EVPN Virtual Private Wire Service (VPWS) Single Homed

EVPN-VPWS single homed is a BGP control plane solution for point-to-point services. It has the ability to forward traffic from or to one network to another using the Ethernet Segment without MAC lookup.

EVPN VPWS single homed technology works on IP and MPLS core. IP core to support BGP and MPLS core for switching packets between the endpoints.

Information About EVPN-VPWS

The EVPN-VPWS solution supports per EVI Ethernet Auto Discovery route. EVPN defines a new BGP Network Layer Reachability Information (NLRI) that is used to carry all EVPN routes. BGP Capabilities Advertisement is used to ensure that two speakers support EVPN NLRI (AFI 25, SAFI 70) as per RFC 4760.

The architecture for EVPN VPWS is that the PEs run Multi-Protocol BGP in control-plane. The following image describes the EVPN-VPWS over SR configuration:

Figure 1. EVPN-VPWS over SR Configuration

Benefits of EVPN-VPWS Single Homed

  • Scalability is achieved without signaling pseudowires.

  • There is ease of provisioning.

  • Pseudowires (PWs) are not used.

  • EVPN-VPWS Single Homed leverages BGP best-path selection (optimal forwarding).

Prerequisites for EVPN-VPWS

  • Ensure BGP is configured for EVPN SAFI.

  • MPLS LDP core is used for MPLS LSP between PE. MPLS LDP core is required when Segement Routing is not used.

  • CE-facing interface, such as service instance, is Ethernet family without IP address on PE.

  • BGP session between PEs with 'address-family l2vpn evpn' to exchange EVPN routes.

  • A BGP Route Reflector is supported.

  • IGP, such as ISIS, core for IP reachability between PEs and BGP next-hop reachability.

Restrictions for EVPN-VPWS

  • The combination of EVPN ID and VPWS Instance ID must be unique according to ASN.

  • Cisco Multiprotocol Label Switching Traffic Engineering (MPLS-TE) core is not supported.

  • inter-AS Option B is not supported.

  • NSR is not supported for l2vpn family.

  • Ensure that Cisco Nonstop Forwarding (NSF) is configured on BGP, OSPF(iBGP), and MPLS.

  • NSF is supported, you should see neigh flap, but not traffic drop.

  • Without NSF, if you are doing Stateful Switchover (SSO), then you would see traffic drop for l2vpn evpn traffic.

  • evpn vc stats do not work in the show l2vpn evpn vc id detail command.

  • ELB is not supported on EVPN.

  • L2VPN traffic is not load balanced for inner payload src-ip, dst-ip, src-dst-ip hashing algorithms in the egress PoCh interface. We recommend you to use other hashing algorithms like src-mac, dst-mac, src-dst-mac.

Scaling Information

4000 EVPN-VPWS service instances are supported.

How to Configure EPVN-VPWS

The following steps are performed to configure EVPN-VPWS

  • Configuring BGP for EVPN-VPWS

  • Configuring EVPN-VPWS Instance

Configuring BGP for EVPN-VPWS

To configure EVPN-VPWS in BGP, follow these steps:

Procedure

router bgp 1
address-family l2vpn evpn
neighbor 192.168.0.1 activate
exit-address-family

Configuring EVPN-VPWS Instance

To configure EVPN VPWS instance, follow these steps:

Procedure

enable
configure terminal
l2vpn evpn instance 11 point-to-point
vpws context test
service target 100 source 100
member GigabitEthernet0/0/0 service-instance 10
no shut
end

Rewrite for EVI Service Instance

You need to have the rewrite command when the VLANs are mismatched on the remote ACs. This allows ingress traffic movement. To configure EVPN-VPWS service instance for rewrite, follow these steps:

Procedure

interface GigabitEthernet0/0/1
service instance 2 ethernet
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
end

Configuring EVPN-VPWS for Logging

To configure EVPN-VPWS for logging, follow these steps:

Procedure

enable
configure terminal
l2vpn evpn logging vc-state
end

Verfiying EVPN-VPWS Instance

Verifying EVPN-VPWS Configuration

You can verify the configuration using the following show commands:
  • show l2vpn evpn summary

  • show l2vpn evpn evi (<evpn-id> | all) [detail]

  • show l2vpn evpn rib ead [detail] |evi

  • show l2vpn evpn checkpoint

  • show l2vpn evpn route-target [<rt>]

  • show bgp l2vpn evpn

  • show l2vpn evpn memory [detail]

