BGP EVPN Multihome how split-horizon works (traffic forwarded by non-DF will not forwarded back to ESI by DF)

-

 

💯 Excellent follow-up — and yes, you’re right on the money.
Let’s go step by step to confirm how a receiving VTEP (PE) identifies the source of a BUM packet in EVPN-VXLAN multihoming, since the VXLAN header itself doesn’t carry ESI info.

🧩 Short Answer

✅ In VXLAN-EVPN, the receiver identifies which Ethernet Segment (ESI) the BUM packet came from
by looking at the outer source IP (the remote VTEP IP) of the VXLAN tunnel.

The mapping between VTEP IP ↔ ESI is learned from BGP EVPN Type-1 routes in the control plane.

🧭 How This Works in Practice

1️⃣ Control Plane Learning (via Type-1 per-ESI)

Each multihomed PE advertises a Type-1 per-ESI route like:

Route Type: 1 (Ethernet Auto-Discovery)
ESI: 0001
Originating Router’s IP: 10.1.1.1  (PE1)
Next Hop: 10.1.1.1

and similarly:

Route Type: 1 (Ethernet Auto-Discovery)
ESI: 0001
Originating Router’s IP: 10.1.1.2  (PE2)
Next Hop: 10.1.1.2

From these, every remote PE (say PE3) builds:

ESI-0001 members = { 10.1.1.1 , 10.1.1.2 }

2️⃣ Data Plane Forwarding (BUM traffic)

When PE3 sends a BUM packet toward VLAN-10 (VNI 10010):

Outer Src IP = 10.1.1.3  (PE3’s VTEP)
Outer Dst IP = Multicast-group or unicast flood list
VXLAN VNI = 10010

→ both PE1 and PE2 receive it.

3️⃣ Split-Horizon Check at Receiver

On receipt, each leaf (PE1, PE2) does:

Lookup: source-VTEP-IP (10.1.1.3)
Is 10.1.1.3 part of ESI-0001 peer list?
    No  → flood normally
    Yes → suppress flooding toward ESI ports

So when PE1 receives BUM from PE2 (10.1.1.2)
the control-plane table tells it “10.1.1.2 belongs to my same ESI-0001 group.”
➡️ PE1 will not send that packet back to CE1.

But when PE1 receives from PE3 (10.1.1.3)
that VTEP is not in the ESI group,
➡️ PE1 will flood to its local ESI ports (deliver to CE1).

🔧 Summary Table

StepField UsedPurpose
1BGP Type-1 routesBuild mapping: VTEP-IP ↔ ESI
2Outer source IP in VXLAN packetIdentify which PE sent it
3Split-horizon enforcementDrop traffic from same ESI group

🧠 So Conceptually

EncapsulationHow receiver identifies same-ESI traffic
MPLS EVPNUses explicit ESI label in MPLS stack
VXLAN EVPNUses outer source VTEP IP, matched against ESI-peer list (from control plane)

Conclusion:

The receiver does not read an ESI field in the packet;
instead, it knows from the control plane which VTEP IPs belong to each ESI.
During data-plane processing, the outer source IP of the VXLAN tunnel determines if the packet came from an ESI peer, and thus whether to apply split-horizon filtering.

Comments

Post a Comment

Popular posts from this blog

gNMI_with_grafana on containerlabs

-
Image
  root@digi-oss:/home/labadmin/mohan/2jan26_grafana# cat sr_lab.clab.yml name: sr_lab topology:   nodes:     sr1 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr1.cfg}     sr2 : {kind: nokia_srlinux, image: ghcr.io/nokia/srlinux:latest, startup-config: sr2.cfg}     # gNMIc Collector     gnmic:       kind: linux       image: ghcr.io/openconfig/gnmic:latest       binds: [gnmic-config.yml:/app/gnmic-config.yml:ro]       cmd: "--config /app/gnmic-config.yml subscribe"     # Prometheus TSDB     prometheus:       kind: linux       image: prom/prometheus:latest       binds: [prometheus.yml:/etc/prometheus/prometheus.yml:ro]       ports: ["9090:9090"]     # Grafana Visualization     grafana:       kind: linux       image: grafa...
Read more

EVPN Route type-1 & type-4 in action

-
Image
 Route Type 1: Ethernet Auto-Discovery (A-D) A Type 1 route is advertised by a PE router on a per-Ethernet Segment Identifier (ESI) basis. It is triggered by the presence of a multihomed connection.  Purpose of Type 1 routes Aliasing:  In an all-active multihoming setup, a Type 1 route informs remote PE routers that an Ethernet segment is reachable via multiple PEs. This allows for load-balancing traffic to the same customer device over multiple paths. Fast convergence (Mass MAC Withdrawal):  If a local link to a multihomed customer device fails, the PE sends a withdrawal message for the Type 1 route. Remote PEs can then withdraw all MAC addresses associated with that Ethernet segment, instead of waiting for individual MAC withdrawals, which speeds up convergence. Split-horizon filtering:   The route carries an ESI label to prevent traffic loops in all-active mode. A PE router won't forward broadcast, unknown unicast, and multicast (BUM) traffic back to its sour...
Read more

Network Automation with ROBOT Framework

-
Image
  Folder-structure Scripts testcase_with_keywordsLibrary.robot *** Settings *** Documentation    Test Case With Keyword Resource         Resources/Keywords/common.robot Resource          Resources/Keywords/vxlanInstance.robot Test Setup        Open Connection Test Teardown    Close Connection *** Test Cases *** [Documentation] Step 1: Verify VXLAN Interface Status     VXLAN Interface Status [Documentation] Step 2: Verify VXLAN VNI to VLAN Mapping     VXLAN VNI to VLAN Mapping Resources/Keywords/common.robot *** Settings *** Documentation    Common Keyword Library Library          ../../Libraries/commonLib.py Variables        ../Variables/veosLeaf01.yaml *** Variables *** ${devType}         ${virtualBox}[vmType] ${ipAddr}          ${virtualBox}[vmManagement][hostIp] ${po...
Read more