background top icon
background center wave icon
background filled rhombus icon
background two lines icon
background stroke rhombus icon
header logo icon

Download "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router"

input logo icon
Cover of audio
Please wait. We're preparing links for easy ad-free video watching and downloading.
console placeholder icon
Previous video: CH341A Pro Programmer - Testing and DumpingNext video: №9. Элементы вариационного исчисления. Уравнения Лагранжа-Эйлера.
Similar videos from our catalog
|

Similar videos from our catalog

№9. Элементы вариационного исчисления. Уравнения Лагранжа-Эйлера.
1:11:27

№9. Элементы вариационного исчисления. Уравнения Лагранжа-Эйлера.

Channel: Лекторий ФОПФ
CH341A Pro Programmer - Testing and Dumping
10:03

CH341A Pro Programmer - Testing and Dumping

Channel: TRY ELECTRONICS
Strange Properties of SOLID AIR!
17:29

Strange Properties of SOLID AIR!

Channel: Thoisoi2 - Chemical Experiments!
iPad Air 2020 (4G) - классный, но зачем? Но зеленый и голубой... распаковываем и разбираемся...
19:03

iPad Air 2020 (4G) - классный, но зачем? Но зеленый и голубой... распаковываем и разбираемся...

Channel: Wylsacom
Спорт-4 для АК: что изменилось в версии 2.0, как установить?
18:04

Спорт-4 для АК: что изменилось в версии 2.0, как установить?

Channel: Зенитка
38. Ihlos (Ruhiy tarbiya)
40:45

38. Ihlos (Ruhiy tarbiya)

Channel: Muslim uz
👍 POE 4MP КОМПЛЕКТ ВИДЕОНАБЛЮДЕНИЯ HISEEU С ДОСТУПОМ ЧЕРЕЗ ИНТЕРНЕТ СО СМАРТФОНА⚡ HEVC H.265
17:54

👍 POE 4MP КОМПЛЕКТ ВИДЕОНАБЛЮДЕНИЯ HISEEU С ДОСТУПОМ ЧЕРЕЗ ИНТЕРНЕТ СО СМАРТФОНА⚡ HEVC H.265

Channel: Китай в SHOPe
Двухтопливные двигателя. Особенности бункеровки и использования СПГ на борту.
8:24

Двухтопливные двигателя. Особенности бункеровки и использования СПГ на борту.

