Evpn in Service Provider Network-Web PDF
Evpn in Service Provider Network-Web PDF
Evpn in Service Provider Network-Web PDF
Local knowledge.
Cisco Connect Dubrovnik
27.-29.3.2019.
EVPN in Service Provider network
Dejan Jaksic
Sytstems Engineer Service Providers
28-3-2019
• Planet EVPN motivation
• EVPN Basics
• Network Fabric Architecture
Agenda • EVPN-VPNv4 interconnect
• EVPN and VPLS seamless
integration
• EVPN positioning in SP network
• Conclusion
EVPN: Value Proposition
All-Active Multi-
Homing
EVPN Per-Flow
Redundancy
and load-
balancing
Workload Mobility
Fast
Convergence
Ethernet IEEE
Ethernet IEEE IETF
Over 802.1ah
Begins 802.3 EVPN
MPLS (PBB)
Stolen Data Center requirements J
SHD CE1
Route Types Extended Communities
BD EVI ESI1 PE1 [1] Ethernet Auto-Discovery (AD) Route ESI MPLS Label
PE2
ESI2 [4] Ethernet Segment Route Default Gateway
PE
[5] IP Prefix Advertisement Route Encapsulation
• EVI identifies a VPN in the • Represents a ‘site’ • New SAFI [70] • New BGP extended
network connected to one or more • Routes serve control communities defined
• Encompass one or more PEs plane purposes, • Expand information
bridge-domains, • Uniquely identified by a 10- including: carried in BGP routes,
depending on service byte global Ethernet MAC address reachability including:
interface type Segment Identifier (ESI) MAC mass withdrawal MAC address moves
Port-based • Could be a single device Split-Horizon label adv. Redundancy mode
VLAN-based (shown above) or an entire network MAC / IP bindings of a GW
Aliasing
VLAN-bundling Single-Homed Device (SHD) Multicast endpoint discovery Split-horizon label encoding
Multi-Homed Device (MHD) Redundancy group discovery Data plane Encapsulation
Single-Homed Network (SHN)
Designated forwarder election
Multi-Homed Network (MHN) IP address reachability
L2/L3 Integration
Service Provider Network - Simplification Journey
Compass
Unified MPLS EPN 5.0 Metro Fabric
Provisioning NETCONF NETCONF
YANG YANG
Programmability
FRR or TE RSVP
IGP with SR
LDP IGP with SR
Intra-Domain CP
IGP
https://xrdocs.io/design/
Drastic Network Protocols Reduction
Leaf
VM
PE1 DCI1
Spine Spine
Leaf
VM
A1 Access WAN/Core
Leaf
PE2 DCI2 VM
Existing Solution: L2/L3VPN (BGP,T-LDP) - VPLS, EoMPLS VPLS, OTV Trill, Fabric-Path Overlay
IP, IGP, MPLS (LDP), RSVP-TE, BGP-LU IP, MPLS, L2 L2, STP, VLAN Underlay
MPLS Transport & BGP Service
BGP L3VPN BGP EVPN
BGP Signaling BGP Signaling BGP Signaling BGP Signaling
C1 C2
VM VM VM VM
EVPN vs VPNv4/6 or BGP Control Plane?
• BGP integrates services with programmable SR transport
• Common across L2 / L3 services
• Services Control Plane is BGP with different AF / SAFI
• Single Service Control Plane is easy to manage and troubleshoot
• HUGE investment in existing VPNv4/6
• EVPN doesn’t replace L3VPN VPNv4/6 - no technical reason to do it!
EVPN Flavors
• Multi-Homed All-Active Ethernet Access
• Replacement of: mLACP, STP, T-LDP, BGP-AD, etc.
• Standards-based Multi-chassis / Cluster Control Plane
• Replacement of: vPC, VSS, nVCluster, etc.
• Replacement of: HSRP, VRRP, etc.
