Introduction
This document describes how to troubleshoot Ethernet Segment Identifier, Import RT, and Source MAC mismatch in PBB-EVPN multi-homed networks.
Prerequisites
Requirements
The reader must have an overview of EVPN and PBB-EVPN solutions.
Components Used
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Problem
In PBB-EVPN, Ethernet Segment Identifier (ESI) represents a ‘site’ connected to one or more PEs. Multi-homed PEs discover each other with the same ESI as its local one. But sometimes the default ESIs generated on these PEs do not match. This issue is seen when the PEs run on different software versions. In this case, a PE only sees itself as the nexthop of the ES, and the topology is single-homed (SH).
RP/0/RSP0/CPU0:ASR9001-PE2#show evpn ethernet-segment detail
......
Ethernet Segment Id Interface Nexthops
------------------------ -------------- ----------------------------------------
8000.00c8.4c75.d7ee.0001 BE1 192.0.2.2
......
Topology :
Operational : SH
In additional to ESI, multi-homed PEs also use Import RT to filter BGP EVPN routes from each other, and advertise Source MAC to remote PEs as the next hop of the ES. If Import RT or Source MAC on the PEs are incomplete or mismatch, MHN cannot work properly.
RP/0/RSP1/CPU0:ASR9010-PE1#show evpn ethernet-segment detail
......
Ethernet Segment Id Interface Nexthops
------------------------ -------------- ----------------------------------------
0080.03c8.4c75.d7ee.8000 BE1 192.0.2.1
......
ES Import RT : 0000.0000.0000 (Incomplete Configuration)
Source MAC : 0000.0000.0000 (Incomplete Configuration)
Solution
Background
From ASR 9000 version 6.0, PBB-EVPN ESI format is changed to be RFC 7432 complaint. This means ESI auto-sensing cannot work between a PE 6.X and a PE on previous versions.
This diagram shows how the default ESI is generated for version 6.X and older versions.
Step 1: Troubleshoot ESI
Run show evpn ethernet-segment detail to check if the default ESI matches on all PEs. If not, manually configure ESI.
With ESI configuration, different software versions have different requirements. To meet these requirements, it is recommended to change ESI on all devices.
- In version 6.X the first byte is always TYPE(00) so only the other 9 bytes are configurable.
- In version 5.X all fields are configurable, but "system ID" field requires that the multicast and admin bits are set to 1.
Configure ESI on version 6.X:
evpn
interface Bundle-Ether1
ethernet-segment
identifier type 0 80.03.c8.4c.75.d7.ee.80.00
Configure ESI on version 5.X:
evpn
interface Bundle-Ether1
ethernet-segment
identifier system-priority 80 system-id 03c8.4c75.d7ee port-key 8000
Step 2: Troubleshoot Load Balance Mode
There are 2 load balance modes, all-active per flow (AApF) and single-active per vlan (AApS). The default mode is AApF, and mode parameter must be the same on all PEs.
Change to single-active per vlan mode on version 6.X:
evpn
interface Bundle-Ether1
ethernet-segment
load-balancing-mode single-active
Change to single-active per vlan mode on version 5.X:
evpn
interface Bundle-Ether1
ethernet-segment
load-balancing-mode per-service
Step 3: Troubleshoot Source MAC
As a consequence of the load balance mode, PEs' Source MAC is not automatically generated. Run show evpn ethernet-segment detail to check the Source MAC and manually configure it if it mismatches or shows "incomplete". Note that all-active per flow mode requires the Source MAC to be the same, while single-active per vlan mode requires it to be different for each PE.
Configure Source MAC:
evpn
interface Bundle-Ether1
ethernet-segment
backbone-source-mac 00c8.4c75.d7ee
Step 4: Troubleshoot ES Import RT
Make sure the ES Import RT matches on all PEs. On version 5.X the ES Import RT is not configurable and not listed in the output of show evpn ethernet-segment detail . You can run show bgp l2vpn evpn to find out the ES Import RT from its locally generated Type 4 EVPN route:
RP/0/RSP0/CPU0:ASR9001-PE2#show bgp l2vpn evpn rd 192.0.2.2:0 [4][0080.03c8.4c75.d7ee.8000][192.0.2.2]/128
Thu Jun 8 15:16:00.921 AEST
BGP routing table entry for [4][0080.03c8.4c75.d7ee.8000][192.0.2.2]/128, Route Distinguisher: 192.0.2.2:0
......
Extended community: EVPN ES Import:01c8.4c75.d7ee
On version 6.X you can run show evpn ethernet-segment detail to check the ES Import RT. You can also use bgp route-target to configure it if it mismatches.
evpn
interface Bundle-Ether1
ethernet-segment
bgp route-target 01c8.4c75.d7ee
Step 5: Verify the Results
After steps 1-4 run show evpn ethernet-segment detail. All multi-homed PEs must be listed as next hops of the same ES, the topology must be "MHN" and mode is either "AApF" or "AApS".
RP/0/RSP1/CPU0:ASR9010-PE1#show evpn ethernet-segment detail
Tue Jun 6 20:21:00.799 UTC
......
Ethernet Segment Id Interface Nexthops
------------------------ -------------- ----------------------------------------
0080.03c8.4c75.d7ee.8000 BE1 192.0.2.1
192.0.2.2
ES to BGP Gates : Ready
ES to L2FIB Gates : Ready
Main port :
Interface name : Bundle-Ether1
Interface MAC : 4055.391a.78e3
IfHandle : 0x0a000220
State : Up
Redundancy : Active
ESI type : 0
Value : 80.03c8.4c75.d7ee.8000
ES Import RT : 01c8.4c75.d7ee (Local)
Source MAC : 00c8.4c75.d7ee (Local)
Topology :
Operational : MHN
Configured : All-active (AApF) (default)
Primary Services : Auto-selection
Secondary Services: Auto-selection
Service Carving Results:
Bridge ports : 3
Elected : 2
Not Elected : 1
MAC Flushing mode : STP-TCN
Peering timer : 3 sec [not running]
Recovery timer : 30 sec [not running]
Troubleshoot Commands
- To check EVPN status, ESI, ES Import RT and source MAC:
- To check ES Import RT on version 5.X: