- play_arrow Features Common to EVPN-VXLAN, EVPN-MPLS, and EVPN-VPWS
- play_arrow Configuring Interfaces
- play_arrow MAC Address Features with EVPN Networks
- play_arrow Configuring Routing Instances for EVPN
- Configuring EVPN Routing Instances
- Configuring EVPN Routing Instances on EX9200 Switches
- MAC-VRF Routing Instance Type Overview
- EVPN Type 5 Route with VXLAN Encapsulation for EVPN-VXLAN
- EVPN Type 5 Route with MPLS encapsulation for EVPN-MPLS
- Understanding EVPN Pure Type 5 Routes
- Seamless VXLAN Stitching with Symmetric EVPN Type 2 Routes using Data Center Interconnect
- Symmetric Integrated Routing and Bridging with EVPN Type 2 Routes in EVPN-VXLAN Fabrics
- EVPN Type 2 and Type 5 Route Coexistence with EVPN-VXLAN
- Ingress Virtual Machine Traffic Optimization
- Tracing EVPN Traffic and Operations
- Migrating From BGP VPLS to EVPN Overview
- Configuring EVPN over Transport Class Tunnels
- Example: Configuring EVPN-VPWS over Transport Class Tunnels
- play_arrow Configuring Route Targets
- play_arrow Routing Policies for EVPN
- play_arrow Layer 3 Gateways with Integrated Routing and Bridging for EVPN Overlays
- play_arrow EVPN Multihoming
- EVPN Multihoming Overview
- EVPN Multihoming Designated Forwarder Election
- Understanding Automatically Generated ESIs in EVPN Networks
- Easy EVPN LAG (EZ-LAG) Configuration
- Configuring EVPN Active-Standby Multihoming to a Single PE Device
- Configuring EVPN-MPLS Active-Standby Multihoming
- Example: Configuring Basic EVPN-MPLS Active-Standby Multihoming
- Example: Configuring EVPN-MPLS Active-Standby Multihoming
- Example: Configuring Basic EVPN Active-Active Multihoming
- Example: Configuring EVPN Active-Active Multihoming
- Example: Configuring LACP for EVPN Active-Active Multihoming
- Example: Configuring LACP for EVPN VXLAN Active-Active Multihoming
- Example: Configuring an ESI on a Logical Interface With EVPN-MPLS Multihoming
- Configuring Dynamic List Next Hop
- play_arrow Link States and Network Isolation Conditions in EVPN Networks
- play_arrow EVPN Proxy ARP and ARP Suppression, and NDP and NDP Suppression
- play_arrow Configuring DHCP Relay Agents
- play_arrow High Availability in EVPN
- play_arrow Monitoring EVPN Networks
- play_arrow Layer 2 Control Protocol Transparency
-
- play_arrow EVPN-VXLAN
- play_arrow Overview
- Understanding EVPN with VXLAN Data Plane Encapsulation
- EVPN-over-VXLAN Supported Functionality
- Understanding VXLANs
- VXLAN Constraints on EX Series, QFX Series, PTX Series, and ACX Series Devices
- EVPN Over VXLAN Encapsulation Configuration Overview for QFX Series and EX4600 Switches
- Implementing EVPN-VXLAN for Data Centers
- PIM NSR and Unified ISSU Support for VXLAN Overview
- Routing IPv6 Data Traffic through an EVPN-VXLAN Network with an IPv4 Underlay
- Understanding How to Configure VXLANs and Layer 3 Logical Interfaces to Interoperate
- Understanding GBP Profiles
- play_arrow Configuring EVPN-VXLAN Interfaces
- Understanding Flexible Ethernet Services Support With EVPN-VXLAN
- EVPN-VXLAN Lightweight Leaf to Server Loop Detection
- Overlapping VLAN Support Using VLAN Translation in EVPN-VXLAN Networks
- Overlapping VLAN Support Using Multiple Forwarding Instances or VLAN Normalization
- Layer 2 Protocol Tunneling over VXLAN Tunnels in EVPN-VXLAN Bridged Overlay Networks
- MAC Filtering, Storm Control, and Port Mirroring Support in an EVPN-VXLAN Environment
- Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN
- DHCP Smart Relay in EVPN-VXLAN
- play_arrow Configuring VLAN-Aware Bundle Services, VLAN-Based Services, and Virtual Switch Support
- play_arrow Load Balancing with EVPN-VXLAN Multihoming
- play_arrow Setting Up a Layer 3 VXLAN Gateway
- play_arrow Configuring an EVPN-VXLAN Centrally-Routed Bridged Overlay
- play_arrow Configuring an EVPN-VXLAN Edge-Routed Bridging Overlay
- play_arrow IPv6 Underlay for VXLAN Overlays
- play_arrow Multicast Features with EVPN-VXLAN
- Multicast Support in EVPN-VXLAN Overlay Networks
- Overview of Multicast Forwarding with IGMP Snooping or MLD Snooping in an EVPN-VXLAN Environment
- Example: Preserving Bandwidth with IGMP Snooping in an EVPN-VXLAN Environment
