Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Control word for EVPN-VPWS

EVPN-VPWS is built on a MPLS network and the transit device’s load-balancing hashing algorithm can cause out-of-order delivery of packets. The transit device can incorrectly identify an Ethernet payload as an IPv4 or IPv6 payload if the first nibble of the destination address MAC is 0x4 or 0x6, respectively. By inserting a control word between the label stack and the L2 header of the packet on the MPLS packet switched network, you can ensure that the top nibble is 0, thus preventing the packet from being identified as an IPv4 or IPv6 packet. The PE devices then negotiate support for control word in the EVPN-VPWS service. When you enable control word, the PE devices advertises their support in the auto-discovery route for each EVPN instance (EVI). Before a control word is inserted into the data packet, you must configure all the PE devices in an EVI on the EVPN-VPWS service and all the PE devices in the EVI agree to support control word. If any PE device in an EVI does not support control word, then PE devices will not include the control word in their packet.

Note:

You do not need to enable control word on the devices in your transit network when the transit devices consist of Juniper Networks EX 9200 switches, MX series routers, or PTX Series routers. These Juniper devices correctly identify the Ethernet payload as an IPv4/IPv6 payloads, even when the Ethernet destination MAC address starts with 0x4 or 0x6 nibble. The Juniper devices perform hashing based on the IP header fields inside the Ethernet frame and will not send out-of-order packets. In this case, we recommend not using control word as there are no benefits.

Figure 1 and Figure 2 illustrate a network with EVPN-VPWS service terminating in a Layer 3 VPN. In Figure 1, the customer device connects to an access device (A-PE1) which in turn connects to a service-edge device (PE1), that terminates into the layer 3 VPN. You must enable control word on A-PE1 and PE1, so that both devices can advertise their control word support in their route advertisement. Once control word support is established, the PEs will start inserting the control word in their packet.

Figure 1: Single-homed network with EVPN-VPWS service terminating in a Layer 3 VPNSingle-homed network with EVPN-VPWS service terminating in a Layer 3 VPN

Figure 2 illustrates a topology where the customer device is multihomed to two access devices(A-PE1 and A-PE2), which in turn are multihomed to two service devices (PE1 and PE2). In both single-active and all-active multihoming, you must enable control word on A-PE1, A-PE2, PE1, and PE2 so that the devices can exchange their control word support. When control word support is confirmed for all the PEs in the EVPN-VPWS service, the PEs will start inserting the control word in the packet.

Figure 2: Multihomed network with EVPN-VPWS service terminating in a Layer 3 VPNMultihomed network with EVPN-VPWS service terminating in a Layer 3 VPN

To enable control word, set control-word for the evpn protocol for a specified routing instance.

The following output shows a sample multihomed routing instance with control word configured.

Note:

The configuration for the interface takes precedence over the configuration for the EVPN protocol.

To view routes where control word is supported, use the show route table mpls.0 protocol evpn operational command. Egress routes display an offset of 252. Ingress routes display an offset of 4. When control word is not enable, the offset is not displayed.