@XRDOCS NCS5500 BLOGS TUTORIALS SEARCH  TAGS

Ahmad Bilal Siddiqui

Technical Marketing Engineer, Cisco. Follow

Save to PDF

BGP-EVPN based Single-Active Multi-Homing

 12 minutes read

 O N T H I S PA G E

I M P L E M E N TAT I O N O F B G P - E V P N B A S E D S I N G L E - A C T I V E M U LT I - H O M I N G

R E F E R E N C E T O P O L O G Y:

Implementation of BGP-EVPN based Single-Active Multi-Homing

In single-active multi-homing mode, only a single Leaf among a group of Leafs attached to a Host is allowed to forward
the tra c to and from on a given VLAN.

In this post we will cover the BGP-EVPN based Single-Active Multi-Homing of CE/Hosts. Similar to Active/Active Multi-
homing, Single-Active is also achieved by EVPN Ethernet Segment feature. Single-active o ers redundant connectivity
with forwarding for a VLAN on a single link at a time with failover to the second link in case of active link’s failure. Single-
Active load balancing’s strengths arise from directing tra c to a single uplink as opposed to all-active’s approach of
ECMP-hashing. This approach is very useful for network scenarios where policing, metering and billing are required.

Reference Topology:

For this post, we will leverage EVPN control-plane and ISIS Segment Routing based forwarding that we con gured in a
previous post.
As shown in the above topology, Host-1 is multi-homed to Leaf-1 and Leaf-2. For EVPN single-active multi-homing,
each link towards the Leaf will be in a unique ethernet bundle interface. VLAN 10 and 20 are allowed on both the
ethernet-bundles. As both the links are in separate ethernet bundles, the host H-1 will ood tra c at rst to both the
Leafs but only the Ethernet-Segment’s Designated Forwarder (DF) Leaf will forward the tra c. As a result, the host will
have only one ethernet bundle interface in its forwarding table to forward the tra c and achieve per VLAN single-active
multi-homing.

Task 1: Con gure Ethernet bundles on Host-1 for multi-homing

As per the reference topology Host-1 is multi-homed to Leaf-1 and Leaf-2 via LACP bundle-ethernet 11 going to Leaf-
1 and bundle-ethernet 12 going to Leaf-2. ASR9K is acting as the host/CE with IP address 10.0.0.10/24 con gured on a
BVI. Following is the con guration of LAG on Host-1.

The LAG on Host-1 will come up after we con gure single-active multi-homing using EVPN Ether-Segment on the Leaf-
1 and Leaf-2.

Note: In this post we will con gure VLAN 10 to show the single-active behavior. Con guration of VLAN 20 is out of
scope for this post but follows the same procedure.

Host-1:

interface Bundle-Ether 11
description "Bundle to Leaf-1"
!
interface TenGigE0/0/2/0
description "Link to Leaf-1 ten0/0/0/47"
bundle id 11 mode active
!
interface Bundle-Ether11.10 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether 12
description "Bundle to Leaf-2"
!
 interface TenGigE0/0/2/1
description "Link to Leaf-2 ten0/0/0/47"
bundle id 12 mode active
!
interface Bundle-Ether12.10 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
!
interface BVI10
description "Host-1 IP"
ipv4 address 10.0.0.10 255.255.255.0
!
l2vpn
bridge group bg1
bridge-domain bd-10
interface Bundle-Ether11.10
!
interface Bundle-Ether12.10
!
routed interface BVI10
!
!

Task 2: Con gure EVPN based single-active multi-homing

Con gure Leaf-1 and Leaf-2 to provision single-active multi-homing to host-1. The set of links from Host-1 to the Leafs
will be con gured as Ethernet Segment on the Leafs.

Con gure the bundles on the Leaf-1 and Leaf-2. Use below con guration for the Leafs. Note: For single-active multi-
homing, the LACP System MAC address should not be con gured on ethernet bundle interface.

Leaf-1:

interface TenGigE0/0/0/47
description "Link to Host-1"
bundle id 11 mode active
!
interface Bundle-Ether 11
 description "Bundle to Host-1"
!

Leaf-2

interface TenGigE0/0/0/47
description "Link to Host-1"
bundle id 12 mode active
!
interface Bundle-Ether 12
description "Bundle to Host-1"
!