Channel: At Sea
6. Redux и React. Redux saga асинхронные actions
13:50

6. Redux и React. Redux saga асинхронные actions

Channel: Ulbi TV
AED - 3D Medical Animation
0:25

AED - 3D Medical Animation

Channel: Amerra Medical
Video tags
|

Video tags

introduction
l2l3
evpn
services
supported
nokia
7750
service
router
Subtitles
|

Subtitles

subtitles menu arrow
  • ruRussian
Download
00:00:04
thanks everyone for joining today's
00:00:05
webinar an introduction to l2l3 evpn
00:00:08
services supported on the 7750 router
00:00:11
my name is darren barron i'm the
00:00:12
marketing and business support manager
00:00:14
for learning services our presenter
00:00:16
today is brian mckenzie subject matter
00:00:18
expert from our learning services team
00:00:21
as brian mentioned this webinar will be
00:00:22
recorded and made available to you by
00:00:25
email so please use the chat if you do
00:00:27
have any questions and we'll do our best
00:00:28
to get to them at the end
00:00:31
today's webinar is actually based on
00:00:33
some content from our newly released
00:00:36
evpn services course
00:00:39
op 0086 from the service routing
00:00:41
certification program so i'm just going
00:00:43
to give a quick overview of the program
00:00:45
uh before we get start before brian gets
00:00:48
into his material so this is our longest
00:00:50
standing program we've had 30 000 plus
00:00:52
learners 45 000 plus written exams at
00:00:55
the last time we checked
00:00:56
and over 12 30 12 000 certifications
00:00:59
awarded so by far nokia's biggest
00:01:01
certification program and probably most
00:01:04
important
00:01:05
um
00:01:06
so from this we've got um over 15
00:01:09
courses and workshops we've got
00:01:12
three industry recognized certifications
00:01:14
that i'll go quickly through in a minute
00:01:16
these are developed by members of our
00:01:18
team like brian and others working
00:01:20
closely with internal nokia
00:01:22
stakeholders to make sure we're using
00:01:24
best practices and providing strong use
00:01:27
cases and then obviously most of our
00:01:29
courses are about 50 50 hands-on labs in
00:01:32
theory and then we've got some different
00:01:34
solutions
00:01:36
for
00:01:38
for different uh
00:01:39
learning options
00:01:42
so in terms of benefits from an
00:01:43
organizational standpoint um i won't go
00:01:45
into this in too much detail but
00:01:47
there's a number of different reasons
00:01:48
why training and certifying yourself and
00:01:51
your organization
00:01:53
can greatly improve um you know the
00:01:55
speed in which you can release services
00:01:58
your innovation
00:02:00
um and just you know having a skilled
00:02:02
and happy workforce and from an employee
00:02:04
standpoint
00:02:06
certainly a greater opportunity for
00:02:07
promotion more confidence
00:02:10
and then increased productivity so a
00:02:12
number of different reasons why you
00:02:13
might consider obviously keeping your
00:02:15
skills up to date
00:02:17
and and then validating them through
00:02:19
certification
00:02:20
and probably are one of our biggest uh
00:02:23
customers based out of the us is a
00:02:25
company called cox communications and i
00:02:27
know they place a lot of emphasis uh on
00:02:30
training and certification of their
00:02:32
employees to ensure that they're
00:02:33
delivering uh the best services they can
00:02:38
um so the certifications in the program
00:02:40
the nrs one is is your introductory
00:02:42
certification um you know just learning
00:02:45
the essentials of ip networking mvp vpn
00:02:47
service routing
00:02:52
oh look that we got somebody from cox
00:02:53
here representing nice nice to hear from
00:02:55
you good morning
00:02:56
um and then uh moving on from that we've
00:02:59
got our nrs2 certification which is
00:03:01
obviously a level up and then after that
00:03:03
we've got the service routing architect
00:03:05
certification which which we've now
00:03:07
included as part of that as an option to
00:03:10
include evpn services and segment
00:03:12
routing
00:03:14
so here's just a quick look a diagram
00:03:16
that highlights the certifications you
00:03:18
can see here the nrs one
00:03:20
basically uh you know one written exam
00:03:23
and then you get into the nrs2 where
00:03:25
you're choosing your routing protocols
00:03:26
between isis and ospf
00:03:29
and then bgp mpls and services
00:03:31
architecture followed by a lab exam
00:03:34
so this is where you get into a half day
00:03:36
lab exam where you're doing
00:03:37
configuration
00:03:38
um
00:03:40
and getting into a you know that's where
00:03:42
it's really testing your knowledge and
00:03:44
then on the service route routing
00:03:46
architect it mainly builds on the uh
00:03:48
nrs2 with the with a few differences
00:03:50
where we've got a different uh a bgp
00:03:52
course for internet routing and then we
00:03:54
get into the vplan vprn and qos and then
00:03:57
the choice of the recommended
00:03:59
or a choice of electives
00:04:01
so the courses or or the self-study are
00:04:03
not mandatory you just have to do the
00:04:05
exams but certainly your best bet is
00:04:07
always going to be to
00:04:09
you know prepare with the hands-on
00:04:10
training
00:04:14
and here's just a quick list i won't go
00:04:15
through all the courses obviously but
00:04:17
this is just a list of the current
00:04:18
courses we have and we also have some
00:04:20
workshops as well to help you prepare
00:04:21
for the nrs2 lab exam
00:04:25
so the different options we have right
00:04:26
now
00:04:27
from an instructor-led standpoint we've
00:04:29
got our we've got an open public
00:04:30
schedule which is uh
00:04:32
which is most important for people that
00:04:34
aren't saying you know you can't get
00:04:35
away from the office or have six people
00:04:37
attend a private delivery so you can
00:04:40
attend a regularly scheduled public
00:04:42
course which is available across
00:04:43
multiple time zones in a virtual format
00:04:47
we are getting back to some face-to-face
00:04:48
but that's just reserved mainly for
00:04:50
private or on-site deliveries
00:04:52
and then we do sell these self-paced
00:04:54
training so that the self the materials
00:04:56
from the courses which are designed to
00:04:58
be able to use self-paced as well to
00:05:00
help you prepare for
00:05:02
um written exams or just to self-learn
00:05:04
and now we've we've recently made a
00:05:06
numerous updates to our mysr lab
00:05:08
environment so most of the courses from
00:05:11
the nrs1 nrs2 and all but a few in the
00:05:14
sra
00:05:15
certification which we're just
00:05:16
finalizing some updates on are all
00:05:19
usable on mysr lab which means you can
00:05:21
take the lab guide from the content and
00:05:25
and complete the labs using mysrlab
00:05:30
and then just tracking your tracking
00:05:32
your success so you know when you're
00:05:34
when you go to schedule your exams with
00:05:36
nokia you didn't you do need a nokia
00:05:37
account you don't have to be a customer
00:05:39
or partner there is a guest access that
00:05:41
you can use to get into
00:05:43
uh to create a nokia account you can
00:05:45
find that on our website when you go
00:05:47
through the student portal
00:05:50
just at the src site
