EVPN Route type-1 & type-4 in action

-

 Route Type 1: Ethernet Auto-Discovery (A-D)

A Type 1 route is advertised by a PE router on a per-Ethernet Segment Identifier (ESI) basis. It is triggered by the presence of a multihomed connection. 

Purpose of Type 1 routes

Aliasing: 

In an all-active multihoming setup, a Type 1 route informs remote PE routers that an Ethernet segment is reachable via multiple PEs. This allows for load-balancing traffic to the same customer device over multiple paths.

Fast convergence (Mass MAC Withdrawal): 

If a local link to a multihomed customer device fails, the PE sends a withdrawal message for the Type 1 route. Remote PEs can then withdraw all MAC addresses associated with that Ethernet segment, instead of waiting for individual MAC withdrawals, which speeds up convergence.

Split-horizon filtering: 

The route carries an ESI label to prevent traffic loops in all-active mode. A PE router won't forward broadcast, unknown unicast, and multicast (BUM) traffic back to its source on the same Ethernet segment. 


Route Type 4: Ethernet Segment (ES) route

A Type 4 route is used for PE routers connected to the same multihomed Ethernet segment to discover each other. It is advertised as soon as the ESI is configured on the PE device. 

Purpose of Type 4 routes

Peer discovery: 

It carries information like the ESI and the originating PE's IP address. This allows PEs connected to the same customer device to identify one another.

Designated Forwarder (DF) election: 

Once PEs discover their peers via Type 4 routes, they use this information to participate in the DF election. The DF is responsible for forwarding BUM traffic to the multihomed customer device to prevent traffic duplication.

ES-Import filtering: 

The route carries an ES-Import extended community, allowing only PEs connected to the same ESI to import the route and participate in the multihoming functions. 