Con gure Ethernet Segment id (ESI) for the bundle interface to enable multi-homing of the host. Use the identical
ethernet-segment con guration on both the Leafs, though the ethernet-bundle interface is di erent for both Leafs.
Con gure load-balancing mode to single-active using “single-active” keyword for ethernet-segment.

Note: Single-active mode is the default for Physical interfaces and no extra con guration to enable single-active is
required.

Leaf-1:

evpn
interface Bundle-Ether 11
ethernet-segment
identifier type 0 11.11.11.11.11.11.11.11.11
load-balancing-mode single-active
!

Leaf-2:

evpn
interface Bundle-Ether 12
ethernet-segment
identifier type 0 11.11.11.11.11.11.11.11.11
load-balancing-mode single-active
!

Use “show bundle bundle-ether ” CLI command to verify the state of the bundle interface on Leafs and Host-1.

Leaf-1:

RP/0/RP0/CPU0:Leaf-1#show bundle bundle-ether 11

Bundle-Ether11
Status: Up
Local links <active/standby/configured>: 1 / 0 / 1
Local bandwidth <effective/available>: 10000000 (10000000) kbps
MAC address (source): 00bc.601c.d0da (Chassis pool)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64
Wait while timer: 2000 ms
Load balancing:
Link order signaling: Not configured
Hash type: Default
Locality threshold: None
 LACP: Operational
Flap suppression timer: Off
Cisco extensions: Disabled
Non-revertive: Disabled
mLACP: Not configured
IPv4 BFD: Not configured
IPv6 BFD: Not configured

Port Device State Port ID B/W, kbps

-------------------- --------------- ----------- -------------- ----------
Te0/0/0/47 Local Active 0x8000, 0x0003 10000000
Link is Active
RP/0/RP0/CPU0:Leaf-1#

Leaf-2

RP/0/RP0/CPU0:Leaf-2#sh bundle bundle-ether 12

Bundle-Ether12
Status: Up
Local links <active/standby/configured>: 1 / 0 / 1
Local bandwidth <effective/available>: 10000000 (10000000) kbps
MAC address (source): 00bc.600e.40da (Chassis pool)
Inter-chassis link: No
Minimum active links / bandwidth: 1 / 1 kbps
Maximum active links: 64
Wait while timer: 2000 ms
Load balancing:
Link order signaling: Not configured
Hash type: Default
Locality threshold: None
LACP: Operational
Flap suppression timer: Off
Cisco extensions: Disabled
Non-revertive: Disabled
mLACP: Not configured
IPv4 BFD: Not configured
IPv6 BFD: Not configured

Port Device State Port ID B/W, kbps

-------------------- --------------- ----------- -------------- ----------
Te0/0/0/47 Local Active 0x8000, 0x0003 10000000
Link is Active
RP/0/RP0/CPU0:Leaf-2#

Above output shows that the bundle interfaces are up. Next, lets provision the EVPN layer-2 service.

Task 3: Con gure BGP EVPN based layer-2 multipoint service

Con gure the EVPN layer-2 service between Leaf-1, Leaf-2 and Leaf-5 and then check the status of ethernet segment.
For detailed explanation of con guring BGP EVPN based layer-2 service, refer to this post.
 

Leaf-1:

interface Bundle-Ether 11.10 l2transport

encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group bg-1
bridge-domain bd-10
interface Bundle-Ether 11.10
evi 10
!
!
evpn
evi 10
bgp
route-target import 1001:11
route-target export 1001:11
!
advertise-mac
!
!

Leaf-2:

interface Bundle-Ether 12.10 l2transport

encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
!
l2vpn
bridge group bg-1
bridge-domain bd-10
interface Bundle-Ether 12.10
evi 10
!
!
evpn
evi 10
bgp
route-target import 1001:11
route-target export 1001:11
 !
advertise-mac
!
!

Leaf-5:

interface TenGigE0/0/0/45.10 l2transport

encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
!
evpn
evi 10
bgp
route-target import 1001:11
route-target export 1001:11
!
advertise-mac
!
!
!
l2vpn
bridge group bg-1
bridge-domain bd-10
interface TenGigE0/0/0/45.10
!
evi 10
!
!

Host-5 is single-homed to Leaf-5, below is the Host-5 con guration.