00:05:52
and and from there you can create your
00:05:54
guest access and then
00:05:55
automatically create a student portal
00:05:57
account where you'll be able to track
00:05:59
all your certification requirements
00:06:00
schedule exams you can purchase course
00:06:02
materials there
00:06:04
find out what you need to do to renew
00:06:06
your certifications
00:06:07
and then
00:06:08
and then from a written standpoint for
00:06:10
the exams uh all exams are available
00:06:13
um the written exams are available uh
00:06:15
through pearson vue in person or or
00:06:18
probably 90 percent of our registrations
00:06:21
lately have been through onview which is
00:06:23
the online learning
00:06:24
and then the final piece for the nrs2 or
00:06:27
the sra is the lab exam component which
00:06:29
is also now both available uh virtually
00:06:32
so those uh some locations are now
00:06:35
available i
00:06:36
actually i don't think we've opened any
00:06:38
local sites yet for in-person exams but
00:06:40
certainly they are available virtually
00:06:46
and then if you do if you are coming
00:06:48
from other background there is some
00:06:49
opportunity to to get exemptions on the
00:06:51
nrs2 for some of the uh i think isis
00:06:53
ospf and bgp courses if you have some of
00:06:56
these cisco or juniper certifications so
00:06:58
it's worth checking out our exempt
00:07:00
exemptions pages and then we have these
00:07:02
uh composite exams that also allow you
00:07:04
to combine exams
00:07:06
um you know if you feel you've you've
00:07:08
put in the work and you've and you've
00:07:10
got the skills to go ahead and challenge
00:07:12
several exams at once it's a quicker way
00:07:14
to get through your certification
00:07:18
and then we've got our practice exams on
00:07:20
the lab exams we've got some what to
00:07:22
expect documents and we also have some
00:07:24
workshops available to help prepare for
00:07:26
the nrs2 lab exams
00:07:29
and then finally validating your
00:07:30
accomplishments so we in the last year
00:07:32
and a half i think now we've we've
00:07:34
introduced badges through credly which
00:07:36
is fairly common in the
00:07:37
telecommunications industry so this is a
00:07:39
great way to showcase your skills and
00:07:41
also validate your skills because it is
00:07:43
a verifiable and secure way
00:07:46
you know to ensure that that
00:07:48
you can improve your skills and it's not
00:07:50
just written on a piece of paper
00:07:51
somewhere
00:07:53
using our student portal now you can
00:07:54
access or print some nice new diplomas
00:07:57
that we've created
00:07:58
and then finally
00:08:00
for anybody that's passed at least two
00:08:02
exams in the src program you'll get this
00:08:04
really nice plaque
00:08:06
and then any
00:08:08
exams after that that you pass you'll
00:08:10
get
00:08:11
tiles in the mail that you'll be able to
00:08:13
stick right on there so i know brian's
00:08:15
got a couple of them hanging up on his
00:08:16
wall and they're
00:08:18
they're quite nice
00:08:23
and then just just the programs our team
00:08:25
support so our team focuses on the you
00:08:27
know as i said the service writing
00:08:28
certification program
00:08:29
the optical network certification
00:08:31
program uh anybody who joined our
00:08:33
webinar yesterday we talked about the
00:08:35
data center fabric certification program
00:08:36
which is a new program that's
00:08:38
evolving quite fast
00:08:40
and then
00:08:41
our nsp program which is also going to
00:08:44
evolve into a certification program
00:08:45
later this year we're going to start
00:08:47
introducing certifications and then from
00:08:49
the sdn standpoint we've got the nuage
00:08:51
networks virtuoso certification program
00:08:55
and with that i'm going to hand it over
00:08:56
to brian
00:09:09
all right now i found my mouse i'm ready
00:09:11
to go
00:09:17
all right folks welcome uh
00:09:19
so today what we're gonna go through is
00:09:22
darren said is
00:09:24
basically an introduction to our layer 2
00:09:26
layer 3 evpn services that we have
00:09:30
now supported on the 7750 router
00:09:33
this is a new course it is four days in
00:09:35
length
00:09:36
but
00:09:37
we're just gonna hit the highlights of
00:09:39
it at the end of it we'll have a
00:09:41
demonstration i'm gonna create a couple
00:09:44
different services one a layer two
00:09:46
services that spans
00:09:49
between two data centers and one only or
00:09:51
three services that spans between two
00:09:54
data centers
00:09:55
and we'll
00:09:57
talk about those
00:09:59
when we get there maybe a little more
00:10:01
detail on it
00:10:04
so as you know
00:10:06
brian sorry
00:10:07
are you trying to share this slide
00:10:09
am i not presenting uh while you're
00:10:11
talking oh well
00:10:13
that's bad then
00:10:16
it's only bad if i let you go on for too
00:10:17
much longer
00:10:19
there we go
00:10:24
thank you darren that was that's
00:10:26
embarrassing
00:10:28
well i know it's quite early for you so
00:10:30
oh it's not not as bad as it's not as
00:10:32
bad as yesterday and i didn't mess up
00:10:34
yesterday not much
00:10:35
[Laughter]
00:10:38
uh
00:10:40
all right so can everybody see my screen
00:10:42
let's start
00:10:46
okay so our vpn services
00:10:50
as you know your service provider has
00:10:52
a physical network
00:10:54
and we utilize these vpn services to
00:10:58
carve out
00:10:59
portions of that physical network
00:11:02
to
00:11:03
satisfy a customer's requirement
00:11:06
so these are just logical entities
00:11:11
that exist on the physical network to
00:11:14
support a customer's unique
00:11:16
requirements for connectivity within our
00:11:19
networks
00:11:21
the big thing about the vpns is
00:11:24
sorry to keep the customers traffic
00:11:26
isolated from other customers
00:11:31
so we have another number of different
00:11:33
vpn services that we can support virtual
00:11:36
private wire services which is a layer
00:11:39
two but it's a point-to-point service it
00:11:41
just has two endpoints between the
00:11:43
customers sites
00:11:45
we have our virtual private land service
00:11:47
which is a layer two multi-point service
00:11:49
so that we basically make the network
00:11:52
look and behave like an ethernet switch
00:11:56
and then we have our vprn or our virtual
00:11:59
private routed network which is a layer
00:12:01
3 multi-point services where again we're
00:12:04
now making the network behave as if it's
00:12:07
a unique router to instance
00:12:10
when we create these different services
00:12:13
they have to all be uniquely identified
00:12:16
by a service id
00:12:20
now in our standard services we have to
00:12:22
have a couple different types of tunnels
00:12:26
one is the transport tunnels that's the
00:12:28
interconnection between the two rotors
00:12:32
so each rotor has to have a transport
00:12:34
tunnel that takes it through the core of
00:12:36
the network and terminates on the far
00:12:39
npe routers
00:12:41
so wherever customers are coming into a
00:12:43
service
00:12:44
their traffic then has to go into this
00:12:46
transport tunnel that will take to the
00:12:48
far end where the other customer sites
00:12:52
are located
00:12:54
we have different types of transport