- Overview of Selective Multicast Forwarding
- Configuring the number of SMET Nexthops
- Assisted Replication Multicast Optimization in EVPN Networks
- Optimized Intersubnet Multicast in EVPN Networks
- play_arrow Configuring the Tunneling of Q-in-Q Traffic
- play_arrow Tunnel Traffic Inspection on SRX Series Devices
- play_arrow Fault Detection and Isolation in EVPN-VXLAN Fabrics
-
- play_arrow EVPN-MPLS
- play_arrow Overview
- play_arrow Convergence in an EVPN MPLS Network
- play_arrow Pseudowire Termination at an EVPN
- play_arrow Configuring the Distribution of Routes
- Configuring an IGP on the PE and P Routers on EX9200 Switches
- Configuring IBGP Sessions Between PE Routers in VPNs on EX9200 Switches
- Configuring a Signaling Protocol and LSPs for VPNs on EX9200 Switches
- Configuring Entropy Labels
- Configuring Control Word for EVPN-MPLS
- Understanding P2MPs LSP for the EVPN Inclusive Provider Tunnel
- Configuring Bud Node Support
- play_arrow Configuring VLAN Services and Virtual Switch Support
- play_arrow Configuring Integrated Bridging and Routing
- EVPN with IRB Solution Overview
- An EVPN with IRB Solution on EX9200 Switches Overview
- Anycast Gateways
- Configuring EVPN with IRB Solution
- Configuring an EVPN with IRB Solution on EX9200 Switches
- Example: Configuring EVPN with IRB Solution
- Example: Configuring an EVPN with IRB Solution on EX9200 Switches
- play_arrow Configuring IGMP or MLD Snooping with EVPN-MPLS
-
- play_arrow EVPN E-LAN Services
- play_arrow EVPN-ETREE
- play_arrow Overview
- play_arrow Configuring EVPN-ETREE
-
- play_arrow Using EVPN for Interconnection
- play_arrow Interconnecting VXLAN Data Centers With EVPN
- play_arrow Interconnecting EVPN-VXLAN Data Centers Through an EVPN-MPLS WAN
- play_arrow Extending a Junos Fusion Enterprise Using EVPN-MPLS
-
- play_arrow PBB-EVPN
- play_arrow Configuring PBB-EVPN Integration
- play_arrow Configuring MAC Pinning for PBB-EVPNs
-
- play_arrow EVPN Standards
- play_arrow Supported EVPN Standards
-
- play_arrow VXLAN-Only Features
- play_arrow Flexible VXLAN Tunnels
- play_arrow Static VXLAN
-
- play_arrow Configuration Statements and Operational Commands
Overview of Headend Termination for EVPN VPWS for Business Services
Currently, Junos OS only supports pseudowire subscriber logical interface to be used with Layer 2 circuit or Layer 2 VPN for pseudowire headend termination. An Ethernet VPN (EVPN) enables you to connect dispersed customer sites using a Layer 2 virtual bridge. Virtual private wire service (VPWS) Layer 2 VPNs employ Layer 2 services over MPLS to build a topology of point-to-point connections that connect end customer sites in a VPN. EVPN-VPWS as a next generation of pseudowire technology brings the benefit of EVPN to point-to-point service by providing fast convergence upon node failure and link failure through its multi-homing feature. As a result, you can use EVPN-VPWS and pseudowire subscriber interface for headend termination into different services.
The pseudowire headend termination support with pseudowire subscriber interface works with EVPN-VPWS Flexible Cross Connect (FXC) in the vMX (Virtual MX) scale out solution. The vMX scale out support with EVPN-VPWS FXC is terminated into Layer 3 VRF or BGP-VPLS through pseudowire subscriber interface on vMX
The multi-home scenario includes support for either two or more than two PEs.
Benefits of Pseudowire Headend Termination (PWHT) with EVPN-VPWS Pseudowires:
PWHT framework can be used to attach remote CEs (reachable via metro aggregation network) to the services (for example Layer 3 VPN) available on service PE in a similar way to CEs which are directly attached to service PEs.
Multiple VLANs can be transported inside pseudowire and demultiplexed to different services on service PE using pseudowire subscriber logical interfaces just like VLANs on regular physical interfaces.
PWHT with EVPN-VPWS as transport pseudowire brings further numerous benefits; for example unified BGP based control plane for all services in metro aggregation and core network, or redundant active-standby transport connectivity between multiple service PEs and multiple aggregation nodes.
