Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring MAC Pinning for PBB-EVPN

    PBB-EVPN MAC Pinning Overview

    Starting in Junos OS Release 17.2, the MAC pinning feature is enabled on provider backbone bridging (PBB) and Ethernet VPN (EVPN) integration, including customer edge (CE) interfaces and EVPN over PBB core in both all-active or single-active mode.

    The MAC pinning feature is used to avoid loops in a network and is also used for MAC security restriction by avoiding MAC move on duplicate MAC detection. When MAC pinning is enabled, the dynamically learned MAC addresses are not allowed to move to any other interface in a bridge domain until it is aged out and traffic received with the same source MAC address on other bridge interfaces are discarded. This feature is an advantage over blocking of the complete interface on duplicate MAC detection or loop, as MAC pinning works at the MAC label. This feature is local to a provider edge (PE) device and does not require any interoperability.

    PBB has I-component and B-Component, where I-component (customer routing instance) is responsible for mapping the CE port traffic to the instance source ID (I-SID), and the B-component learns and forwards traffic on the backbone port. Traffic received from the MPLS core or from the PBB port is classified and based on the I-SID and PBB MAC, and gets mapped to the correct I-component. Remote customer MAC addresses are learned over remote backbone edge port (BEB) interface in the I-component bridge domain. This interface is created dynamically on PBB neighbor detection. MAC addresses learned over the remote BEB interface in I-component are pinned when MAC pinning is enabled for PBB-EVPN.

    To configure MAC pining for PBB-EVPN, include the mac-pinning statement at the [edit routing-instances pbbn protocols evpn], where pbbn is the PBB routing instance over backbone port (B-component). With this configuration, the dynamically learned MAC addresses in the PBB I-component bridge domain over CE interfaces, as well as PBB-MPLS core interfaces are pinned.

    When configuring the PBB-EVPN MAC pinning feature, take the following into consideration:

    • PBB-EVPN MAC pinning is supported on MX Series routers with MPC and MIC interfaces only.
    • PBB-EVPN MAC pinning is supported on Ethernet Layer 2 bridge interfaces only.
    • When there is a MAC move between the I-component and an access interface, the MAC address is learned locally over the PBB-EVPN MPLS core over a remote BEB interface in the I-component bridge domain. The MAC moves between the CE or core interfaces for this MAC is not allowed.
    • In MAC pinning for PBB with EVPN active-active and single-active multihoming, MAC pinning must be enabled or disabled on all the multihomed PE devices in the broadcast domain. This is because MAC pining at a multihomed PE device is local to the PE, and it is possible that a MAC address that is pinned towards a multihomed CE device and PE device is also pinned toward a single-homed customer site or toward any other Ethernet segment identifier (ESI) at another multihomed PE device.
    • A next hop bridge domain is created in PBB-EVPN I-component bridge domain toward the B-component when there is an unresolved source MAC notification when the first remote MAC address is received. As a result, the first MAC address learned over PBB back bone core interface can be delayed on pinning, and may result moving to other single-homed or ESI interface if the same MAC traffic is received.
    • Static MAC addresses are given preference over dynamic pin MACs.
    • MAC pinning is enabled for all neighbors of a PBB routing instance and cannot be enabled for a specific neighbor.
    • PBB-EVPN MAC pin discard notification is not generated for a remote BEB interface when traffic is discarded due to MAC pinning until a MAC is learned locally over the remote BEB interface.

    Configuring PBB-EVPN MAC Pinning

    Starting in Junos OS Release 17.2, the MAC pinning feature is enabled on provider backbone bridging (PBB) and Ethernet VPN (EVPN) integration, including customer edge (CE) interfaces and EVPN over PBB core in both all-active or single-active mode.

    When MAC pinning is enabled, the dynamically learned MAC addresses are not allowed to move to any other interface in a bridge domain until it is aged out and traffic received with the same source MAC address on other bridge interfaces are discarded. This feature is an advantage over blocking of the complete interface on duplicate MAC detection or loop detection, as MAC pinning works at the MAC label. This feature is local to a provider edge (PE) device and does not require any interoperability.

    Before you begin:

    • Configure the device interfaces, including the customer backbone port (CBP) interface, the provider instance port (PIP) interfaces, and the loopback interface. Assign the bridge family to the interfaces.
    • Assign the router ID and autonomous system ID to the device.
    • Configure an internal BGP group with EVPN signaling.
    • Enable the following protocols on the device:

      • MPLS
      • LDP
      • OSPF

    To enable MAC pinning on PBB-EVPN:

    1. Configure the B-component routing instance.

      Assign the virtual switch instance type and the CBP interface to it. Configure other routing instance attributes like route distinguisher and virtual routing and forwarding (VRF) target to the routing instance.

      Note: Configure B-component routing instances for other CBP interface units on the device, and assign different VLAN IDs and I-SID lists for the different interface units.

      [edit routing-instances]user@R1# set pbbn instance-type virtual-switchuser@R1# set pbbn interface cbp-interfaceuser@R1# set pbbn route-distinguisher route-distinguisher-valueuser@R1# set pbbn vrf-target vrf-target
    2. Enable PBB- EVPN integration for the B-component routing instance.
      [edit routing-instances]user@R1# set pbbn protocols evpn pbb-evpn-core
    3. Enable MAC pinning for the B-component routing instance.
      [edit routing-instances]user@R1# set pbbn protocols evpn mac-pinning
    4. Assign instance source IDs (I-SID) list to the B-component routing instance.
      [edit routing-instances]user@R1# set pbbn protocols evpn extended-isid-list extended-isid-list
    5. Configure a bridge domain for the B-component routing instance and assign a VLAN and and I-SID list to the bridge domain.
      [edit routing-instances]user@R1# set pbbn bridge-domains bridge-domain vlan-id vlan-iduser@R1# set pbbn bridge-domains bridge-domain isid-list isid-list
    6. Configure the I-component routing instance.

      Assign the virtual switch instance type and the PIP interface to it.

      Note: Configure I-component routing instances for other PIP interface units on the device, and assign different bridge domains, VLAN IDs and I-SID lists for the different interface units.

      [edit routing-instances]user@R1# set pbn instance-type virtual-switchuser@R1# set pbn interface pip-interface
    7. Configure bridge domain for the I-component routing instance and assign interfaces and VLANs to the bridge domain.
      [edit routing-instances]user@R1# set pbn bridge-domains bridge-domain domain-type bridgeuser@R1# set pbn bridge-domains bridge-domain vlan-id vlan-iduser@R1# set pbn bridge-domains bridge-domain interface interface-name
    8. Enable MAC pinning for the interface in the I-component routing instance.
      [edit routing-instances]user@R1# set pbn bridge-domains bridge-domain bridge-options interface interface-name mac-pinning
    9. Configure peering between the B-component and the I-component routing instances.
      [edit routing-instances]user@R1# set pbn bridge-domains bridge-domain pbb-options peer-instance pbbn
    10. Configure PBB service group and assign I-SID and VLAN ID list.
      [edit routing-instances]user@R1# set pbn service-groups service-group pbb-service-options isid isid vlan-id-list valn-id-list

    Modified: 2017-05-18