• Carrier Ethernet Today
• E-LINE - 80% of SP’s L2VPN portfolio (PWs)
• E-LAN - Smaller # of L2 Multipoint VPN services
• There isn’t other standard technology with Ethernet All-Active Multi-
homing
EVPN - Positioning
• EVPN should be door-opener for IOS XR in Next Generation CO
(Network Fabric)
• EVPN L2/L3 multipoint brings optimal forwarding, MAC mobility, all-active
MH access
• BGP Control-Plane
• Simplifies DCI/Border-Leaf configuration and service provisioning
• Provides common SLA signaling
EVPN - Ethernet VPN
• Leafs run Multi-Protocol BGP to advertise & learn MAC/IP addresses over the
Network Fabric
• MAC/IP addresses are advertised to rest of Leafs
SP SP
L L L L
Data Plane learning
from the hosts
All Active multi-homing
C C Ethernet Segment
VM VM VM VM
XR CLI:
Step 2:
Step 1:
EVPN - Ethernet-Segment for Multi-Homing
SP1 SP2
The bundle on the Leafs
connecting to a node should
have Identical ES identifier (ESI)
L1 L2 L3 L4
Unique 10-byte global identifier
per Ethernet Segment Ethernet Segment represents a
C1 C2 node connected multiple Leafs
VM VM VM VM
EVPN – Designated Forwarder (DF)
Challenge:
How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed
Ethernet Segment (BUM traffic)?
SP1 SP2
L1 L2 L3 L4
NDF DF
C1 Duplicate C2
EVPN – Split Horizon
Challenge:
How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Transport
BUM Label Label
SP1 SP2
SH Label
L1 L2
C1 Echo !
VM VM
EVPN – MAC Mass-Withdraw
Challenge:
How to inform other Leafs of a failure affecting many MAC addresses quickly while the
control-plane re-converges?
L1 L2 L3 L4
MAC1 can NOT be
reached via ESI1
C1 C2
VM VM VM VM
ESI1 MAC1
BUM = Broadcast, Unknown unicast, Multicast
SP1 SP2
BU
BU
BU
M
M
M
L1 L2 L3 L4
BU
M
C1 C2
VM VM VM VM
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
Service Carving: 100 modulo 2 = 0 H2
R36 is DF for EVI-100
R38 R35
RT-4 - DF Election
H1 ESI: 0036.3700.0000.0000.1100
ESI: 0036.3700.0000.0000.1100
R36
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-3 - Inclusive Multicast
R38 R35
RD: 1.1.1.36:100
H1
R36
BUM Forwarding
BUM - Traffic
IR BUM - Traffic
BUM Forwarding
X
LACP R37 R34
Transport Label R37
H1 BUM Label R37/EVI100
BUM - Traffic
IR BUM - Traffic
R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery
(Split-Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-2 - MAC Advertisement
4. RT2: MAC Advertisement R38 R35
RD: 1.1.1.36:100
ESI: 0036.3700.0000.0000.1100
H1 Label: 64004
L2 Frame SMAC:
0062.ec71.fbd7
H1
R36
L2 Frame Flow1
DMAC: H1
EVPN Routes – Cheat Sheet
PE1 – Advertises:
BGP Signaling
.1
BVI1
MAC-A -> BE1.1
RT-1 Per EVI Ethernet Auto-Discovery (AD) Route(s)
BE1
IP-A
BE1 - ESI1
VRF1 ARP • EVI1 per-EVI (Aliasing) Label is
Vlan1 IP-A MAC-A -> BVI1
• EVI2 per-EVI (Aliasing) Label is EVI1-L
VRF1 IP-B MAC-B -> BVI2
EVI2-L
Vlan2 VRF1-AGGL RT-3 Inclusive Multicast Route(s)
BE1
L1 L2 L3 L4
All the BVIs perform active forwarding
in contrast to active/standby like First-
hop routing protocol
C1 C2 C3 C4
VM VM VM VM
EVPN – IRB in Network Fabric
CORE Routing
Intra-subnet
Forwarding
SP SP
Inter-subnet
Forwarding L3
GW GW GW GW --
L2
L L L L
Subnet 1
Subnet 2 C C C C
VM VM VM VM
40
Centralized vs. Distributed Routing
Fabric Fabric
L3
Leaf Leaf
L2
• Optimized forwarding of east-west traffic • All east<->west routed traffic traverses to centralized gateways
• ARP/MAC state localized to Leafs • Centralized gateways have full ARP/MAC state in the DC
• Helps with horizontal scaling of DC • Scale challenge
• We do NOT support this design!
