EVPN MPLS E-Tree
Overview
Ethernet VPN Ethernet-Tree (EVPN E-Tree), is a networking solution designed to manage communication within broadcast domains, incorporating redundancy through multi-homing in a network. It optimizes traffic routing and control, especially in scenarios where specific services or devices need controlled communication. It categorizes network nodes based on predefined definitions of EVPN Instances as Leaf or Root, allowing or restricting communication between them.
Feature Characteristics
Implemented Scenario 1 of the EVPN E-Tree solution, as defined by RFC-8317, designates each Provider Edge (PE) node as either a Leaf or a Root site per Virtual Private Network (VPN) for VXLAN and MPLS EVPN in OcNOS.
Scenario 1: Leaf or Root Site(s) per PE
Scenario 1 involves a topology with three PE nodes: PE-1, PE-2, and PE-3. PE-1 and PE-2 are Multi-Homed nodes (MH-1 and MH-2), with PE-3 acting as the Root node. PE-1 and PE-2 function as Leaf nodes and are part of a single home access interface (SH1 and SH2).
EVPN E-Tree
The classification ensures that communication follows specific rules:
Communication between Leaf hosts is restricted, as indicated by red dotted lines with a cross mark (X) in the topology diagram. However, communication between Leaf and Root nodes, as well as between Root nodes, is permitted, marked by green dotted lines.
Leaf nodes within PE-1 and PE-2 are isolated from each other, preventing intra-PE communication.
The scenario 1 is achieved through two main concepts:
1. Inter-PE Communication
The inter-PE Route Target (RT) Constraint Method is applicable only to Single-Homing (SH) devices. Two RTs per broadcast domain are utilized, with Leaf PEs exporting Leaf RTs and Root nodes exporting Root RTs. Leaf nodes import only Root RTs, allowing communication with Root PEs while preventing communication with other Leaf nodes. RT constraints limit the import of specific EVPN routes (MAC-IP and IMET routes) to designated paths for inter-PE communication.
IPI employs a proprietary method to support inter-PE connectivity for both SH and MH devices, using BGP extended community to advertise Leaf Indication in BGP routes and influence traffic flow for both Unicast and BUM traffic. This method enables implementation of ARP or ND cache suppression and MAC mobility sub-features specified in RFC-7432.
2. Intra-PE communication: Local Split Horizon controls intra-PE communication between Attachment Circuits (ACs) within Leaf PE nodes, ensuring that traffic between ACs does not egress to other Leaf ACs.
Note: This functionality depends on hardware capabilities.
Benefits
EVPN E-Tree offers benefits in networking environments by providing efficient traffic control, enhanced security, scalability, and improved performance.
Efficient Traffic Control: EVPN E-Tree allows for efficient control over traffic within network broadcast domains. By segregating nodes into Leaf and Root categories, it enables precise management of communication flows, ensuring the traffic is directed only where needed.
Enhanced Security: The isolation of Leaf hosts from each other adds a layer of security to the network. This prevents unauthorized communication between devices within the same broadcast domain, reducing the risk of data breaches and unauthorized access.
Scalability: EVPN E-Tree is scalable, making it suitable for networks of various sizes and complexities. Whether deploying in small-scale environments or large enterprise networks, EVPN E-Tree offers flexibility and scalability to meet evolving business needs.
Improved Performance: By controlling communication paths and optimizing traffic flows, EVPN E-Tree can improve network performance. This ensures that critical data packets are delivered efficiently, reducing latency and enhancing overall network performance.
Prerequisites
In setting up a MPLS EVPN network, certain prerequisites are essential to ensure proper functionality and connectivity.
Ensure MPLS EVPN Configuration: Confirm that MPLS EVPN and MPLS MH filtering are already enabled in all leaf and root nodes of the network as they are required for MPLS EVPN Multihoming.
!
hardware-profile filter evpn-mpls-mh enable
!
evpn mpls enable
!
evpn mpls multihoming enable
!
qos enable
!
Define Interfaces and Loopback Addresses: Configure Layer 2 interfaces, like port channel interfaces (e.g., po1), and assign specific system MAC addresses for proper identification and routing. Additionally, assign loopback IP addresses to establish essential points of connectivity. These configurations establish the efficient network routing and communication.
!
interface po1
switchport
load-interval 30
evpn multi-homed system-mac 0000.4321.1234
!
interface lo
ip address 8.8.8.8/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe8
switchport
!
interface xe26
channel-group 1 mode active
!
Configure ISIS and BGP for Dynamic Routing: Enable ISIS to facilitate dynamic routing on all Leaf and Root nodes within the network. Define ISIS router instances to match loopback IP addresses and add network segments to ISIS areas for proper route distribution. Additionally, establish BGP sessions to advertise routes between different nodes. Set up neighbor relationships using loopback IP addresses, ensuring efficient route advertisement and convergence for optimal network performance.
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 8.8.8.8
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0008.00
!
router bgp 65535
neighbor 9.9.9.9 remote-as 65535
neighbor 24.24.24.24 remote-as 65535
neighbor 26.26.26.26 remote-as 65535
neighbor 29.29.29.29 remote-as 65535
neighbor 9.9.9.9 update-source lo
neighbor 9.9.9.9 fall-over bfd
neighbor 24.24.24.24 update-source lo
neighbor 24.24.24.24 fall-over bfd
neighbor 26.26.26.26 update-source lo
neighbor 26.26.26.26 fall-over bfd
neighbor 29.29.29.29 update-source lo
neighbor 29.29.29.29 fall-over bfd
!
address-family l2vpn evpn
neighbor 9.9.9.9 activate
neighbor 24.24.24.24 activate
neighbor 26.26.26.26 activate
neighbor 29.29.29.29 activate
exit-address-family
!
exit
!
Configure LDP and RSVP for Efficient Network Operation: Enable Label Distribution Protocol (LDP) and Resource Reservation Protocol (RSVP) on all Leaf and Root nodes to optimize traffic routing and quality of service. LDP assigns labels for packet forwarding, while RSVP reserves network resources along specified paths to enhance network performance and reliability.
!
router ldp
router-id 8.8.8.8
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 9.9.9.9
exit-targeted-peer-mode
targeted-peer ipv4 24.24.24.24
exit-targeted-peer-mode
transport-address ipv4 8.8.8.8
!
router rsvp
!
rsvp-path LEAF1-ROOT2 mpls
24.1.4.24 strict
!
rsvp-path LEAF1-ROOT1 mpls
26.1.2.26 strict
!
rsvp-trunk LEAF1-ROOT1 ipv4
primary fast-reroute protection facility
primary path LEAF1-ROOT1
to 9.9.9.9
!
rsvp-trunk LEAF1-ROOT2 ipv4
primary fast-reroute protection facility
primary path LEAF1-ROOT2
to 24.24.24.24
!
Create VRF for Isolated Routing Instances: Configure VRF on all Leaf and Root nodes to create isolated routing instances within the network. This enables separate routing tables and forwarding behaviors for different groups of network resources.
!
mac vrf vrf103
rd 8.8.8.8:103
route-target both 65535:103
!
Connect Network Interfaces: Configure network interfaces on all Leaf and Root nodes with connection details, IP addresses, and protocol settings. Enable label-switching and configure participation in the ISIS routing protocol, including support for protocols like LDP and RSVP for IPv4. These configurations optimize routing and resource management across the network.
!
interface xe11
description connected to ROOT2 int xe9
ip address 24.1.4.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe20
description connected to ROOT1 int xe20
ip address 26.1.2.27/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
Configure Switch: Set up a VLAN bridge by enabling the VLAN and associating specific VLANs with the bridge. Configure network interfaces as trunk ports to allow traffic for all permitted VLANs across the network. Designate interfaces connected to Leaf and Root nodes as member ports of the VLAN bridge. This setup optimizes network segmentation and traffic management
!
bridge 1 protocol rstp vlan-bridge
!
vlan database
vlan-reservation 4030-4094
vlan 2-3010 bridge 1 state enable
!
interface po100
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
interface lo
ip address 32.32.32.32/32 secondary
!
interface xe9
channel-group 100 mode active
!
interface xe17
channel-group 100 mode active
!
interface xe1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
exit
!
Configuration
Configure various nodes within the topology to set up an MPLS EVPN E-Tree network, ensuring EVPN E-Tree for All-Active and Active-Standby redundancy and load balancing.
Topology
In the sample topology, Leaf nodes (LEAF1, LEAF2, LEAF3, and LEAF4), Root nodes (ROOT1 and ROOT2), and Switches (CE SWITCH, SWITCH1, and SWITCH2) form the network architecture. LEAF1 and LEAF2 are part of a Multi-homed group, with both connected to po1 (MH2). LEAF1 and LEAF3 have single home access-if ports (SH3 and SH4, respectively). Similarly, ROOT1 and ROOT2 are part of a Multi-homed group with po100 (MH1), and they each have a single home access-if port (SH1 and SH2, respectively). Leaf nodes are interconnected, and CE SWITCH, SWITCH1, and SWITCH2 are configured for Multi-homed connections to Leaf and Root nodes. SWITCH1 connects to LEAF1 and LEAF2, while CE SWITCH links to ROOT1 and ROOT2.
 
MPLS EVPN E-Tree Topology
Note: Before configuring E-Tree, meet all Prerequisites for the following nodes:
Leaf nodes: LEAF1, LEAF2, and LEAF3
Root nodes: ROOT1 and ROOT2
Switches: CE SWITCH, SWITCH1 and SWITCH2
Enable EVPN E-Tree
The following E-Tree configurations applies to Leaf and Root nodes within the MPLS network.
1. Enable EVPN E-Tree which allows the nodes to participate in E-Tree functionality within the network, controlling traffic and establishing hierarchical connections between Leaf nodes in the network architecture.
(config)#evpn etree enable
2. Set the MAC ageing time (60 seconds) to allow MAC addresses learned over EVPN MPLS to remain in the MAC table before timing out. Configure the global VTEP IP address (8.8.8.8) which serves as the global identifier for MPLS encapsulation and decapsulation within the network, facilitating proper communication and tunnel establishment.
(config)#evpn mpls mac-ageing-time 60
(config)#evpn mpls vtep-ip-global 8.8.8.8
3. Define MPLS identifier (203) to support hierarchical connectivity and traffic control within the EVPN MPLS network. On the EVPN MPLS node, specify EVPN-BGP as the host reachability protocol for the specified VRF (vrf103) to communicate and exchange reachability information within the network. To enable EVPN E-Tree on Leaf nodes, configure etree-leaf along with the MPLS identifier. This allows for efficient replication of traffic at the ingress point, optimizing the functionality of E-Tree Leaf nodes within the network architecture.
(config)#evpn mpls id 203 etree-leaf
(config-evpn-mpls)#host-reachability-protocol evpn-bgp vrf103
(config-evpn-mpls)#exit
4. Enable port-VLAN mapping (po1) with VLAN ID (103) to facilitate multi-homed access. Enable EVPN functionality on the interface, allowing it to participate in MAC address distribution across the network.
(config)#interface po1.103 switchport
(config-if)#encapsulation dot1q 103
(config-if)#load-interval 30
(config-access-if)#access-if-evpn
(config-access-if)#exit
 
Validation
Use the show commands described in this section to verify the network for proper MPLS EVPN E-Tree configuration.
Verify LDP sessions on all leaf and root nodes by using the show ldp session command. The state field (OPERATIONAL) indicates that the LDP session between the device and its peers is currently active.
LEAF1#show ldp session
Codes: m - MD5 password is not set/unset.
g - GR configuration not set/unset.
t - TCP MSS not set/unset.
Session has to be cleared manually
 
