As network demands continue to evolve, the need for scalable, efficient, and flexible VPN solutions becomes more critical. Ethernet VPN (EVPN) has emerged as a robust technology to meet these demands, particularly when integrated with Segment Routing (SR) using the IS-IS protocol. In this blog series on EVPN services, we will explore how EVPN-based Layer 2 (L2VPN) and Layer 3 (L3VPN) services operate over IS-IS Segment Routing (ISIS-SR), and the advantages this integration brings to modern networking.
Introduction to EVPN
EVPN, or Ethernet VPN, is a standard defined by the IETF that provides advanced Ethernet Layer 2 and Layer 3 VPN services. It leverages Multi-Protocol BGP (MP-BGP) to distribute MAC addresses and IP prefixes, facilitating the creation of scalable and efficient VPN services. EVPN supports both L2VPN and L3VPN services, making it a versatile solution for service providers and enterprises alike.
EVPN ELINE
EVPN ELINE is an Ethernet service that enables point-to-point Layer 2 connectivity over an IP/MPLS backbone. EVPN ELINE uses Route Type-1(Ethernet A-D Route). It leverages the benefits of Ethernet VPN (EVPN) technology to provide flexible, scalable, and efficient services between two customer endpoints. EVPN ELINE allows organizations to extend their Ethernet networks across multiple locations while ensuring seamless communication and improved performance.
BGP
BGP is used as the control plane protocol in EVPN ELINE. It distributes routing information between PE routers, ensuring that data can be efficiently routed across the network. BGP is extended to support EVPN routes, providing a comprehensive routing solution.
Segment Routing (SR) and IS-IS
Segment Routing (SR) simplifies the network by removing the need for complex signaling protocols like LDP or RSVP. SR uses source routing, where the source node defines the path a packet takes through the network using a list of segments. These segments can be thought of as waypoints, and they are encoded as instructions in the packet header.
IS-IS (Intermediate System to Intermediate System) is a link-state routing protocol used to move information efficiently within a computer network. When integrated with SR, IS-IS can carry SR-specific information, such as Segment Identifiers (SIDs), which define the segments in an SR-enabled network.
ISIS-SR with TI-LFA and MP-BGP (EVPN) Underlay
Sample ISIS-SR Configuration from PE1 device:
This includes the configuration for loopback and physical interfaces, along with the router’s ISIS-SR.
Sample MP-BGP RR Configuration from P2 device:
This includes the MP-BGP configuration on RR device.
Sample MP-BGP NON-RR Configuration from PE4 device:
This includes the MP-BGP configuration on Non-RR device.
Validation ISIS-SR:
This displays topology details including metrics and next-hop.
This ensure the MPLS Forwarding-table (FTN) entries installed for the loopback addresses of all routers in the network. Below command provides details such as the outbound label (out-label), outbound interface (out-interface), next-hop, and more. It is essential to perform this check on the source router.
This ensure the MPLS ILM-table (Incoming Label Mapping Table) entries installed for the loopback addresses of all routers in the network and the local links next-hop IP address. This command provides details such as the inbound label (in-label) outbound label (out-label), outbound interface (out-interface), next-hop, and more. It is essential to perform this check on the transit router.
This is to check network connectivity using MPLS ping commands.
Validation MP-BGP (EVPN):
This verifies BGP neighborship for L2VPN EVPN address family on RR and Non-RR device.
EVPN ELINE SH aka EVPN VPWS SH Overlay
Sample Configuration from PE4 device:
We start by enabling EVPN MPLS and assigning a VTEP global IP address, which typically matches the loopback IP address. Next, we set up the EVPN-VPWS identifier, defining both the source identifier (local-id) and the target identifier (remote-id). We then map the VRF to the EVPN-VPWS and associate the VPN ID (local-id) with the access interface that connects to the CE device. Finally, we enable the BGP EVPN address family to the neighbor PE device to establish communication.
Validation:
The command “show evpn mpls xconnect” checks the status of the connection, providing details such as whether the destination is single-homed or multi-homed with an ESI configured, the remote PE IP address, network type, and network status.
The command “show evpn mpls xconnect tunnel” verifies the tunnel status between the two PEs, including the local and remote EVPN IDs and the tunnel’s uptime.
The command “show evpn mpls xconnect tunnel label” also provides the tunnel status, destination PE IP address, and local and remote EVPN IDs. Additionally, it shows the local and remote service labels, the outgoing network interface, and the transport label used on the network interface.
The command “show bgp l2vpn evpn summary” checks the BGP L2VPN EVPN neighbor relationship with the remote PE, including the total number of prefixes received and details of the corresponding EVPN route types.
The command “show bgp l2vpn evpn” displays the routes sent and received between the PEs.
Finally, the “ping” command is used to verify end-to-end IP reachability between the CE devices.
EVPN ELINE MH aka EVPN VPWS MH Overlay
Sample Configuration from PE5 device:
In addition to the configuration used for EVPN ELINE SH, we need to enable multihoming for EVPN MPLS and respective hardware-profile filter on all the PEs that are multi-homed to the CE and assign a common ESI to the port channel interface connecting to the CE device.
Validation:
All the validation commands are the same as those used for EVPN ELINE SH. On PE4, we can observe that the destination is displayed with an ESI value, indicating it is multi-homed.
Below, we can observe that two tunnels have been created from PE4, both with the same local and remote EVPN IDs.
Below, we can see that two tunnels have been established from PE4, both sharing the same local and remote EVPN IDs, along with their respective labels.
On PE4, we can see that the EVPN route type-1, known as the “Ethernet A-D route” has increased from one to four because the destination PEs are multi-homed to the same CE device.
This provides details of the BGP EVPN routes that have been sent and received.
Finally, we use the “ping” command to verify end-to-end reachability between the CE devices.
Conclusion
EVPN ELINE offers a solution for organizations looking to enhance their Ethernet services with greater scalability, flexibility, and performance. By leveraging EVPN technology, businesses can achieve robust point-to-point connectivity across multiple locations while benefiting from operational simplicity and cost-effectiveness. As networking demands evolve, adopting EVPN ELINE positions organizations to build reliable infrastructures that can effectively meet future challenges.
Next Topic: EVPN-ELAN: Single-Homed and Multi-Homed Solutions with ISIS-SR and TI-LFA.
Contact us today to learn how OcNOS can offer Segment Routing for your network.
Suraj Kumar Singh is Senior Solution Lead at IP Infusion.