Got it

L3EVPN learning sharing

Latest reply: Feb 21, 2020 14:32:02 442 1 2 0 0

Hi, everyone this article briefly introduces the configuration model, control plane, and forwarding plane process of L3EVPN. Students who have some understanding of the principles of evpn and L3vpn can refer.


Abstract: evpn uses the traditional mpls bgp vpn technology on the control plane to implement the L2VPN function similar to vpls / vpws. It needs to carry three layers of services at the same time in the context of network simplification. It further replaces traditional L3vpn and integrates traditional vpls, vpws, and L3vpn. Unified as evpn.

Basic subnet:

CE1 ------------ PE1 ---------------- PE2 ------------- CE2

( (

I. Configuration ideas:

1. The igp route on the public network side between PEs is reachable, and the tunnel is established.

2. Create a VRF instance on the PE, enable the evpn mpls routing-enable function, and configure the VPN-target of the evpn.

ip vpn-instance l3evpn
route-distinguisher 31:1
vpn-target 1:1 export-extcommunity evpn
vpn-target 1:1 import-extcommunity evpn
evpn mpls routing-enable
[~RT3-vpn-instance-l3evpn]disp ip vpn-instance ver l3evpn
VPN-Instance Name and ID : l3evpn, 7
Interfaces : Ethernet3/0/3.1
Address family ipv4
Create date : 2018-11-06 01:33+00:00
Up time : 0 days, 22 hours, 19 minutes and 39 seconds
Vrf Status : UP
Route Distinguisher : 31:1
Export VPN Targets : 1:1
Import VPN Targets : 1:1

Label Policy : label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe

[~RT3-vpn-instance-l3evpn]disp evpn vpn-instance name __RD_1_31_1__ verbose
VPN-Instance Name and ID : __RD_1_31_1__, 9
Address family evpn
Route Distinguisher : 31:1

Label Policy : label per instance
Per-Instance Label : 48188,48189
Export VPN Targets : 1:1
Import VPN Targets : 1:1

Note: After you configure the vrf instance and enable evpn mpls routing-enable, the system will automatically create an evpn instance to manage evpn routing. The VPN target inherits vrf.

3. Create EVPN neighbors between PEs to exchange EVPN routes. In this scenario, Type 5 prefix routes are exchanged. There is no difference between this and ordinary evpn, and there is no special configuration.

[~RT3]disp bgp evpn all routing-table prefix-route 0:

BGP local router ID :
Local AS number : 100
Total routes of Route Distinguisher(41:1): 1
BGP routing table entry information of 0:
Label information (Received/Applied): 48183/NULL
From: (
Route Duration: 1d00h22m02s
Relay IP Nexthop:
Relay Tunnel Out-Interface: SRBE LSP
Original nexthop:
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path 1006, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 10
Cluster list:
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IP Prefix/Len:, ESI: 0000.0000.0000.0000.0000, GW IP Address:
Not advertised to any peer yet

Note: EVPN routing types and evolution process

EVPN extends the BGP protocol's NLRI (Network Layer Reachability Information) for transmitting host MAC information. It is called the EVPN NLRI. There are 4 types of EVPN routing defined in EVPN NLRI:

Ethernet Auto-Discovery route: ad-route ---- Type1 route

MAC advertisement route: mac-route ---- Type 2 route (IP field reserved)

Inclusive Multicast Route: inclusive-route ---- Type3 route

Ethernet Segment Route: es-route ---- Type4 route

In addition, with the development of EVPN-VxLAN, in order to transfer VxLAN VTEP addresses and host information, EVPN has newly defined/refined several BGP EVPN routing types by extending the BGP protocol:

Type2 routing—MAC / IP routing:

The host IP address is filled based on the original Type2 route


Host MAC address announcement: host MAC address

Host ARP announcement: host MAC address + host IP address + Layer 2 VNI

Host IP routing announcement (IRB type routing): host MAC address + host IP address + Layer 2 VNI + Layer 3 VNI

Type5 route—IP prefix route: prefix-route

The IP Prefix Length and IP Prefix fields of this type of route can carry both the host IP address and the network segment address:

When carrying the host IP address, this type of route plays the same role in the VXLAN control plane as the IRB type route. It is mainly used for host IP route advertisements in distributed gateway scenarios.

• When carrying a network segment address, a host in a VXLAN network can access an external network bypassing this type of route.

4. Configure BGP to exchange IP routing information between PE and CE. The CE configuration is the same as that of ordinary L3VPN. PE needs to enable advertise l2vpn evpn under the BGP vrf address family and advertise the IP route under vrf to the evpn instance.

ipv4-family vpn-instance l3evpn
import-route direct
advertise l2vpn evpn
peer as-number 1005

Note: After configuring the advertis L2vpn evpn, the IP route under vrf will be imported to the corresponding evpn instance (the aforementioned automatically created evpn instance, ie, evrf), and the evrf will copy the route to evpn [evrf is similar to vrf, evpn is similar to vpnv4] Of course, if evpn is not enabled in the vrf instance, configuring this command line here has no effect.

II. Control flow:

1. CE1 imports a route to BGP and advertises it to PE1 through the BGP neighbor.

2. PE1 private network vrf receives the route, adds it to the vrf private network routing table, and copies the route to the corresponding evrf and then to evpn

3. evpn assigns private network labels, encapsulates ert, and publishes them to PE2 through EVPN neighbors according to evpn routing.

4. After receiving the evpn route, PE2 performs cross-routing according to e-rt and crosses to the corresponding evrf. The evrf copies the route to the corresponding vrf and carries the private network label information.

5. vrf downloads the route to the private network routing table and publishes it to CE2 through BGP.

III. the forwarding flow:

Similar to ordinary L3VPN, the IP packet checks the private network routing table on PE2, encapsulates the private network label and the public network label according to the tunnel information and private network label information in the private network routing table, and then enters the tunnel for forwarding on the public network. Find the corresponding vrf according to the private network label, check the private network routing table and forward it to ce1.

 If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:

Created Feb 21, 2020 14:32:02

good job
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.