Code Peer IP Address IF Name My Role State KeepAlive UpTime
24.24.24.24 xe11 Passive OPERATIONAL 30 01:13:29
9.9.9.9 xe20 Passive OPERATIONAL 30 01:13:29
Verify RSVP sessions on all leaf and root nodes by using the show rsvp session command. The State field (UP) indicates that the RSVP session between the ingress and egress routers is active and operational. Identify the different paths established within the network using the LSPName field.
LEAF1#show rsvp session
Type : PRI - Primary, SEC - Secondary, DTR - Detour, BPS - Bypass
State : UP - Up, DN - Down, BU - Backup in Use, SU - Secondary in Use, FS - Forced to Secondary
* indicates the session is active with local repair at one or more nodes
(P) indicates the secondary-priority session is acting as primary
 
Ingress RSVP:
To From Tun-ID LSP-ID Type LSPName State Uptime Rt Style Labelin Labelout
9.9.9.9 8.8.8.8 5001 2201 PRI LEAF1-ROOT1-Primary UP 01:13:16 1 1 SE - 25601
24.24.24.24 8.8.8.8 5002 2202 PRI LEAF1-ROOT2-Primary UP 01:13:05 1 1 SE - 25601
Total 2 displayed, Up 2, Down 0.
 
Egress RSVP:
To From Tun-ID LSP-ID Type LSPName State Uptime Rt Style Labelin Labelout
8.8.8.8 9.9.9.9 5001 2201 PRI ROOT1-LEAF1-Primary UP 01:13:45 1 1 SE 25600 -
8.8.8.8 24.24.24.24 5001 2201 PRI ROOT2-LEAF1-Primary UP 01:13:24 1 1 SE 25601 -
Total 2 displayed, Up 2, Down 0.
Verify the BGP session status on all leaf and root nodes, using the show bgp l2vpn evpn summary command output. The Up/Down field indicates the duration for which the BGP session has been up or down.
LEAF1#show bgp l2vpn evpn summary
BGP router identifier 8.8.8.8, local AS number 65535
BGP table version is 33
1 BGP AS-PATH entries
0 BGP community entries
 
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
9.9.9.9 4 65535 514 443 33 0 0 01:13:53 114 59 5 50 0 0
24.24.24.24 4 65535 504 443 33 0 0 01:13:54 109 59 0 50 0 0
26.26.26.26 4 65535 322 391 33 0 0 01:13:23 49 0 0 49 0 0
29.29.29.29 4 65535 197 392 33 0 0 01:13:54 6 0 0 6 0 0
 
Total number of neighbors 4
 
Total number of Established sessions 4
Verify ESI information and the forwarding tunnel status on all leaf and root nodes, by examining the show evpn mpls command output. The DF- Status field displays the forwarding status as either a Designated Forwarder (DF) or Non-Designated Forwarder (Non-DF), and the ESI field displays the Ethernet Segment Identifier associated with each entry.
LEAF1#show evpn mpls
EVPN-MPLS Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VPN-ID EVI-Name EVI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
___________________________________________________________________________________________________________________________
203 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 29.29.29.29
203 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 9.9.9.9
203 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 24.24.24.24
203 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 26.26.26.26
203 ---- -- AC po1.103 00:00:00:43:21:12:34:00:00:00 ---- DF ---- ----
203 ---- -- AC po2.103 00:00:00:33:33:44:44:00:00:00 ---- DF ---- ----
 
Total number of entries are 252
 
Static MAC-IP Advertisement
Configure static MAC-IP advertisement through SH and MH from Root and Leaf nodes. Advertise static MAC addresses for both IPv4 and IPv6 from all MH and SH nodes. Ensure that nodes within the same MH have identical MAC addresses configured under the port-channel access port.
Configure MH Nodes
Configure static MAC addresses for IPv4 (30.30.30.3) and IPv6 (3000::1) under the MH access-port (po1) with VLAN ID (103). Repeat the same configurations for other MH nodes using different static MAC addresses for both IPv4 and IPv6.
!
interface po1.103 switchport
access-if-evpn
map vpn-id 203
mac 0000.7777.9999
mac 0000.7777.6666 ip 30.30.30.3
mac 0000.7777.6666 ipv6 3001::1
!
Configure SH Nodes
Configure static MAC addresses for IPv4 (40.40.40.4) and IPv6 (4000::1) under the SH access-port (xe27) with VLAN ID (103). This setup ensures that SH advertises these static MAC addresses over the specified access-port. Repeat the same configurations for other SH nodes using different static MAC addresses for both IPv4 and IPv6.
!
interface xe27.103 switchport
encapsulation dot1q 100
load-interval 30
access-if-evpn
map vpn-id 203
mac 0000.0000.0011
mac 0000.5544.4455 ip 40.40.40.4
mac 0000.5544.4455 ipv6 4000::1
!
 
Validation
Verify the MAC table entries on MH nodes (MH1, MH2 and MH3) and the SH nodes (SH1, SH2, SH3, and SH4). MH nodes advertise their MAC addresses using the ESI values. Additionally, verify the IP addresses associated with SH nodes for MAC advertisement.
In the show evpn mpls mac-table command output, the MAC entries originated from Leaf Nodes will have the LeafFlag field status set.
Note:  
MAC IPv4 or IPv6 configured under SH Leaf node access port will be advertised to the Root nodes and other Leaf nodes.
MAC IPv4 or IPv6 configured under an MH Leaf node access port must be symmetric and will be advertised to both the Root nodes and other leaf nodes.
MAC IPv4 or IPv6 configured under either SH or MH Root node will be advertised to both the Root nodes and the Leaf nodes.
The Leaf-to-Leaf communication will display MAC status and tunnel status per VNI as Leaf type. The MAC will be in the discard state in the BCM shell.
LEAF1#show evpn mpls mac-table
============================================================================================================================
EVPN MPLS MAC Entries
============================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
____________________________________________________________________________________________________________________________
 
