CCIE SPv5.1 Labs
  • Page
  • Intro
    • Setup
  • MVPN
    • Start
    • Topology
    • Profile 0
    • Profile 0 with data MDTs
    • Profile 1
    • Profile 1 w/ Redundant Roots
    • Profile 1 with data MDTs
    • Profile 6
    • Profile 7
    • Profile 3
    • Profile 3 with S-PMSI
    • Profile 11
    • Profile 11 with S-PMSI
    • Profile 11 w/ Receiver-only Sites
    • Profile 9 with S-PMSI
    • Profile 12
    • Profile 13
    • UMH (Upstream Multicast Hop) Challenge
    • Profile 13 w/ Configuration Knobs
    • Profile 13 w/ PE RP
    • Profile 12 w/ PE Anycast RP
    • Profile 14 (Partitioned MDT)
    • Profile 14 with Extranet option #1
    • Profile 14 with Extranet option #2
    • Profile 14 w/ IPv6
    • Profile 17
    • Profile 19
    • Profile 21
  • MVPN SR
    • Start
    • Topology
    • Profile 27
    • Profile 27 w/ Constraints
    • Profile 27 w/ FRR
    • Profile 28
    • Profile 28 w/ Constraints and FRR
    • Profile 28 w/ Data MDTs
    • Profile 29
  • Segment Routing
    • Start
    • Topology
    • Basic SR with ISIS
    • Basic SR with OSPF
    • SRGB Modifcation
    • SR with ExpNull
    • SR Anycast SID
    • SR Adjacency SID
    • SR LAN Adjacency SID (Walkthrough)
    • SR and RSVP-TE interaction
    • SR basic inter-area with ISIS
    • SR basic inter-area with OSPF
    • SR basic inter-IGP (redistribution)
    • SR basic inter-AS using BGP
    • SR BGP Data Center (eBGP)
    • SR BGP Data Center (iBGP)
    • LFA
    • LFA Tiebreakers (ISIS)
    • LFA Tiebreakers (OSPF)
    • Remote LFA
    • RLFA Tiebreakers?
    • TI-LFA
    • Remote LFA or TILFA?
    • TI-LFA Node Protection
    • TI-LFA SRLG Protection
    • TI-LFA Protection Priorities (ISIS)
    • TI-LFA Protection Priorities (OSPF)
    • Microloop Avoidance
    • SR/LDP Interworking
    • SR/LDP SRMS OSPF Inter-Area
    • SR/LDP Design Challenge #1
    • SR/LDP Design Challenge #2
    • Migrate LDP to SR (ISIS)
    • OAM with SR
    • SR-MPLS using IPv6
    • Basic SR-TE with AS
    • Basic SR-TE with AS and ODN
    • SR-TE with AS Primary/Secondary Paths
    • SR-TE Dynamic Policies
    • SR-TE Dynamic Policy with Margin
    • SR-TE Explicit Paths
    • SR-TE Disjoint Planes using Anycast SIDs
    • SR-TE Flex-Algo w/ Latency
    • SR-TE Flex-Algo w/ Affinity
    • SR-TE Disjoint Planes using Flex-Algo
    • SR-TE BSIDs
    • SR-TE RSVP-TE Stitching
    • SR-TE Autoroute Include
    • SR inter-IGP using PCE
    • SR-TE PCC Features
    • SR-TE PCE Instantiated Policy
    • SR-TE PCE Redundancy
    • SR-TE PCE Redundancy w/ Sync
    • SR-TE Basic BGP EPE
    • SR-TE BGP EPE for Unified MPLS
    • SR-TE Disjoint Paths
    • SR Converged SDN Transport Challenge
    • SR OAM DPM
    • SR OAM Tools
    • Performance-Measurement (Interface Delay)
  • EVPN
    • Start
    • Topology
    • EVPN VPWS
    • EVPN VPWS Multihomed
    • EVPN VPWS Multihomed Single-Active
    • Basic Single-homed EVPN E-LAN
    • EVPN E-LAN Service Label Allocation
    • EVPN E-LAN Ethernet Tag
    • EVPN E-LAN Multihomed
    • EVPN E-LAN on XRv
    • EVPN IRB
    • EVPN-VPWS Multihomed IOS-XR (All-Active)
    • EVPN-VPWS Multihomed IOS-XR (Port-Active)
    • EVPN-VPWS Multihomed IOS-XR (Single-Active)
    • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
    • PBB-EVPN (Informational)
  • VPWS
    • Start
    • Topology
    • Basic VPWS
    • VPWS with Tag Manipulation
    • Redundant VPWS
    • Redundant VPWS (IOS-XR)
    • VPWS with PW interfaces
    • Manual VPWS
    • VPWS with Sequencing
    • Pseudowire Logging
    • VPWS with FAT-PW
    • MS-PS (Pseudowire stitching)
    • VPWS with BGP AD
  • VPLS
    • Start
    • Topology
    • Basic VPLS with LDP
    • VPLS with LDP and BGP
    • VPLS with BGP only
    • Hub and Spoke VPLS
    • Tunnel L2 Protocols over VPLS
    • Basic H-VPLS
    • H-VPLS with BGP
    • H-VPLS with QinQ
    • H-VPLS with Redundancy
    • VPLS with Routing
    • VPLS MAC Protection
    • Basic E-TREE
    • VPLS with LDP/BGP-AD and XRv RR
    • VPLS with BGP and XRv RR
    • VPLS with Storm Control
  • BGP Multi-Homing (XE)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 Shadow Session
    • Lab5 Shadow RR
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + Shadow RR
    • Lab9 MPLS + RDs + UCMP
  • BGP Multi-Homing (XR)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 “Shadow Session”
    • Lab5 “Shadow RR”
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + “Shadow RR”
    • Lab9 MPLS + RDs + UCMP
    • Lab10 MPLS + Same RD + Add-Path + UCMP
    • Lab11 MPLS + Same RD + Add-Path + Repair Path
  • BGP
    • Start
    • Conditional Advertisement
    • Aggregation and Deaggregation
    • Local AS
    • BGP QoS Policy Propagation
    • Non-Optimal eBGP Routing
    • Multihomed Enterprise Challenge
    • Provider Communities
    • Destination-Based RTBH
    • Destination-Based RTBH (Community-Based)
    • Source-Based RTBH
    • Source-Based RTBH (Community-Based)
    • Multihomed Enterprise Challenge (XRv)
    • Provider Communities (XRv)
Powered by GitBook
On this page
  • Answer
  • Explanation
  1. EVPN