00:12:56
tunnels one is mpls
00:12:58
now the mpls labels can be distributed
00:13:01
using rsvp ldp or segment routing
00:13:05
another form of transport tunnel is our
00:13:07
generic road encapsulation where we're
00:13:09
just taking the information from the
00:13:12
customer
00:13:13
wrapping it up in an ip packet and
00:13:16
sending it off to the far end
00:13:19
and vxlan is another form of transport
00:13:21
tunnel that we're going to see it in use
00:13:23
today
00:13:25
vxlan again we're wrapping it up into an
00:13:28
ip packet but it also in the vxlan
00:13:31
header is a vax lan network identifier
00:13:34
that identifies which service
00:13:37
that this traffic belongs to
00:13:41
so depending upon the type of transport
00:13:44
tunnel we're using we're going to have
00:13:47
for example an mpls tunnel
00:13:50
will have one mpls transport tunnel that
00:13:53
can carry multiple services to the same
00:13:56
destination
00:14:00
so to keep that cup traffic isolated in
00:14:03
that specific transport tunnel we would
00:14:06
create a second tunnel
00:14:07
that resides in that transport tunnel
00:14:10
and these are referred to as our service
00:14:12
tunnels
00:14:14
the labels that are utilized for the
00:14:17
service tunnels are negotiated directly
00:14:19
between the two pes and they're
00:14:22
utilizing either targeted ldp or
00:14:25
multi-protocol bgp to exchange these
00:14:28
labels
00:14:30
so in our
00:14:32
standard deployment
00:14:34
of a service
00:14:36
we have multiple control plane protocols
00:14:39
we need a routing protocol that tells me
00:14:41
how to get from p e pe1 to pe2
00:14:45
we need a signaling protocol that will
00:14:47
set up my mpls transport tunnel now we
00:14:50
need a second signaling protocol that
00:14:52
will set up my service tunnels
00:14:56
so
00:14:57
we need to be able to reduce
00:15:00
this type of signaling and that's what
00:15:02
evpn does for us
00:15:05
evpn gives us this unified topology or
00:15:09
umbrella that encompasses basically all
00:15:12
the services that i can offer
00:15:15
so we have our layer two services and
00:15:18
e-line or ethernet line which is our
00:15:20
virtual private wire service
00:15:23
we have our e-land or ethernet lan which
00:15:25
is our vpls service
00:15:28
and we offer also the e-tree which is
00:15:31
basically if you think about it as a hub
00:15:33
and spoke type service where the root
00:15:36
can talk to all the branches
00:15:39
but if the branches want to communicate
00:15:41
to each other they must go through the
00:15:43
root to get there
00:15:46
in our layer 3 services we have our
00:15:49
standard vprn
00:15:51
but we also can support our next
00:15:53
generation multicast vpn
00:15:57
so all of these services can fall under
00:16:00
the umbrella of evpn
00:16:05
so to make life easy for us
00:16:09
we use multi-protocol bgp
00:16:13
to exchange the network information
00:16:16
required for these services
00:16:19
there are a number of different route
00:16:21
types to find depending upon the type of
00:16:24
service that you're configuring
00:16:27
we exchange the evpn routes between all
00:16:30
the pes that are configured as my peers
00:16:33
in my multi-protocol bgp configurations
00:16:40
so the route types that we used as i
00:16:42
said depend upon the services that
00:16:44
you're going to see
00:16:47
so here are
00:16:48
five of the different route types i'm
00:16:50
only showing up the ones that we use for
00:16:53
a unicast scenario
00:16:55
when we get into the next generation
00:16:57
multicast scenario there's another four
00:17:00
or five route types associated to that
00:17:03
so we're only looking at the ones here
00:17:06
for our unicast type scenario
00:17:09
so our first one is the ethernet auto
00:17:11
discovery so it's a layer it's used in a
00:17:14
layer two service that supports
00:17:16
multi-homing
00:17:19
what we do is we identify
00:17:22
to the far npes all the remote pes that
00:17:26
this specific local router is connected
00:17:30
to an ethernet segment that is
00:17:32
multi-homed
00:17:35
then we have our mac ip advertisement
00:17:38
this is a step up from the standard vpls
00:17:41
service
00:17:42
a standard vpls service builds its
00:17:45
forwarding database based upon the data
00:17:48
plane it has to receive an ethernet
00:17:51
frame to be able to put that source mac
00:17:54
address into its forwarding table
00:17:57
with an evpn as soon as a peu learns a
00:18:02
local mac address
00:18:04
they can generate a mac advertisement
00:18:06
and send that thing send that mac
00:18:09
address to all the pe's participating in
00:18:11
the service
00:18:13
so that those remote pes can now build
00:18:15
their forwarding table without waiting
00:18:18
for a data pack
00:18:22
we have our inclusive multicast ethernet
00:18:25
tag or our imet
00:18:27
this is utilized to discover all the pes
00:18:30
that are participating in a specific
00:18:32
service
00:18:33
that's its first function
00:18:37
so as soon as i create a service on a pe
00:18:40
router and that service becomes
00:18:42
operational
00:18:44
multi-protocol bgp will send this type 3
00:18:47
route to all the pe's identifying the
00:18:50
service that we're utilizing
00:18:52
and the label you need to use to send
00:18:55
traffic to me and that's for my
00:18:58
broadcast unknown destination and
00:19:00
multicast traffic
00:19:02
so all the remote pe's can build their
00:19:05
40 or their flooding trees
00:19:08
based upon these imet tanks
00:19:14
the type 4 route or my ethernet segment
00:19:17
wrote again is used in a layer 2 service
00:19:19
in the multi-homing scenario
00:19:21
this is exchanged between the pes that
00:19:25
are all connected to the same ce device
00:19:28
using the same ethernet segment
00:19:32
we're going to
00:19:34
use this to discover all of the pe's
00:19:36
that are connected to this ethernet
00:19:38
segment
00:19:39
and identify which pe will be the
00:19:42
designated forwarder for this ethernet
00:19:45
segment and we'll see the various roles
00:19:48
dependent upon the type of redundancy
00:19:50
that's used in this ethernet segment
00:19:54
if it's a
00:19:55
active standby scenario or it's an all
00:19:58
active scenario we'll see that in a bit
00:20:03
the one route type for my layer 3 vpn is
00:20:06
the ip prefix
00:20:07
and as it says here that's its job is to
00:20:10
generate an update with all the ip
00:20:14
prefixes that are locally connected to
00:20:16
this vprn service
00:20:26
my data plane
00:20:29
so we can
00:20:30
evpn allows us to use
00:20:33
multiple technologies in the core of the
00:20:35
network
00:20:37
so the ingress pe's job is to
00:20:40
encapsulate the customer's traffic
00:20:43
with a label of some kind that uniquely
00:20:45
identifies each service so that would be
00:20:48
referred to as our service label
00:20:51
however in an evpn environment that
00:20:53
service label could be an mpls label
00:20:57
or it could be a vxlan network
00:20:59
identifier
00:21:01
so evpn gives us the flexibility to use
00:21:04
both mpls or vxlan
00:21:08
so we don't have to
00:21:10
modify our network
00:21:13
we're going to encaps the data
00:21:15
encapsulate the data and then tunnel it
00:21:17
between the pe so
00:21:19