203 po1.103 ---- ---- 0000.7777.9999 00:00:00:43:21:12:34:00:00:00 Static Local ------- 0 ------- set
203 po1.103 ---- ---- 0000.7777.6666 00:00:00:43:21:12:34:00:00:00 Static Local ------- 0 ------- set
 
Total number of entries are : 8
 
ROOT1#show evpn mpls mac-table
===========================================================================================================================
EVPN MPLS MAC Entries
===========================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
___________________________________________________________________________________________________________________________
 
203 ---- ---- ---- 0000.7777.9999 00:00:00:43:21:12:34:00:00:00 Static Remote ------- 0 ------- set
203 ---- ---- ---- 0000.7777.6666 00:00:00:43:21:12:34:00:00:00 Static Remote ------- 0 ------- set
 
Total number of entries are : 8
Use the show evpn mpls arp-cache command to verify the Address Resolution Protocol (ARP) cache information on all nodes. This command displays entries that map IPv4 addresses to MAC addresses within the specified EVPN ID network.
LEAF1#show evpn mpls arp-cache
MPLS-EVPN ARP-CACHE Information
===============================
EVPN-ID Ip-Addr Mac-Addr Type Age-Out Retries-Left
_____________________________________________________________________________
203 30.30.30.3 0000.7777.6666 Static Local ----
Total number of entries are 5
 
ROOT1#show evpn mpls arp-cache
MPLS-EVPN ARP-CACHE Information
===============================
ARP Timeout : 570 sec Random-Jitter-Max : 200
 
EVPN-ID Ip-Addr Mac-Addr Type Age-Out Retries-Left
_____________________________________________________________________________
203 30.30.30.3 0000.7777.6666 Static Remote ----
Total number of entries are 5
Use the show evpn mpls nd-cache command to verify the Neighbor Discovery (ND) cache information on all nodes. This command displays entries that map IPv6 addresses to MAC addresses within the specified EVPN ID network.
LEAF1#show evpn mpls nd-cache
MPLS-EVPN ND-CACHE Information
==============================
EVPN-ID Ip-Addr Mac-Addr Type Age-Out Retries-Left
______________________________________________________________________________________
203 3001::1 0000.7777.6666 Static Local ----
Total number of entries are 4
 
ROOT1#show evpn mpls nd-cache
MPLS-EVPN ND-CACHE Information
==============================
EVPN-ID Ip-Addr Mac-Addr Type Age-Out Retries-Left
______________________________________________________________________________________
203 3001::1 0000.7777.6666 Static Remote ----
Total number of entries are 4
 
Network Topology Snippet Configurations
Here are the snippet configurations for all nodes in the given network topology.
LEAF1
!
hardware-profile filter evpn-mpls-mh enable
!
evpn mpls enable
!
evpn esi hold-time 90
!
evpn etree enable
!
evpn mpls multihoming enable
!
mac vrf vrf103
rd 8.8.8.8:103
route-target both 65535:103
!
evpn mpls vtep-ip-global 8.8.8.8
!
evpn mpls mac-ageing-time 60
!
evpn mpls id 203 etree-leaf
host-reachability-protocol evpn-bgp vrf103
!
qos enable
!
router ldp
router-id 8.8.8.8
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 9.9.9.9
exit-targeted-peer-mode
targeted-peer ipv4 24.24.24.24
exit-targeted-peer-mode
transport-address ipv4 8.8.8.8
!
router rsvp
!
interface po1
switchport
load-interval 30
evpn multi-homed system-mac 0000.4321.1234
!
interface po1.103 switchport
encapsulation dot1q 103
load-interval 30
access-if-evpn
map vpn-id 203
mac 0000.7777.9999
mac 0000.7777.6666 ip 30.30.30.3
mac 0000.7777.6666 ipv6 3001::1
!
interface lo
ip address 8.8.8.8/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe8
switchport
!
interface xe11
description connected to ROOT2 int xe9
ip address 24.1.4.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe20
description connected to ROOT1 int xe20
ip address 26.1.2.27/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe26
channel-group 1 mode active
!
interface xe27
speed 10g
!
interface xe27.100 switchport
encapsulation dot1q 100
load-interval 30
access-if-evpn
map vpn-id 200
mac 0000.0000.0011
mac 0000.5544.4455 ip 40.40.40.4
mac 0000.5544.4455 ipv6 4000::1
!
exit
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 8.8.8.8
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0008.00
!
router bgp 65535
neighbor 9.9.9.9 remote-as 65535
neighbor 24.24.24.24 remote-as 65535
neighbor 26.26.26.26 remote-as 65535
neighbor 29.29.29.29 remote-as 65535
neighbor 9.9.9.9 update-source lo
neighbor 9.9.9.9 fall-over bfd
neighbor 24.24.24.24 update-source lo
neighbor 24.24.24.24 fall-over bfd
neighbor 26.26.26.26 update-source lo
neighbor 26.26.26.26 fall-over bfd
neighbor 29.29.29.29 update-source lo
neighbor 29.29.29.29 fall-over bfd
!
address-family l2vpn evpn
neighbor 9.9.9.9 activate
neighbor 24.24.24.24 activate
neighbor 26.26.26.26 activate
neighbor 29.29.29.29 activate
exit-address-family
!
exit
!
rsvp-path LEAF1-ROOT2 mpls
24.1.4.24 strict
!
rsvp-path LEAF1-ROOT1 mpls
26.1.2.26 strict
!
rsvp-trunk LEAF1-ROOT1 ipv4
primary fast-reroute protection facility
primary path LEAF1-ROOT1
to 9.9.9.9
!
rsvp-trunk LEAF1-ROOT2 ipv4
primary fast-reroute protection facility
primary path LEAF1-ROOT2
to 24.24.24.24
!
 
