ON THIS PAGE
Overview of Flexible Cross-Connect Support on VPWS with EVPN
Ethernet VPN virtual private wire service (EVPN-VPWS) delivers the point-to-point services between a pair of Attachment Circuits (ACs). An AC is an attachment circuit or access interface participating in a EVPN E-LINE service. Multi-homing and fast convergence capabilities are also provided by EVPN-VPWS. You can now multiplex a large number of ACs across several physical interfaces onto a single VPWS service tunnel.
The EVPN-VPWS flexible cross-connect (FXC) is introduced to address label resource issue that occurs on some low end access routers (also known as A-leaf) by having a group of ACs under the same EVPN instance (EVI) share the same label. FXC is used to establish the point-to-point Ethernet services.
The MPLS label resource issue does not apply to the PE device (also known as service edge router) or vMX (or MX), that uses pseudowire subscriber logical interface.
The control plane signaling is based on the exchange of EVPN per EVI auto-discovery (AD) routes between the pair of PEs, for FXC. It is a mandatory requirement that all the point-to-point Ethernet services under the same EVI is uniquely identified by either a single VLAN tag or double VLAN tags, and to ensure the uniqueness, VLAN normalization must be performed at the ingress. This mandatory requirement is applicable on both PE devices for both VLAN-unaware and VLAN-aware services.
The forwarding plane on the router that has limited label resource (access router), the MPLS label is used to identify the EVI. On both access router and PE device, the VLAN(s) carried in the data packet is used as the de-multiplexer to uniquely identify each local AC for the point-to-point service.
When the access device is a MX router, on the PE device, only single-homing and single-active multi-homing mode is supported. The customer edge (CE) device on the access side is either single-homed to an access router or multi-homed to a set of access routers in a single-active or all-active mode.
Benefits of Pseudowire Headend Termination (PWHT) with EVPN-VPWS FXC Pseudowires
EVPN-VPWS FXC is an extension to basic EVPN-VPWS PWHT which bundles VLANs from multiple physical ports on access node into single bundled EVPN-VPWS pseudowire. The same pseudowire also shares more than one E-LINE service.
Supports all true VLAN-aware bundle services for the VLAN signaled FXC.
The FXC gives the benefit by the efficient usage of MPLS label resources. As a result, less labels and pseudowires are required, because of pseudowire bundling. This is useful on low-end access devices to conserve MPLS labels.
FXC on the PE Device (Service Edge Router)
EVPN-VPWS does not signal the VLAN in the control plane. At
the PE device, label is allocated per pseudowire subscriber transport
logical interface. The PE device interops with the access router that
use different label allocation scheme. Encapsulation type ethernet-ccc is used on pseudowire subscriber transport logical interface.
Similar to the VLAN bundle service provided by the pseudowire subscriber logical interface at the PE device, for FXC, a group of ACs, each is represented by its unique normalized VLAN(s), is bundled together.
Single Home Support
All ACs at the access router are connected to the single homed end devices under the same EVI are multiplexed into a single point-to-point service tunnel. This bundle shares the same service instance ID and MPLS service label. Only one EVPN per EVI AD route is advertised for this bundle of ACs.
The EVPN per EVI AD route advertised for the bundle of local ACs do not get withdrawal until all the ACs go down or until the EVI itself if deactivated or deleted.
To terminate one particular group of ACs at the access router, a separate pseudowire subscriber logical interface must be configured with the corresponding service instance ID at the PE device. The pseudowire subscriber logical interface works in a VLAN bundle mode.
Multi-home Support
In multi-homing of FXC, a separate per EVI AD route is advertised for each multi-home Ethernet segment. The same Ethernet segment identifier (ESI) ACs are bundled together in the same group. This is because the same PE may play the designated forwarder (DF) and non-designated forwarder (NDF) role independently for different Ethernet segment, but the same PE always acts as the DF or NDF for the ACs on the same Ethernet segment at the same time. As pseudowire subscriber logical interface configured with the corresponding service instance ID is used to terminate point-to-point Ethernet segment for the bundle of ACs, different pseudowire subscriber logical interface has to be used to terminate the different group of multi-homed ACs.
To support interoperability with VLAN-unaware multi-homing FXC at the access router, summary is as follows:
ACs on the same Ethernet segment are bundled to use the same local service instance ID on the access router.
Each AC group is assigned a unique local service instance ID, when there are many AC groups on the access router.
At the PE device, a separate pseudowire subscriber logical interface must be used to terminate the group of ACs on the same ES attached to remote access router.
There can be many pseudowire subscriber logical interfaces under the same EVI, however, each pseudowire subscriber transport logical interface must be assigned a unique service instance ID.
