Ethernet VPN Ethernet-Tree (EVPN E-Tree), is a networking solution designed to manage communication within broadcast domains, incorporating redundancy through multi-homing in a network. It optimizes traffic routing and control, especially in scenarios where specific services or devices need controlled communication. It categorizes network nodes based on predefined definitions of EVPN Instances as Leaf or Root, allowing or restricting communication between them.

Implemented Scenario 1 of the EVPN E-Tree solution, as defined by RFC-8317, designates each Provider Edge (PE) node as either a Leaf or a Root site per Virtual Private Network (VPN) for VXLAN and MPLS EVPN in OcNOS.

The explanation of scenario 1 is based on the provided topology diagram, which consists of three PE nodes labeled PE-1, PE-2, and PE-3 and two Multi-Homed (MH) nodes labeled MH-1 and MH-2. Within this setup, PE-3 functions as the Root node, while PE-1 and PE-2 serve as Leaf nodes. Also, PE-1 and PE-2 are part of a single home access-if port (SH1 and SH2).

The classification ensures that communication follows specific rules:

The scenario 1 is achieved through two main concepts:

EVPN E-Tree offers benefits in networking environments by providing efficient traffic control, enhanced security, scalability, and improved performance.

Efficient Traffic Control: EVPN E-Tree allows for efficient control over traffic within network broadcast domains. By segregating nodes into Leaf and Root categories, it enables precise management of communication flows, ensuring the traffic is directed only where needed.

Enhanced Security: The isolation of Leaf hosts from each other adds a layer of security to the network. This prevents unauthorized communication between devices within the same broadcast domain, reducing the risk of data breaches and unauthorized access.

Scalability: EVPN E-Tree is scalable, making it suitable for networks of various sizes and complexities. Whether deploying in small-scale environments or large enterprise networks, EVPN E-Tree offers flexibility and scalability to meet evolving business needs.

Improved Performance: By controlling communication paths and optimizing traffic flows, EVPN E-Tree can improve network performance. This ensures that critical data packets are delivered efficiently, reducing latency and enhancing overall network performance.

In setting up a MPLS EVPN network, certain prerequisites are essential to ensure proper functionality and connectivity.

Ensure MPLS EVPN Configuration: Confirm that MPLS EVPN and MPLS MH filtering are already enabled in all leaf and root nodes of the network as they are required for MPLS EVPN Multihoming.

Define Interfaces and Loopback Addresses: Configure Layer 2 interfaces, like port channel interfaces (e.g., po1), and assign specific system MAC addresses for proper identification and routing. Additionally, assign loopback IP addresses to establish essential points of connectivity. These configurations establish the efficient network routing and communication.

Configure ISIS and BGP for Dynamic Routing: Enable ISIS to facilitate dynamic routing on all Leaf and Root nodes within the network. Define ISIS router instances to match loopback IP addresses and add network segments to ISIS areas for proper route distribution. Additionally, establish BGP sessions to advertise routes between different nodes. Set up neighbor relationships using loopback IP addresses, ensuring efficient route advertisement and convergence for optimal network performance.

Configure LDP and RSVP for Efficient Network Operation: Enable Label Distribution Protocol (LDP) and Resource Reservation Protocol (RSVP) on all Leaf and Root nodes to optimize traffic routing and quality of service. LDP assigns labels for packet forwarding, while RSVP reserves network resources along specified paths to enhance network performance and reliability.

Create VRF for Isolated Routing Instances: Configure VRF on all Leaf and Root nodes to create isolated routing instances within the network. This enables separate routing tables and forwarding behaviors for different groups of network resources.

Connect Network Interfaces: Configure network interfaces on all Leaf and Root nodes with connection details, IP addresses, and protocol settings. Enable label-switching and configure participation in the ISIS routing protocol, including support for protocols like LDP and RSVP for IPv4. These configurations optimize routing and resource management across the network.

Configure Switch: Set up a VLAN bridge by enabling the VLAN and associating specific VLANs with the bridge. Configure network interfaces as trunk ports to allow traffic for all permitted VLANs across the network. Designate interfaces connected to Leaf and Root nodes as member ports of the VLAN bridge. This setup optimizes network segmentation and traffic management

Configure various nodes within the topology to set up an MPLS EVPN E-Tree network, ensuring EVPN E-Tree for All-Active and Active-Standby redundancy and load balancing.

In the sample topology, Leaf nodes (LEAF1, LEAF2, LEAF3, and LEAF4), Root nodes (ROOT1 and ROOT2), and Switches (CE SWITCH, SWITCH1, and SWITCH2) form the network architecture. LEAF1 and LEAF2 are part of a Multi-homed group, with both connected to po1 (MH2). LEAF1 and LEAF3 have single home access-if ports (SH3 and SH4, respectively). Similarly, ROOT1 and ROOT2 are part of a Multi-homed group with po100 (MH1), and they each have a single home access-if port (SH1 and SH2, respectively). Leaf nodes are interconnected, and CE SWITCH, SWITCH1, and SWITCH2 are configured for Multi-homed connections to Leaf and Root nodes. SWITCH1 connects to LEAF1 and LEAF2, while CE SWITCH links to ROOT1 and ROOT2.