LEAF2
!
hardware-profile filter evpn-mpls-mh enable
!
evpn mpls enable
!
evpn esi hold-time 90
!
evpn mpls multihoming enable
!
mac vrf vrf103
rd 26.26.26.26:103
route-target both 65535:103
!
evpn mpls vtep-ip-global 26.26.26.26
!
evpn mpls mac-ageing-time 60
!
evpn mpls id 203 etree-leaf
host-reachability-protocol evpn-bgp vrf103
!
qos enable
!
router ldp
router-id 26.26.26.26
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 9.9.9.9
exit-targeted-peer-mode
targeted-peer ipv4 24.24.24.24
exit-targeted-peer-mode
transport-address ipv4 26.26.26.26
!
router rsvp
!
interface po1
switchport
load-interval 30
evpn multi-homed system-mac 0000.4321.1234
!
interface po1.103 switchport
encapsulation dot1q 103
load-interval 30
access-if-evpn
map vpn-id 203
!
interface lo
ip address 26.26.26.26/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe3
channel-group 1 mode active
!
interface xe5
description connected to ROOT1 int xe30
ip address 26.1.7.27/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe6
description connected to ROOT2 int xe6
ip address 24.1.5.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
exit
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 26.26.26.26
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0026.00
!
router bgp 65535
neighbor 8.8.8.8 remote-as 65535
neighbor 9.9.9.9 remote-as 65535
neighbor 24.24.24.24 remote-as 65535
neighbor 29.29.29.29 remote-as 65535
neighbor 8.8.8.8 update-source lo
neighbor 8.8.8.8 fall-over bfd
neighbor 9.9.9.9 update-source lo
neighbor 9.9.9.9 fall-over bfd
neighbor 24.24.24.24 update-source lo
neighbor 24.24.24.24 fall-over bfd
neighbor 29.29.29.29 update-source lo
neighbor 29.29.29.29 fall-over bfd
!
address-family l2vpn evpn
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 activate
neighbor 24.24.24.24 activate
neighbor 29.29.29.29 activate
exit-address-family
!
exit
!
rsvp-path LEAF2-ROOT2 mpls
24.1.5.24 strict
!
rsvp-path LEAF2-ROOT1 mpls
26.1.7.26 strict
!
rsvp-trunk LEAF2-ROOT1 ipv4
primary fast-reroute protection facility
primary path LEAF2-ROOT1
to 9.9.9.9
!
rsvp-trunk LEAF2-ROOT2 ipv4
primary fast-reroute protection facility
primary path LEAF2-ROOT2
to 24.24.24.24
!
LEAF3
!
evpn mpls enable
!
mac vrf vrf103
rd 29.29.29.29:103
route-target both 65535:103
!
evpn mpls vtep-ip-global 29.29.29.29
!
evpn mpls mac-ageing-time 60
!
evpn mpls id 203 etree-leaf
host-reachability-protocol evpn-bgp vrf103
!
qos enable
!
router ldp
router-id 29.29.29.29
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 9.9.9.9
exit-targeted-peer-mode
targeted-peer ipv4 24.24.24.24
exit-targeted-peer-mode
transport-address ipv4 29.29.29.29
!
router rsvp
!
interface ge0
static-channel-group 3
!
interface ge7
description connected to ROOT1 int xe7
ip address 26.1.6.27/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface lo
ip address 29.29.29.29/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe12
switchport
!
interface xe12.103 switchport
encapsulation dot1q 103
load-interval 30
access-if-evpn
map vpn-id 203
!
interface xe14
description connected to ROOT2 int xe13
ip address 24.1.8.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
exit
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 29.29.29.29
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0029.00
!
router bgp 65535
neighbor 8.8.8.8 remote-as 65535
neighbor 9.9.9.9 remote-as 65535
neighbor 24.24.24.24 remote-as 65535
neighbor 26.26.26.26 remote-as 65535
neighbor 8.8.8.8 update-source lo
neighbor 8.8.8.8 fall-over bfd
neighbor 9.9.9.9 update-source lo
neighbor 9.9.9.9 fall-over bfd
neighbor 24.24.24.24 update-source lo
neighbor 24.24.24.24 fall-over bfd
neighbor 26.26.26.26 update-source lo
neighbor 26.26.26.26 fall-over bfd
!
address-family l2vpn evpn
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 activate
neighbor 24.24.24.24 activate
neighbor 26.26.26.26 activate
exit-address-family
!
exit
!
rsvp-path LEAF3-ROOT2 mpls
24.1.8.24 strict
!
rsvp-path LEAF3-ROOT1 mpls
26.1.6.26 strict
!
rsvp-trunk LEAF3-ROOT1 ipv4
primary fast-reroute protection facility
primary path LEAF3-ROOT1
to 9.9.9.9
!
rsvp-trunk LEAF3-ROOT2 ipv4
primary fast-reroute protection facility
primary path LEAF3-ROOT2
to 24.24.24.24
!
ROOT1
!
hardware-profile filter evpn-mpls-mh enable
!
evpn mpls enable
!
evpn esi hold-time 90
!
evpn mpls multihoming enable
!
mac vrf vrf103
rd 9.9.9.9:103
route-target both 65535:103
!
evpn mpls vtep-ip-global 9.9.9.9
!
evpn mpls mac-ageing-time 60
!
evpn mpls id 203
host-reachability-protocol evpn-bgp vrf103
!
qos enable
!
bridge 1 protocol rstp vlan-bridge
!
router ldp
router-id 9.9.9.9
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 8.8.8.8
exit-targeted-peer-mode
targeted-peer ipv4 26.26.26.26
exit-targeted-peer-mode
transport-address ipv4 9.9.9.9
!
router rsvp
!
interface po100
switchport
load-interval 30
evpn multi-homed system-mac 0000.1111.2222
!
interface po100.103 switchport
encapsulation dot1q 103
load-interval 30
access-if-evpn
map vpn-id 203
!
interface lo
ip address 9.9.9.9/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe7
description connected to LEAF3 int ge7
speed 1g
ip address 26.1.6.26/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe10
channel-group 100 mode active
!
interface xe17.100 switchport
description for Static mac advertize
encapsulation dot1q 100
load-interval 30
access-if-evpn
map vpn-id 200
mac 0000.0000.0022
mac 0000.00dc.0001 ip 10.10.10.1
mac 0000.00dc.0001 ipv6 1001::1
!
interface xe19
switchport
!
interface xe20
description connected to LEAF1 int xe20
ip address 26.1.2.26/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe30
description connected to LEAF2 int xe5
speed 10g
ip address 26.1.7.26/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
exit
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 9.9.9.9
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0009.00
!
router bgp 65535
neighbor 8.8.8.8 remote-as 65535
neighbor 24.24.24.24 remote-as 65535
neighbor 26.26.26.26 remote-as 65535
neighbor 29.29.29.29 remote-as 65535
neighbor 8.8.8.8 update-source lo
neighbor 8.8.8.8 fall-over bfd
neighbor 24.24.24.24 update-source lo
neighbor 24.24.24.24 fall-over bfd
neighbor 26.26.26.26 update-source lo
neighbor 26.26.26.26 fall-over bfd
neighbor 29.29.29.29 update-source lo
neighbor 29.29.29.29 fall-over bfd
!
address-family l2vpn evpn
neighbor 8.8.8.8 activate
neighbor 24.24.24.24 activate
neighbor 26.26.26.26 activate
neighbor 29.29.29.29 activate
exit-address-family
!
exit
!
rsvp-path ROOT1-LEAF3 mpls
26.1.6.27 strict
!
rsvp-path ROOT1-LEAF2 mpls
26.1.7.27 strict
!
rsvp-path ROOT1-LEAF1 mpls
26.1.2.27 strict
!
rsvp-trunk ROOT1-LEAF1 ipv4
primary fast-reroute protection facility
primary path ROOT1-LEAF1
to 8.8.8.8
!
rsvp-trunk ROOT1-LEAF2 ipv4
primary fast-reroute protection facility
primary path ROOT11-LEAF2
to 26.26.26.26
!
rsvp-trunk ROOT1-LEAF3 ipv4
primary fast-reroute protection facility
primary path ROOT1-LEAF3
to 29.29.29.29
!
ROOT2
!
hardware-profile filter evpn-mpls-mh enable
!
evpn mpls enable
!
evpn esi hold-time 90
!
evpn mpls multihoming enable
!
mac vrf vrf103
rd 24.24.24.24:103
route-target both 65535:103
!
evpn mpls vtep-ip-global 24.24.24.24
!
evpn mpls mac-ageing-time 60
!
evpn mpls id 203
host-reachability-protocol evpn-bgp vrf103
!
qos enable
!
router ldp
router-id 24.24.24.24
fast-reroute
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
targeted-peer ipv4 8.8.8.8
exit-targeted-peer-mode
targeted-peer ipv4 26.26.26.26
exit-targeted-peer-mode
transport-address ipv4 24.24.24.24
!
router rsvp
!
interface po100
switchport
load-interval 30
evpn multi-homed system-mac 0000.1111.2222
!
interface po100.103 switchport
encapsulation dot1q 103
load-interval 30
access-if-evpn
map vpn-id 203
!
interface lo
ip address 24.24.24.24/32 secondary
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe6
description connected to LEAF2 int xe6
speed 10g
ip address 24.1.5.24/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe7
switchport
!
interface xe9
description connected to LEAF1 int xe11
speed 10g
ip address 24.1.4.24/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe13
description connected to LEAF3 int xe14
speed 10g
ip address 24.1.8.24/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe18
channel-group 100 mode active
!
exit
!
router isis ISIS-IGP
is-type level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 24.24.24.24
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0024.00
!
router bgp 65535
neighbor 8.8.8.8 remote-as 65535
neighbor 9.9.9.9 remote-as 65535
neighbor 26.26.26.26 remote-as 65535
neighbor 29.29.29.29 remote-as 65535
neighbor 8.8.8.8 update-source lo
neighbor 8.8.8.8 fall-over bfd
neighbor 9.9.9.9 update-source lo
neighbor 9.9.9.9 fall-over bfd
neighbor 26.26.26.26 update-source lo
neighbor 26.26.26.26 fall-over bfd
neighbor 29.29.29.29 update-source lo
neighbor 29.29.29.29 fall-over bfd
!
address-family l2vpn evpn
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 activate
neighbor 26.26.26.26 activate
neighbor 29.29.29.29 activate
exit-address-family
!
exit
!
rsvp-path ROOT2-LEAF1 mpls
24.1.4.25 strict
!
rsvp-path ROOT2-LEAF2 mpls
24.1.5.25 strict
!
rsvp-path ROOT2-LEAF3 mpls
24.1.8.25 strict
!
rsvp-trunk ROOT2-LEAF1 ipv4
primary fast-reroute protection facility
primary path ROOT2-LEAF1
to 8.8.8.8
!
rsvp-trunk ROOT2-LEAF2 ipv4
primary fast-reroute protection facility
primary path ROOT2-LEAF2
to 26.26.26.26
!
rsvp-trunk ROOT2-LEAF3 ipv4
primary fast-reroute protection facility
primary path ROOT2-LEAF3
to 29.29.29.29
!
CE SWITCH
!
bridge 1 protocol rstp vlan-bridge
!
vlan database
vlan-reservation 4030-4094
vlan 2-3010 bridge 1 state enable
!
interface po100
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
interface lo
ip address 32.32.32.32/32 secondary
!
interface xe9
channel-group 100 mode active
!
interface xe17
channel-group 100 mode active
!
interface xe1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
exit
!
 
