Scribd
Upload
71 views9 pages

Xrdocs Io ncs5500 Tutorials srv6 Transport On Ncs Part 6

The document describes implementing EVPN ELAN over SRv6 transport on NCS 500/5500 platforms. Key steps include BGP EVPN control plane configuration, EVPN ES and EVI configuration, layer 2 UNI and L2VPN configuration, and verification including checking bridge domain state and SRv6 SIDs.

Uploaded by

Konstantinos Dimitriou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
71 views9 pages

Xrdocs Io ncs5500 Tutorials srv6 Transport On Ncs Part 6

The document describes implementing EVPN ELAN over SRv6 transport on NCS 500/5500 platforms. Key steps include BGP EVPN control plane configuration, EVPN ES and EVI configuration, layer 2 UNI and L2VPN configuration, and verification including checking bridge domain state and SRv6 SIDs.

Uploaded by

Konstantinos Dimitriou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

@XRDOCS NCS5500 BLOGS TUTORIALS SEARCH  TAGS

Paban Sarma
Technical Marketing Engineer, Cisco. Follow

Save to PDF

Implementing EVPN ELAN over SRv6 Transport on NCS 500/5500


 8 minutes read

 TA B L E O F C O N T E N T S

OVERVIEW

TO P O LO GY

C O N F I G U R AT I O N S T E P S

V E R I F I C AT I O N S T E P S

SUMMARY

Overview

In our previous tutorials, we covered SRv6 Transport with uSID on the NCS 500 and 5500 platforms, and L3/L2 P2P
services on top of it. This tutorial will cover implementaion of ethernet VPN (EVPN) based multipoint layer 2 service
(ELAN) over SRv6 uSID transport. As of today, only Single homed EVPN ELAN is supported on these platforms. EVPN
ELAN is not supported on the NCS 5700 series platforms as of latest XR release.

Topology

Nodes Device Type Software Version Loopback0

PE1 NCS 540 IOS XR 7.5.2 fcbb:bb00:1::1/128

P2 NCS 5500 IOS XR 7.5.2 fcbb:bb00:2::1/128

P3 NCS 5500 IOS XR 7.5.2 fcbb:bb00:3::1/128


Nodes Device Type Software Version Loopback0

PE4 NCS 5500 IOS XR 7.5.2 fcbb:bb00:4::1/128

PE5 NCS 5500 IOS XR 7.5.2 fcbb:bb00:5::1/128

The loopback0 IPs are chosen as per the SRv6 addressing best practice (check out segment-routing.net for more
details).

In this tutorial, we will establish a multipoint L2VPN (EVPN-ELAN) connecting CE1, CE2 and CE3. The example will
demonstrate VLAN based ELAN (EVPLAN) service and establish L2 stretch across CE1, CE2 and CE3 for VLAN 200.

Con guration Steps

We already covered the con guration steps for the transport in our previous tutorial. The below table summerizes the
SRv6 uSID locator used (name POD0) on each node for reference.

Nodes SRv6 Locator

PE1 fcbb:bb00:1::/48

P2 fcbb:bb00:2::/48

P3 fcbb:bb00:3::/48

PE4 fcbb:bb00:4::/48

PE5 fcbb:bb00:5::/48

Con guration steps included in this tutorial will focus only on the service speci c tasks including,

BGP EVPN control plane

EVPN ES and EVI con guration

Layer 2 UNI and L2VPN con guration

BGP con guration for EVPN

BGP con guration is similar to what we did in our previous tutorial. However, since we have multiple PE nodes here, we
need to establish full mesh BGP with EVPN AFI. For simplicity, we are using P2 as a route-re ector (RR). In real time
deployment, it is recommended to use dedicated route-re ectors in the network. The following con g snippet shows the
BGP con guration on all the PEs and the RR node.

PE1

router bgp 100


bgp router-id 1.1.1.1
address-family l2vpn evpn
!
neighbor fcbb:bb00:2::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
!
!
!

PE4

router bgp 100


bgp router-id 4.4.4.4
address-family l2vpn evpn
!
neighbor fcbb:bb00:2::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
!
!
!

PE5

router bgp 100


bgp router-id 5.5.5.5
address-family l2vpn evpn
!
neighbor fcbb:bb00:2::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
!
!
!

P2 as RR

router bgp 100


bgp router-id 2.2.2.2
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor fcbb:bb00:1::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
route-reflector-client
!
!
neighbor fcbb:bb00:4::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
route-reflector-client
!
!
neighbor fcbb:bb00:5::1
remote-as 100
update-source Loopback0
address-family l2vpn evpn
route-reflector-client
!
!
!

EVPN ES and EVI con guration

The next step is to con gure the EVPN. It includes three steps,
ES con guration: Since we are not using Multihoming CE, we won’t explicitly con gure any ESI but simply enable to
physical PE-CE link under EVPN

evpn
interface TenGigE0/0/0/0
ethernet-segment
identifier type 0 1.1.1.1.1.1.0
!
!
!