Integrated Routing and Bridging
Symmetric IRB Asymmetric IRB
Boarder Boarder
Leaf Leaf
Fabric Fabric
Leaf Leaf
V1 V1 V1 V2 V1, V2
CE CE CE
PE1 PE2
H1 H2
Normalized VLAN
VLAN translation over unique tunnel
CE2
A2 PE2
CEn
PWHE
ELINE
(single tunnel)
VLANs VRFs
EVPN - L3 Multi-Homing using EVLAG
No ICCP!
HSRP/VRRP/MC-LAG Replacement
Access Core / Metro Fabric Access
BVI
CE1 GW PE1 PE3 CE3
L3VPN
or
EVPN
BVI
CE2 GW PE2 PE4 CE4
EVLAG EVLAG
AG AG
CE A1 EVPN A3 CE
Anycast-PW All-Active Anycast-PW
AG AG
Anycast-SID Anycast-SID
EVPN - access VPWS (H-EVPN)
Multi-Homed EVPN-VPWS - Roadmap
Access Core / Metro Fabric Access
A1 AG AG A3
A2 AG AG A4
EVPN and VPNv4/6 Interconnect
• DCI/BL provides EVPN to VPNv4/6 stitching
• DCI/BL participates in L3 Routing not in L2 Bridging
• DCI/BL is mandatory, because of summarization!!!
LEAF
A P S
A P S
LEAF
EVPN and VPNv4/6 Interconnect
• DCI/BL provides EVPN to VPNv4/6 stitching Interconnect
• DCI/BL participates in L3 Routing not in L2 Bridging
• DCI/BL is mandatory, because of summarization!!!
LEAF
A P S
A P S
LEAF
EVPN and VPNv4/6 Interconnect
RT5 Prefix = prefix-CE2/24 RT: VRF A RT5 Prefix = prefix-CE2/24 RT: VRF A Stitching
RT5 Prefix = prefix-CE1/24 RT: VRF A RT5 Prefix = prefix-CE1/24 RT: VRF A Stitching
VRF A
RD DCI:0
RT import/export: VRF A Stitching
RT import/export: VRF A
EVPN and VPNv4/6 Interconnect
EVPN to VPNv4/6 Re-Advertise
RT5 Prefix = prefix-CE1/24 RT: VRF A RT5 Prefix = prefix-CE1/24 RT: VRF A Stitching
RT5 Prefix = prefix-CE2/24 RT: VRF A RT5 Prefix = prefix-CE2/24 RT: VRF A Stitching
Source
VRF(x)
BL BL
MVPN State sync
in EVPN
SP SP
L3
---
L2 L L L L
EVI-x
IGMP Join / Leave
EVI-y
C C
IRB vrf(x)
mcast Receiver Receiver
evpn
EVPN – Service Layering
Access Aggregation Core
A AG PE P PE
Multicast CE
FXC
EVPN-HE
E-TREE A AG PE P PE
P2P
L2 Bridging
L3 Routing BL BL
IRB
SP SP
SP SP
SP SP
SP SP “Shared or single tenant”
L L L
L L L
L L L
L L L L
L L L L
L L L L
C C CE CE
Service Provider Network BGP/EVPN
A A AG PE/P P PE/P AG A A
CE CE
A A AG PE/P P PE/P AG A A
ü Seamless mobility
ü Optimal forwarding (east-west & north-south)
ü All-active multi-homing load-balancing
ü Allow virtualization of appliances
ü EVPN multi-services (E-LAN, E-LINE, IRB)
ü Optimal bandwidth utilization within fabric
SP Routing Use Case Representation
PRE-AGG DCI
5G
Mobile FH Direct
MOBILE EDGE Content
CELL SITE ROUTER METRO AGG
4G H
SP PEERING
B
bile
Mo
Public Cloud
CIN CABLE EDGE
CLOUD PEERING
RPD
EVPN Applicability
EVPN Advantages:
Integrated • Integrated Layer 2 and Layer 3 VPN services
Services • L3VPN-like principals and operational experience for scalability and control
• All-active Multi-homing & PE load-balancing (ECMP)
• Fast convergence (link, node, MAC moves)
Network
• Control-Place (BGP) learning. PWs are no longer used.
Efficiency
• Optimized Broadcast, Unknown-unicast, Multicast traffic delivery
Fully support IPv4 and IPv6 in the data plane and control plane
Investment •