EVPN multihoming sequence with Type 4 and Type 1 routes
The interaction between EVPN Type 4 and Type 1 routes is central to the multihoming process. Type 4 routes are used for discovery and electing the Designated Forwarder (DF), while Type 1 routes facilitate aliasing and fast convergence. 
Example topology
  • CE1: A customer device multihomed to PE1 and PE2 via a Link Aggregation Group (LAG).
  • PE1 and PE2: Provider Edge routers in the EVPN fabric, configured with the same Ethernet Segment Identifier (ESI) for the multihomed links to CE1.
  • PE3: A remote PE router that needs to send traffic to CE1. 
Control plane flow/sequence
Step 1: Ethernet Segment (ES) discovery (using Type 4 route)
  1. Configuration: An identical ESI is configured on the multihomed interfaces of PE1 and PE2. This signals to both PEs that they are part of the same redundancy group.
  2. Advertisement: PE1 and PE2 independently advertise a Type 4 Ethernet Segment (ES) route into the EVPN fabric.
    • This route contains the ESI and the advertising PE's IP address.
    • The route is distributed to all other PEs via BGP.
  3. Discovery: Upon receiving the Type 4 routes, PE1 and PE2 discover that they are peers in the same Ethernet segment because the ESI in the route matches their own local configuration. The ES-Import Route Target (RT), derived from the ESI, ensures that only PEs sharing the segment import these routes. 
Step 2: DF election and fast convergence setup (using Type 1 per-ESI route)
  1. DF Election: After discovering all peer PEs for a given ESI, PE1 and PE2 run the Designated Forwarder (DF) election algorithm (e.g., modulo or HRW).
    • The PEs exchange additional information via the Type 4 route (such as preference values) to aid in the election.
    • Let's assume PE1 is elected DF for VLAN 10 and PE2 is elected DF for VLAN 20.
  2. Advertisement (per-ESI): Once the election and peer discovery are complete, PE1 and PE2 advertise Type 1 per-ESI routes for their shared ESI.
    • These routes contain the ESI, an Ethernet Tag ID of 0xFFFFFFFF (indicating it's not specific to a VLAN), and the ESI Label (or Split-Horizon Group (SHG) label).
    • Purpose: This provides remote PEs (like PE3) with the ESI Label for Split-Horizon filtering and serves as a trigger for fast convergence.
      • If the link between CE1 and PE1 fails, PE1 withdraws its Type 1 route, causing remote PEs to update their forwarding paths and switch to PE2. 
Step 3: Aliasing for load balancing (using Type 1 per-EVI route)
  1. Advertisement (per-EVI): To enable aliasing, PE1 and PE2 advertise Type 1 per-EVI routes.
    • These routes contain the ESI, the VLAN-specific Ethernet Tag ID (e.g., VLAN 10), and the VXLAN Network Identifier (VNI).
    • Both PEs advertise this route for any VLAN in which they have an active link to the CE.
  2. Aliasing Setup: A remote PE (PE3) receives these routes and installs a forwarding entry for the ESI, with the next-hops being both PE1 and PE2.
    • This allows PE3 to load-balance traffic destined for CE1 across both tunnels. 
Step 4: MAC learning and traffic forwarding (using Type 2 route)
  1. MAC Learning: CE1 sends traffic, and the multihomed PEs (PE1 and PE2) learn the MAC address.
  2. Advertisement: Both PE1 and PE2 advertise a Type 2 MAC/IP Advertisement route containing CE1's MAC address, IP address, and the ESI.
    • This signals to remote PEs that CE1 is reachable via the multihomed ES.
  3. Traffic Flow:
    • Known Unicast: If PE3 needs to send unicast traffic to CE1, it can load-balance the traffic between PE1 and PE2 because of the aliasing set up via the Type 1 per-EVI route.
    • BUM traffic: If PE3 sends BUM traffic destined for CE1, it will send a single copy to the DF for that VLAN (e.g., PE1 for VLAN 10). PE1 then forwards the traffic to CE1, while PE2 (the non-DF for that VLAN) blocks it.
    • Split-Horizon: When PE1 forwards BUM traffic to other PEs (like PE2), it includes the ESI label. PE2 uses this label to identify the traffic's source and prevents it from being sent back down the multihomed link to CE1. 
Sequence summary
  1. Type 4 (Discovery): Multihomed PEs advertise their presence on an ES, allowing for peer discovery and DF election.
  2. Type 1 per-ESI (Fast Convergence): All multihomed PEs advertise this route to enable mass MAC withdrawal and Split-Horizon filtering.
  3. Type 1 per-EVI (Aliasing): All active multihomed PEs advertise this route for each VLAN to enable load balancing from remote PEs.
  4. Type 2 (MAC Learning): PEs learn MACs from the CE and advertise them into the fabric, providing reachability information