Host-5:

interface TenGigE0/0/1/3.10
description "Link to Leaf-5"
ipv4 address 10.0.0.50 255.255.255.0
encapsulation dot1q 10

Task 4: Verify that EVPN based single-active multi-homing is operational

As we have con gured the BGP EVPN layer-2 service as well as the ethernet segment, lets verify the ethernet segment
status by “show evpn ethernet-segment detail”.

Leaf-1:

RP/0/RP0/CPU0:Leaf-1#show evpn ethernet-segment detail

Legend:

Ethernet Segment Id Interface Nexthops

------------------------ ---------------------------------- --------------------
0011.1111.1111.1111.1111 BE11 1.1.1.1
2.2.2.2
ES to BGP Gates : Ready
 ES to L2FIB Gates : Ready
Main port :
Interface name : Bundle-Ether11
Interface MAC : 00bc.601c.d0db
IfHandle : 0x08000144
State : Up
Redundancy : Not Defined
ESI type : 0
Value : 11.1111.1111.1111.1111
ES Import RT : 1111.1111.1111 (Local)
Source MAC : 0000.0000.0000 (N/A)
Topology :
Operational : MH, Single-active
Configured : Single-active (AApS)
Service Carving : Auto-selection
Multicast : Disabled
Peering Details :
1.1.1.1 [MOD:P:00]
2.2.2.2 [MOD:P:00]

Service Carving Results:

Forwarders : 1
Permanent : 0
Elected : 1
Not Elected : 0
MAC Flushing mode : STP-TCN
Peering timer : 3 sec [not running]
Recovery timer : 30 sec [not running]
Carving timer : 0 sec [not running]
Local SHG label : 24005
Remote SHG labels : 1
24005 : nexthop 2.2.2.2

Leaf-2

RP/0/RP0/CPU0:Leaf-2#sh evpn ethernet-segment detail

Legend:

Ethernet Segment Id Interface Nexthops

------------------------ ---------------------------------- --------------------
0011.1111.1111.1111.1111 BE12 1.1.1.1
2.2.2.2
ES to BGP Gates : Ready
ES to L2FIB Gates : Ready
Main port :
Interface name : Bundle-Ether12
Interface MAC : 00bc.600e.40db
IfHandle : 0x0800011c
State : Up
Redundancy : Not Defined
ESI type : 0
Value : 11.1111.1111.1111.1111
ES Import RT : 1111.1111.1111 (Local)
Source MAC : 0000.0000.0000 (N/A)
Topology :
Operational : MH, Single-active
Configured : Single-active (AApS)
Service Carving : Auto-selection
Multicast : Disabled
Peering Details :
1.1.1.1 [MOD:P:00]
2.2.2.2 [MOD:P:00]

Service Carving Results:

 Forwarders : 1
Permanent : 0
Elected : 0
Not Elected : 1
MAC Flushing mode : STP-TCN
Peering timer : 3 sec [not running]
Recovery timer : 30 sec [not running]
Carving timer : 0 sec [not running]
Local SHG label : 24005
Remote SHG labels : 1
24005 : nexthop 1.1.1.1

In the above output we can observe that Leaf-1 has bundle-ethernet 11 and Leaf-2 has bundle-ethernet 12 in ‘Up’
state. Both have two next-hops, one being the Leaf itself and the second next-hop is the peer-leaf/PE. Operational state
of the ethernet-segment is multi-homed with single-active load-balancing.

The output of both the Leafs show that both are forwarders of 1 subnet (10.0.0.x/24 in our case), while Leaf-1 is elected
as Designated Forwarder (DF) and Leaf-2 is the non-DF. This means that any Uniccast and BUM tra c that comes to
Leaf-2 will not be forwarded and only Leaf-1 being the DF will forward it.

Ping from Host-1 to Host-5 shows that the hosts are reachable.

Host-1:

RP/0/RSP0/CPU0:Host-1#ping 10.0.0.50
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.50, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RSP0/CPU0:Host-1#

Let’s take a look at the BGP EVPN control-plane to verify that only Leaf-1 being the designated-forwarder for EVI 10 is
advertising itself the next-hop and Leaf-2 is not announcing any MAC addresses related to EVI 10. This is due to the fact
that for single-active load-balancing only one Leaf-1 should advertise the reachability.