VLAN signaled FXC on the PE Device
For a group of AC under the same EVI, the VLAN signaled FXC shares the same MPLS label on the access router, which is similar to FXC. Under VLAN signaled FXC mode, each AC is assigned a unique service instance ID and is identified by one unique normalized VLAN identifier (for single tagged frame) or VLAN identifiers (for QinQ) in the forwarding plane. Thus the VLAN signaled FXC requires that each individual point-to-point Ethernet segment to be signaled separately through its own pair of EVPN Ethernet AD per EVI routes in the control plane
Pseudowire subscriber logical interface is used to support EVPN FXC VLAN-aware service. The local service instance ID is a property associated with the pseudowire subscriber service logical interface instead of pseudowire subscriber transport logical interface. For single-active multi-homing support, you can configure each pseudowire subscriber service logical interface with the multi-homing Ethernet segment using ESI per logical interface. There is no ESI configuration required for the pseudowire subscriber transport logical interface. Hence, the traffic is load balanced among redundant set of service edge router based on VLAN.
The following is supported on the PE device, for the interoperability with the access router which uses VLAN signaled FXC:
There is only one pseudowire subscriber logical interface under each EVI. You must now manually configure a pair of local and remote service instance IDs on each of the pseudowire subscriber logical interface. Otherwise, the local service instance ID is auto-derived from the normalized VLAN ID(s) and the same ID is provided for remote service instance ID as well.
A non-reserved ESI is configured for the pseudowire subscriber service logical interface, for single-active multi-homing mode.
Each point-to-point Ethernet segment has a separate EVPN Ethernet AD per EVI route which is advertised with its Ethernet tag identifier set to the local instance ID. The Ethernet tag identifier can either be auto-derived based on the normalized VLAN ID(s) or manually configured.
VLAN Tagging
Pseudowire subscriber logical interface supports untagged, single tagged and double tagged frames. For interoperability with EVPN FXC, support for demux on single VLAN identifier or double VLANs (QinQ) for pseudowire subscriber logical interface is a must.
Signaling the Optional Bits Introduced for EVPN FXC
Both M-bit and V-bit are optional bits in the Layer 2 extended community for EVPN FXC. Currently, only the M-bit is signaled in the EVPN Layer 2 extended community, to indicate VLAN-unaware or VLAN signaled FXC.
Access Side Multi-homing
- Access Side Multi-homing with Service Side Single-homing
- Access Side Single-active with Service Side Single-active
- Access Side All-active with Service Side Single-active
Access Side Multi-homing with Service Side Single-homing
Currently, CE multi-homing to the access routers is either single-active or all-active mode (when the access device is a MX router) while the service edge router works in single-home mode is supported.
Access Side Single-active with Service Side Single-active
As shown in Figure 1 below, this is a typical square topology consisting of two A-PE routers, A-PE1 and A-PE2, and two service edger routers, PE1 and PE2. PE1 and PE2 work in single-active mode. A-PE1 and A-PE2 also work in single-active mode. One of the service edge routers is elected as DF and one of access routers is elected as DF. There is only one active or primary pseudowire between DF access router and DF service edge router. If one of the DFs has an access link down or suffers node failure, the NDF or backup PE becomes the DF. Hence, the existing primary pseudowire goes down and a new primary pseudowire is established among the DFs. This is done as per pseudowire subscriber service logical interface or per access link of access node. It is not done based on PE.
Access Side All-active with Service Side Single-active
As shown in Figure 2 below, it is a square topology consisting of two A-PE routers, A-PE1 and A-PE2, and two service edger routers, PE1 and PE2. PE1 and PE2 work in single-active mode. A-PE1 and A-PE2 also work in all-active mode. There are two primary pseudowires from the primary or DF service router to the A-PEs. Traffic will be load balanced among A-PE1 and A-PE2.
Always a MX router is used on the access side, for all-active mode.
Support EVPN FXC for MX Series as Access Router
On the MX Series as access router, label per EVI is used when the service type is either EVPN FXC VLAN-unaware or EVPN FXC VLAN-aware. It is a mandatory that each AC under the same EVI must be uniquely identified through the normalized VLAN(s).
VLAN-Unaware Support on the Access Router
Under this mode of operation, all ACs are grouped separately on the basis of ESI. There is one group for all single-homed ACs and one group for each multi-homed Ethernet segment. ACs belong to the same group share the same local service instance ID. For a given EVI, the service instance ID is always unique. The service instance ID for each group must be configured manually.
If PEs (PE 1 and PE 2, for example) are dual homed to access edge devices acting as a designated forwarder or non-designated forwarder, you need to configure the same ESI number for each PE in the group configuration and the access interfaces that are participating in VPN FXC VLAN-unaware service.
For example, here's a command that you could issue:
set routing-instances EVPN-VPWS-FXC-AE protocols evpn group G1 esi
00:71:81:00:00:00:00:00:00:01
VLAN-Aware Support on the Access Router
Under this mode of operation, each AC is assigned to a unique service instance ID. This service instance ID can be either manual configured or auto-derived based on the normalized VLAN identifiers.