P-1

Confidential Information of Huawei. No Spreading

Without Permission
Confidential Information of Huawei. No Spreading
Without Permission
Confidential Information of Huawei. No Spreading
Without Permission
Confidential Information of Huawei. No Spreading
Without Permission
5
6
7
8
9
10
11
12
13
Confidential Information of Huawei. No Spreading
Without Permission
 P-15

Confidential Information of Huawei. No Spreading

Without Permission
 P-16

EVPN （Ethernet Virtual Private Network） : is a VPN technology used for Layer 2 network
interconnection. EVPN uses a mechanism similar to BGP/MPLS IP VPN. By extending BGP and
using extended reachability information, EVPN enables MAC address learning and advertisement
between Layer 2 networks at different sites to be transferred from the data plane to the control plane.

Confidential Information of Huawei. No Spreading

Without Permission
 P-17

According to the connection mode between PEs and CEs, EVPN networking can be classified into CE
multi-homing and CE single-homing. As shown in the figure, CE1, CE2, and CE4 are connected to
PEs in CE single-homing networking mode, and CE3, PE2, and PE3 are connected in CE multi-
homing mode. The CE multi-homing networking supports load balancing.

Confidential Information of Huawei. No Spreading

Without Permission
 P-18

Confidential Information of Huawei. No Spreading

Without Permission
 P-19

Confidential Information of Huawei. No Spreading

Without Permission
 P-20

 Route Distinguisher: This field can be a Route Distinguisher (RD) value set in an EVPN instance or
a combination of source IP addresses configured on a PE, for example, X.X.X.X:0.
 Ethernet Segment Identifier: Unique ID of the connection between the PE and a CE.
 Ethernet Tag ID: This field is set to all 0 or all Fs in Ethernet auto-discovery routes.
 MPLS Label: This field carries an ESI label.

Confidential Information of Huawei. No Spreading

Without Permission
 P-21

 Route Distinguisher: The value of this field is the Route Distinguisher (RD) of an EVPN instance.
 Ethernet Segment Identifier: Unique ID of the connection between the PE and a CE.
 Ethernet Tag ID: VLAN ID configured on the PE
 MAC Address Length: Indicates the length of the MAC address advertised by this type of route.
 MAC Address: Indicates the MAC address advertised by this type of route.
 IP Address Length: This field is reserved.
 IP Address: This field is reserved.
 MPLS Label1: This field carries an ESI label.
 MPLS Label2: This field is reserved.

Confidential Information of Huawei. No Spreading

Without Permission
 P-22

 Route Distinguisher: The value of this field is the Route Distinguisher (RD) of an EVPN instance.
 Ethernet Tag ID: This field is set to 0 in integrated multicast routing.
 IP Address Length: Indicates the length of the source address configured on the PE.
 Originating Router's IP Address: Source address configured on the PE.

Confidential Information of Huawei. No Spreading

Without Permission
 P-23

 Route Distinguisher: This field is composed of the source IP address set on the PE, for example,
X.X.X.X:0.
 Ethernet Segment Identifier: Unique ID of the connection between the PE and a CE.
 IP Address Length: Indicates the length of the source address configured on the PE.
 Originating Router's IP Address: Source address configured on the PE.

Confidential Information of Huawei. No Spreading

Without Permission
 P-24

Confidential Information of Huawei. No Spreading

Without Permission
 P-25

1. Site1 sends an ARP request packet or gratuitous ARP packet to advertise its MAC A address and
its IP address to Site2. The ARP request packet or gratuitous ARP packet passes through PE1,
PE1 generates a MAC A MAC address advertisement route.
2. When Site2 returns an ARP response packet or gratuitous ARP packet to Site1, PE2 generates a
MAC address advertisement route with the MAC address in Site2.
3. PE1 and PE2 exchange MAC address advertisement routes, which carry extended community
attributes such as the MAC address, next hop information, and the RT value of the EVPN instance.
4. After receiving the MAC address advertisement route from each other, PE1 and PE2 construct
traffic forwarding entries of the corresponding EVPN instance based on the RT value to transmit
traffic.