Handling link failure in EVPN-VXLAN multihoming
When a link in an all-active multihoming setup fails, the EVPN control plane provides a fast convergence mechanism to minimize traffic disruption. Instead of waiting for individual MAC address timeouts, the failure is signaled quickly via a BGP route withdrawal. 
Example topology
  • CE1: A server multihomed to PE1 and PE2 via a Link Aggregation Group (LAG).
  • PE1 and PE2: Provider Edge routers, which are VTEPs and multihoming peers for CE1, configured with the same Ethernet Segment Identifier (ESI).
  • PE3: A remote PE router in the EVPN fabric.
  • VLAN 10: The broadcast domain where CE1 resides. 
Failure scenario
The physical link between CE1 and PE1 fails. 
Sequence of events and BGP route packets
Step 1: Local failure detection
  • Physical link down: The physical port on PE1 connected to CE1 goes down.
  • Detection: The PE1 operating system immediately detects the link failure. This is a local event and is very fast.
  • ESI status: PE1's state for the multihomed Ethernet Segment (ES) is updated to reflect the link failure. Since PE1 has lost its connection, it can no longer be considered a valid forwarding path for traffic to that ES.
Step 2: PE1 triggers mass MAC withdrawal
  • Route withdrawal: To signal the link failure to all other PEs in the fabric, PE1 withdraws its Type 1 Ethernet A-D per-ESI route.
    • BGP Update Message: PE1 sends a BGP UPDATE message containing a WITHDRAWN ROUTES NLRI for the Type 1 route associated with CE1's ESI.
    • Packet Details: The withdrawn NLRI contains the Route Distinguisher (RD), the ESI, and the Ethernet Tag ID (0xFFFFFFFF). This single withdrawal message effectively invalidates all MAC addresses learned through PE1 for that ESI.
    • Flow: PE1 -> PE2, PE3, and all other PEs. 
Step 3: Remote PE3 converges and updates forwarding
  • Receive withdrawal: PE3 receives the BGP UPDATE with the withdrawn Type 1 route from PE1.
  • Mass MAC invalidation: PE3's BGP process immediately invalidates all entries in its forwarding table that point to PE1 as the next-hop for any MAC address associated with CE1's ESI.
  • Forwarding table update: PE3 updates its forwarding entry for CE1 to use only the VXLAN tunnel to PE2.
  • Aliasing convergence: The aliasing next-hop list for CE1 is updated, and the ECMP path is "shrunk" to exclude the failed PE1. Traffic from PE3 destined for CE1 is now forwarded exclusively to PE2.
Step 4: Peer PE2 takes over traffic (no DF election rerun needed)
  • Receive withdrawal: PE2 also receives the BGP UPDATE withdrawing the Type 1 route from PE1.
  • DF election: Since PE2 is now the only active PE on the Ethernet Segment, it automatically becomes the Designated Forwarder (DF) for all VLANs within that ES. No new DF election needs to occur.
  • Forwarding continues: PE2 continues to receive traffic from remote PEs (like PE3) via the VXLAN tunnel and forwards it to CE1. Traffic is seamlessly failed over. 
Step 5: Data plane traffic flow after convergence
  • Before failure: Traffic from PE3 was load-balanced between PE1 and PE2.
  • During convergence: There may be a brief period of packet loss while PE3's BGP routes and forwarding table converge. Traffic that was being sent to PE1 will be dropped because PE1's interface is down.
  • After convergence: Traffic from PE3 destined for CE1 is sent entirely to PE2. The failover is complete, and traffic is restored. 
Summary of route types during link failure
  • Type 1 (per-ESI): This is the most crucial route for fast convergence. Its withdrawal acts as a single, efficient mechanism for mass MAC invalidation at remote PEs.
  • Type 2 (MAC/IP): The withdrawal of the Type 1 route implicitly invalidates all Type 2 routes previously advertised by PE1 for that ESI, rather than waiting for PE1 to withdraw each Type 2 route individually.
  • Type 3 (IMET): The withdrawal of the Type 1 route does not affect the Type 3 routes, which are used for BUM traffic flooding. The DF election status on PE2 is what ensures BUM traffic continues to flow.
  • Type 4 (ES): The Type 4 routes are used for discovery and are not directly withdrawn in this specific scenario. The BGP route advertisements from PE1 will reflect the loss of its ability to provide service to the ES. 
This sequence ensures that redundancy is maintained and traffic is quickly rerouted to the remaining active PE, providing a robust and resilient network design. 





