All dynamic MAC addresses learned on VLANs/BDs added to an EVPN configuration are exported to BGP EVPN automatically.
Routes are imported on the remote node according to the route-target match. The fields in the MAC routes are filled as shown in the following table.
Field | Description |
---|---|
Route Distinguisher |
Either the auto or manual RD value is used, depending on the VLAN/BD configuration under EVPN. |
ESI |
In case the MAC is learned on an MCT client interface, the ESI of the client interface is present. Otherwise this value is 0. |
Ethernet Tag |
This is value is 0. |
MAC address |
This is the static or dynamic MAC address learned locally. |
IP address |
For MAC route IP address, this value is absent. |
MPLS Label1 |
This is the L2 VNI in case of VXLAN, and the EVI label for MPLS. |
MPLS Label2 |
This is not present. |
BGP MAC mobility extended community is attached to the route to carry a sticky flag and sequence number. Static MAC addresses configured on the system are advertised by BGP with a sticky flag. Routers importing a MAC route with a sticky flag install it as static and no MAC movement is allowed. In BGP best-path selection, a MAC route with a sticky flag is preferred over routes without a sticky flag, irrespective of the sequence number.
MAC address-table show output has been enhanced to show the remote VTEP IP address and route type as EVPN for a BGP-learned MAC over VXLAN, as in the following example.
device# show mac-address-table Type Code - CL:Cluster Local MAC CCL:Cluster Client Local MAC CR:Cluster Remote MAC CCR:Cluster Client Remote MAC VlanId/BDId Mac-address Type State Ports/LIF/PW/Tunnel 100 (V) 0000.0164.0100 Static Inactive Eth 0/31 101 (V) 0000.0164.0101 Static Inactive Eth 0/31 10 (V) 0000.0164.0010 Static Active Eth 0/31 10 (V) 0000.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0221.0010 EVPN Active Tu 61441 (192.168.32.10)
When a host moves from one port to another port on the same router, it is not considered a move. However, when the host moves from one router to another router, the MAC address undergoes a MAC move procedure. The router on which a MAC address is learned locally prefers the local address and advertises it to other routers in the network. If the MAC address is already present in BGP, the sequence number in the MAC mobility extended community is incremented in the route being advertised. A MAC route without MAC mobility extended community implicitly means sequence number 0. A router receiving a remote MAC route, with a sequence number greater than that of the locally advertised route, prefers the remote route and withdraws the local one.
MCT and LVTEP are two special cases in which a MAC move is not triggered. If the same MAC address is present in the BGP table and is learned from same next-hop or with same ESI, the MAC route is advertised with the same sequence number present in the existing route.
The frequent movement of a MAC address from one router to another router causes unnecessary churn in the network and is an indication of a malicious host or loop. When the number of moves for a given MAC address in a specified time (the default is 3 seconds) exceeds the specified number of moves (the default is 5), the MAC route is dampened. The EVPN MAC route dampening behavior differs from the BGP route flap dampening procedure specified in RFC 2439. When a MAC route is dampened, the local route is marked as best and is present in the forwarding tables. The best route selection based on sequence number is stopped until corrective action is taken. Default parameters of MAC route dampening can be modified by means of the following command under EVPN configuration mode:
device(config-evpn-default)# duplicate-mac-timer 5 max-count 3
According to BGP EVPN RFC 7432, once a MAC/IP route is dampened because of frequent moves, manual intervention is required to restore the route. Section 15.1 in the RFC states, "The PE MUST alert the operator and stop sending and processing any BGP MAC/IP Advertisement routes for that MAC address until a corrective action is taken by the operator."
A major drawback of this approach is that the route remains dampened and no processing of the updates is performed until the dampening state of the route is cleared manually. It may happen that after an initial frequent flap of the route, either one of the VMs goes away or the duplicate address situation is resolved. However, the route remains dampened until a network administrator intervenes. Automatic restoration of the route is desired in this case.
The following approach is taken to restore the dampened route.
When BGP detects that only one source of the route (that is, all NLRIs are received from same next-hop) has remained and the route is dampened, the route is added to the timer list, which is processed after 5 minutes. When the timer expires, if the second source of the route is seen again, the route is removed from the timer list and remains dampened. After the timer expires, the dampening state of the route is cleared and the route is restored after best-path selection.