Pseudowire Subscriber Logical Interface Support for EVPN-VPWS
Figure 1 illustrates an EVPN-VPWS network with pseudowire service. A-PE (Access Provider Edge) is the access router and PE1 is the service edge router. A pseudowire subscriber logical interface is used on PE1 to terminate the pseudowire established by EVPN-VPWS into either Layer 3 VPN or Layer 2 BGP-VPLS service. There is only one single service edge router to terminate the pseudowire, in this scenario.
For a given pseudowire subscriber logical interface, for example ps0, only the transport interface of the pseudowire subscriber logical interface, that is ps0.0, is used as an access interface for the EVPN-VPWS on PE1. The service interfaces of ps0, that is ps0.1 to ps0.n, are used at the service side (either under Layer 3 VRF or BGP-VPLS instance).
Prior to Junos OS 18.2 Release, the only encapsulation type that pseudowire
subscriber transport logical interface (as an access interface for the
pseudowire) supports for Layer 2 circuit and Layer 2 VPN is
ethernet-ccc. This encapsulation type will remain the same
for EVPN-VPWS with pseudowire subscriber logical interface support as well.
- Single Pseudowire Headend Termination
- Active-Standby Pseudowire Headend Termination
- Active-Active Pseudowire Headend Termination
Single Pseudowire Headend Termination
The pseudowire subscriber transport logical interface is used as the access interface for EVPN-VPWS instance. EVPN establishes a point-to-point Ethernet service with pseudowire subscriber transport logical interface as an access interface in the control plane.
Active-Standby Pseudowire Headend Termination
As shown in Figure 2, to achieve resilience for pseudowire headend termination into Layer 3 VPN or BGP-VPLS, you can use a pair of redundant pseudowires on the EVPN-VPWS side. Also, in Figure 2, Layer 3 VPN or BGP-VPLS is treated as if it is multi-homed to the set of redundant service edge routers, PE1 and PE2. PE1 and PE2 work in active-standby mode for EVPN-VPWS. One of them is elected as the primary PE per EVPN normal designated forwarder (DF) election procedure. Only the primary PE is used to forward Layer 2 traffic.
Following are the reasons for the pseudowire failure, when redundancy is provided by the EVPN-VPWS active-standby interface:
Service edge router node failure.
Pseudowire subscriber transport logical interface failure on the primary PE.
Failure on the path towards the primary PE.
If any of the above failure cases are detected, the backup PE takes over to become the primary PE. As a result, the customer traffic from the access router, A-PE, is switched to the new primary PE.
The EVPN-VPWS also supports the service side of the network multi-homing to EVPN-VPWS through the pseudowire subscriber logical interface in an active-standby mode.
To achieve active-standby pseudowire headend termination, the following is required:
Ethernet segment identifier (ESI) support on the pseudowire subscriber transport logical interface.
Synchronizing data path between active pseudowire and Layer 3 VPN.
MAC flush in the BGP-VPLS when the active-standby pseudowires switch. MAC flush is triggered when the active service edge node suffers a node failure.
ES Support on Pseudowire Subscriber Transport Logical Interface
An Ethernet segment must have a unique nonzero identifier, called the Ethernet segment identifier (ESI). The ESI is encoded as a 10-octet integer. When manually configuring an ESI value, the most significant octet, known as the type byte, must be 00. ESI is assigned to pseudowire subscriber transport logical interfaces associated with the PE1 and PE2 the same way as in EVPN multi-homing.
To configure the active-standby mode for the pseudowire subscriber
transport logical interface, include the ESI value and the
single-active statement under the [edit
interfaces] hierarchy level.
DF Election and Pseudowire Subscriber Transport Logical Interface
Designated forwarder(DF)—This is the designated forwarder for forwarding the current traffic. The DF election procedure ensures each VLAN is associated with single PE acting in DF role.
Synchronizing Data Path between EVPN-VPWS and Layer 3 VPN or BGP-VPLS
There is a need for the data path coordination between the point-to-point pseudowire and the services side of the network (Layer 3 VPN or BGP-VPLS), with active-standby pseudowire headend termination. This is to select the same service edge router for passing the current traffic between the point-to-point pseudowire and Layer 3 VPN or BGP-VPLS domain.
EVPN-VPWS determines the primary path, for both Layer 3 VPN and BGP-VPLS, based on its DF election result. Both the primary and backup PEs for EVPN-VPWS then influence the services side of network to use the primary PE for data traffic.
Layer 3 VPN
When pseudowires are headend terminated into the Layer 3 VPN in an active-standby mode, the primary and the backup PEs use routing-policy and policy-condition to increase or decrease the Local Preference (LP). As a result, the BGP path selection algorithm is carried out on the Layer 3 side and picks up the primary PE.