SWITCH1
!
bridge 1 protocol rstp vlan-bridge
!
vlan-reservation 4020-4062
vlan 2-3000 bridge 1 state enable
!
interface po1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
interface lo
ip address 7.7.7.7/32 secondary
!
interface xe1/1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
interface xe3/1
channel-group 1 mode active
!
interface xe3/3
channel-group 1 mode active
!
exit
!
SWITCH2
!
bridge 1 protocol rstp vlan-bridge
!
vlan database
vlan 2-3000 bridge 1 state enable
!
interface sa3
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
interface ge0
static-channel-group 3
!
interface lo
ip address 23.23.23.23/32 secondary
!
interface xe4
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan all
!
E-Tree Active-Standby Configuration
To set up an E-Tree network with Active-Standby redundancy and load balancing, follow these steps:
Connect the Switch (P1) to the Root1, LEAF1, and LEAF2 nodes in the MPLS EVPN E-Tree Topology.
Set up the VRF, EVPN, Port-Active, and Single-Active Redundancy configuration on Root MH and Leaf MH nodes.
For more details on Active-Standby configuration, refer to the section EVPN Active-Standby.
LEAF1
!
mac vrf vrf600
rd 26.26.26.26:600
route-target both 65535:600
!
evpn mpls id 681 etree-leaf
host-reachability-protocol evpn-bgp vrf600
!
interface po1
switchport
load-interval 30
evpn multi-homed system-mac 0000.4321.1234 load-balancing port-active
service-carving auto
!
interface po1.681 switchport
encapsulation dot1q 681
load-interval 30
access-if-evpn
map vpn-id 681
!
interface sa1
switchport
load-interval 30
evpn multi-homed esi 11:22:33:00:00:00:55:66:77 load-balancing single-active
service-carving auto
!
interface sa1.681 switchport
encapsulation dot1q 681
load-interval 30
access-if-evpn
map vpn-id 681
!
interface xe4
description connected to P1 int xe43
speed 10g
load-interval 30
ip address 25.1.2.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
LEAF2
!
mac vrf vrf600
rd 26.26.26.26:600
route-target both 65535:600
!
evpn mpls id 681 etree-leaf
host-reachability-protocol evpn-bgp vrf600
!
interface po1
switchport
load-interval 30
evpn multi-homed system-mac 0000.4321.1234 load-balancing port-active
service-carving auto
!
interface po1.681 switchport
encapsulation dot1q 681
load-interval 30
access-if-evpn
map vpn-id 681
!
interface sa2
switchport
load-interval 30
evpn multi-homed esi 11:22:33:00:00:00:55:66:77 load-balancing single-active
service-carving auto
!
interface sa2.681 switchport
encapsulation dot1q 681
load-interval 30
access-if-evpn
map vpn-id 681
!
interface xe21
description connected to P1 int xe43
speed 10g
load-interval 30
ip address 27.1.2.25/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
 
