EVPN MPLS IRB Configuration
This chapter includes step-by-step configurations for EVPN MPLS IRB.
Overview
EVPN provides an extensible and flexible multihoming VPN solution over an MPLS/IP network for intra-subnet connectivity among Tenant Systems (TSs) and end devices that can be physical or virtual, where an IP subnet is represented by an EVPN instance (EVI) for a VLAN-based service or by an (EVI, VLAN) association for a VLAN-aware bundle service. However, there are scenarios for which there is a need for a dynamic and efficient inter-subnet connectivity among these Tenant Systems and end devices while maintaining the multihoming capabilities of EVPN. This document describes an Integrated Routing and Bridging (IRB) solution based on EVPN to address such requirements
Integrated Routing and Bridging combines switching of tenant data with routing into different VNID of the same tenant. This is accomplished by having a unique per-tenant layer 3 IP-VRF across all PEs hosting tenant systems for that tenant and the layer-2 MAC VRFs (mapping to one or more bridged domains (VNIDS)) belonging to that tenant on different PEs being mapped to the common IP-VRF through logical interfaces called IRB interfaces. The MAC-VRF tables are used for switching intra-subnet communication whereas the IP-VRF tables are used for routing inter-subnet traffic.
IRB has two modes of working.
| • | Asymmetric IRB (Anycast and Centralized) |
| • | Symmetric IRB (Distributed) |
Asymmetric IRB
In asymmetric IRB, the lookup operation is asymmetric and the ingress PE performs three lookups, whereas the egress PE performs a single lookup -- i.e., the ingress PE performs a MAC lookup, followed by an IP lookup, followed by a MAC lookup again. The egress PE performs just a single MAC lookup as depicted in following figure:
Figure 98. Asymmetric IRB
In other words, each PE participating in asymmetric IRB MUST maintain ARP entries for remote hosts (hosts connected
to other PEs) as well as maintain MAC-VRFs/BTs and IRB interfaces for ALL subnets in an IP-VRF, including subnets that may not be locally attached.
Symmetric IRB
In symmetric IRB, as its name implies, the lookup operation is symmetric at both the ingress and egress PEs -- i.e., both ingress and egress PEs perform lookups on both MAC and IP addresses. The ingress PE performs a MAC lookup followed by an IP lookup, and the egress PE performs an IP lookup followed by a MAC lookup, as depicted in the following figure:
Figure 99. Symmetric IRB
Therefore, in symmetric IRB, there is no need for the ingress PE to maintain ARP entries for the association of the destination TS2's IP and MAC addresses in its ARP table. Each PE participating in symmetric IRB only maintains ARP entries for locally connected hosts and MAC-VRFs/BTs for only locally configured subnets.
Route Types
These EVPN route types are supported:
| • | Route Type 1: Ethernet Auto-Discovery (AD) Route |
The Ethernet (AD) routes are advertised on per EVI and per ESI basis. These routes are sent per ES. They carry the list of EVIs that belong to the ES.
This route is advertised when multihomed CEs already exist.
| • | Route Type 2: MAC/IP Advertisement Route |
The host's IP and MAC addresses are advertised to the peers within NLRI. The control plane learning of MAC addresses reduces unknown unicast flooding.
| • | Route Type 3: Inclusive Multicast Ethernet Tag Route |
This route establishes the connection for broadcast, unknown unicast, and multicast (BUM) traffic from a source PE to a remote PE.
This route is advertised on per VLAN and per ESI basis.
| • | Route Type 4: Ethernet Segment Route |
Ethernet segment routes enable to connect a CE device to two or PE devices.
Ethernet segment routes enable the discovery of connected PE devices that are connected to the same Ethernet segment.
| • | Route Type 5: IP prefix Route |
An IP prefix route provides encoding for inter-subnet forwarding. In the control plane, EVPN Type 5 routes are used to advertise IP prefixes for inter-subnet connectivity across data centers.
In EVPN-VPWS the auto-discovery of peer PE nodes is done with the pair of Ethernet A-D routes. Inclusive Multicast route does not have participation on auto-discovery unlike ELAN-EVPN VPLS. Since there is no MAC-advertisement, MAC-IP route is not applicable.
| • | RD value should be unique for multihoming nodes. |
| • | ANYCAST gateway MAC is mandatory on multihoming nodes. |
| • | "rewrite pop" is mandatory on access interface. |
| • | arp-nd refresh timer needs to be configured to avoid ARP table getting clear after ARP timeout. |