Aliasing, as described in RFC 7432 (Sec. 8.4), is specific to MPLS. Dual-homed MAC addresses are those that are advertised with a nonzero ESI value. The membership of an ES is advertised by the ES-AD route. When a MAC address is received with a nonzero ESI, instead of the next-hop of the route being used, the number of paths and respective VLAN/BD MPLS labels are inferred from AD-per-ES and AD-per-EVI routes, respectively.
The following figure shows a typical case of aliasing in MPLS. Router R3 receives MAC routes learned on MLAG with a nonzero ESI value only from R1. However, AD-per-ES routes for the same ESI value are received from both R1 and R2. In this case, R3 may form ECMP of two paths that lead to the same MCT cluster (ES) and load-balance the traffic towards the host through both R1 and R2.
Use case for AD-per-ES route
There are two use cases for AD-per-ES route on the non-MCT router:
MAC/MACIP routes received with nonzero ESI value are not installed in the system unless at least one AD-per-ES route for corresponding ESI is present in BGP. Similarly, if MAC/MACIP routes are already installed and the last AD-per-ES route with corresponding ESI is withdrawn, routes are uninstalled from the forwarding plane.
Use case for AD-per-EVI route
AD-per-EVI routes are generated by MCT cluster members for each EVI configured on each ES. Because the number of AD-per-EVI routes can impose significant control-plane scaling issues, a maximum of 16 K routes is imposed.
The MPLS label field in the AD-per-EVI routes carries a per-EVI or per-ES-per-EVI MPLS label. Only per-EVI label allocation is assumed. With the assumption of a per-EVI label allocation scheme, it is not necessary to receive or originate AD-per-EVI routes for each ES or EVI. A subset of AD-per-EVI routes may suffice to identify the per-EVI label of the remote node.
BGP constructs a per-next-hop EVI-label map based on the AD-per-EVI routes. In addition, based on the reachability of AD-per-ES routes, an ECMP next-hop is constructed for Layer 2 routes.
Note that not all multihomed MAC addresses can attain forwarding plane ECMP behavior, because of limited forwarding resources. In case hardware resources are not available for ECMP in the forwarding plane, MAC addresses are sprayed across the available paths in software according to the VLAN hashing. Therefore, it is undeterministic to know whether stream-based load balancing for a given multihomed MAC address is available in the system.
Conversational MAC learning is not supported.
The following are example outputs of the show mac-address-table command.
device# show mac-address-table Type Code - CL:Cluster Local MAC CCL:Cluster Client Local MAC CR:Cluster Remote MAC CCR:Cluster Client Remote MAC VlanId/BDId Mac-address Type State Ports/LIF/PW/Tunnel 100 (V) 0000.0164.0100 Static Inactive Eth 0/31 101 (V) 0000.0164.0101 Static Inactive Eth 0/31 10 (V) 0000.0164.0010 Static Active Eth 0/31 10 (V) 0000.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0221.0010 EVPN-Static Active Tu 61441 (192.168.32.10) Total MAC addresses : 6 device# show mac-address-table evpn Type Code - CL:Cluster Local MAC CCL:Cluster Client Local MAC CR:Cluster Remote MAC CCR:Cluster Client Remote MAC VlanId/BDId Mac-address Type State Ports/LIF/PW/Tunnel 10 (V) 0000.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0191.0010 EVPN Active Tu 61441 (192.168.32.10) 10 (V) 0001.0221.0010 EVPN-Static Active Tu 61441 (192.168.32.10) Total MAC addresses : 3 device# show mac-address-table count evpn EVPN Address Count: 50 device# show mac-address-table count Dynamic Address Count: 2 Static Address Count: 0 Internal Address Count: 0 Local Address Count : 2 Remote Address Count : 0 EVPN Address Count: 2 Total MAC addresses : 6 device# show mac-address-table count interface tunnel 61441 Dynamic Address Count: 2 Static Address Count: 0 EVPN Address Count: 2 Internal Address Count: 0 Local Address Count : 2 Remote Address Count : 0 Total MAC addresses : 6 device# show mac-address-table interface tunnel 61441 Type Code - CL:Cluster Local MAC CCL:Cluster Client Local MAC CR:Cluster Remote MAC CCR:Cluster Client Remote MAC VlanId/BDId Mac-address Type State Ports/LIF/PW 10 (V) 0000.0191.0010 EVPN-Static Active Tu 61441 (192.168.32.10) 10 (V) 0001.0191.0010 EVPN Active Tu 61441 (192.168.32.10) Total MAC addresses : 2