https://e-vpn.
io/fal
EVPN Introduction & Principles
Jiri Chaloupka – Cisco Technical Marketing Engineer
04/2020
�Objectives
• Short Technical session (Flood & Learn)
• No Fee
• No Registration (Let’s see if we will not overload meeting;) )
• Networking topics with focus on Service Provider(SP) and SP Data Center
technologies
https://e-vpn.io/fal
� MPLS Transport & BGP Service
BGP L3VPN/ L3 EVPN BGP L2 EVPN
BGP Signaling BGP Signaling BGP Signaling BGP Signaling
PE2 PE4 PE2 PE4
CE1 MPLS CE2 CE1 MPLS CE2
PE1 PE3 PE1 PE3
Data Plane Data Plane
IP Packet Transport IP Packet L2 Frame Transport L2 Frame
MPLS Label MPLS Label
Service Service
BGP Label BGP Label
IP Packet L2 Frame
https://e-vpn.io/fal
�EVPN – Why?
Next-Generation Solutions for L2VPN
Solving VPLS challenges for per-flow Redundancy
M1 M2
CE1 PE1 PE3 CE2
Echo !
• Existing VPLS solutions do not offer an All-
PE2 PE4
Active per-flow redundancy
• Looping of Traffic Flooded from PE M1 Duplicate !
M2
CE1 PE1 PE3 CE2
• Duplicate Frames from Floods from the Core
• MAC Flip-Flopping over Pseudowire PE2 PE4
• E.g. Port-Channel Load-Balancing does not
produce a consistent hash-value for a frame with M1 M2
the same source MAC (e.g. non MAC based CE1 PE1
MAC Flip-
Flop PE3 CE2
Hash-Schemes)
PE2 PE4
https://e-vpn.io/fal
�Concepts
EVPN Instance (EVI) Ethernet Segment BGP Routes BGP Route Attributes
SHD CE1
Route Types Extended Communities
BD EVI ESI1 PE1 [1] Ethernet Auto-Discovery (AD) Route ESI MPLS Label
[2] MAC/IP Advertisement Route ES-Import
MHD CE2
[3] Inclusive Multicast Route MAC Mobility
BD
EVI
PE2
ESI2 [4] Ethernet Segment Route Default Gateway
PE
[5] IP Prefix Advertisement Route Encapsulation
• EVI identifies a VPN in the • Represents a ‘site’ connected • New SAFI [70] • New BGP extended
network to one or more PEs • Routes serve control communities defined
• Encompass one or more • Uniquely identified by a 10- plane purposes, • Expand information
bridge-domains, byte global Ethernet Segment including: carried in BGP routes,
depending on service Identifier (ESI) MAC address reachability including:
interface type • Could be a single device MAC mass withdrawal MAC address moves
Port-based or an entire network Split-Horizon label adv. Redundancy mode
VLAN-based (shown above) Single-Homed Device (SHD) MAC / IP bindings of a GW
Aliasing
VLAN-bundling Multi-Homed Device (MHD) Multicast endpoint discovery Split-horizon label encoding
Single-Homed Network (SHN) Redundancy group discovery Data plane Encapsulation
Multi-Homed Network (MHN) Designated forwarder election
IP address reachability
L2/L3 Integration
https://e-vpn.io/fal
� EVPN - load-balancing modes
All-Active Single-Active Port-Active
(per flow) (per VLAN) (per port)
PE1 PE2 PE1 PE2 PE1 PE2
V1 V1 V1 V2 V1, V2
CE1 CE2 CE3
Single LAG at the CE Multiple LAGs at the CE Single LAGs at the CE
VLAN goes to both PE VLAN active on single PE Port active on single PE
Traffic hashed per flow Traffic hashed per VLAN Traffic hashed per port
Benefits: Bandwidth, Convergence Benefits: Billing, Policing Benefits: Protocol Simplification
https://e-vpn.io/fal
�All-Active Multi-Homed EVPN Access
https://e-vpn.io/fal
�EVPN - Ethernet-Segment for Multi-Homing
L1 and L2 (L3 and L4) have to know if they multi-home same broadcast domain
SP1 SP2
The bundle on the Leafs
connecting to a node should have
Identical ES identifier (ESI)
L1 L2 L3 L4
Unique 10-byte global identifier
per Ethernet Segment Ethernet Segment represents a node
connected multiple Leaves
C1 C2
VM VM VM VM
https://e-vpn.io/fal
� EVPN - Ethernet VPN
MAC address advertisement and MAC address table synchronization
Leaves run Multi-Protocol BGP to advertise & learn MAC addresses over the Network
MAC addresses are advertised to rest of Leaves
L3/4 – Learn MAC address advertised by L1
L2 – uses MAC address advertised by L1 to synchronize MAC address table
-> L2 forwards MAC via local ETH interface represented by same Ethernet Segment between L1 and L2
SP1 SP2
MAC advertisement & learning/synchronization
via BGP EVPN NLRI
L1 L2 L3 L4
Data Plane learning
from the hosts
All Active multi-homing
C1 C2 Ethernet Segment
VM VM VM VM
https://e-vpn.io/fal
�EVPN – BUM Ingress Replication
Two service labels per EVPN instance
BUM Label – to forward Broadcast, Unknown Unicast and Multicast
Unicast Label – to forward Unicast
SP1 SP2
BU
BU
BU
M
M
M
L1 L2 L3 L4
BU
M
C1 C2
VM VM VM VM
https://e-vpn.io/fal
� EVPN – Designated Forwarder (DF)
Challenge:
How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed Ethernet Segment?
If (L3 and L4) Multi-Homing access via same Ethernet Segment -> only one of them can forward traffic to access
Same for (L1 and L2)
Why extra BUM Label?
What if Unicast Traffic is sent to L3 or L4 (not flooded)? -> DF Election applies only to BUM (from Core to Access)
DF, Redirect, Fast Re-Route (FRR), etc.
Service Label informs egress Leaf if traffic is BUM or Unicast
SP1 SP2
L1 L2 L3 L4
NDF DF
C1 Duplicate C2
https://e-vpn.io/fal
�EVPN – Split Horizon
Challenge:
How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Transport
BUM Label Label
SP1 SP2
SH Label
L1 L2
C1 Echo !
VM VM
https://e-vpn.io/fal
�EVPN – Split Horizon
Transport
BUM Label Label
SP1 SP2
SH Label
L1 L2
C1 Echo !
C11
VM VM VM VM
https://e-vpn.io/fal
�EVPN – MAC Mass-Withdraw
Challenge:
How to inform other Leafs of a failure affecting many MAC addresses quickly while the
control-plane re-converges?
SP2 MAC1 à ESI1 à Leaf1 + Leaf2
MAC1 can be reached SP1
via ESI1
L1 L2 L3 L4
MAC1 can NOT be
reached via ESI1
C1 C2
VM VM VM VM
ESI1 MAC1
https://e-vpn.io/fal
�R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
Service Carving: 100 modulo 2 = 0 H2
R36 is DF for EVI-100
R38 R35
RT-4 - DF Election
LACP R37 R34 RD: 1.1.1.36:1
H1 ESI: 0036.3700.0000.0000.1100
R36 Ext-Com: 3637.0000.0000 (RT)
https://e-vpn.io/fal
�R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
RT-1 - Per ESI Ethernet AD
R38 R35
RD: 1.1.1.36:1
ESI: 0036.3700.0000.0000.1100
LACP R37 R34 Flag:0x00 All-Active
Ext-Com:
Split-Horizon Label: 64005
H1 Ext-Com: 1:100 (RT)
R36
https://e-vpn.io/fal
�R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-3 - Inclusive Multicast
R38 R35
RD: 1.1.1.36:100
Ext-Com: Type 6 Ingress-Replication
Multicast(BUM) Label: 64120
LACP R37 R34
Ext-Com: 1:100 (RT)
H1
R36
https://e-vpn.io/fal
�BUM Forwarding
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast
R38 R35
LACP R37 R34
H1 Transport Label R38-9
R36 BUM Label R38-9/EVI100
BUM - Traffic
IR BUM - Traffic
https://e-vpn.io/fal
�BUM Forwarding
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast
R38 R35
X
LACP R37 R34
Transport Label R37
H1 BUM Label R37/EVI100
R36 SH Label R37/ESIx
BUM - Traffic
IR BUM - Traffic
https://e-vpn.io/fal
�R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-2 - MAC Advertisement
4. RT2: MAC Advertisement R38 R35
RD: 1.1.1.36:100
ESI: 0036.3700.0000.0000.1100
LACP R37 R34
MAC: 0062.ec71.fbd7
H1 Label: 64004
R36 Ext-Com: 1:100 (RT)
L2 Frame SMAC:
0062.ec71.fbd7
https://e-vpn.io/fal
�Unicast Forwarding
L2 Frame Flow1 Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
Segment Auto-Discovery RT-2 MAC Label/EVI
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split- L2 Frame Flow1
DMAC: H1
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast
4. RT2: MAC Advertisement R38 R35
LACP R37 R34
H1
R36
L2 Frame Flow1
DMAC: H1
https://e-vpn.io/fal
�EVPN – Aliasing
Challenge:
How to load-balance traffic towards a multi-homed device across multiple Leaves when
MAC addresses are learnt by only a single Leaf?