we first put the label on it that
00:21:21
identifies the specific service then we
00:21:24
take that
00:21:25
labeled packet and put it in the tunnel
00:21:28
that takes me from my local p e to the
00:21:30
remote p e
00:21:33
and so we can do evpn over mpls
00:21:37
we can do evpn over vxlan
00:21:48
so let's talk first about our layer two
00:21:50
service our elan service
00:21:57
some new terminology for some old
00:22:01
systems
00:22:03
so first thing is the broadcast domain
00:22:06
since it's a layer two service all the
00:22:08
connections are in a single broadcast
00:22:11
domain
00:22:13
these broadcast domains are all
00:22:15
associated to an evpn instance
00:22:18
identifier
00:22:20
so for those who have been playing with
00:22:22
vpls a long time
00:22:25
think of the evpn instance identifier as
00:22:27
the service id number
00:22:31
the mac vrf is the forwarding table that
00:22:34
we're going to use inside each one of
00:22:37
these instances to forward traffic in
00:22:39
there so it's going to contain all the
00:22:42
mac addresses of the ce's
00:22:45
that are connected into this specific
00:22:47
service
00:22:53
so when you first turn up a service and
00:22:56
it becomes operational the first route
00:22:59
that it's going to advertise is that
00:23:01
type 3 imet route
00:23:03
it's going to identify
00:23:06
the service that you're associated to by
00:23:08
using the route target that's associated
00:23:11
to that service
00:23:12
and the label that you can use
00:23:15
to access this service for your
00:23:17
broadcast unknown and multicast traffic
00:23:22
so each one of the pes will generate
00:23:25
this imet route so each pe can now
00:23:29
create what's called referred to as the
00:23:31
flooding list
00:23:32
if i get a broadcast message
00:23:35
coming in from ce1 to pe1 how do i get
00:23:39
it to the vpls service on pe2 and pe3
00:23:43
well i'll replicate it
00:23:45
afix the appropriate label and then send
00:23:48
it out to pe2
00:23:50
mpe 3 through the transport tunnels
00:23:53
whether that transport tunnel be mpls or
00:23:56
vxlan
00:23:58
as i said this label
00:24:01
could be an mpls label it could be a vni
00:24:05
pxlan network identifier
00:24:13
then the next thing is
00:24:15
learning a local mac address so
00:24:18
let's assume we have a protocol like
00:24:21
lldp running between the pe and the ce
00:24:24
device so i'm going to learn them ce's
00:24:27
mac address
00:24:29
as soon as i learn that ce mac address
00:24:31
i'm going to generate a type 2 wrote a
00:24:34
mac ip advertisement now i'm going to
00:24:36
advertise this mac address to the pe
00:24:39
devices
00:24:41
and they can now start building their
00:24:43
forwarding table without actually having
00:24:45
to receive data
00:24:48
from ce1
00:24:50
and each pe will do the same as they
00:24:53
learn a local mac address they will
00:24:55
generate a type 2 route send it out
00:25:03
the other thing we see here it says mac
00:25:05
ip advertisement
00:25:08
we can turn on proxy onto these vpls
00:25:12
services
00:25:14
and then when i advertise out the mac
00:25:16
address for ce1 i'll also advertise out
00:25:20
its ip address
00:25:22
and then the remote pe's can build their
00:25:24
proxy arp tables
00:25:27
so if ce2 for example creates an arp
00:25:31
message for the mac address for ce1
00:25:35
he'll generate that up to pe2 pe2 now
00:25:39
has the mac ip pairing of ce1
00:25:42
so pe2 can respond as a proxy for ce1
00:25:47
and give ce2 the mac address
00:25:50
that it will allow it to communicate to
00:25:52
ce1
00:25:56
thereby reducing the amount of broadcast
00:25:59
traffic that goes through the courier
00:26:01
network
00:26:05
we talked about our layer two services
00:26:07
whether they be e-line or e-land support
00:26:11
multi-homing
00:26:13
we have two options with the
00:26:15
multi-homing we have a single active
00:26:18
where one pe is in charge of forwarding
00:26:21
all traffic to and from the ce device
00:26:24
and then we have the all active mode
00:26:27
where all the pe's that are connected to
00:26:29
this ethernet segment
00:26:31
will be able to forward traffic to and
00:26:33
from the device
00:26:35
okay
00:26:40
now to try to control this
00:26:42
we have our ethernet segment concept and
00:26:45
the ethernet segment is all the links
00:26:47
that connect
00:26:49
one or more pe's to a ce device
00:26:55
so we have to uniquely identify this
00:26:58
ethernet segment so that's how we have
00:27:00
our ethernet segment identifier that
00:27:02
again
00:27:03
gives us a common
00:27:05
number that we're going to use
00:27:07
on both pes here that are connected to
00:27:10
it
00:27:11
now depending upon
00:27:14
the redundancy method if we go back
00:27:17
see if we have an all active then we're
00:27:19
going to need the ce to be configured
00:27:22
with a leg so that we prevent loops from
00:27:25
forming
00:27:29
so we have to identify whether or not
00:27:31
we're doing an all active scenario and
00:27:33
then if we are doing an all-active then
00:27:35
that ce has to have a lag configured on
00:27:38
these links that connect up to the pe
00:27:40
devices
00:27:46
so for multi-homing we talked about them
00:27:48
earlier we have two different types of
00:27:50
right the auto discovery routes and the
00:27:53
ethernet segment routes
00:27:55
and then the auto discovery routes are
00:27:59
have two subtypes associated to it one
00:28:01
is the auto discovery per ethernet
00:28:04
segment and then the auto discovery per
00:28:06
evpn
00:28:09
so let's take a look at these
00:28:13
so the first one we'll look at is the
00:28:15
auto discovery per ethernet segment
00:28:17
route
00:28:19
so this is identified or sent out by all
00:28:21
the pe's that are connected to
00:28:24
an ethernet segment
00:28:26
in there they're identifying the
00:28:28
redundancy mode for that ethernet
00:28:30
segment whether it's all active or
00:28:32
single active
00:28:34
and it also includes an ethernet segment
00:28:36
identifier label
00:28:39
this is for split horizon between the
00:28:41
pe's that are connected to that ethernet
00:28:45
segment
00:28:49
excuse me
00:28:53
we'll see that later on just to make
00:28:55
sure that we don't have a loop
00:28:57
we'll see this in a bit but that's why
00:29:00
we send out this label
00:29:04
now an auto discovery per evpn instance
00:29:08
or so we have the evidence
00:29:12
we're going to advertise an evpn
00:29:14
instance that is associated to this
00:29:17
ethernet segment so here is my service
00:29:20
id and my service id is connected to
00:29:22
this ethernet segment
00:29:25
now we're also identifying
00:29:28
what is my role
00:29:30
for that ethernet segment so those pe's
00:29:33
that are connected to that ethernet
00:29:35
segment will identify their role
00:29:37
am i a primary or am i a standby
00:29:41
depending upon the redundancy
00:29:43
if i have multiple pes connected into an
00:29:46
all active scenario then they identify
00:29:49
to all the remote pes that they're all
00:29:51
primary
00:29:53
if we're in a single active then i have
00:29:56
a primary and a backup
00:29:59
so when they're all active the remote
00:30:01
pe's can create what's called an
00:30:04
aliasing list
00:30:05
it's just identifying that it can send
00:30:08
