EVPN Summary
EVPN
在L2VPN中,我们常见的是VPLS,EoMPLS,AoTM等,这些技术主要利用伪线技术(Kompella/Martini)构造虚拟专网或专线,并由MPLS承载。虽然已经可以通过BGP自动发现并创建伪线,但基于伪线技术的L2VPN有很多缺陷,所以需要一个技术可以通过BGP来替代原来的伪线技术,因此才有了EVPN,EVPN带来最大的不同就是通过BGP控制平面来进行MAC学习,而不是数据平面。2015年提出的PBB-EVPN也是属于EVPN的一种。
EVPN带着替换伪线技术的使命而来,同之前一样,主要涉及点到点、点到多点,下图包含了我们常见的几种EVPN(我暂时没有把ETREE列出来),此篇文章主要以几类Route Type为例,展开整理EVPN的内容,以备以后复习
EVPN基础知识
EVPN Instance( EVI)
即在PE上EVPN路由和转发的实例,每个实例都会共享同一个MAC-VRF。同一个EVI也可以跨多台PE,同一个物理口(bundle)可以属于多个EVI,如下图所示:
Ethernet Segment Identifier(ESI)
ES表示连接到一个或多个PE的“site”,ESI是标识ES的,由10byte组成。ES主要有两种:SHD(single home device);MHD(Multi-hom device);在SHD的场景中,ESI是全“0”的,只有在MHD的场景中,ESI是非“0”的
在MHD的常规部署模型里,CE与PE主要通过Bundle LACP连接,两台PE不在需要复杂的老的技术,如M-LACP,而是依靠EVPN来实现互通;根据服务类型和客户的需求,有不同的负载均衡模式,如下所示:
EVPN RD
如上所述,在PE上,EVPN通过BGP来完成MAC地址的学习,这些MAC地址会使用VPN的RD和RT技术来传递,对于RD,有几点需要说明下:
- 首先在EVPN中,RD “:0” 表示 EVPN全局属性,也可以叫per-Node/ESI RD,这包括RT4和RT1 per-ESI;主要用于DF选举,和 MAC 撤销
- 其次初始的RT4和RT1 per-ESI会通过RD “:1”发送给其他PE,所以你会在远端PE上发现这个RD的EVPN路由信息,不过注意的是,由于RFC没有定义一个update中包含多少个RTs,因此根据场景,可能会发现RD “:2” 或 “:3”;
- 最后关于在RD “:0” 和RD “:EVI”中都包含RT1,这有什么区别呢?其实“:0”中存的是RT1 per-ESI,而“:EVI”中存的是RT1 per-EVI;
我们来看下输出结果:
RP/0/RSP0/CPU0:PE1#sh bgp l2vpn evpn | i Route Distinguisher Sat Nov 21 02:03:01.575 UTC Route Distinguisher: 192.168.0.1:0 (default for vrf ES:GLOBAL) # PE1's global Route Distinguisher: 192.168.0.1:300 (default for vrf 300) # PE1's EVI300 Route Distinguisher: 192.168.0.2:0 # PE2's global Route Distinguisher: 192.168.0.2:1 # sent from PE2 Route Distinguisher: 192.168.0.2:300 # PE2's EVI300 Route Distinguisher: 192.168.0.3:1 Route Distinguisher: 192.168.0.3:300 RP/0/RSP0/CPU0:PE2#sh bgp l2vpn evpn | i Route Distinguisher: Sat Nov 21 02:05:03.617 UTC Route Distinguisher: 192.168.0.1:0 # PE1's global Route Distinguisher: 192.168.0.1:1 # sent from PE1 Route Distinguisher: 192.168.0.1:300 # PE1's EVI300 Route Distinguisher: 192.168.0.2:0 (default for vrf ES:GLOBAL) # PE2's global Route Distinguisher: 192.168.0.2:300 (default for vrf 300) # PE2's EVI300 Route Distinguisher: 192.168.0.3:1 Route Distinguisher: 192.168.0.3:300
EVPN Route Type
在EVPN中,控制平面是通过BGP Route Type来承载并传递不同信息的,在这一系列总结中,我会主要围绕Route Type来展示控制平面和数据平面,这样会比较容易揭开EVPN的面纱。另外目前EVPN 的Type已经扩展到10+了,在这里暂时主要讲解最常用的前5种,其他的以后再做补充
- Type1:Ethernet A-D Route
- Type2:MAC/IP Advertisement Route
- Type3:Inclusive Multicast Route
- Type4:Ethernet Segment Route
- Type5:IP Prefix Route
EVPN 流量 over SRTE
基于SR MPLS
- EVPN ELAN over SRTE
- EVPN ELINE over SRTE
基于SRv6
- EVPN ELAN over SRTE
- EVPN ELINE over SRTE
初始配置及Topology
Topology
PE1 初始配置