Active-standby multihoming explanation
In active-standby multihoming, only one Provider Edge (PE) device connected to a multihomed Customer Edge (CE) device is active at a time. The other PE serves as a backup and does not forward any traffic for that specific Ethernet Segment (ES) and EVPN instance (EVI). All unicast, broadcast, unknown unicast, and multicast (BUM) traffic is forwarded to and from the active PE only. This differs from active-active multihoming, which uses Equal-Cost Multi-Path (ECMP) to load-balance unicast traffic.
The key mechanism for determining the active PE is the Designated Forwarder (DF) election, and the active-standby role is explicitly signaled in BGP EVPN updates.
Example topology
  • CE1: A server multihomed to PE1 and PE2. CE1 does not use a LAG toward the PEs.
  • PE1 and PE2: VTEPs configured with the same Ethernet Segment Identifier (ESI) for CE1.
  • PE3: A remote PE that needs to communicate with CE1.
Example configuration (Cisco IOS-XE)
The mode is configured under the Ethernet Segment configuration on each multihomed PE. 
On PE1 (elected as Active):
cisco
l2vpn evpn ethernet-segment 1
  identifier type 0 01.01.01.01.01.01.01.01.01
  redundancy single-active
Use code with caution.
On PE2 (in standby):
cisco
l2vpn evpn ethernet-segment 1
  identifier type 0 01.01.01.01.01.01.01.01.01
  redundancy single-active
Use code with caution.
Sequence of events and BGP route packets
Initial state
  1. ES discovery (Type 4 route): PE1 and PE2 exchange Type 4 Ethernet Segment routes to discover that they are multihoming peers for the same ESI.
    • BGP UPDATE packet (from PE1)
      • NLRIType 4 (ES Route)
      • ESI01.01.01.01.01.01.01.01.01
      • Extended Community: Includes the ES-Import RT to ensure only peer PEs import the route.
  2. DF election: A DF election is run for the ES. In single-active mode, the DF is the only PE that will forward all traffic for the ES. The election is determined by factors such as PE IP address or configured preference. Let's assume PE1 wins the DF election.
  3. Type 1 advertisement: PE1 and PE2 advertise Type 1 Ethernet A-D per-ESI routes.
    • PE1 (Active) BGP UPDATE packet:
      • NLRIType 1 (AD per-ESI)
      • ESI01.01.01.01.01.01.01.01.01
      • Extended CommunityESI Label extended community with the single-active bit set to 1.
    • PE2 (Standby) BGP UPDATE packet:
      • NLRIType 1 (AD per-ESI)
      • ESI01.01.01.01.01.01.01.01.01
      • Extended CommunityESI Label extended community with the single-active bit set to 1.
    • This signals to PE3 and other PEs that this is a single-active segment. 
Traffic flow (normal operation)
  1. MAC/IP advertisement (Type 2 route): When CE1 sends a frame, it is received by both PE1 and PE2.
    • PE1 (DF) receives the frame, learns the MAC address, and advertises a Type 2 MAC/IP Advertisement route to all other PEs, including PE3. This route contains the MAC address, IP address, and ESI of CE1.
    • PE2 (NDF) receives the frame and drops it because it is not the DF. PE2 does not learn or advertise the MAC/IP route.
    • PE3 learns that CE1 is reachable only via PE1, and not PE2.
  2. Remote traffic (PE3 to CE1): Traffic from PE3 destined for CE1 is sent only to PE1 via the VXLAN tunnel.
  3. Local traffic (CE1 to fabric): CE1 sends traffic to PE1, which forwards it into the VXLAN core. 
Failover scenario: Link between CE1 and PE1 fails
  1. Local failure detection: PE1 detects the link failure to CE1.
  2. Route withdrawal: PE1 withdraws its Type 1 Ethernet A-D per-ESI route for CE1's ESI.
    • BGP UPDATE packet (from PE1): Contains WITHDRAWN ROUTES for the Type 1 route.
    • Purpose: This signals the failure to all remote PEs.
  3. Standby takeover: PE2 receives the withdrawal of PE1's Type 1 route.
    • DF election: The DF election for the ES is re-run. Since PE1 is now non-operational for the ES, PE2 becomes the new DF.
    • Local interfaces: PE2 unblocks its interface connected to CE1.
    • Active advertisement: PE2, now the active PE, sends a new Type 1 per-EVI route advertising its reachability to the ES.
  4. MAC/IP advertisement: PE2 learns CE1's MAC address and advertises a Type 2 MAC/IP Advertisement route with its own IP as the next-hop.
  5. Remote PE convergence: PE3 receives the Type 1 withdrawal from PE1 and the new Type 2 route from PE2.
    • Forwarding table update: PE3 immediately updates its forwarding table to point to PE2 as the new next-hop for CE1's MAC address.
  6. Traffic restoration: Traffic from PE3 is now forwarded to PE2 and then to CE1, restoring connectivity

Comments

Post a Comment