traffic to one if not all of the pes
00:30:11
connected to the ethernet segment
00:30:14
so if that vp vpn is configured for
00:30:18
load balancing or ecmp
00:30:20
it can now load balance between all the
00:30:23
pe's that are connected to that ethernet
00:30:25
segment
00:30:28
when i have a single active es one is
00:30:30
identified as the primary he is the
00:30:33
designated forwarder for that ethernet
00:30:35
segment
00:30:36
and all the other pes
00:30:39
are not designated forwarders so they
00:30:40
become the backup
00:30:43
so they all the other pe s go into the
00:30:45
remote pe's backup list so should the
00:30:48
primary fail we can
00:30:51
then ident we can identify a backup to
00:30:54
it
00:31:00
the type 4 ethernet segment wrote
00:31:03
is sent between the pes that are
00:31:05
connected to the ethernet segment
00:31:09
we ensure that it's only used by the
00:31:12
pe's that are connected to the ethernet
00:31:14
segment by
00:31:16
automatically deriving the route target
00:31:19
from the ethernet segment identifier
00:31:22
so pes that are not connected to this
00:31:25
ethernet segment
00:31:26
will not import the routes
00:31:29
only the pe's that are connected to this
00:31:32
ethernet segment with that ethernet
00:31:34
segment identifier will import the roads
00:31:38
we use this
00:31:39
ethernet segment wrote
00:31:42
to
00:31:43
identify who will be the designated
00:31:46
forwarder
00:31:51
so we saw that we can have a designated
00:31:53
we're going to have a designated
00:31:55
forwarder for the ethernet segment
00:31:57
whether
00:31:58
it's all active or whether it's a
00:32:00
standby
00:32:02
active scenario we're still going to
00:32:04
have a designated forwarder so depending
00:32:07
upon the redundancy role
00:32:10
we have different functions that the
00:32:12
designated forwarder and non-designated
00:32:14
forwarder will use
00:32:18
so in an all active scenario
00:32:20
my designated forwarder can forward all
00:32:22
the traffic and receive all the traffic
00:32:25
whether it's from the ce or from
00:32:28
the remote pe's
00:32:31
in the non-designated forwarder
00:32:34
he can send and receive unicast traffic
00:32:38
to and from the ce
00:32:41
he can receive multicast traffic from
00:32:44
the ce
00:32:45
but he cannot transmit multicast traffic
00:32:49
to the ce this is one of the ways we
00:32:52
prevent loops
00:32:54
only the designated forwarder can treat
00:32:57
send multicast broadcasts or unknown
00:32:59
destination traffic to the ce
00:33:02
just excuse me for a second
00:33:16
sorry i had a tickle in my throat had to
00:33:18
get rid of
00:33:21
in a single active scenario
00:33:28
as you can see the non-df just goes into
00:33:30
standby he cannot receive transmit
00:33:34
any kind of traffic
00:33:36
only the df or the designated forwarder
00:33:39
can send and receive traffic
00:33:48
so let's take a look at an all active
00:33:50
multi-homing scenario and this aliasing
00:33:54
as seen in all active environment
00:33:57
we have first
00:33:59
advertisement about the ethernet segment
00:34:02
and the redundancy model of that
00:34:04
ethernet segment so we are advertising
00:34:06
that to all the pe's
00:34:11
then we're advertising the evi
00:34:14
okay my service id number
00:34:18
that is connected to that ethernet
00:34:20
segment and then how to reach me
00:34:24
if you want to use me as access to the
00:34:27
ce
00:34:29
or this service that's connected to this
00:34:32
ethernet segment
00:34:34
so on my remote pe
00:34:37
we now know that
00:34:38
there is an e ethernet segment out there
00:34:41
we've learned that through the auto
00:34:43
discovery per ethernet segment row
00:34:46
and we know to reach this ethernet
00:34:48
segment i can send it to either pe3
00:34:52
or pe1 using these labels
00:34:58
now
00:34:59
ce
00:35:01
he has a lag configured he sends a
00:35:03
packet up into pe one of some kind
00:35:06
whether it's controller data don't care
00:35:09
pe one is going to advertise that
00:35:11
there's a mac
00:35:13
and this is the mac address
00:35:15
and it's associated to ethernet segment
00:35:17
identifier 1.
00:35:19
we put that into the tape forwarding
00:35:22
table of pe 2 saying to reach this mac
00:35:24
address i got to get to esi1
00:35:28
to get to esi1 i can send it either to
00:35:31
label or either to pe1 or pe3
00:35:44
we talked about the split horizon
00:35:46
earlier and this is the auto discovery
00:35:48
per ethernet segment wrote
00:35:51
so as these devices were connected to
00:35:55
the segment and a vpls service came up
00:35:57
on there we identified that we are
00:36:00
connected
00:36:01
to this service and we sent that auto
00:36:03
discovery per ethernet segment route to
00:36:06
all the pe's
00:36:08
well when i sent it from pe 3 to pe 1 i
00:36:11
identified a label
00:36:13
that he should use
00:36:16
when he wants to send me any broadcast
00:36:18
or unknown multicast traffic
00:36:21
that is associated to this ethernet
00:36:23
segment
00:36:24
that way when i receive this esi label
00:36:28
as part of the packet
00:36:30
i know not to forward it out the leg
00:36:33
i would just get rid of it
00:36:37
because that's a label that i sent this
00:36:39
is how we're achieving split horizon
00:36:42
so when the
00:36:44
pe in this case we we have the all
00:36:47
active scenario
00:36:49
the ce is sending out a broadcast frame
00:36:52
the service has to set that frame into
00:36:55
his flooding list now the flooding list
00:36:58
includes all the pe's that are
00:37:00
participating in the service
00:37:03
i know pe 2 is not connected to the
00:37:07
ethernet segment because he did not send
00:37:09
me an ethernet segment identifier label
00:37:11
so i'll just add on the label that
00:37:13
identifies his service and sent him the
00:37:16
traffic
00:37:19
however pe3
00:37:21
did identify that he's connected to the
00:37:23
same ethernet segment i am and this is
00:37:26
my esi label that he sent me
00:37:29
so i will wrap the traffic up in the esi
00:37:32
label and then put the flooding list
00:37:34
label that he sent me on the imet
00:37:37
and send that off to pe3
00:37:40
pe3 will pop this label
00:37:44
interrogate the esi label see that it's
00:37:47
associated to this ethernet segment so
00:37:50
he will not forward the traffic out this
00:37:53
ethernet segment
00:37:56
the reason why we send
00:37:58
pe 3 that label
00:38:01
is because that vpls could have another
00:38:04
ce hanging off of it right here
00:38:07
so we have to send him the flooding
00:38:11
traffic
00:38:12
we just have to identify
00:38:16
don't send it out the leg if you have
00:38:18
another ce you can send it to him don't
00:38:21
send it out the leg
00:38:22
so that's why we have the esi label
00:38:28
you won't send it out the leg but he
00:38:29
will send it to this other ce that's
00:38:32
part of that vpls service
00:38:45
so the df as we talked about the des
00:38:48
native forwarder
00:38:50
is elected using that uh ethernet
00:38:53
segment route
00:38:55
in a single active multi-home in the df
00:38:58
rule
00:38:59
is everything all traffic must go
00:39:01
through the designated forwarder
00:39:04
the sat the non-designated forwarder
00:39:06
brings their saps
00:39:08
that service access point that connects
00:39:10