interface Bundle-Ether100 lacp system mac 0100.0100.0100 load-interval 30 ! interface Bundle-Ether100.33 l2transport encapsulation dot1q 33 rewrite ingress tag pop 1 symmetric ! interface Loopback0 ipv4 address 192.168.0.1 255.255.255.255 ! interface HundredGigE0/0/0/1 bundle id 100 mode active ! interface HundredGigE0/0/0/2 ipv4 address 13.1.1.1 255.255.255.0 ! router isis frank net 49.1921.6800.0001.00 address-family ipv4 unicast metric-style wide segment-routing mpls ! interface Loopback0 passive circuit-type level-2-only address-family ipv4 unicast prefix-sid absolute 16001 ! ! interface HundredGigE0/0/0/2 circuit-type level-2-only point-to-point address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa metric 1 ! ! ! router bgp 65001 bgp router-id 192.168.0.1 address-family ipv4 unicast ! address-family l2vpn evpn ! neighbor 192.168.0.5 remote-as 65001 update-source Loopback0 address-family l2vpn evpn ! ! ! evpn evi 300 bgp route-target import 65001:300 route-target export 65001:300 ! advertise-mac ! ! interface Bundle-Ether100 ethernet-segment identifier type 0 11.11.11.11.11.11.11.11.11 bgp route-target 1111.1111.1111 ! ! ! l2vpn bridge group 100 bridge-domain 300 description elan interface Bundle-Ether100.33 split-horizon group ! evi 300 ! !
PE2 初始配置
interface Bundle-Ether100 lacp system mac 0100.0100.0100 load-interval 30 ! interface Bundle-Ether100.33 l2transport encapsulation dot1q 33 rewrite ingress tag pop 1 symmetric ! interface Loopback0 ipv4 address 192.168.0.2 255.255.255.255 ! interface HundredGigE0/0/0/2 bundle id 100 mode active ! interface HundredGigE0/0/0/3 ipv4 address 23.1.1.2 255.255.255.0 ! router isis frank net 49.1921.6800.0002.00 address-family ipv4 unicast metric-style wide segment-routing mpls ! interface Loopback0 passive circuit-type level-2-only address-family ipv4 unicast prefix-sid absolute 16002 ! ! interface HundredGigE0/0/0/3 circuit-type level-2-only point-to-point address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa metric 1 ! ! ! router bgp 65001 bgp router-id 192.168.0.2 address-family l2vpn evpn ! neighbor 192.168.0.5 remote-as 65001 update-source Loopback0 address-family l2vpn evpn ! ! ! evpn evi 300 bgp route-target import 65001:300 route-target export 65001:300 ! advertise-mac ! ! interface Bundle-Ether100 ethernet-segment identifier type 0 11.11.11.11.11.11.11.11.11 bgp route-target 1111.1111.1111 ! ! ! l2vpn bridge group 100 bridge-domain 300 description elan interface Bundle-Ether100.33 split-horizon group ! evi 300 ! !