Confidential Information of Huawei. No Spreading

Without Permission
 P-26

As shown in the figure, after the PE learns the MAC addresses of other stations and establishes a
public network tunnel, the PE can transmit unicast packets to other stations. The transmission
process is as follows:
 CE2 forwards unicast packets to PE2 in Layer 2 forwarding mode.
 PE2 encapsulates the unicast packet with EVPN Label, encapsulates the public network LDP LSP
Label, and then encapsulates the MAC address of PE2 and the MAC address of PE1. Then, the
encapsulated unicast packet is sent to PE1.
 After receiving the encapsulated unicast packet, PE1 decapsulates the packet and sends the
unicast packet to the corresponding EVPN station according to the EVPN Label.

Confidential Information of Huawei. No Spreading

Without Permission
 P-27

After the neighbor relationship is established between PEs, the PEs send integrated multicast routes
to each other. According to the RT value in the integrated multicast route, the EVPN instance on
the PE can detect the reachability information of the EVPN instance that belongs to the same
EVPN instance as the EVPN instance. After obtaining the reachability information and establishing
the LDP tunnel successfully, the PE can transmit multicast packets. As shown in Figure 1-8, the
multicast packet transmission process is as follows:
 CE1 sends the multicast packet to PE1.
 PE1 sends multicast packets to PE2 and PE3 that belong to the same EVPN. That is, PE1 copies
the multicast packets into two copies. Each packet is encapsulated with EVPN BUM Label and
public LDP LSP Label. Then, PE1 encapsulates the MAC address of PE1 and the MAC address of
P, and then sends the packets to the remote PE.
 After receiving the multicast packet, PE2 and PE3 decapsulate the packet and send the multicast
packet to the corresponding EVPN station according to the EVPN BUM Label.

Confidential Information of Huawei. No Spreading

Without Permission
 28

 If the interface connecting the PE to the CE is Down, the PE becomes the backup DF.
 If the interface connecting the PE to the CE is Up, the PE and other interfaces that are also Up are
elected as the master DF.
The election process is as follows: PEs establish neighbor relationships and send Ethernet segment
routes to each other.
A multi-homing PE list is generated on each PE according to the ESI value carried in the Ethernet
segment route. The multi-homing PE list contains information about all PEs connected to the same
CE.
Obtains the Source IP address from the Ethernet network segment routes received from other PEs,
sorts the PEs in the multi-homing PE list according to the Source IP address size sequence, and
allocates the sequence numbers starting from 0 in sequence.
If interface-based DF election is used, the PE with a smaller Source IP address is elected as the
master DF. If the DF election is performed based on VLAN, the formula is as follows: (V mod N) =i
calculates the sequence number of the PE that functions as the DF. In the formula, i indicates the
sequence number of the PE, N indicates the number of PEs that are connected to the same CE,
and V indicates the VLAN ID of the Ethernet Segment.
29
 30

CE1 is dual-homed to PE1 and PE2, and load balancing is enabled. If

PE1 and PE2 establish a neighbor relationship, PE1 forwards
multicast traffic to PE2 after PE1 receives multicast traffic from CE1.
To prevent PE2 from forwarding traffic to CE1 to form a loop, the
EVPN defines the split horizon function. That is, after PE1 receives
the multicast traffic from CE1, PE2 forwards the traffic to PE2. After
receiving the packets, PE2 checks the EVPN ESI Label carried in the
traffic, if the ESI value in the label is equal to the ESI of the network
segment connecting PE2 and CE1, PE2 does not send the multicast
traffic to CE1, preventing loops.
 31

 Redundancy mode: In the CE multi-homing networking, you can configure the redundancy mode of
the EVPN networking. That is, configure the active mode of each PE connected to the same CE as
the active mode or the active mode. You can configure the redundancy mode to control the load
balancing of unicast traffic on the CE multi-homing network.
 Alias: In a multi-homed CE scenario, a PE in a multi-homing PE may not learn the MAC address of
a CE. As a result, the remote PE cannot perform load balancing or backup. The alias is used to
solve this problem. The alias is implemented through the per EVI AD route.