P1
!
router ldp
router-id 6.6.6.6
graceful-restart full
graceful-restart timers neighbor-liveness 120
graceful-restart timers max-recovery 120
session-protection duration 10
transport-address ipv4 6.6.6.6
!
interface lo
ip address 127.0.0.1/8
ip address 6.6.6.6/32 secondary
ipv6 address ::1/128
ip router isis ISIS-IGP
enable-ldp ipv4
!
interface xe43
description connected to LEAF1 int xe4
speed 10g
load-interval 30
ip address 25.1.2.24/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe45
description connected to ROOT1 int xe2
speed 10g
load-interval 30
ip address 26.1.3.27/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
interface xe47
description connected to LEAF2 int xe21
speed 10g
load-interval 30
ip address 27.1.2.24/24
label-switching
ip router isis ISIS-IGP
enable-ldp ipv4
enable-rsvp
!
exit
!
router isis ISIS-IGP
is-type level-1
authentication mode md5 level-1
ignore-lsp-errors
lsp-gen-interval 5
spf-interval-exp level-1 50 2000
metric-style wide
mpls traffic-eng router-id 6.6.6.6
mpls traffic-eng level-1
capability cspf
dynamic-hostname
fast-reroute terminate-hold-on interval 10000
fast-reroute per-prefix level-1 proto ipv4 all
fast-reroute per-prefix remote-lfa level-1 proto ipv4 tunnel mpls-ldp
bfd all-interfaces
net 49.0001.0000.0000.0006.00
!
 
Validation
To verify the status of the ESI, whether it's active or standby, use the show evpn load-balance all command. This command helps debug and understand if the election process is occurring correctly. For the ESI 00:00:00:43:21:12:34:00:00:00, LEAF1 is active, and LEAF2 is on standby in port-active mode. For the ESI 00:11:22:33:00:00:00:55:66:77, LEAF2 is active, and LEAF1 is on standby in single-active mode.
LEAF1#show evpn load-balance all
ESI AC-IF/PE PE-IP-ADDRESS Redundancy Service-carving weight Revertive AC-DF Status
============================================================================================================================
00:00:00:43:21:12:34:00:00:00 LOCAL 8.8.8.8 port-active auto 0 NO NA ACTIVE
00:00:00:43:21:12:34:00:00:00 REMOTE 26.26.26.26 port-active auto 0 NO NA STANDBY
00:11:22:33:00:00:00:55:66:77 sa1.681 8.8.8.8 single-active auto 0 NO NO STANDBY
 
LEAF2#show evpn load-balance all
ESI AC-IF/PE PE-IP-ADDRESS Redundancy Service-carving weight Revertive AC-DF Status
============================================================================================================================
00:00:00:43:21:12:34:00:00:00 REMOTE 8.8.8.8 port-active auto 0 NO NA ACTIVE
00:00:00:43:21:12:34:00:00:00 LOCAL 26.26.26.26 port-active auto 0 NO NA STANDBY
00:11:22:33:00:00:00:55:66:77 sa2.681 26.26.26.26 single-active auto 0 NO NO ACTIVE
 
All MAC addresses in Root and Leaf nodes will be synchronized.
LEAF1#show evpn mpls mac-table
===========================================================================================================================
EVPN MPLS MAC Entries
===========================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
___________________________________________________________________________________________________________________________
 
681 po1.681 ---- ---- 0000.da00.0001 00:00:00:43:21:12:34:00:00:00 Dynamic Local ------- 0 ------- set
681 ---- ---- ---- 0000.ea00.0001 00:00:00:11:11:22:22:00:00:00 Dynamic Remote ------- 0 ------- ----
 
