Migrating from FEC128 LDP-VPLS to EVPN Overview
For service providers with virtual private LAN service (VPLS) networks and Ethernet VPN (EVPN) networks, there is a need to interconnect these networks. Prior to Junos OS Release 17.3, a logical tunnel interface on the interconnection point of the VPLS and EVPN routing instances was used for this purpose. In this case, the provider edge (PE) devices in each network were unaware of the PE devices in the other technology network. Starting in Junos OS Release 17.3, a solution is introduced for enabling staged migration from FEC128 LDP-VPLS toward EVPN on a site-by-site basis for every VPN routing instance. In this solution, the PE devices running EVPN and VPLS for the same VPN routing instance and single-homed segments can coexist. During migration, there is minimal impact to the customer edge (CE) device-to-CE device traffic forwarding for affected customers.
The following sections describe the migration from LDP-VPLS to EVPN:
Technology Overview and Benefits
Virtual private LAN service (VPLS) is an Ethernet-based point-to-multipoint Layer 2 VPN. This technology allows you to connect geographically dispersed data center LANs to each other across an MPLS backbone while maintaining Layer 2 connectivity. The high availability features defined in VPLS standards (such as LER dual homing) and topology autodiscovery features using BGP signaling make VPLS scalable and easy to deploy. Because VPLS uses MPLS as its core, it provides low latency variation and statistically bound low convergence times within the MPLS network.
Ethernet VPN (EVPN), on the other hand, is a combined Layer 2 and Layer 3 VPN solution that is more scalable, resilient, and efficient than current technologies. It provides several benefits including greater network efficiency, reliability, scalability, virtual machine (VM) mobility, and policy control for service providers and enterprises.
Although VPLS is a widely deployed Layer 2 VPN technology, service provider networks migrate to EVPN because of the scaling benefits and ease of deployment. Some of the benefits of EVPN include:
-
Control plane traffic is distributed with BGP and the broadcast and multicast traffic is sent using a shared multicast tree or with ingress replication.
-
Control plane learning is used for MAC and IP addresses instead of data plane learning. MAC address learning requires the flooding of unknown unicast and ARP frames, whereas IP address learning does not require any flooding.
-
Route reflector is used to reduce a full mesh of BGP sessions among PE devices to a single BGP session between a PE device and the route reflector.
-
Autodiscovery with BGP is used to discover PE devices participating in a given VPN, PE devices participating in a given redundancy group, tunnel encapsulation types, multicast tunnel type, and multicast members.
-
All-active multihoming is used. This allows a given CE device to have multiple links to multiple PE devices, and traffic traversing to-and-from that CE device fully utilizes all of these links (Ethernet segment).
-
When a link between a CE device and a PE device fails, the PE devices for that EVPN instance (EVI) are notified of the failure with the withdrawal of a single EVPN route. This allows those PE devies to remove the withdrawing PE device as a next hop for every MAC address associated with the failed link (mass withdrawal).
FEC128 LDP-VPLS to EVPN Migration
Some service providers want to preserve their investments in VPLS. This leads to the need to connect the old VPLS networks to new networks that run EVPN. For this purpose, logical tunnel interfaces on the interconnection point of the VPLS and EVPN routing instances were used. However, all the other PE devices belonged either to the VPLS network or to the EVPN network and were unaware of the other technology.
Starting in Junos OS Release 17.3, EVPN can be introduced into an existing VPLS network in a staged manner, with minimal impact to VPLS services. On a VPLS PE device, some customers can be moved to EVPN, while other customers continue to use VPLS pseudowires. Other PE devices can be entirely VPLS and switching customers on other PE devices to EVPN. This solution provides support for the seamless migration Internet draft (expires January ,2018), (PBB-)EVPN Seamless Integration with (PBB-)VPLS.
The seamless migration from FEC128 LDP-VPLS to EVPN solution supports the following functionality:
-
Allow for staged migration toward EVPN on a site-by-site basis per VPN instance. For instance, new EVPN sites to be provisioned on EVPN PE devices.
-
Allow for the coexistence of PE devices running both EVPN and VPLS for the same VPN instance and single-homed segments.