MAC1 can also be
SP2 MAC1 à ESI1 à Leaf1 + Leaf2
reached via ESI1 SP1
L1 L2 L3 L4
MAC1 can be
reached via ESI1
C1 C2
VM VM VM VM
ESI1 MAC1
https://e-vpn.io/fal 22
�R36, R37, R38, R39 - EVPN Startup
R36 - Example
1. RT4: DF Election & Multi-Homed Ethernet
Segment Auto-Discovery
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split-
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast RT-1 - Per EVI Ethernet AD
4. RT2: MAC Advertisement R38 R35
RD: 1.1.1.36:100
5. RT1: Per EVI Ethernet Auto-Discovery
ESI: 0036.3700.0000.0000.1100
LACP R37 R34
Aliasing-Label: 64004
H1 Ext-Com: 1:100 (RT)
R36
https://e-vpn.io/fal
�Unicast Forwarding
L2 Frame Flow1 Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
Segment Auto-Discovery RT-2 MAC Label/EVI100
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split- L2 Frame Flow1
DMAC: H1
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast
4. RT2: MAC Advertisement R38 R35
5. RT1: Per EVI Ethernet Auto-Discovery
LACP R37 R34
H1
R36
L2 Frame Flow1
DMAC: H1
https://e-vpn.io/fal
�Unicast Forwarding
L2 Frame Flow2
DMAC: H1
L2 Frame Flow1 Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
Segment Auto-Discovery RT-2 MAC Label/EVI100
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split- L2 Frame Flow1
DMAC: H1
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast Transport Label R37
4. RT2: MAC Advertisement R38 R35
5. RT1: Per EVI Ethernet Auto-Discovery L2 Frame Flow2
RT1 Label/EVI100
DMAC: H1 L2 Frame Flow2
DMAC: H1
LACP R37 R34
H1
R36
L2 Frame Flow1
DMAC: H1
https://e-vpn.io/fal
�Unicast Forwarding
L2 Frame Flow2
DMAC: H1
L2 Frame Flow1 Transport Label R36
1. RT4: DF Election & Multi-Homed Ethernet DMAC: H1
Segment Auto-Discovery RT-2 MAC Label/EVI100
LACP R39
2. RT1: Per ESI Ethernet Auto-Discovery (Split- L2 Frame Flow1
DMAC: H1
Horizon, Mass-Withdraw) H2
3. RT3: Inclusive Multicast Transport Label R37
4. RT2: MAC Advertisement R38 R35
5. RT1: Per EVI Ethernet Auto-Discovery L2 Frame Flow2
RT1 Label/EVI100
DMAC: H1 L2 Frame Flow2
Per Flow Balancing via R36 and R37 - Aliasing DMAC: H1
LACP R37 R34
H1
Per Flow Balancing via R36 and R37 - Aliasing
R36
L2 Frame Flow1
DMAC: H1
https://e-vpn.io/fal
� EVPN – MAC Mobility
Challenge:
How to detect the correct location of MAC after the movement of host from one Ethernet
Segment to another also called “MAC move”?
MAC IP ESI Seq. Next-Hop
Sequence number and Next-Hop value will
be changed after the host move SP1 SP
MAC-1 IP-1 0 1 Leaf-3
MAC IP ESI Seq. Next-Hop
MAC-1 IP-1 0 0 Leaf-1 Sequence number is incremented and
L1 L2 L3 L4
Next-hop is changed to Leaf-3
C1 C2
VM
Host move
https://e-vpn.io/fal
�EVPN – Distributed Symmetric Anycast Gateway
Leaves run Multi-Protocol BGP to advertise & learn MAC + HOST IP addresses over the Network
MAC + IP addresses are advertised to rest of Leaves
L3/4 – Learn MAC + IP HOST address advertised by L1
-> L2/L3 update MAC address table + IP Forwarding table
L2 – uses MAC address advertised by L1 to synchronize MAC address table
-> L2 forwards MAC via local ETH interface represented by same Ethernet Segment between L1 and L2
L2 – uses MAC + IP HOST address advertised by L1 to synchronize ARP/ND information
-> L2 forwards IP via local ETH interface
Identical Anycast Gateway Virtual IP
Distributed Anycast Gateway serves as and MAC address are configured on all
the gateway for connected hosts SP1 SP2 the Leafs
BVI BVI BVI BVI
GW GW GW GW
L1 L2 L3 L4
All the BVIs perform active forwarding in
contrast to active/standby like First-hop
routing protocol
C1 C2
VM VM VM VM
https://e-vpn.io/fal
�EVPN – IRB in Network Fabric
Purpose:
Optimal intra and inter-subnet connectivity with seamless workload mobility
Intra-subnet
Forwarding
Inter-subnet
Forwarding
SP1 SP2
BVI BVI BVI BVI
GW GW GW GW
L1 L2 L3 L4
C1 C2 C3 C4
VM VM VM VM
https://e-vpn.io/fal
�EVPN - Stay Up-To-Date
• https://e-vpn.io/
• Upcoming “Flood & Learn” Networking Broadcast: https://e-vpn.io/fal/
https://e-vpn.io/fal