EVPN VPWS Multihomed Single-Active

Load basic.evpn.multihomed.vpws.init.cfg

#IOS-XE (CE7,9)
config replace flash:basic.evpn.multihomed.vpws.init.cfg
 
#IOS-XR (P1-2, PE5-8)
configure
load basic.evpn.multihomed.vpws.init.cfg
commit replace
y

BGP l2vpn/evpn is already preconfigured in the core.

Configure EVPN VPWS multihomed service between CE7 and CE9.

Use static port-channels, and single-active mode so that traffic is only forwarded between two PEs (i.e. PE5 and PE7 only). The CEs are already preconfigured with port-channels, but you may need to add this config:

#CE7,9

interface GigabitEthernet2
 no ip address
 channel-group 1
!
interface GigabitEthernet3
 no ip address
 channel-group 1

If any PE loses its two core-facing interfaces, it should bring down the BE on the AC side.

Answer

#PE5, PE6
interface Bundle-Ether7
 l2transport
 !
!
interface GigabitEthernet0/0/0/3
 bundle id 7 mode on
 no shutdown
!
evpn
 group 1
  core interface GigabitEthernet0/0/0/0
  core interface GigabitEthernet0/0/0/1
 !
 interface Bundle-Ether7
  ethernet-segment
   identifier type 0 00.00.00.00.00.00.00.00.07
   load-balancing-mode single-active
  !
  core-isolation-group 1
 !
!
l2vpn
 xconnect group VPWS
  p2p 79
   interface Bundle-Ether7
   neighbor evpn evi 79 service 79

#PE7, PE8
interface Bundle-Ether9
 l2transport
 !
!
interface GigabitEthernet0/0/0/3
 bundle id 9 mode on
 no shutdown
!
evpn
 group 1
  core interface GigabitEthernet0/0/0/0
  core interface GigabitEthernet0/0/0/1
 !
 interface Bundle-Ether9
  ethernet-segment
   identifier type 0 00.00.00.00.00.00.00.00.09
   load-balancing-mode single-active
  !
  core-isolation-group 1
  !
 !
!
l2vpn
 xconnect group VPWS
  p2p 79
   interface Bundle-Ether9
   neighbor evpn evi 79 service 79

Explanation

In the previous lab, we saw that all-active ESI was used by default. Each PE would load share traffic to both remote PEs. This was achieved by allocating a local label for the VPWS neighbor. This label instruction was to load balance to both remote PEs.

When we specify the ESI mode as single-active, each PE will only use one single PE as the remote PE. For example, we see on XR7 that both XR5 and XR6 are advertising partipiation in the VPWS:

Since this route is using an ESI (0.0.0.0.0.0.0.0.7), XR7 checks the load balancing mode of the ESI using the per-ESI type 1 route. It sees that it is single-active:

Therefore XR7 only uses one single PE as the VPWS neighbor. It appears that XR7 essentially does its own DF election for both XR5 and XR6 to determine which PE to use.

Every PE performs these steps, so traffic only exists between two PEs (depending on which ingress PE receives the traffic).

This task also asks us to configure the PEs to bring down the AC if the core links go down. Without doing this step, if the PE becomes isolated from the core, the AC bundle will still be up, and traffic will be blackholed.

This is a fairly simple feature. If all links specified in the group go down, the bundle interfaces are brought down (errdisabled).

evpn
 group 1
  core interface GigabitEthernet0/0/0/0
  core interface GigabitEthernet0/0/0/1
 !
 interface Bundle-Ether9
  core-isolation-group 1

The potential problem is that the BGP routes will still be active for the full BGP hold time (3 minutes). In the real world, we would run BFD on our IGP links to faciliate fast failover. To test this more easily in our lab, we can reduce the BGP keep-alive/hold timers to 1/3 seconds on PE8.

#XR8
router bgp 65000
 timers bgp 1 3
!
do clear bgp *

PE8’s core interfaces then go down. The bundle member interfaces are brought into errdisable state. In our lab we are using static port-channel, so the CE will still see the link as up. But in the real world, the CE would react to the missing LACPDUs.

PE8 withdraws its EVPN BGP routes. The remote PEs see the withdrawn routes (due to the BGP session between the RR and PE8 timing out), and the nexthop is updated to PE7.

When the core interfaces come back up, it takes 60 seconds for the interface to automatically recover.

Also note that just one interface in the group going down does not cause the AC to go down. All interfaces identified in the group must go down.

PreviousEVPN VPWS MultihomedNextBasic Single-homed EVPN E-LAN

Last updated 14 days ago