BGP-VPLS
EVPN-VPWS establishes active-standby pseudowires based on its DF election. The active-standby pseudowires are essentially the two redundant spoke pseudowires attached to BGP-VPLS instance. The BGP-VPLS PEs remain single homed PEs and data plane learning happens through the active pseudowire in the EVPN-VPWS primary path.
If the pseudowire subscriber service logical interface that belongs to a BGP-VPLS instance is in down state, this does not trigger the active and standby pseudowire switch on the EVPN-VPWS side. This is because the 1 to many relationships between the point-to-point pseudowire and the BGP-VPLS. This may cause traffic loss for traffic coming from the VPLS to the point-to-point pseudowire direction.
BGP-VPLS does not trigger MAC flush when its access link to the CE device goes up or down. Further, since multi-homed EVPN-VPWS pseudowire headend termination into BGP-VPLS is based on single-homed mode on BGP-VPLS side, MAC flush (achieved via manipulation of F-bit in BGP-VPLS messages) associated with multi-homed BGP-VPLS mode does not apply here, neither. Therefore, when there is DF or NDF state change on EVPN-VPWS side, or if the pseudowire subscriber service logical interface that belongs to a BGP-VPLS instance goes up or down, MAC flush is not triggered. Null-route filtering might occur until expiration of MAC aging timer, unless there is constant traffic from the CE behind the EVPN-VPWS to BGP-VPLS. MAC flush is triggered only during PE node failures.
The following configuration example shows how condition manager is used for Layer 3 VPN routing instance through vrf-export when active-standby EVPN-VPWS terminates into Layer 3 VPN service.
[edit]
routing-instances {
l3vpn_1 {
instance-type vrf;
interface ps0.1;
interface lo0.1;
route-distinguisher 2.2.2.3:6500;
vrf-import l3vpn1_import;
vrf-export l3vpn1_export;
vrf-table-label;
protocols {
bgp {
group toPW-CE1 {
type external;
export send-direct;
peer-as 1;
neighbor 10.1.1.1;
}
}
}
}
}
policy-options {
policy-statement l3vpn_1_export {
term 1 {
from condition primary;
then {
local-preference add 300;
community set l3vpn_1;
accept;
}
}
term 2 {
from condition standby;
then {
community set l3vpn_1;
accept;
}
}
}
policy-statement l3vpn1_import {
term 1 {
from community l3vpn_1;
then accept;
}
term default {
then reject;
}
}
community l3vpn_1 members target:65056:100;
condition primary {
if-route-exists {
address-family {
ccc {
ps0.0;
table mpls.0;
}
}
}
}
condition standby {
if-route-exists {
address-family {
ccc {
ps0.0;
table mpls.0;
standby;
}
}
}
}
}
Following is the BGP-VPLS instance configuration when EVPN-VPWS terminates into the BGP-VPLS:
[edit]
routing-instances {
vpls-1 {
instance-type vpls;
interface ps0.1;
route-distinguisher 100:2;
vrf-target target:100:100;
protocols {
vpls {
site ce3 {
site-identifier 3;
}
}
}
}
}
Active-Active Pseudowire Headend Termination
Active-active pseudowire headend termination is supported only in Layer 3 VPN and not supported in BGP-VPLS.
vMX Scale Out
The vMX router is a virtual version of the MX Series 5G Universal Routing Platform. Like the MX Series router, the vMX router runs the Junos operating system (Junos OS) and supports Junos OS packet handling and forwarding modeled after the Trio chipset. The vMX instance contains two separate virtual machines (VMs), one for the virtual forwarding plane (VFP) and one for the virtual control plane (VCP). The VFP VM runs the virtual Trio forwarding plane software and the VCP VM runs Junos OS.
The vMX can now be used to scale out the bandwidth, achieve service isolation, and resilience. As the service edge router, vMX supports pseudowire headend termination with active and standby mode.
vMX
A vMX can have active and backup VCP with one or more VFPs. The VCP is the RE and the VFP is the line-card. The communication between VCP and VFP is facilitated through vRouter, if the VCP and VFP reside on the same server. Else, it is through the external network to which the servers are connected. There is no direction communication between VFPs.
Service Isolation
For a given point-to-point pseudowire with only one VFP per vMX, the data traffic is handled by one VFP for both ingress and egress traffic.
Active-Standby Pseudowire Headend Termination into VMX
The vMX acts as a regular MX for the overlay point-to-point Ethernet service. Similar to physical MX router, redundancy is achieved by using multiple vMXs, and only active-standby pseudowire headend termination is supported. The pseudowire is terminated at the loopback IP address that is used as the protocol nexthop address for the pseudowire.