In the below output from Leaf-5 we can see the MAC address of Host-1 is learnt from Leaf-1 (rd 1.1.1.1:10) in a route-
type 2 advertisement. As we look at Leaf-2’s route distinguishers (rd 2.2.2.2:10) we see that no MAC address is
advertised for EVI 10. This veri es that only Leaf-1 will be programmed in Leaf-5 as the next-hop to reach to Host-1.

Leaf-5 – Route advertisement from Leaf-1

RP/0/RP0/CPU0:Leaf-5#show bgp l2vpn evpn rd 1.1.1.1:10

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:10
*>i[1][0011.1111.1111.1111.1111][0]/120
1.1.1.1 100 0 i
* i 1.1.1.1 100 0 i
*>i[2][0][48][6c9c.ed6d.1d90][0]/104
1.1.1.1 100 0 i
* i 1.1.1.1 100 0 i
*>i[3][0][32][1.1.1.1]/80
1.1.1.1 100 0 i
 * i 1.1.1.1 100 0 i

Processed 3 prefixes, 6 paths

RP/0/RP0/CPU0:Leaf-5#

Leaf-5 – Route advertisement from Leaf-2

RP/0/RP0/CPU0:Leaf-5#show bgp l2vpn evpn rd 2.2.2.2:10

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2.2.2.2:10
*>i[1][0011.1111.1111.1111.1111][0]/120
2.2.2.2 100 0 i
* i 2.2.2.2 100 0 i
*>i[3][0][32][2.2.2.2]/80
2.2.2.2 100 0 i
* i 2.2.2.2 100 0 i

Processed 2 prefixes, 4 paths

RP/0/RP0/CPU0:Leaf-5#

Lastly, run “show evpn evi vpn-id 10 mac” command to verify the MAC address learnt for EVI 10. We see that Leaf-1
and Leaf-2 have learnt Host-5’s MAC address with Leaf-5 as the next-hop.

Leaf-1
RP/0/RP0/CPU0:Leaf-1#show evpn evi vpn-id 10 mac

VPN-ID Encap MAC address IP address Nexthop Label

---------- ------ -------------- --------------- -------------------------- --------
10 MPLS 6c9c.ed6d.1d90 :: Bundle-Ether11.10 24004
10 MPLS a03d.6f3d.5447 :: 5.5.5.5 24010
RP/0/RP0/CPU0:Leaf-1#

Leaf-2
RP/0/RP0/CPU0:Leaf-2#show evpn evi vpn-id 10 mac

VPN-ID Encap MAC address IP address Nexthop Label

---------- ------ -------------- --------------- -------------------------- --------
10 MPLS 6c9c.ed6d.1d90 :: 1.1.1.1 24004
10 MPLS a03d.6f3d.5447 :: 5.5.5.5 24010
RP/0/RP0/CPU0:Leaf-2#

Leaf-5
RP/0/RP0/CPU0:Leaf-5#show evpn evi vpn-id 10 mac

VPN-ID Encap MAC address IP addres Nexthop Label

---------- ------ -------------- --------------- -------------------------- --------
10 MPLS 6c9c.ed6d.1d90 :: 1.1.1.1 24004
10 MPLS a03d.6f3d.5447 :: TenGigE0/0/0/45.10 24010
RP/0/RP0/CPU0:Leaf-5#
As we observe Leaf-5’s output, we see that the Leaf-5 has programmed Leaf-1 as the only next-hop for Host-1’s MAC
address reachability, although Host-1 is multi-homed to both Leaf-1 and Leaf-2. This veri es that single-active dual-
homing is operational and that at one time only one Leaf will forward the tra c to and from the Host for a given EVI.

Note: As Leaf-2 sees Host-1’s MAC reachable via Leaf-1, in case of another Host/ESI connected to Leaf-2 wants to
reach to Host-1 it will have to go over Leaf-1 to reach to Host-1.

Task 5: Con gure the BGP-EVPN Distributed Anycast Gateway for inter-subnet routing

For Layer-3 inter-subnet routing use case; similar to Host-1’s layer-2 reachability, Host-1’s IP will also only be reachable
via Leaf-1 as next-hop. After we con gure BGP-EVPN distributed anycast gateway for inter-subnet routing, we will
observe the routing table of Leaf-5.