to the ce they bring that to
00:39:13
operationally down
00:39:15
so any traffic that's going to or from
00:39:18
the ce
00:39:20
has to go through the designated
00:39:22
forwarder
00:39:29
so our single multi-homing advertised
00:39:31
routes
00:39:32
again we both send out the ad per
00:39:35
ethernet segment identifying that we are
00:39:38
both connected to the ethernet
00:39:40
segment and that it is in single active
00:39:45
and then our role for that ethernet
00:39:47
segment
00:39:48
and then we will send out the ad per evi
00:39:54
okay so pe2 will receive all this
00:39:56
information you'll see that the role of
00:39:59
pe1 is the primary the role of pe 3 is
00:40:03
the backup
00:40:04
so whenever he receives a route
00:40:07
a macro
00:40:09
we're going to see that in his
00:40:11
forwarding table
00:40:13
i received the mac address associated to
00:40:16
esi1
00:40:18
to get to esi 1 i must send it to pe1
00:40:22
using this label he is the primary
00:40:25
pe 3 is a backup should the primary fail
00:40:30
then i can send the traffic to
00:40:32
pe3
00:40:37
now pe3 since it's the non-designated
00:40:40
forwarder he's learned this mac address
00:40:43
as well because when we sent it out
00:40:46
okay i sent out this mac address i sent
00:40:49
it to pe2 but i also sent it to pe 3
00:40:52
because he is a bgp peer
00:40:56
so pe3 puts that mac information into
00:41:00
his forwarding table it's mapping to
00:41:02
esi1 which is ethernet segment but since
00:41:06
he's the non-df and the samp is
00:41:08
operationally down his mapping of esi
00:41:11
one is to pe1
00:41:14
so if he gets traffic destin
00:41:18
example again we'll go back to my pen
00:41:23
and we'll draw my other ce here
00:41:27
and connect it see how fancy drawing i
00:41:30
am
00:41:31
good look at that
00:41:32
we'll connect it into the vpls so if
00:41:35
this ce wants to send traffic
00:41:38
to ce1 he sends it to the v into the
00:41:41
vpls service the vpls service sees that
00:41:45
ce1's mac address is associated to the
00:41:48
esi
00:41:50
pe3 actually has to send the traffic up
00:41:53
to
00:41:54
pe one
00:41:56
so that pe one can forward the traffic
00:41:59
to the ce
00:42:14
so vpls cross ip mpls networks
00:42:19
but we can have an interconnection
00:42:21
between data centers
00:42:26
so this data center could be vxlan
00:42:30
this data center could be vxlan
00:42:33
two separate data centers
00:42:35
we're interconnecting them across an
00:42:37
mpls core
00:42:39
now this mpls core
00:42:41
could be evpn or non-evpn
00:42:45
we can still interconnect them across
00:42:47
the course
00:42:49
so we can allow vxlan
00:42:52
vxlan and then interconnect them across
00:42:55
an ip mpls core whether it be
00:42:59
evpn
00:43:01
or non-evpn in this core network
00:43:07
and we can do that for all layer 2
00:43:10
services
00:43:17
so our layer 3 service
00:43:21
bprn service
00:43:23
we've got a couple different 40 models
00:43:26
that evpn has defined
00:43:29
for our vprn services there's the
00:43:32
asymmetric and symmetric 40 models and
00:43:35
we'll just briefly touch on them all
00:43:40
so the asymmetric forwarding model
00:43:43
means that all
00:43:45
forwarding layer 3 forwarding decisions
00:43:47
are local
00:43:49
so as you can see here i've got host 2
00:43:52
that's connected to the 1.0 24 network
00:43:56
and host 4 that's connected to the 4.0
00:43:59
24 network
00:44:01
with this
00:44:03
on pe 1 i must have a routed instance
00:44:06
for the vpls
00:44:09
that connects to pe1 that belongs to
00:44:11
that four network
00:44:14
doesn't seem too bad but let's bring in
00:44:17
my trusty pen again
00:44:21
let's connect a third
00:44:23
bpls service
00:44:26
connecting to another ce device
00:44:29
for another network
00:44:32
well that means that over here
00:44:34
we must have another vpls service for
00:44:38
that subnet
00:44:39
and we have another tunnel coming across
00:44:43
because everything is forward through
00:44:45
the network via layer 2. so every time i
00:44:48
add in another
00:44:50
subnet
00:44:52
every pe must be configured with a vpls
00:44:56
service that belongs to that subnet
00:44:58
even though they don't have
00:45:01
a host associated to that subnet
00:45:06
so as you can see over here vprn 10 only
00:45:09
has a single subnet connected to it as
00:45:12
far as a host
00:45:13
but it has two other subnets that it has
00:45:16
to have configured on it to get to the
00:45:18
vpls service that will allow us it to
00:45:21
communicate to the local host
00:45:24
this is the asymmetric forwarding model
00:45:26
so it's not a scalable solution
00:45:36
the other one is the symmetric 40 model
00:45:40
this is giving us
00:45:42
uh vrf to vrf prefix runs and we're
00:45:45
going to be using that whether we're
00:45:47
going interfaceless
00:45:49
interface full and when we get into the
00:45:51
interface full we have numbered or
00:45:53
unnumbered we're going to be using these
00:45:56
ip prefix routes
00:46:00
we're going to talk touch on these
00:46:02
symmetric models and we'll touch on all
00:46:04
three of these the interfaceless
00:46:06
interface full numbered and interfaceful
00:46:08
unnumbered and we're just going to touch
00:46:10
on them in the high level
00:46:12
the interface list model
00:46:15
is something that we're all familiar
00:46:16
with this is basically how our standard
00:46:18
vprn works
00:46:21
we have a local subnet we generate an ip
00:46:24
prefix route and we advertise it to the
00:46:27
vprn on the far mpe he populates that
00:46:31
into his routing table
00:46:32
so we don't require any mac ip routes to
00:46:35
be exchanged alls we need is an ip
00:46:38
prefix route and we can exchange the
00:46:41
information across
00:46:43
that's our interface less vrf to vrf
00:46:46
model
00:46:48
but let's have some flexibility
00:46:52
let's go to the interface full numbered
00:46:55
vrf to vrf model
00:46:58
what we're going to do is now create
00:47:01
what's referred to as a supplementary
00:47:03
broadcast domain some of you may know
00:47:05
this as a backhaul
00:47:08
vpls service
00:47:10
and it is a layer 2 service
00:47:13
it's different from
00:47:16
the asymmetrical side because now
00:47:20
if i bring in
00:47:23
that other vpls service
00:47:28
with my other ce so i bring in a second
00:47:31
or subnet here on vprn 10.
00:47:38
laser pointer thank you
00:47:40
i don't have to do any configurations in
00:47:42
here my supplementary broadcast domain
00:47:45
will still be used to interconnect the
00:47:47
vprns and i'll still be able to send
00:47:49
stuff across
00:47:51
if i bring in a third
00:47:54
router
00:47:56
third pe device
00:47:58
all i have to do is interconnect them
00:48:02
using the supplementary broadcast domain
00:48:05
so he can bring in as many subnets as we
00:48:07
want from this other pe
00:48:11
and we don't have to do anything like we
00:48:13
had to do in the asymmetric version
00:48:17
we only have to maintain the
00:48:20
supplementary broadcast domain
00:48:24
and any routed vpls or host
00:48:26
connectivities that we want on our pe
00:48:32
okay so my supplementary broadcast
00:48:34
domain has no saps what it has is an uh
00:48:37
integrated routing and bridging
00:48:38
interface that
00:48:40
logically connects the vprn to the