In the LDP-VPLS to EVPN migration, the PE device where some customers have been migrated to EVPN while other customers are being served using VPLS is called a super PE device. As super PE devices discover other super PE devices within a routing instance, they use EVPN forwarding to communicate with other super PE devices and VPLS pseudowires to PE devices running VPLS. The PE device with no EVPN awareness, and running only VPLS for all the customers, is called a VPLS PE device.
The CE device connected to a super PE can reach CE devices connected to EVPN-only PE devices or VPLS-only PE devices, but CE devices connected to EVPN-only PE devices cannot reach CE devices connected to VPLS-only PE devices.
Because the migration from LDP-VPLS to EVPN is supported on a per-routing instance basis, and if the routing instance is serving multiple customers on a PE device, all are migrated together. EVPN is responsible for setting up data forwarding between the PE devices upgraded to EVPN, while VPLS continues to set up data forwarding to PE devices that run VPLS. There should be zero impact for customers that still use VPLS pseudowire on all the PE devices.
The following features are not supported with the LDP-VPLS to EVPN migration:
-
Migration from FEC129 VPLS to EVPN.
-
Migration from BGP-VPLS to EVPN.
-
Migration of VPLS virtual switch to EVPN virtual switch.
-
Migration of VPLS routing instance to EVPN virtual switch.
-
Migration of VPLS routing instance or PBB-VPLS to PBB-EVPN.
-
Seamless migration from EVPN back to VPLS.
-
Enhancing EVPN to support the set of tools or statements and commands that VPLS supports.
-
Active-active and active-standby multihoming. The migration to EVPN is supported only on single-homed deployments.
-
Spanning all-active across EVPN and VPLS PE devices does not work, because the all-active multihoming feature is not supported on VPLS.
-
Connecting EVPN-only PE devices with VPLS-only PE devices through super PE devices.
-
IPv6, logical systems, multichassis support, and SNMP, because they are currently not supported on EVPN.
Sample Configuration for LDP-VPLS to EVPN Migration
The following sections provide the sample configuration required for performing the LDP-VPLS to EVPN migration.
LDP-VPLS Configuration
A typical static LDP-VPLS routing instance configuration is as follows:
user@host# show routing-instance foo instance-type vpls; vlan-id 100; (not needed for VLAN bundle service) interface ge-2/0/0.590; interface ae500.590; routing-interface irb.0; forwarding-options { family vpls { filter { input UNKNOWN-UNICAST; } } } protocols { vpls { control-word; encapsulation-type ethernet-vlan; enable-mac-move-action; mac-table-size { 100000; packet-action drop; } mac-table-aging-time ; interface-mac-limit { 100000; packet-action drop; } no-tunnel-services; (use label-switched interfaces) vpls-id 245015; mtu 1552; ignore-mtu-mismatch; mac-flush { any-spoke; } no-vlan-id-validate; neighbor 192.168.252.64 { psn-tunnel-endpoint 10.0.0.31; pseudowire-status-tlv; revert-time 60; backup-neighbor 192.168.252.65 { psn-tunnel-endpoint 10.0.0.32; hot-standby; } } mesh-group Spoke { (access label-switched interface toward spoke) local-switching; neighbor 192.168.252.66 { psn-tunnel-endpoint 10.0.0.41; pseudowire-status-tlv; } neighbor 192.168.252.67 { psn-tunnel-endpoint 10.0.0.42; pseudowire-status-tlv; } } connectivity-type permanent; }
user@host# show interfaces ge-2/0/0.590 encapsulation vlan-vpls; vlan-id 590; output-vlan-map { swap; tag-protocol-id 0x8100; inner-vlan-id 590; } family vpls { filter { input-list [ listA ]; output-list listB; } }
EVPN Migration Configuration
To perform the FEC128 LDP-VPLS to EVPN migration, do the following:
-
On the backup Routing Engine, load Junos OS Release 17.3R1.
-
Perform in-service software upgrade (ISSU) to acquire primary role. Ensure that the VPLS unified ISSU does not have any impact on the VPLS forwarding.
-
Identify routing instances (customers) that need to be migrated to EVPN.
-
Enable EVPN in a single routing instance.
-
Change routing instance type to
evpn
, and include theevpn
statement at the[edit routing-instances routing-intance-name protocols]
hierarchy level, and also include thevpls
statement at the same hierarchy to support VPLS commands.For example:
[edit routing-instances routing-instance-name] instance-type evpn; interface ge-2/0/0.590; interface ae500.590; routing-interface irb.0; route-distinguisher 10.1.1.1:50; (add for LDP-VPLS) vrf-target target:100:100; (add for LDP-VPLS) forwarding-options { family vpls { filter { input UNKNOWN-UNICAST; } } } protocols { vpls { (supports all existing VPLS commands) }
-
-
Enable family EVPN signaling in BGP.