This command displays a summary of L2VPN EVPN with total number of EVIs, VCs and routes.
show l2vpn evpn summary

L2VPN EVPN VPWS:
  EVIs (point-to-point): 1
  Total VCs: 1
    1 up, 0 down, 0 admin-down, 0 hot-standby, 0 other
  Total EVPN EAD routes: 2
    1 local, 1 remote
  Total EVI EAD routes: 2
    1 local, 1 remote (1 in-use)
  BGP: ASN 1, address-family l2vpn evpn configured
  Router ID: 192.168.0.2
This command displays brief or detail info for EVIs.
show l2vpn evpn evi 100 det

EVPN instance: 100 (point-to-point)
  RD: 192.168.0.2:100 (auto)
  Import-RTs: 1:100 
  Export-RTs: 1:100 
  Total VCs: 1
    1 up, 0 down, 0 admin-down, 0 hot-standby, 0 other
  Total EAD routes: 2
    1 local, 1 remote (1 in-use)
This command displays the contents of the global EVPN route.
show l2vpn evpn rib ead

+- Origin of entry                                (i=iBGP/e=eBGP/L=Local)
| +- Best path                                    (Yes/No)?
| |
v v
O B         RD              Ethernet Segment Id    Eth Tag     Next Hop
-+-+---------------------+------------------------+--------+---------------
i Y 192.168.0.3:100       0000.0000.0000.0000.0000 2        192.168.0.3
L - 192.168.0.2:100       0000.0000.0000.0000.0000 1                  
show l2vpn evpn rib ead evi

+- Origin of entry                                (i=iBGP/e=eBGP/L=Local)
| +- Provisioned                                  (Yes/No)?
| | +- Best path                                  (Yes/No)?
| | |
v v v
O P B  EVI    Ethernet Segment Id    Eth Tag     Next Hop      Label
-+-+-+-----+------------------------+--------+---------------+--------
i Y Y 100   0000.0000.0000.0000.0000 2        192.168.0.3     16
L - - 100   0000.0000.0000.0000.0000 1                        16                  
show l2vpn evpn checkpoint

EVPN Checkpoint info for active RP
Checkpointing is allowed
Bulk-sync checkpointed state for 0 VC
ISSU Context:95, Compatible:1, Negotiated L2HW types: 0
This command displays the contents of the global route-target (RT).
show l2vpn evpn route-target

Route Target           EVPN Instances
1:100                  100   
show bgp l2vpn evpn

BGP table version is 4, local router ID is 192.168.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 192.168.0.2:100
 *>  [1][192.168.0.2:100][00000000000000000000][5]/23
                       ::                                 32768 ?
Route Distinguisher: 192.168.0.3:100
 *>i [1][192.168.0.3:100][00000000000000000000][6]/23
                       192.168.0.3              0    100      0 ?
This command displays brief or detail EVPN memory usage.
show l2vpn evpn memory

  Allocator-Name                  In-use/Allocated            Count
  ----------------------------------------------------------------------------
  EVPN DB                   :        648/65632      (  0%) [      9] Chunk
  EVPN EAD DB               :        432/65632      (  0%) [      6] Chunk
  EVPN EAD Handle Table     :      21856/22040      ( 99%) [      2]
  EVPN EAD Paths            :        104/65632      (  0%) [      1] Chunk
  EVPN EAD Routes           :         96/65648      (  0%) [      2] Chunk
  EVPN RIB MGR              :        976/1344       ( 72%) [      4]
  EVPN RIB NHs              :          0/10096      (  0%) [      0] Chunk
  EVPN RIB RTs              :         96/10096      (  0%) [      2] Chunk
  EVPN RIB msg              :          0/10096      (  0%) [      0] Chunk
  EVPN Thread               :       1684/2144       ( 78%) [      5]
  EVPN context chunk        :        768/32864      (  2%) [      1] Chunk
  EVPN context handle table :      70968/71152      ( 99%) [      2]
  EVPN dtrace elem per-cont :       1280/65632      (  1%) [     20] Chunk
  EVPN dtrace stridx        :    1194876/1194968    ( 99%) [      1]
  EVPN dtrace stridx freeli :     132764/132856     ( 99%) [      1]
  EVPN dtrace stridx hash   :         76/168        ( 45%) [      1]
  EVPN dtrace stridx slots  :     265532/265624     ( 99%) [      1]
  EVPN dtrace stridx2slot   :     132764/132856     ( 99%) [      1]
  EVPN instance chunk       :        168/10096      (  1%) [      1] Chunk
  EVPN rt-db ee             :        124/216        ( 57%) [      1]
  EVPN rt-db rte            :        204/296        ( 68%) [      1]

  Total allocated: 2.121 Mb, 2172 Kb, 2225088 bytes

Verifying EVPN-VPWS Configuration for Logging

You can verify the logging using the show l2vpn evpn vc command.

This command displays brief information for VCs.
show l2vpn evpn vc all

 EVPN ID Source   Target   Type   Name/Interface                   Status
------- -------- -------- ------ -------------------------------- ----------
100     1        2        p2p    vc100                            up
                                 Et0/0                            up
This command displays detail information for VCs.
show l2vpn evpn vc all detail

 EVPN name: vc100, state: up, type: point-to-point
  EVPN ID: 100
  VPWS Service Instance ID:  Source 1, Target 2
  Labels:  Local 16, Remote 16
  Next Hop Address: 192.168.0.3
  Associated member Et0/0 is up, status is up
  Dataplane:
    SSM segment/switch IDs: 4098/4097 (used), PWID: 1
  Rx Counters
    78 input transit packets, 26425 bytes
    0 drops
  Tx Counters
    79 output transit packets, 28240 bytes
    0 drops
  5 VC FSM state transitions, Last 5 shown
    Prov: Idle -> Prov, Tue Sep 29 13:15:37.848 (00:52:21 ago)
    AdmUp: Prov -> LocWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
    LocUp: LocWait -> RemWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
    RemUp: RemWait -> Act, Tue Sep 29 13:17:19.368 (00:50:39 ago)
    DpUp: Act -> Est, Tue Sep 29 13:17:19.371 (00:50:39 ago)

Troubleshooting

Virtual Circuit (VC) is in Down state

EVPN VPWS protocol has no communication of VC state between endpoints. Furthemore LDP transport LSP is unidirectional and there is no end-to-end checking for connectivity. VC can be up on one end and down on the other end in the following cases:
  • Core-facing mpls dataplane down on one side only. For example, if loopback configured with /24 on one-end and configured correctly with /32 at other end.

  • UUT has no remote EVPN EAD route from peer. Several variants:

    • Peer never sent it.

    • Peer sent it, but RT mismatch: No intersection between UUT Import-RT and peer Export-RT.

    • Peer sent it, RT matches, but etag mismatch: For service etags tgt/src, UUT has x/y, peer has y/z.

Problem  VC is in down state.

Possible Cause None

Solution Perform these steps to check whether the VC is not active:

Solution 
  • Solution Check if any VC is not active.

  • Solution  Identify EVIs that has not got an active VCs

  • Solution Gather information for the EVIs that has not got an active VCs

  • Solution  Locate the not active VCs for the EVI

  • Solution  Display detail information of the not active VC

Solution 
show l2vpn evpn vc all detail
EVPN name: vc100, state: up, type: point-to-point
  EVPN ID: 100
  VPWS Service Instance ID:  Source 1, Target 2
  Labels:  Local 16, Remote 16

// Must have a valid Local Label. If missing, contact support.

// Must have valid Remote Label. If missing, then there is no matching remote route. Cross-check with BGP: 'show bgp l2vpn evpn [...] detail'.

  Next Hop Address: 192.168.0.3

// Must have valid Next Hop Address. If missing, then there is no matching remote route. Cross-check with BGP: 'show bgp l2vpn evpn [...] detail'.

  Associated member Et0/0 is up, status is up

// AC must be up. If not up, check why.

  Dataplane:
    SSM segment/switch IDs: 4098/4097 (used), PWID: 1
  Rx Counters
    78 input transit packets, 26425 bytes
    0 drops
  Tx Counters
    79 output transit packets, 28240 bytes
    0 drops
  5 VC FSM state transitions, Last 5 shown
    Prov: Idle -> Prov, Tue Sep 29 13:15:37.848 (00:52:21 ago)
    AdmUp: Prov -> LocWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
    LocUp: LocWait -> RemWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
    RemUp: RemWait -> Act, Tue Sep 29 13:17:19.368 (00:50:39 ago)
    DpUp: Act -> Est, Tue Sep 29 13:17:19.371 (00:50:39 ago)

// Pay close attention to last line of VC FSM history. The format is:
// <Event>: <OldState> -> <NewState>
// Troubleshooting info appears below.

VC FSM History

Problem  The state of the VC is Prov — Provisioned: VC is disabled.

