2vpn

bridge group gr1

bridge-domain bd1

interface Bundle-Ether1.777

pbb edge i-sid 100 core-bridge-domain core_bd1

bridge group gr2

bridge-domain core_bd1

pbb-core

evpn evi 1000

router bgp 64

address-family l2vpn evpn

!

neighbor

remote-as 64


CE1

PBB B-component

No need to define B-VLAN

Mandatory- Globallyunique identifier for all PEs

in a given EVI

PBB I-component

Includes I-SID assignment

BGP configuration with

new E-VPN AF

Global B-MAC SA

Auto RT for EVIAuto RD for EVI

Auto RD for Segment Route

Note

requishow

PBB-EVPN Dual Home Device (DHD)


47/59


PBB-EVPN Dual Home Device (DHD)Active / Active per-FLOW Load Balancing

CE1

PE1

redundancy

iccp

group 66

mlacp node 1mlacp system mac 0aaa.0bbb.0ccc

mlacp system priority 1

mode singleton

interface Bundle-Ether25

mlacp iccp-group 66



l2vpn

bridge group gr1

bridge-domain bd1interface Bundle-Ether25.1


bridge group gr2


pbb-core

evpn evi 1000

router bgp 64


neighbor remote-as 64


ICCP in singleton mode (i.e.No

peer neighbor configuration)

PE2 should use same RG

number

PE 2 should use different mlacpnode id

PE2 should use same mlacp

system mac and system priority

PBB I-component and B-component configuration. ISIDs

must match on both PEs

No need to define B-VLAN

MandatoryEVI ID configuration


new EVPN AF

Auto ESI

Auto B-MAC SA

A/A Per-flow LB (default)

Auto RT for EVI

Auto RD for EVI


Note

requishow

PBB-EVPN Dual Home Device (DHD)


48/59


PBB-EVPN Dual Home Device (DHD)Active / Active per-Service Load Balancing and Dynamic Service Ca

CE1

PE1



evpn

interface Bundle-Ether25

ethernet-segment

identifiersystem-priority1 system-id0000.0b25.00ce

load-balancing-mode per-service

l2vpn

bridge group gr1

bridge-domain bd1

interface Bundle-Ether25.1


bridge group gr2


pbb-core

evpn evi 1000

router bgp 64


neighbor remote-as 64


Global B-MAC SA

Default Service CarvingAuto RT for EVI

Auto RD for EVI


A/A per-service (per-ISID)

load balancing with

dynamic Service Carving

ESI must match on both

PEs


new EVPN AF

PBB I-component and B-

component configuration.ISIDs must match on both

PEsNo need to define B-VLAN

MandatoryEVI ID

configuration Note

requishow

show


49/59

Summary

Summary


50/59


y

E-VPN / PBB-EVPN are next-generation L2VPN solutions based ocontrol-plane for MAC distribution/learning over the core

E-VPN / PBB-EVPN were designed to address following requireme All-active Redundancy and Load Balancing

Simplified Provisioning and Operation

Optimal Forwarding

Fast Convergence

In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy pro

Scale to Millions of C-MAC (Virtual Machine) Addresses

MAC summarization co-existence with C-MAC (VM) mobility

E-VPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethcases

References


51/59


draft-ietf-l2vpn-evpn

draft-ietf-l2vpn-pbb-evpn

draft-ietf-l2vpn-trill-evpn

AcronymsIP and MPLS


52/59


y

Acronym Description

AC Attachment Circuit

AS Autonomous System

BFD Bidirectional Failure Detection

CoS Class of Service

ECMP Equal Cost Multipath

EoMPLS Ethernet over MPLS

E-VPN Ethernet Virtual Private Network

EVI E-VPN Instance

FRR Fast Re-Route

IGP Interior Gateway Protocol

LDP Label Distribution Protocol

LER Label Edge Router

LFIB Labeled Forwarding Information Base

LSM Label Switched Multicast

LSP Label Switched Path

LSR Label Switching Router

MPLS Multi-Protocol Label Switching

NLRI Network Layer Reachability Information

PSN Packet Switch Network

Acronym Description

PW Pseudo-Wire

PWE3 Pseudo-Wire End-to-End

QoS Quality of Service

RD Route Distinguisher

RIB Routing Information Base

RR Route Reflector

RSVP Resource Reservation P

RSVP-TE RSVP based Traffic Eng

RT Route Target

TE Traffic Engineering

tLDP Targeted LDP

VC Virtual Circuit

VCID VC Identifier

VFI Virtual Forwarding Instan

VPLS Virtual Private LAN Serv

VPN Virtual Private Network

VPWS Virtual Private Wire Serv

VRF Virtual Route Forwarding

VSI Virtual Switching Instanc

AcronymsEthernet/Bridging


53/59


Acronym Description

ACL Access Control List

BD Bridge Domain

BPDU Bridge Protocol Data Unit

CE Customer Equipment (Edge)