For example:
protocols { bgp { local-as 64512; group 2mx { type internal; local-address 10.81.1.1; family evpn { signaling; } neighbor 10.81.2.2; neighbor 10.81.9.9; } }
After the configuration for the EVPN migration is committed, the routing protocol process and the Layer 2 address learning process start building the EVPN state to reflect interfaces, bridge domains, peers and routes. The locally learnt MAC addresses are synchronized by the Layer 2 address learning process in the instance.vpls.0 to the routing protocol process. When a local MAC ages out in the instance.vpls.0, the routing protocol process is informed by the Layer 2 address learning process.
When an EVPN peer is learnt, the routing protocol process sends a new message to the Layer 2 address learning process to remove the peer’s label-switched interface or virtual tunnel logical interface from the VE mesh group and disables MAC-learning on it. The EVPN IM next-hop is then added to the VE mesh group. The EVPN behavior in the routing protocol process of learning MAC addresses over BGP and informing Layer 2 address learning process of the MPLS next hop is maintained.
The VPLS statements and commands continue to apply to the VPLS pseudowires between the PE devices and the MAC addresses learnt over them. The EVPN statements and commands apply to PE devices running EVPN.
Reverting to VPLS
If the EVPN migration runs into issues, you can revert back to VPLS until the issue is understood. The routing instance is reverted from a super PE to a VPLS PE in a non-catastrophic manner by enabling the following configuration:
[edit routing-instances routing-instance-name] user@host# set instance-type vpls user@host# delete protocols evpn user@host# delete route-distinguisher (if running LDP-VPLS) user@host# delete vrf-target (if running LDP-VPLS)
On reverting the EVPN migration to VPLS, the following happens:
-
The EVPN state information is deleted.
-
There is a trigger for withdrawal of EVPN control plane routes.
-
The routing protocol process sends a new message to the Layer 2 address learning process with the label-switched interface or the virtual tunnel logical interface for the routing instance and peer.
-
The label-switched or virtual tunnel interface adds the new message to the flood group and MAC learning is enabled.
-
The egress IM next hop is deleted by the routing protocols process, prompting the Layer 2 address learning process to remove it from the flood group.
-
Remote MAC addresses are learned again over the label-switched interface or virtual tunnel logical interface.
LDP-VPLS to EVPN Migration and Other Features
Table 1 describes the functionality of some of the related features, such as multihoming and integrated routing and bridging (IRB) with the LDP-VPLS to EVPN migration.
Feature |
Supported Functionality in EVPN Migration |
---|---|
MAC move |
MAC moves are supported between VPLS-only PE device and super PE devices. When a MAC address moves from a VPLS-only PE device to a super PE device, it is learned over BGP, and the routing protocol process informs the Layer 2 address learning process of the EVPN next hop to be updated in the foo.vpls.0 routing table. When a MAC address moves from a super PE device to a VPLS-only PE device, it is learned in the Packet Forwarding Engine on the label-switched interface or virtual tunnel interface. The Layer 3 address learning process updates it to VPLS or the label-switched interface next hop. When the type 2 route is withdrawn by EVPN BGP, the MAC address is not deleted from the forwarding table, so there is no loss of data. The forwarding MAC table is shared by VPLS and EVPN. Some
attributes, such as |
IRB |
No changes needed in IRB. On a super PE device, EVPN populates the /32 host routes learned over MAC+IP type 2 routes from EVPN peers in a Layer 3 virtual routing and forwarding, while VPLS IRB forwarding using subnet routes works on sites still running VPLS. |
Hierarchical VPLS |
In an H-VPLS network with hub-and-spoke PE devices, when the hub PE device is migrated to EVPN, local MAC addresses learned over the access label-switched or virtual tunnel interface need to be advertised to BGP, so that the other EVPN-only PE devices or super PE devices can reach them. Take the following into consideration when migrating an H-VPLS network to EVPN:
|
ESI configuration |
Ethernet segment identifier (ESI) is configured at the physical interface or port level. |