Con gure the BGP-EVPN Distributed Anycast Gateway on Leaf-1, Leaf-2 and Leaf-5. For detailed explanation of
distributed anycast gateway, refer to this post.

BGP-EVPN distributed anycast gateway configuration.

Configure VRFs on Leaf-1, Leaf-2 and Leaf-5.

vrf 10
address-family ipv4 unicast
import route-target
10:10
!
export route-target
10:10
!

router bgp 65001

address-family vpnv4 unicast
!
vrf 10
rd auto
address-family ipv4 unicast
additional-paths receive
maximum-paths ibgp 10
redistribute connected
!

Configure BVI as distributed anycast gateway

interface BVI 10
host-routing
vrf 10
 ipv4 address 10.0.0.1 255.255.255.0
mac-address 1001.1001.1001
!

l2vpn
bridge group bg-1
bridge-domain bd-10
interface Bundle-Ether11.10 ---- configure on Leaf-1
interface Bundle-Ether12.10 ---- configure on Leaf-2
interface TenGigE0/0/0/45.10 ---- configure on Leaf-5
!
routed interface BVI 10
evi 10
!

Configure the static route on Host-1 and Host-5 to reach to the default gateway on Leafs.

router static
address-family ipv4 unicast
0.0.0.0/0 10.0.0.1
!

As we have now con gured the BGP-EVPN distributed anycast gateway on Leafs, lets observe the routing table of Leaf-
5. The below output shows that Host-1’s IP 10.0.0.10/32 is reachable via only Leaf-1.

Leaf-5:
RP/0/RP0/CPU0:Leaf-5#show route vrf 10
Gateway of last resort is not set

C 10.0.0.0/24 is directly connected, 00:41:23, BVI10

L 10.0.0.1/32 is directly connected, 00:41:23, BVI10
B 10.0.0.10/32 [200/0] via 1.1.1.1 (nexthop in vrf default), 00:46:13
RP/0/RP0/CPU0:Leaf-5#

Leaf-1:
RP/0/RP0/CPU0:Leaf-1#show arp vrf 10

-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address Age Hardware Addr State Type Interface
10.0.0.1 - 1001.1001.1001 Interface ARPA BVI10
10.0.0.10 00:04:16 6c9c.ed6d.1d91 Dynamic ARPA BVI10
RP/0/RP0/CPU0:Leaf-1#

Leaf-2:
RP/0/RP0/CPU0:Leaf-2#show arp vrf 10

-------------------------------------------------------------------------------
0/0/CPU0
-------------------------------------------------------------------------------
Address Age Hardware Addr State Type Interface
10.0.0.1 - 1001.1001.1001 Interface ARPA BVI10
RP/0/RP0/CPU0:Leaf-2#

Finally we can observe in the ARP table output of Leaf-1 and Leaf-2 that the ARP entry for Host-1 is only programmed
on Leaf-1. This is becuase of the single-active behavior of ethernet-segment and Leaf-1 being the designated-
forwarder. This concludes the BGP-EVPN single-active implementation, for further technical details refer to our e-vpn.io
webpage that has a lot of material explaining the core concepts of EVPN, its operations and troubleshooting.
 Tags: cisco EVPN iosxr NCS 5500

 Updated: April 07, 2020

SHARE ON

   

Leave a Comment
 What do you think?
14 Responses

Upvote Funny Love Surprised

2 Comments 
1 Login

G Join the discussion…

LOG IN WITH OR SIGN UP WITH DISQUS ?

Name

 Share Best Newest Oldest

K
Khizrigadji Aleskerov − ⚑
2 years ago

Hey! Why is this not described in the cisco instructions?

All this is available only on asr9k
Also, can this be applied to ncs540?

0 0 Reply ⥅

V
vaibhav agrawal − ⚑
3 years ago

Dear Ahmad, in case of multiple Vlans, how can we ensure they are load balanced across
both PEs, is there a way to in uence DF selection or any speci c con g that needs to be
done

0 0 Reply ⥅

Subscribe Privacy Do Not Sell My Data

FOLLOW:  TWITTER  GITHUB  FEED

This site is maintained by Cisco Systems, Inc. employees. Powered by Jekyll & Minimal Mistakes.