Troubleshoot PBB-EVPN ESI, ES Import RT and Source MAC Mismatch on ASR 9000

Introduction

This document describes how to troubleshoot Ethernet Segment Identifier, Import RT, and Source MAC mismatch in PBB-EVPN multi-homed networks.

Prerequisites

Requirements 

The reader must have an overview of EVPN and PBB-EVPN solutions.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco ASR 9000 Series Aggregation Services Routers

• Cisco IOS XR Software that supports PBB-EVPN feature

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Conventions

 Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

In PBB-EVPN, Ethernet Segment Identifier (ESI) represents a ‘site’ connected to one or more PEs. Multi-homed PEs discover each other with the same ESI as its local one. But sometimes the default ESIs generated on these PEs do not match. This issue is seen when the PEs run on different software versions. In this case, a PE only sees itself as the nexthop of the ES, and the topology is single-homed (SH).

RP/0/RSP0/CPU0:ASR9001-PE2#show evpn ethernet-segment detail
......
Ethernet Segment Id      Interface      Nexthops
------------------------ -------------- ----------------------------------------
8000.00c8.4c75.d7ee.0001 BE1            192.0.2.2
......
  Topology          :
     Operational    : SH

In additional to ESI, multi-homed PEs also use Import RT to filter BGP EVPN routes from each other, and advertise Source MAC to remote PEs as the next hop of the ES. If Import RT or Source MAC on the PEs are incomplete or mismatch, MHN cannot work properly.  

RP/0/RSP1/CPU0:ASR9010-PE1#show evpn ethernet-segment detail
......
Ethernet Segment Id      Interface      Nexthops
------------------------ -------------- ----------------------------------------
0080.03c8.4c75.d7ee.8000 BE1            192.0.2.1
......
  ES Import RT      : 0000.0000.0000 (Incomplete Configuration)
  Source MAC        : 0000.0000.0000 (Incomplete Configuration)

Solution

Background

From ASR 9000 version 6.0, PBB-EVPN ESI format is changed to be RFC 7432 complaint. This means ESI auto-sensing cannot work between a PE 6.X and a PE on previous versions.

This diagram shows how the default ESI is generated for version 6.X and older versions.

Step 1: Troubleshoot ESI

Run show evpn ethernet-segment detail to check if the default ESI matches on all PEs. If not, manually configure ESI.

With ESI configuration, different software versions have different requirements. To meet these requirements, it is recommended to change ESI on all devices. 

• In version 6.X the first byte is always TYPE(00) so only the other 9 bytes are configurable.
• In version 5.X all fields are configurable, but "system ID" field requires that the multicast and admin bits are set to 1.

Configure ESI on version 6.X:

evpn
 interface Bundle-Ether1
  ethernet-segment
   identifier type 0 80.03.c8.4c.75.d7.ee.80.00

Configure ESI on version 5.X:

evpn
 interface Bundle-Ether1
  ethernet-segment
   identifier system-priority 80 system-id 03c8.4c75.d7ee port-key 8000

Step 2: Troubleshoot Load Balance Mode

There are 2 load balance modes, all-active per flow (AApF) and single-active per vlan (AApS). The default mode is AApF, and mode parameter must be the same on all PEs.

Change to single-active per vlan mode on version 6.X:

evpn
 interface Bundle-Ether1
  ethernet-segment
   load-balancing-mode single-active

Change to single-active per vlan mode on version 5.X:

evpn
 interface Bundle-Ether1
  ethernet-segment
   load-balancing-mode per-service

Step 3: Troubleshoot Source MAC

As a consequence of the load balance mode, PEs' Source MAC is not automatically generated. Run show evpn ethernet-segment detail to check the Source MAC and manually configure it if it mismatches or shows "incomplete". Note that all-active per flow mode requires the Source MAC to be the same, while single-active per vlan mode requires it to be different for each PE.

Configure Source MAC:

evpn
 interface Bundle-Ether1
  ethernet-segment
   backbone-source-mac 00c8.4c75.d7ee

Step 4: Troubleshoot ES Import RT

Make sure the ES Import RT matches on all PEs. On version 5.X the ES Import RT is not configurable and not listed in the output of show evpn ethernet-segment detail . You can run show bgp l2vpn evpn to find out the ES Import RT from its locally generated Type 4 EVPN route:

RP/0/RSP0/CPU0:ASR9001-PE2#show bgp l2vpn evpn rd 192.0.2.2:0 [4][0080.03c8.4c75.d7ee.8000][192.0.2.2]/128

Thu Jun  8 15:16:00.921 AEST
BGP routing table entry for [4][0080.03c8.4c75.d7ee.8000][192.0.2.2]/128, Route Distinguisher: 192.0.2.2:0
......
      Extended community: EVPN ES Import:01c8.4c75.d7ee

On version 6.X you can run show evpn ethernet-segment detail to check the ES Import RT. You can also use bgp route-target to configure it if it mismatches.

evpn
 interface Bundle-Ether1
  ethernet-segment
   bgp route-target 01c8.4c75.d7ee

Step 5: Verify the Results

After steps 1-4 run show evpn ethernet-segment detail. All multi-homed PEs must be listed as next hops of the same ES, the topology must be "MHN" and mode is either "AApF" or "AApS".

RP/0/RSP1/CPU0:ASR9010-PE1#show evpn ethernet-segment detail
Tue Jun  6 20:21:00.799 UTC
......

Ethernet Segment Id      Interface      Nexthops
------------------------ -------------- ----------------------------------------
0080.03c8.4c75.d7ee.8000 BE1            192.0.2.1
                                        192.0.2.2
  ES to BGP Gates   : Ready
  ES to L2FIB Gates : Ready
  Main port         :
     Interface name : Bundle-Ether1
     Interface MAC  : 4055.391a.78e3
     IfHandle       : 0x0a000220
     State          : Up
     Redundancy     : Active
  ESI type          : 0
     Value          : 80.03c8.4c75.d7ee.8000
  ES Import RT      : 01c8.4c75.d7ee (Local)
  Source MAC        : 00c8.4c75.d7ee (Local)
  Topology          :
     Operational    : MHN
     Configured     : All-active (AApF) (default)
  Primary Services  : Auto-selection
  Secondary Services: Auto-selection
  Service Carving Results:
     Bridge ports   : 3
     Elected        : 2
     Not Elected    : 1
  MAC Flushing mode : STP-TCN
  Peering timer     : 3 sec [not running]
  Recovery timer    : 30 sec [not running]

Troubleshoot Commands

• To check EVPN status, ESI, ES Import RT and source MAC:
  

  • Run show evpn ethernet-segment detail
    

• To check ES Import RT on version 5.X:
  
  • Run show bgp l2vpn evpn