Enabling SRv6: we need to globally enable SRv6 for EVPN under EVPN global con guration. This step optionally
includes specifying the SRv6 locator to be used for EVPN services.

evpn
segment-routing srv6
locator POD0
!
!

EVI con guartion: The next important step is to con gure the EVPN identi er (EVI) and enable MAC advertisement and
SRv6 for the EVI. We can also specify the locator per EVI in this stage. We are using per EVI locator in this tutorial.

evpn
evi 200 segment-routing srv6
advertise-mac
!
locator POD0
!
!

Below is the con g snippet from all the PE nodes. (we have the exact same con guration on all three PEs as the topology
is symmetric i.e same interfaces are used on each PE)

PE1, PE4 and PE5

evpn
evi 200 segment-routing srv6
advertise-mac
!
locator POD0
!
interface TenGigE0/0/0/0
!
segment-routing srv6
!
!

Con guring Layer2 Attachment Circuits & Bridge-Domain


We need to con gure l2transport sub-interface (on the PE-CE link) with appropriate VLAN encapsulations. This tutorial is
showing VLAN based service with VLAN ID 200. We are not showing any VLAN translation operation (rewrite commands)
as they are out of scope of this tutorial.

PE1, PE4 and PE5

interface TenGigE0/0/0/0.2 l2transport


encapsulation dot1q 200

The layer2 sub interface created now needs to be stitched with the EVI by using the l2vpn bridge-domain service
construct as shown below. Note that the segment-routing srv6 keyword is must here . We can also specify a locator if we
wish to use a di erent locator for the bridge-domain.

PE1, PE4 and PE5

l2vpn
bridge group POD0
bridge-domain POD0
interface TenGigE0/0/0/0.2
!
evi 200 segment-routing srv6
!
!
!
!

Veri cation Steps

Verifying EVPN ELAN control Plane

The very rst step is to verify whether the con gured bridge-domain is in Up state on all the PE nodes. For brevity we
have included the veri cation outputs only from PE5.

RP/0/RP0/CPU0:LABSP-3393-PE5#show l2vpn bridge-domain brief


Fri May 12 04:35:22.647 UTC
Legend: pp = Partially Programmed.
Bridge Group:Bridge-Domain Name ID State Num ACs/up Num PWs/up Num PBBs/up Num VNIs/up
-------------------------------- ----- -------------- ------------ ------------- ----------- -----------
POD0:POD0 1 up 1/1 0/0 0/0 0/0

The next step is to see the programmed SRv6 SIDs for the service we con gured. For each EVI , there are two SRv6 SID
programmed, uDT2U and uDT2M for Unicast and BUM tra c respectively.

RP/0/RP0/CPU0:LABSP-3393-PE5#show segment-routing srv6 sid


Fri May 12 04:38:57.345 UTC

*** Locator: 'POD0' ***

SID Behavior Context Owner State RW


-------------------------- ---------------- -------------------------------- ------------------ ----- --
fcbb:bb00:5:: uN (PSP/USD) 'default':5 sidmgr InUse Y
fcbb:bb00:5:e000:: uA (PSP/USD) [BE35, Link-Local]:0:P isis-1 InUse Y
fcbb:bb00:5:e001:: uA (PSP/USD) [BE35, Link-Local]:0 isis-1 InUse Y
fcbb:bb00:5:e002:: uA (PSP/USD) [BE25, Link-Local]:0:P isis-1 InUse Y
fcbb:bb00:5:e003:: uA (PSP/USD) [BE25, Link-Local]:0 isis-1 InUse Y
fcbb:bb00:5:e004:: uA (PSP/USD) [BE45, Link-Local]:0:P isis-1 InUse Y
fcbb:bb00:5:e005:: uA (PSP/USD) [BE45, Link-Local]:0 isis-1 InUse Y
fcbb:bb00:5:e006:: uDT2U 200:0 l2vpn_srv6 InUse Y
fcbb:bb00:5:e007:: uDT2M 200:0 l2vpn_srv6 InUse Y

The same SIDs can also be veri ed using the EVI detail CLI.

RP/0/RP0/CPU0:LABSP-3393-PE5#show evpn evi vpn-id 200 detail


Fri May 12 06:04:53.970 UTC

VPN-ID Encap Bridge Domain Type


---------- ---------- ---------------------------- -------------------
200 SRv6 POD0 EVPN
Stitching: Regular
Unicast SID: fcbb:bb00:5:e006::
Multicast SID: fcbb:bb00:5:e007::
E-Tree: Root
Forward-class: 0
Advertise MACs: Yes
Advertise BVI MACs: No
Aliasing: Enabled
UUF: Enabled
Re-origination: Enabled
Multicast:
Source connected : No
IGMP-Snooping Proxy: No
MLD-Snooping Proxy : No
BGP Implicit Import: Enabled
VRF Name:
SRv6 Locator Name: POD0
Preferred Nexthop Mode: Off
BVI Coupled Mode: No
BVI Subnet Withheld: ipv4 No, ipv6 No
RD Config: none
RD Auto : (auto) 5.5.5.5:200
RT Auto : 100:200
Route Targets in Use Type
------------------------------ ---------------------
100:200 Import
100:200 Export

The above output shows the two SIDs for two types of tra c for the EVI. We can check details of the SIDs using show

segment-routing srv6 sid <> detail commands as below:

RP/0/RP0/CPU0:LABSP-3393-PE5#show segment-routing srv6 sid fcbb:bb00:5:e006:: detail


Fri May 12 06:11:15.177 UTC

*** Locator: 'POD0' ***

SID Behavior Context Owner State RW


-------------------------- ---------------- -------------------------------- ------------------ ----- --
fcbb:bb00:5:e006:: uDT2U 200:0 l2vpn_srv6 InUse Y
SID Function: 0xe006
SID context: { evi=200, opaque-id=0 }
Locator: 'POD0'
Allocation type: Dynamic
Created: May 11 06:29:44.913 (23:41:30 ago)

Verifying EVPN ELAN Data Plane and MAC Learnings

The CE nodes are con gured in the same L2 subnets which we want to stitch using the EVPN service. Below are the IP
con gurations on each CE.

CE1 CE2 CE3

  

interface TenGigE0/0/0/0.2 interface TenGigE0/0/0/0.2 interface TenGigE0/0/0/0.2


ipv4 address 200.0.0.1 255.255.255.0 ipv4 address 200.0.0.2 255.255.255.0 ipv4 address 200.0.0.3 255.255.255.0
encapsulation dot1q 200 encapsulation dot1q 200 encapsulation dot1q 200
! ! !

We can now try verifying end-to-end ping from CE1 to the other CE nodes to con rm the working of the EVPN service.

RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.1
Fri May 12 05:22:43.472 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.2
Fri May 12 05:22:44.911 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RP0/CPU0:LABSP-3393-CE1#ping 200.0.0.3
Fri May 12 05:22:46.593 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

As the packets went through the EVPN PEs, we will see the respective MAC addresses learnt locally and via EVPN. The
below CLI snippets shows the learnings on PE5.

RP/0/RP0/CPU0:LABSP-3393-PE5#show evpn evi vpn-id 200 mac


Fri May 12 06:32:40.216 UTC

VPN-ID Encap MAC address IP address Nexthop L


---------- ---------- -------------- ---------------------------------------- --------------------------------------- -
200 SRv6 00bc.6016.5800 :: fcbb:bb00:1::1
200 SRv6 00bc.6024.c400 :: fcbb:bb00:4::1
200 SRv6 00bc.6027.6400 :: TenGigE0/0/0/0.2 0
We can see one locally learnt MAC on the UNI side and two remote MACs learnt from the peer PEs. The same can also
be seen in the EVPN RT2 received.

RP/0/RP0/CPU0:LABSP-3393-PE5# show bgp l2vpn evpn rd 1.1.1.1:200


Fri May 12 06:36:10.445 UTC
BGP router identifier 5.5.5.5, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0
BGP main routing table version 218
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best


i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:200
*>i[2][0][48][00bc.6016.5800][0]/104
fcbb:bb00:1::1 100 0 i
*>i[3][0][32][1.1.1.1]/80
fcbb:bb00:1::1 100 0 i

Processed 2 prefixes, 2 paths

RP/0/RP0/CPU0:LABSP-3393-PE5#show bgp l2vpn evpn rd 4.4.4.4:200


Fri May 12 06:36:28.768 UTC
BGP router identifier 5.5.5.5, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0
BGP main routing table version 218
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best


i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 4.4.4.4:200
*>i[2][0][48][00bc.6024.c400][0]/104
fcbb:bb00:4::1 100 0 i
*>i[3][0][32][4.4.4.4]/80
fcbb:bb00:4::1 100 0 i

Processed 2 prefixes, 2 paths

Summary

This concludes Part 6 of our SRv6 tutorial series explaining multipoint L2 service over SRv6 transport with EVPN control
Plane (EVPN ELAN). Stay tuned for our upcoming tutorials.

 Updated: May 12, 2023


SHARE ON

   

Leave a Comment

What do you think?


3 Responses

Upvote Funny Love Surprised

0 Comments 
1 Login

G Start the discussion…

LOG IN WITH OR SIGN UP WITH DISQUS ?

Name

 Share Best Newest Oldest

Be the rst to comment.

Subscribe Privacy Do Not Sell My Data

FOLLOW:  TWITTER  GITHUB  FEED

This site is maintained by Cisco Systems, Inc. employees. Powered by Jekyll & Minimal Mistakes.

You might also like