In the CE multi-homing networking, you can configure the redundancy mode of the EVPN networking.
That is, configure the active mode of each PE connected to the same CE as the active mode or the
active mode. You can configure the redundancy mode to control the load balancing of unicast traffic
on the CE multi-homing network. As shown in the figure, if PE1 and PE2 are configured to work in
multi-active mode, PE1 and PE2 send the redundant mode information to PE3 through Ethernet
automatic discovery routes. After PE3 sends unicast traffic to CE1, PE3 sends traffic to PE1 and PE2
in load balancing mode.In a CE multi-homing scenario, some PEs on a multi-homing PE may fail to
learn the MAC address of the CE. In this case, the remote PE can detect the MAC address
reachability on the CE side through the ESI value carried in the Ethernet automatic discovery route
sent by the multi-homing PE, this function is called an alias. As shown in the figure, only PE1 on PE1
and PE2 sends a MAC address advertisement route carrying the MAC address of the CE1 side to
PE3. PE3, however, can detect that PE2 can reach CE1 through Ethernet automatic discovery, load
balancing can be implemented.
 P-32

Confidential Information of Huawei. No Spreading

Without Permission
 P-33

Confidential Information of Huawei. No Spreading

Without Permission
 P-34

Confidential Information of Huawei. No Spreading

Without Permission
 P-35

Confidential Information of Huawei. No Spreading

Without Permission
 P-36

Confidential Information of Huawei. No Spreading

Without Permission
 P-37

Confidential Information of Huawei. No Spreading

Without Permission
 P-38

Confidential Information of Huawei. No Spreading

Without Permission
 P-39

 Host MAC address advertisement

To implement Layer 2 communication between hosts on the same subnet, the two VTEPs must learn host MAC addresses from each ot her. VTEPs functioning as BGP EVPN peers
exchange MAC/IP routes to notify each other of the obtained host MAC addresses. The MAC Address Length and MAC Address fields are the MAC address of the host.
 Host ARP notification
The MAC/IP route can carry both the host MAC address and host IP address. Therefore, the route can be used to transmit host A RP entries between gateways to implement ARP
advertisement. The MAC Address and MAC Address Length fields indicate the MAC address of the host, and the IP Address and IP Address Length fields indicate the IP address of
the host. In this case, the MAC/IP route is also called ARP route.
 Host IP route advertisement
In a distributed gateway scenario, to implement Layer 3 mutual access between hosts on different subnets, the gateway must le arn host IP routes from each other. VTEPs functioning as
BGP EVPN peers exchange MAC/IP routes to advertise obtained host IP routes to each other. The IP Address Length and IP Addres s fields indicate the destination address of the
host IP route, and the MPLS Label2 field must carry a Layer 3 VNI. In this case, MAC/IP routes are also called Intergrate Routing and Bridge (IRB) routes.

 Route Distinguisher
The value of this field is the Route Distinguisher (RD) of an EVPN instance.
 Ethernet Segment Identifier
Unique ID of the connection between the current device and the peer device.
 Ethernet Tag ID
This field indicates the VLAN ID configured on the device.
 MAC Address Length
This field specifies the length of the host MAC address carried in the route.
 MAC Address
This field indicates the host MAC address carried in the route.
 IP Address Length
This field specifies the mask length of the host IP address carried in the route.
 IP Address
This field specifies the host IP address carried in the route.
 MPLS Label1
This field indicates the Layer 2 VNI carried in the route.
 MPLS Label2
This field indicates the Layer 3 VNI carried in the route.

Confidential Information of Huawei. No Spreading

Without Permission
 P-40

 Route Distinguisher
This field specifies the Route Distinguisher (RD) value of an EVPN instance.
 Ethernet Tag ID
This field indicates the VLAN ID of the current device. In this route, the value is 0.
 IP Address Length
This field specifies the mask length of the local VTEP IP address carried in the route.
 Originating Router's IP Address
This field specifies the local VTEP IP address carried in the route.
 Flags
This field is a flag indicating whether the current tunnel needs leaf node information .In VXLAN
scenarios, this field is meaningless.
 Tunnel Type
This field indicates the tunnel type carried in the route. Currently, in VXLAN scenarios, only 6 is
supported. Ingress Replication, which is used to forward BUM packets.
 MPLS Label
This field indicates the Layer 2 VNI carried in the route.
 Tunnel Identifier
This field indicates the tunnel information carried in the route. In VXLAN scenarios, this field is also
the local VTEP IP address.

Confidential Information of Huawei. No Spreading

Without Permission
 P-41

 Route Distinguisher
The value of this field is the Route Distinguisher (RD) of an EVPN instance.
 Ethernet Segment Identifier
Unique ID of the connection between the current device and the peer device.
 Ethernet Tag ID
This field indicates the VLAN ID configured on the device.
 IP Prefix Length
This field specifies the length of the IP prefix mask carried in the route.
 IP Prefix
This field specifies the IP prefix address carried in the route.
 GW IP Address
This field indicates the default gateway address. This field is meaningless in VXLAN scenarios.
 MPLS Label
This field indicates the Layer 3 VNI carried in the route.