Total number of entries are : 2
 
LEAF2#show evpn mpls mac-table
===========================================================================================================================
EVPN MPLS MAC Entries
===========================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
___________________________________________________________________________________________________________________________
 
681 ---- ---- ---- 0000.da00.0001 00:00:00:43:21:12:34:00:00:00 Dynamic Remote ------- 0 ------- set
681 ---- ---- ---- 0000.ea00.0001 00:00:00:11:11:22:22:00:00:00 Dynamic Remote ------- 0 ------- ----
 
Total number of entries are : 2
 
ROOT1#show evpn mpls mac-table
===========================================================================================================================
EVPN MPLS MAC Entries
===========================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
___________________________________________________________________________________________________________________________
 
681 ---- ---- ---- 0000.da00.0001 00:00:00:43:21:12:34:00:00:00 Dynamic Remote ------- 0 ------- set
681 po100.681 ---- ---- 0000.ea00.0001 00:00:00:11:11:22:22:00:00:00 Dynamic Local ------- 0 ------- ----
 
Total number of entries are : 2
Implementation Examples
Here is an example scenario and a solution for implementing EVPN E-Tree.
Scenario 1: Specific traffic isolation and control measures are essential in a network of EVPN L2VPN services or instances. Within a broadcast domain, services communicating with each other may result in flooding BUM traffic to all services within the domain. Moreover, hosts are learned and advertised between different sites/services.
Use Case 1: Implementing an EVPN E-Tree solution defines the network topology with distinct Root and Leaf classifications, BUM traffic flooding can be minimized, and traffic isolation can be achieved. This ensures efficient communication between services while preventing unnecessary traffic propagation and maintaining network integrity.
Scenario 2: An Internet Service Provider (ISP) provides services to multiple subscribers and aims to facilitate communication with them. However, the ISP needs to ensure that subscribers exclusively communicate with the ISP and not among themselves.
Use Case 2: Implementing EVPN E-Tree is essential to fulfill this requirement. By categorizing ISP services as Root and subscribers as Leaf, traffic isolation can be enforced. This configuration enables the ISP to communicate with subscribers while preventing inter-subscriber communication. As a result, network security is enhanced, and the ISP maintains control over communication within its network.
E-Tree CLI Commands
The EVPN E-Tree introduces the following configuration commands in OcNOS.
evpn etree
Use this command to enable E-Tree functionality within the EVPN configuration.
Command Syntax
evpn etree enable
Parameters
None
Default
Disabled
Command Mode
Configure mode
Applicability
Introduced in OcNOS version 6.5.1.
Example
The following example illustrates how to activate E-Tree functionality for EVPN:
OcNOS#configure terminal
OcNOS(config)#evpn etree enable
Revised CLI Commands
The following is the revised command for configuring MPLS EVPN E-Tree
evpn mpls id
The existing syntax now includes the newly added parameter for E-Tree, namely etree-leaf.
The command evpn mpls id <ID> etree-leaf allows users to tailor MPLS EVPN behavior on a network device, indicating its participation as a leaf node in an E-Tree deployment. For more details, refer to the evpn mpls id command in the EVPN MPLS Commands chapter in the OcNOS Multi-Protocol Label Switching Guide.
Troubleshooting
1. When traffic, whether unicast (UC) or broadcast, is passed to the Intra Leaf site:
Check the sub-interface or physical interface counters to monitor traffic throughput and potential issues.
Verify the Leaf status of the corresponding VNI to ensure proper functionality.
Use packet sniffing tools to analyze packets in the egress direction for any anomalies or errors.
MAC entries learned via leaf access port should include the set keyword in the MAC table output.
2. If UC traffic is routed within inter-PE leaf sites:
Check the Leaf status of the VNI at both participating PE devices to confirm operational status.
Check if the advertised MAC is in discard or non-discard status using the show mac table command and l2 show in the BCM shell.
3. Verify if BUM traffic is transmitted between Leaf sites inter-PE:
Ensure that a BUM tunnels are not established between inter-PE devices.
Validate this by examining the Multicast ingress group, using the show evpn mpls tunnel command. For EVPN MPLS, confirm that BUM tunnels are not created.
4. Investigate UC traffic drops from the Root to MH Leaf PE:
Check if MAC addresses are not installed in discard status within the MH peer's access port. This status could indicate issues with MAC learning or forwarding.
5. Evaluate traffic between Root and Leaf:
Confirm the establishment of both UC and BUM tunnels.
Ensure that unicast MAC addresses are not marked with a discard status in the MAC table.
6. Validate the exchange of routes between two BGP L2VPN peers:
Monitor BGP (Border Gateway Protocol) sessions to verify successful route exchange and propagation between the peers.
7. Convergence: Assess convergence by checking BFD configuration between BGP sessions.
Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:
 
Key Terms/Acronym
Description
EVPN E-Tree (Ethernet VPN Ethernet-Tree)
A networking solution designed to manage communication within broadcast domains, incorporating redundancy through multi-homing in a network. It optimizes traffic routing and control, categorizing network nodes based on predefined definitions of EVPN Instances as Leaf or Root, allowing or restricting communication between them.
EVPN (Ethernet Virtual Private Network)
A Layer 2 VPN technology that extends Ethernet services across data centers and wide-area networks using BGP.
Multi-homing (MH)
The ability of a device to connect to multiple network segments simultaneously to increase network availability and redundancy.
Provider Edge (PE) Node
A device at the edge of a service provider network that connects to customer premises equipment (CE) and participates in providing services to customers.
Leaf Node
In the context of EVPN E-Tree, a network node categorized to handle communication within specific broadcast domains and may connect to Root nodes.
Root Node
A network node within EVPN E-Tree that serves as the central point of communication and handles BUM traffic distribution.
Ethernet Segment Identifier (ESI)
A unique identifier used to identify Ethernet segments within a MPLS network.