The following E-Tree configurations applies to Leaf and Root nodes within the MPLS network.

Use the show commands described in this section to verify the network for proper MPLS EVPN E-Tree configuration.

Verify LDP sessions on all leaf and root nodes by using the show ldp session command. The state field (OPERATIONAL) indicates that the LDP session between the device and its peers is currently active.

Verify the BGP session status on all leaf and root nodes, using the show bgp l2vpn evpn summary command output. The Up/Down field indicates the duration for which the BGP session has been up or down.

Verify ESI information and the forwarding tunnel status on all leaf and root nodes, by examining the show evpn mpls command output. The DF- Status field displays the forwarding status as either a Designated Forwarder (DF) or Non-Designated Forwarder (Non-DF), and the ESI field displays the Ethernet Segment Identifier associated with each entry.

Configure static MAC-IP advertisement through SH and MH from Root and Leaf nodes. Advertise static MAC addresses for both IPv4 and IPv6 from all MH and SH nodes. Ensure that nodes within the same MH have identical MAC addresses configured under the port-channel access port.

Configure static MAC addresses for IPv4 (30.30.30.3) and IPv6 (3000::1) under the MH access-port (po1) with VLAN ID (103). Repeat the same configurations for other MH nodes using different static MAC addresses for both IPv4 and IPv6.

Configure static MAC addresses for IPv4 (40.40.40.4) and IPv6 (4000::1) under the SH access-port (xe27) with VLAN ID (103). This setup ensures that SH advertises these static MAC addresses over the specified access-port. Repeat the same configurations for other SH nodes using different static MAC addresses for both IPv4 and IPv6.

Verify the MAC table entries on MH nodes (MH1, MH2 and MH3) and the SH nodes (SH1, SH2, SH3, and SH4). MH nodes advertise their MAC addresses using the ESI values. Additionally, verify the IP addresses associated with SH nodes for MAC advertisement.

In the show evpn mpls mac-table command output, the MAC entries originated from Leaf Nodes will have the LeafFlag field status set.

Use the show evpn mpls arp-cache command to verify the Address Resolution Protocol (ARP) cache information on all nodes. This command displays entries that map IPv4 addresses to MAC addresses within the specified EVPN ID network.

Use the show evpn mpls nd-cache command to verify the Neighbor Discovery (ND) cache information on all nodes. This command displays entries that map IPv6 addresses to MAC addresses within the specified EVPN ID network.

Here are the snippet configurations for all nodes in the given network topology.

To set up an E-Tree network with Active-Standby redundancy and load balancing, follow these steps:

For more details on Active-Standby configuration, refer to the section EVPN Active-Standby.

To verify the status of the ESI, whether it's active or standby, use the show evpn load-balance all command. This command helps debug and understand if the election process is occurring correctly. For the ESI 00:00:00:43:21:12:34:00:00:00, LEAF1 is active, and LEAF2 is on standby in port-active mode. For the ESI 00:11:22:33:00:00:00:55:66:77, LEAF2 is active, and LEAF1 is on standby in single-active mode.

All MAC addresses in Root and Leaf nodes will be synchronized.

Here is an example scenario and a solution for implementing EVPN E-Tree.

Scenario 1: Specific traffic isolation and control measures are essential in a network of EVPN L2VPN services or instances. Within a broadcast domain, services communicating with each other may result in flooding BUM traffic to all services within the domain. Moreover, hosts are learned and advertised between different sites/services.

Use Case 1: Implementing an EVPN E-Tree solution defines the network topology with distinct Root and Leaf classifications, BUM traffic flooding can be minimized, and traffic isolation can be achieved. This ensures efficient communication between services while preventing unnecessary traffic propagation and maintaining network integrity.

Scenario 2: An Internet Service Provider (ISP) provides services to multiple subscribers and aims to facilitate communication with them. However, the ISP needs to ensure that subscribers exclusively communicate with the ISP and not among themselves.

Use Case 2: Implementing EVPN E-Tree is essential to fulfill this requirement. By categorizing ISP services as Root and subscribers as Leaf, traffic isolation can be enforced. This configuration enables the ISP to communicate with subscribers while preventing inter-subscriber communication. As a result, network security is enhanced, and the ISP maintains control over communication within its network.

The EVPN E-Tree introduces the following configuration commands in OcNOS.

Use this command to enable E-Tree functionality within the EVPN configuration.

None

Disabled

Configure mode

Introduced in OcNOS version 6.5.1.

The following example illustrates how to activate E-Tree functionality for EVPN:

The following is the revised command for configuring MPLS EVPN E-Tree

The following provides definitions for key terms or abbreviations and their meanings used throughout this document: