EVPN ETREE
Pavan Chaudhari
CCIE-SP-37281,JNCIP,AWS | Author of Next-Gen MPLS Book | ex-Cisco | ex-Nokia | ex-Juniper
?EVPN E-Tree (Ethernet VPN Ethernet Tree) is a network architecture and protocol used in Ethernet-based networks to provide scalable and efficient Layer 2 (L2) connectivity. It is part of the Ethernet VPN (EVPN) technology family and is defined by the Internet Engineering Task Force (IETF) in RFC 8317.
It? is designed to address the requirements of multicast-based services, such as Ethernet-based virtual private LAN services (VPLS) and broadcast/multicast services in data center networks. It enables efficient distribution of multicast, broadcast, and unknown unicast traffic in a scalable manner, while minimizing flooding and ensuring optimal bandwidth utilization. All solutions for addressing E-TREE in L2VPN (whether for virtual private LAN service (VPLS), Virtual Private Multicast Service (VPMS) or Ethernet Virtual Private Network (EVPN)) rely on an egress-filtering model. This means that the egress (i.e., disposition) provider edge (PE) device decides on whether to forward or drop traffic destined to a local attachment circuit, to satisfy the E-TREE connectivity constraints. This model unnecessarily wastes the bandwidth of the Multi-Protocol Label Switching (MPLS) network, where leaf-to-leaf traffic, all known unicast traffic, and ingress-replicated multi-destination traffic (broadcast, unicast unknown, and multicast (BUM) traffic), is transported over the MPLS network only to be dropped on the egress PE.
In EVPN E-Tree, a multicast Ethernet segment (ES) is used as the common delivery tree for multicast and broadcast traffic. The ES acts as a logical L2 broadcast domain and consists of a root device and multiple leaf devices. The root device is responsible for originating multicast traffic, while the leaf devices receive and distribute the traffic to the appropriate end hosts. One of the most used case designs is to implement in a multicast environment, where the devices connected to root PE are multicast sources and devices connected to leaf are? multicast receivers.
The use of BGP as the control plane in EVPN E-Tree offers several benefits, including flexibility, scalability, and interoperability with existing network infrastructure. It allows for efficient forwarding of multicast traffic by leveraging BGP's multiprotocol extensions (MP-BGP) and its ability to carry Layer 2 and Layer 3 information.
Overall, EVPN E-Tree provides a scalable and efficient solution for delivering multicast and broadcast traffic in Ethernet-based networks. It is commonly deployed in data centre environments and service provider networks to support various applications and services that rely on multicast communications.The EVPN E-TREE service has all the benefits of EVPN such as active-active multihoming, load balancing loop detection for E-Tree.
The EVPN E-Tree service adheres to the following forwarding rules:
·??????? A leaf can send or receive traffic only from a root.
·??????? A root can send traffic to another root or any of the leaves.
·??????? A leaf or root can be connected to provider edge (PE) devices in single homing mode or multihoming mode.
To support the above ingress filtering functionality, a new E-Tree extended community with a Leaf-Indication flag is introduced. This new extended community MUST be advertised with MAC/IP Advertisement routes learned from a Leaf site. Besides MAC/IP Advertisement routes, no other EVPN routes are required to carry this new extended community for the purpose of known unicast traffic.
??????????? Carried extended communities: (2 communities)
??????????????? E-Tree: [Transitive EVPN]
??????????????????? Type: Transitive EVPN (0x06)
??????????????????????? 0... .... = IANA Authority: Allocated on First Come First Serve Basis
??????????????????????? .0.. .... = Transitive across ASes: Transitive
??????????????????? Subtype (EVPN): E-Tree (0x05)
??????????????????? Flags: 0x00
??????????????????????? 0000 000. = Reserved: 0x00
??????????????????????? .... ...0 = L flag: Not set????? # set in the Type-2 route by leaf router.
??????????????????? Reserved: 0000
??????????????????? 0000 0000 0110 1101 1100 .... = MPLS Label: 24003
??????????????????? .... .... .... .... .... 000. = Traffic Class: 0x0
??????????????????? .... .... .... .... .... ...1 = Bottom-of-Stack: True
??????????????? Route Target: 100:10023 [Transitive 2-Octet AS-Specific]
?
The Flags field contains 8 bits, in which the first 7 bits are all zeros and the last identifies whether an EVPN MAC route is from a leaf AC interface. Value 1 indicates that the MAC route comes from the leaf Router or Interface. The extended community attribute can be advertised through Ethernet A-D per-ES routes and MAC routes on an EVPN, so that known unicast traffic and BUM traffic on leaf AC interfaces are isolated.
PE with a Root site(s) imports both Root andLeaf RTs, whereas a PE with a Leaf site(s) only imports the Root RT.
?
Known unicast traffic is isolated through the following process:
To provide ingress filtering for known unicast traffic, a PE MUST indicate to other PEs what kind of sites (Root or Leaf) its MAC addresses are associated with. This is done by advertising a Leaf-Indication flag (via an extended community) along with each of its MAC/IP Advertisement routes learned from a Leaf site. The lack of such a flag indicates that the MAC address is associated with a Root.
?
When an ingress provider edge (PE) device of a computer network domain receives a frame at the ingress PE device destined to a destination media access control (MAC) address, it can determine whether the frame was received on a root or leaf Ethernet ingress segment, and also whether the destination MAC address is located via a root or leaf Ethernet segment. Accordingly, the ingress PE device may either drop or forward the frame based on the ingress Ethernet segment and destination MAC address Ethernet segment being either a root or a leaf, respectively.