Confidential Information of Huawei. No Spreading

Without Permission
 P-42

Confidential Information of Huawei. No Spreading

Without Permission
 P-43

Confidential Information of Huawei. No Spreading

Without Permission
 P-44

Confidential Information of Huawei. No Spreading

Without Permission
 P-45

Confidential Information of Huawei. No Spreading

Without Permission
 P-46

Confidential Information of Huawei. No Spreading

Without Permission
 P-47

Confidential Information of Huawei. No Spreading

Without Permission
 P-48

Centralized VXLAN gateway deployment has its advantages and disadvantages.

 Advantage:
Inter-segment traffic can be centrally managed, and gateway deployment and management is easy.
 Disadvantages:
 Forwarding paths are not optimal. Inter-segment Layer 3 traffic of data centers connected to the same
Layer 2 gateway must be transmitted to the centralized Layer 3 gateway for forwarding.
 The ARP entry specification is a bottleneck. ARP entries must be generated for tenants on the Layer
3 gateway. However, only a limited number of ARP entries are allowed by the Layer 3 gateway,
impeding data center network expansion.

Control process:
 After the host goes online, L3GW learns the ARP entry of the host and generates a host IP route.

 L3GW learns the IP routes of hosts H1 and H2 after receiving ARP entries from hosts.

The forwarding process is as follows:

 After receiving the VXLAN packet, L3GW decapsulates the packet, obtains the inner Layer 2 packet,
determines that the destination MAC address of the Layer 2 packet is the MAC address of the local device,
and forwards the packet to Layer 3.
 The searches the routing table for Layer 3 forwarding based on the destination IP address of the inner packet.

 Obtains the next-hop IP address based on the routing table and searches the ARP table based on the IP
address.
 If the outbound interface in the ARP table is a VXLAN tunnel, VXLAN encapsulation is performed based on
the VXLAN tunnel encapsulation information in the ARP table, then, the packets are sent out.

Confidential Information of Huawei. No Spreading

Without Permission
 P-49

 A spine node supports high-speed IP forwarding capabilities.

 A leaf node can: Function as a Layer 2 VXLAN gateway to connect to physical servers or VMs and
allow tenants to access VXLANs.
 Function as a Layer 3 VXLAN gateway to perform VXLAN encapsulation and decapsulation to
allow inter-segment VXLAN communication and access to external networks.
 Distributed VXLAN gateway networking has the following characteristics: Flexible deployment. A
leaf node can function as both Layer 2 and Layer 3 VXLAN gateways.
 Improved network expansion capabilities. A leaf node only needs to learn the ARP entries of
servers attached to it. A centralized Layer 3 gateway in the same scenario, however, has to learn
the ARP entries of all servers on the network. Therefore, the ARP entry specification is no longer a
bottleneck on a distributed VXLAN gateway.

Control process:
 After the host goes online, the leaf learns the IP route of the host and sends the IP route of the host
to other neighbors through EVPN. The L3 VNI of the corresponding tenant needs to be carried, and
the next hop is the local VTEP address.
 After learning the IP route of the host, the remote leaf delivers the route to the corresponding VPN
instance according to the ERT. Then, the remote leaf triggers the creation of a dynamic L3 Vxlan
tunnel according to the next hop, associates the route with the tunnel, and delivers the IP routing
table.

Confidential Information of Huawei. No Spreading

Without Permission
 P-50

Confidential Information of Huawei. No Spreading

Without Permission
 P-51

Confidential Information of Huawei. No Spreading

Without Permission
 P-52

According to the connection mode between PEs and CEs, EVPN networking can be classified into CE
multi-homing and CE single-homing. As shown in the figure, CE1, CE2, and CE4 are connected to
PEs in CE single-homing networking mode, and CE3, PE2, and PE3 are connected in CE multi-
homing mode. The CE multi-homing networking supports load balancing.