Possible Cause  None

Solution Perform these steps for a solution to the state:

  • Solution Check BGP is running.

  • Solution Check BGP 'address-family l2vpn evpn' is configured.

  • Solution Check VC is not shutdown.

Problem  The state of the VC is LocWait — Local-Wait: Waiting for local AC information to come up.

Possible Cause  None

Solution  Check AC is up.

Problem  The state of the VC is Act — Activating: Control plane ok. Trying to activate dataplane.

Possible Cause  None

  • Solution Check core facing information is up.

  • Solution Check Segment-Routing is configured and preferred.

Remote-Wait State

Problem  The state of the VC is RemWait — Remote-Wait: Waiting for matching remote route.

Possible Cause This state occurs due to no matching remote route for the VC. A matching remote route means all of the following are true:

  • Route is present in BGP. Requires a local EVI to have route target in the route.
  • Remote path is best path.
  • Route is present in global EVPN route.
  • Route is present in EVI route. Requires the EVI to have route target in the route.
  • Route has ETag which matches the VC source identity. (service target <tgt-id> source <src-id>).

Solution Perform these steps to check whether the VC is in remote wait state:

Solution 
  • Check for EVI configuration mismatch.
  • Check for VC configuration mismatch.
  • Check if the remote route is present in BGP.
    • If no remote route then check if
      • remote route was discarded by BGP due to RT filter
      • peer did not send route to UUT
      • EVI or VC configuration mismatch
      • all the prerequisites are satisfied
    • If a remote route is present in global EVPN then check if the remote route is present in EVI route.
      • Solution Check for EVI or VC configuration mismatch.

Configuration Examples for EVPN-VPWS Instance

The following example is for configuration for an EVPN-VPWS instance.

Example: EVPN-VPWS Instance Configuration

Router(config)#l2vpn evpn instance 11 point-to-point 
Router(config-evpn-evi)#rd 1:1 
Router(config-evpn-evi)#vpws context test 
Router(config-evpn-vpws)#service target 100 source 100 
Router(config-evpn-vpws)#member GigabitEthernet0/0/0 service-instance 10 
Router(config-evpn-vpws)#no shut
The following example has running configurations on PE1 and PE2

Example: EVPN-VPWS PE1 configuration

interface Loopback0
 ip address 10.1.1.1 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet0/0/0
 description CE1 facing
 no ip address
!
service instance 300 ethernet
 	 encapsulation dot1q 300
  	rewrite ingress tag pop 1 symmetric

	l2vpn evpn instance 100 point-to-point
	!
	vpws context vc100
	service target 2 source 1
	member GigabitEthernet0/0/0 service-instance 300 
!
interface GigabitEthernet0/0/1
 description Core facing
 ip address 10.0.1.1 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
router ospf 1
 router-id 10.1.1.1
!
router bgp 1
 bgp router-id 10.1.1.1
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 2.2.2.2 activate
 exit-address-family
!
l2vpn evpn instance 100 point-to-point
 !
 vpws context vc100
  service target 2 source 1
  member GigabitEthernet0/0/0
!
mpls ldp router-id Loopback0
!

Example: EVPN-VPWS PE2 configuration

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet0/0/0
 description CE2 facing
 no ip address
!
service instance 300 ethernet
 	 encapsulation dot1q 300
  	rewrite ingress tag pop 1 symmetric

	l2vpn evpn instance 100 point-to-point
	!
	vpws context vc100
	service target 2 source 1
	member GigabitEthernet0/0/0 service-instance 300

interface GigabitEthernet0/0/1
 description Core facing
 ip address 10.0.1.2 255.255.255.0
 ip ospf 1 area 0
 mpls ip
!
router ospf 1
 router-id 2.2.2.2
!
router bgp 1
 bgp router-id 2.2.2.2
 neighbor 10.1.1.1 remote-as 1
 neighbor 10.1.1.1 update-source Loopback0
 !
 address-family ipv4
  neighbor 10.1.1.1 activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 10.1.1.1 activate
 exit-address-family
!
l2vpn evpn instance 100 point-to-point
 !
 vpws context vc100
  service target 1 source 2
  member GigabitEthernet0/0/0
!
mpls ldp router-id Loopback0
!

Additional References for EVPN-VPWS

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

Standards and RFCs

Standard/RFC

Title

RFC 7432

BGP MPLS-Based Ethernet VPN

Standard

VPWS support in EVPN

MIBs

MIB

MIBs Link

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html