C-VLAN / CE-VLAN

Customer / CE VLAN

CoS Class of Service

DHD Dual Homed Device

LACP Link Aggregation Control Protocol

LAN Local Area Network

MEF Metro Ethernet Forum

MEN Metro Ethernet Network

MIRP Multiple I-Tag Registration Protocol

mLACP Multi-Chassis LACP

MST / MSTP Multiple Instance STP

MSTG-AG MST Access Gateway

Acronym Description

MVRP Multiple VLAN Registration Protoc

PE Provider Edge device

PoA Point of Attachment

REP Resilient Ethernet Protocol

REP-AG REP Access Gateway

RG Redundancy Group

STP Spanning Tree Protocol

AcronymsProvider Backbone Bridging


54/59


Acronym Description

B-BEB B-Component BEB

BCB Backbone Core Bridge

B-DA Backbone Destination AddressBEB Backbone Edge Bridge

B-MAC Backbone MAC Address

B-SA Backbone Source Address

B-Tag B-VLAN Tag

B-VLAN Backbone VLAN

C-DA Customer Destination Address

CE Customer Equipment (Edge)

C-MAC Customer MAC Address

C-SA Customer Source Address

80 C-VLAN Tag

C-VLAN / CE-VLAN

Customer / CE VLAN

DA Destination MAC Address

FCS Frame Check Sequence

IB-BEB Combined I-Component & B-Component BEB

Acronym Description

I-BEB I-Component BEB

IEEE Institute of Electrical and

I-SID Instance Service Identifi

I-Tag I-SID Tag

MAC Media Access Control

N-PE Network-facing Provider

PB Provider Bridge

PBB Provider Backbone Bridg

PBBN Provider Backbone Bridg

PBN Provider Bridging Netwo

PE Provider Edge deviceQ-in-Q VLAN tunneling using tw

SA Source MAC Address

S-Tag S-VLAN Tag

S-VLAN Service VLAN (Provider

UNI User to Network Interfac

U-PE User-facing Provider Ed

VLAN Virtual LAN


55/59


56/59

BGP Routes and Attributes

BGP Routes


57/59


(PBB) E-VPN defines a single new BGP NLRI used to carry all E-V

The NLRI has a new SAFI (70).

(PBB) E-VPN speakers must first exchange BGP capability for E-VSAFI per RFC4760.

Overview

Route Type

Length

Route Type Specific

1 byte

1 byte

Variable

1. Ethernet Auto

Discovery (AD) R

2. MAC Advertis

Route

3. Inclusive MulRoute

4. Ethernet Seg

Route

BGP Routes


58/59


Route Types and Usage

Route Usage Ap

Ethernet A-D Route MAC Mass-Withdraw

Aliasing

Advertising Split-Horizon Labels

E-V

MAC Advertisement

Route

Advertise MAC Address Reachability

Advertise IP/MAC Bindings

E-V

PB

Inclusive Multicast

Route

Multicast Tunnel Endpoint Discovery E-V

PB

Ethernet Segment

Route

Redundancy Group Discovery

DF Election

E-V

PB

BGP Routes


59/59


Route Attributes and Usage

Attribute Usage Ro

App

ESI MPLS Label

Extended Community

Encode Split-Horizon Label for Ethernet

Segment.

Indicate Redundancy Mode (Active/Standby vs.

All-Active)

Eth

Rou

ES-Import Extended

Community

Limit the import scope of the Ethernet Segment

routes.

Eth

Seg

MAC Mobility Extended

Community

E-VPN: Indicate that a MAC address has moved

from one segment to another across PEs.

PBB-EVPN: Signal C-MAC address flush

notification

MA

Adv

Rou

Default Gateway

Extended Community

Indicate the MAC/IP bindings of a gateway MA

Adv

Rou

Date post:	02-Jun-2018
Category:	Documents
Upload:	digonto-oni
View:	223 times
Download:	0 times

Apricot2014 - E-VPN & Pbb-evpn the Next Generation of Mpls-based l2vpn

Documents