PE3 初始配置
interface Bundle-Ether100 lacp system mac 0100.0100.0100 load-interval 30 ! interface Bundle-Ether100.33 l2transport encapsulation dot1q 33 rewrite ingress tag pop 1 symmetric ! interface Loopback0 ipv4 address 192.168.0.3 255.255.255.255 ! interface HundredGigE0/0/0/1 bundle id 100 mode active ! interface HundredGigE0/0/0/2 ipv4 address 13.1.1.3 255.255.255.0 ! interface HundredGigE0/0/0/3 ipv4 address 23.1.1.3 255.255.255.0 ! interface HundredGigE0/0/0/4 ipv4 address 35.1.1.3 255.255.255.0 ! router isis frank net 49.1921.6800.0003.00 address-family ipv4 unicast metric-style wide segment-routing mpls ! interface Loopback0 passive circuit-type level-2-only address-family ipv4 unicast prefix-sid absolute 16003 ! ! interface HundredGigE0/0/0/2 circuit-type level-2-only point-to-point address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa metric 1 ! ! interface HundredGigE0/0/0/3 circuit-type level-2-only point-to-point address-family ipv4 unicast fast-reroute per-prefix fast-reroute per-prefix ti-lfa metric 1 ! ! interface HundredGigE0/0/0/4 circuit-type level-2-only point-to-point address-family ipv4 unicast metric 5000 ! ! ! router bgp 65001 bgp router-id 192.168.0.3 address-family l2vpn evpn ! neighbor 192.168.0.5 remote-as 65001 update-source Loopback0 ! address-family l2vpn evpn ! ! evpn evi 300 bgp route-target import 65001:300 route-target export 65001:300 ! advertise-mac ! ! interface Bundle-Ether100 ethernet-segment identifier type 0 22.22.22.22.22.22.22.22.22 bgp route-target 2222.2222.2222 ! ! ! l2vpn bridge group 100 bridge-domain 300 description elan interface Bundle-Ether100.33 split-horizon group ! evi 300 ! !
EVPN基本信息
PE1 LFIB
RP/0/RSP0/CPU0:PE1#sh mpls for Sat Dec 5 07:54:43.861 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16002 16002 SR Pfx (idx 2) Hu0/0/0/2 13.1.1.3 0 16003 Pop SR Pfx (idx 3) Hu0/0/0/2 13.1.1.3 0 24000 Pop EVPN:300 U BD=0 E point2point 0 24001 Pop EVPN:300 M BD=0 EIM point2point 0 24003 24002 EVPN:300 192.168.0.2 0 24004 Pop SR Adj (idx 1) Hu0/0/0/2 13.1.1.3 0 24005 Pop SR Adj (idx 3) Hu0/0/0/2 13.1.1.3 0
PE2 LFIB
RP/0/RSP0/CPU0:PE2#sh mpls for Sat Dec 5 13:07:20.806 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16001 16001 SR Pfx (idx 1) Hu0/0/0/3 23.1.1.3 0 16003 Pop SR Pfx (idx 3) Hu0/0/0/3 23.1.1.3 162 24000 Pop SR Adj (idx 1) Hu0/0/0/3 23.1.1.3 0 24001 Pop SR Adj (idx 3) Hu0/0/0/3 23.1.1.3 0 24002 Pop EVPN:300 U BD=0 E point2point 170 24003 Pop EVPN:300 M BD=0 EIM point2point 640 24005 24000 EVPN:300 192.168.0.1 0 24006 24004 EVPN:300 192.168.0.3 0
PE3 LFIB
RP/0/RSP0/CPU0:PE3#sh mpls for Sat Dec 5 12:56:26.731 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 16001 Pop SR Pfx (idx 1) Hu0/0/0/2 13.1.1.1 56 16002 Pop SR Pfx (idx 2) Hu0/0/0/3 23.1.1.2 830 24000 Pop SR Adj (idx 1) Hu0/0/0/3 23.1.1.2 0 24001 Pop SR Adj (idx 3) Hu0/0/0/3 23.1.1.2 0 24002 Pop SR Adj (idx 1) Hu0/0/0/2 13.1.1.1 0 24003 Pop SR Adj (idx 3) Hu0/0/0/2 13.1.1.1 0 24004 Pop EVPN:300 U BD=0 E point2point 170 24005 Pop EVPN:300 M BD=0 EIM point2point 320 24007 Pop SR Adj (idx 1) Hu0/0/0/4 35.1.1.5 0 24008 Pop SR Adj (idx 3) Hu0/0/0/4 35.1.1.5 0 24009 24000 EVPN:300 192.168.0.1 0 24002 EVPN:300 192.168.0.2 0