Confidential Information of Huawei. No Spreading

Without Permission
 P-53

Confidential Information of Huawei. No Spreading

Without Permission
 P-54

 PBB:
The PBB technology is defined by IEEE 802.1ah. It encapsulates the public virtual MAC address (B-
MAC) before the user MAC address (C-MAC), thus isolating the user network from the carrier
network and ensuring the stability of the network, in addition, the number of MAC forwarding entries
on the public network device is reduced.
 I-EVPN (Instance-EVPN):
The I-EVPN instance is bound to the interface connected to the CE to connect to the user-side
network. When data packets are sent from the user-side network, the PBB header is encapsulated
into the packets sent from the CE.
 B-EVPN (Backbone-EVPN):
The B-EVPN instance is used to connect to the backbone network. The B-EVPN instance can
manage EVPN routing information sent from other PEs.
 I-SID:
One I-EVPN instance corresponds to one I-SID. You can configure a I-SID to uniquely identify a
broadcast domain. If two PEs use the same I-SID to access the PBB-EVPN network, the two PEs
belong to the same multicast group.

Confidential Information of Huawei. No Spreading

Without Permission
 P-55

Confidential Information of Huawei. No Spreading

Without Permission
 P-56

If the interface connecting the PE to the CE is Down, the PE becomes the backup DF. If the interface
connecting the PE to the CE is Up, the PE and other interfaces that are also Up are elected as the
master DF. The election process is as follows:
 PEs establish neighbor relationships and send Ethernet segment routes to each other.
 A multi-homing PE list is generated on each PE according to the ESI value carried in the Ethernet
segment route. The multi-homing PE list contains information about all PEs connected to the same
CE.
 Obtains the Source IP address from the Ethernet network segment routes received from other PEs,
sorts the PEs in the multi-homing PE list in ascending order according to the Source IP address
size, and allocates the sequence numbers starting from 0 in sequence.
 The DF election on the PBB-EVPN is based on the I-SID. Each I-SID calculates the sequence
number of the primary PE according to the number N of PEs in the PE list corresponding to the I-
SID mod N.

Confidential Information of Huawei. No Spreading

Without Permission
 P-57

Confidential Information of Huawei. No Spreading

Without Permission
 P-58

Confidential Information of Huawei. No Spreading

Without Permission
 P-59

1. Site1 sends an ARP request packet or gratuitous ARP packet to advertise its C-MACA address
and its IP address to Site2.
2. When Site2 returns an ARP response packet or gratuitous ARP packet to Site1, it also carries the
C-MACB address and the corresponding IP address of the site. After the preceding two steps, the
C-MAC forwarding entry and the mapping between C-MAC and B-MAC can be created on PE1
and PE2.
3. PE1 and PE2 exchange MAC address advertisement routes, which carry extended community
attributes such as B-MAC address information, next hop information, and RT value of the EVPN
instance.
4. After receiving the MAC address advertisement route from the peer, PE1 and PE2 construct traffic
forwarding entries of the corresponding B-EVPN instance based on the RT value to transmit traffic.

Confidential Information of Huawei. No Spreading

Without Permission
 P-60

1. CE1 sends the data packet to PE1.

2. PE1 queries C-DMAC in the C-MAC entry. If the MAC address is not found, PE1 processes the
BUM packet transmission process. That is, PE1 sends multicast packets to all PEs in the same
redundancy group. PE1 copies the BUM packet into two copies. Each packet is encapsulated with
a PBB header (the B-DMAC address in the PBB header is the broadcast MAC address) and public
and private tunnel labels. Then, PE1 sends the packet to the remote PE.
3. After receiving the multicast packet, PE2 and PE3 decapsulate the packet and send the BUM
packet to the corresponding station according to the private network label.

Confidential Information of Huawei. No Spreading

Without Permission
 P-61

1. CE1 sends data packets to PE1 in Layer 2 forwarding mode. The packets are encapsulated with
C-SMAC (source C-MAC) and C-DMAC (destination C-MAC).
2. After finding the corresponding forwarding information in the C-MAC forwarding entry according to
the destination C-MAC address in the packet, PE1 encapsulates a PBB header into the unicast
packet according to the information. The PBB header includes I-SID, B-SMAC (source B-MAC),
and B-DMAC (destination B-MAC), I-SID and B-SMAC are configured on the I-EVPN instance,
and B-DMAC can be found based on C-DMAC. After the header of the PBB packet is
encapsulated, PE1 encapsulates the MPLS tunnel label of the private network and the public
network into the packet, and then sends the unicast packet to PE2.
3. After receiving the encapsulated unicast packet, PE2 decapsulates the tunnel label and PBB
header and finds the outbound interface based on the C-MAC forwarding entry on PE2.

Confidential Information of Huawei. No Spreading

Without Permission
Confidential Information of Huawei. No Spreading
Without Permission