When a PE receives a MAC advertisement route, it installs the “Root/Leaf” indication on a per MAC address basis in its forwarding table. This may be a single-bit flag associated with every MAC address table entry.PE router determine whether the frame came in on a Root or Leaf segment; and perform a MAC address table lookup on the destination address to determine whether the destination corresponds to a Root or Leaf.
??????????? Carried extended communities: (2 communities)
??????????????? E-Tree: [Transitive EVPN]
??????????????????? Type: Transitive EVPN (0x06)
??????????????????????? 0... .... = IANA Authority: Allocated on First Come First Serve Basis
??????????????????????? .0.. .... = Transitive across ASes: Transitive
??????????????????? Subtype (EVPN): E-Tree (0x05)
??????????????????? Flags: 0x00
??????????????????????? 0000 000. = Reserved: 0x00
??????????????????????? .... ...0 = L flag: 1
??????????????????? Reserved: 0000
??????????????????? 0000 0000 0110 1101 1100 .... = MPLS Label: 24003
??????????????????? .... .... .... .... .... 000. = Traffic Class: 0x0
??????????????????? .... .... .... .... .... ...1 = Bottom-of-Stack: True
??????????????? Route Target: 100:10023 [Transitive 2-Octet AS-Specific]
?
Tagging MAC addresses with a Leaf-Indication enables remote PEs to perform ingress filtering for known unicast traffic.The ingress PE cross- checks this flag with the status of the originating AC, and if both are Leafs, then the packet is not forwarded.
The PE needs to place all its Leaf ACs for a given bridge domain in a single split-horizon group in order to prevent intra-PE forwarding among its Leaf ACs. This intra-PE split-horizon filtering applies to BUM traffic as well as known unicast traffic.
In the preceding example, BUM traffic is isolated through the following process:
?
The PE imposes the right MPLS label associated with the originated Ethernet Segment (ES) depending on whether the Ethernet frame originated from a Root or a Leaf site on that Ethernet Segment (ESI label or Leaf label). The mechanism by which the PE identifies whether a given frame originated from a Root or a Leaf site on the segment is based on the AC identifier for that segment
?
1.???? After EVPN E-Tree is configured on the network, PE’s send a special Ethernet A-D per ES route (ES-EAD) to each other. A regular Ethernet A-D per-ES route carries the ESI attribute. However, the ESI field in the Ethernet A-D per-ES route used by EVPN E-Tree is set to all zeros, and the route carries the extended community attribute of EVPN E-Tree. The Leaf Label field of this attribute uses a label value, and the L bit in the Flags field is set to 0.
??????????? Network Layer Reachability Information (NLRI)
??????????????? EVPN NLRI: Ethernet AD Route
??????????????????? Route Type: Ethernet AD Route (1)
??????????????????? Length: 25
??????????????????? Route Distinguisher: 00010a5050640001 (10.80.80.100:1)
??????????????????? ESI: 00:00:00:00:00:00:00:00:00:00
??????????????????????? ESI Type: ESI 9 bytes value (0)
??????????????????????? ESI Value: 00 00 00 00 00 00 00 00 00
??????????????????????? ESI 9 bytes value: 00 00 00 00 00 00 00 00 00
??????????????????? Ethernet Tag ID: 4294967295
??????????????????? 0000 0000 0000 0000 0000 .... = MPLS Label 1: 0
?????????????? ...........skip.............
??????????? Type Code: EXTENDED_COMMUNITIES (16)
??????????? Length: 16
??????????? Carried extended communities: (2 communities)
??????????????? E-Tree: [Transitive EVPN]
??????????????????? Type: Transitive EVPN (0x06)
??????????????????????? 0... .... = IANA Authority: xxxx
??????????????????????? .0.. .... = Transitive across ASes: Transitive
??????????????????? Subtype (EVPN): E-Tree (0x05)
??????????????????? Flags: 0x00
??????????????????????? 0000 000. = Reserved: 0x00
??????????????????????? .... ...0 = L flag: Not set
??????????????????? Reserved: 0000
??????????????????? 0000 0110 1101 1100 0001 .... = MPLS Label: 28097
??????????????????? .... .... .... .... .... 000. = Traffic Class: 0x0
??????????????????? .... .... .... .... .... ...1 = Bottom-of-Stack: True
??????????????? Route Target: 100:10023 [Transitive 2-Octet AS-Specific]
2.???? After PE1 receives the Ethernet A-D per ES route, it determines that the route is used to transmit the leaf label because the ESI field value is all zeros. PE1 then saves the label.
3.???? When PE1 needs to send BUM traffic from its leaf AC interface (CE5) to PE2, PE1 encapsulates the saved leaf label into the BUM packets and then sends them to PE2.
4.???? Upon receipt, PE2 finds the locally allocated leaf label in the BUM packets. Therefore, PE2 does not send the traffic to CE6 . Instead, PE2 sends the traffic only to CE2, implementing BUM traffic isolation between leaf AC interfaces.
If BUM Traffic Originated from a Multihomed Site on a Root AC , it follows the normal EVPN rules.
To prevent communication among Leaf ACs connected to the same PE and belonging to the same EVI,split-horizon filtering is used to block traffic from one Leaf AC to another Leaf AC on a MAC-VRF for a given E-Tree EVI.
?