00:48:43
supplementary broadcast domain just as
00:48:45
it does logically connecting the eroded
00:48:47
vpls to the vpn
00:49:01
so in my interface full number two
00:49:05
model of our routes that we're
00:49:06
advertising we're advertising two
00:49:08
different routes
00:49:10
so we'll take a look from pe two's
00:49:12
perspective he has the 10 10 ford
00:49:15
network connected to him
00:49:17
so he's going to generate two roads the
00:49:19
first route is my ip prefix route
00:49:22
and it's identifying the gateway ip
00:49:25
address
00:49:26
as the interface that connects it the
00:49:29
vprn to the supplementary broadcast
00:49:31
domain
00:49:33
and he's going to advertise that over to
00:49:35
the vprn 10.
00:49:39
now there's a mac address associated to
00:49:41
this interface and that interface can
00:49:43
that mac address and interface combo
00:49:45
belongs to the supplementary broadcast
00:49:48
domain so it will advertise a mac ip
00:49:51
wrote
00:49:53
saying if you wanted to get to 10 10 10
00:49:56
100 3.2 this is the mac address that you
00:49:59
have to use and this is the vni
00:50:02
for this
00:50:03
uh supplementary broadcast domain or an
00:50:06
mpls label for the supplementary
00:50:08
broadcast domain depending upon what is
00:50:11
the core i'm using
00:50:13
and so my vprn gets the route
00:50:17
and identifies that he has to get to
00:50:19
10-1032
00:50:21
which is local here
00:50:25
my supplementary broadcast domain gets
00:50:27
the mac address associated with 10 103.2
00:50:31
so when the vprn goes to send it he
00:50:34
knows to get to this address he must
00:50:36
wrap it up into this mac ip or this mac
00:50:39
address
00:50:41
and that mac address is forwarded by the
00:50:44
supplementary broadcast domain to this
00:50:46
interface
00:50:48
so i'm still doing local routing
00:50:51
still doing layer 2 across the core
00:50:55
but i don't have to have multiple
00:50:57
instances
00:50:58
of a vpls
00:51:00
that i know don't have a local host for
00:51:03
i have just the one supplementary
00:51:06
broadcast domain that can interconnect
00:51:11
so the data flow
00:51:14
we have our payload
00:51:16
we have our source mac address which is
00:51:18
the mac address of vpr and tens
00:51:21
interface
00:51:22
we have the destination mac address
00:51:25
which is the mac address of this bprn
00:51:28
interface
00:51:30
we have the vni
00:51:32
that identifies
00:51:34
the service for my supplementary
00:51:36
broadcast domain
00:51:38
and then the source ip address be the
00:51:42
system interface of pe1
00:51:44
destination ip address be the system
00:51:47
interface of pe2
00:51:50
and we send our traffic across my vxlan
00:51:53
core
00:52:02
now if you get into a data center and
00:52:04
you take a look at a data center
00:52:06
architecture there is a ton of
00:52:08
point-to-point interfaces
00:52:10
and a lot of these interfaces you have
00:52:12
to put numbers on them ip addresses on
00:52:15
them the same thing with my vprn
00:52:18
instances we could have multiple vprn
00:52:21
instances and i would have to consume ip
00:52:24
addresses
00:52:26
on all the interfaces that are
00:52:28
interconnected to my sbd
00:52:31
so we have to take a look at this
00:52:33
information and say is it worth it for
00:52:36
me to put an ip address on an interface
00:52:41
that's never going to get advertised
00:52:43
outside of my network
00:52:45
and the answer is no i don't have to
00:52:47
consume ip addresses so we have the
00:52:50
interface full unnumbered vrf to vrf
00:52:53
models
00:52:56
configures up basically the same
00:52:59
the only difference is i don't assign an
00:53:02
ip address
00:53:04
to these interfaces that connect the
00:53:06
vprns to my supplementary broadcast
00:53:09
domain
00:53:10
therefore i'm not consuming as many ip
00:53:13
addresses as i would in a normal
00:53:15
situation
00:53:19
so when i advertise out my prefix route
00:53:22
we go back to pe number two again and i
00:53:25
advertise up my prefix
00:53:28
i advertise out the mac address that's
00:53:30
associated to that prefix and the spd
00:53:33
and the vni that's associated to my spd
00:53:37
the gateway ip address is zero
00:53:41
i also advertise the mac out to mac
00:53:44
address on a mac ip route to the sbd
00:53:47
itself because remember this prefix
00:53:49
route is only for the vprn 10.
00:53:52
so i have to send out this macro to sbd
00:53:57
it has a mac address in it there's no ip
00:54:00
associated to it but i do have the mpls
00:54:03
or vni label to reach the far end
00:54:08
supplementary broadcast domain vpls
00:54:11
service
00:54:15
so
00:54:16
now when vprn 10 wants to send traffic
00:54:20
from host number two to host number four
00:54:23
the actual
00:54:25
data packet encapsulation
00:54:27
is basically identical i have my payload
00:54:31
i know my destination mac address is mac
00:54:34
address 2 my source mac address is mac
00:54:37
address one
00:54:39
i have the vxlan network identifier that
00:54:42
identifies this sbd on the far end pe
00:54:47
i have my source ip address is still my
00:54:49
system interface my destination ip
00:54:52
address is still the system interface of
00:54:54
pe2
00:54:57
so from a packet forwarding standpoint
00:55:00
going to an interface full unnumbered
00:55:02
model
00:55:04
remains the same
00:55:07
we are just saving the ip address space
00:55:11
that we would have used to interconnect
00:55:13
the vprns to the supplementary broadcast
00:55:16
to me
00:55:23
so
00:55:24
we take a look at the different
00:55:26
interface list models that we have and
00:55:29
the interface full models that we have
00:55:30
in our symmetric routing the interface
00:55:33
list does it reduce the number of evpn
00:55:35
routes
00:55:36
yes it does
00:55:38
because alls i send is the ip prefix
00:55:41
back and forth between the vprns
00:55:46
ip addresses configured on the core irb
00:55:50
well there are no ip addresses
00:55:52
configured on the core irb because there
00:55:54
is no core irp same with the massive
00:55:57
withdrawal to to a failure in my
00:55:59
recursive lookups
00:56:02
but it is
00:56:03
has to be supported it's standard
00:56:06
or if you're running the interface list
00:56:08
it is a mandatory that you support this
00:56:11
interface full numbered reduce the
00:56:14
number of evpn routes absolutely not
00:56:18
i'm sending two routes every time
00:56:22
i have to have a since it's numbered i
00:56:24
have to have an ip address on my core
00:56:27
irb
00:56:28
but we do have the mass withdrawal
00:56:30
because of the recursive failure
00:56:34
it is mandatory if you're running
00:56:36
interface full to support this numbered
00:56:39
setup
00:56:41
if you're running interface full
00:56:43
unnumbered
00:56:45
okay we're still sending out the two
00:56:47
routes so no we do not reduce the evpn
00:56:50
routes but now we're not consuming any
00:56:52
ip addresses we still support the masses
00:56:55
withdrawal
00:56:56
but the interface full unnumbered is an
00:56:59
optional support for interface full
00:57:02
symmetrical routing
00:57:13
now my evpn
00:57:15
virtual private router networks across a
00:57:18
core again i can have
00:57:20
a vxlan data center
00:57:23
another vxlan data center
00:57:26
and a core
00:57:27
mpls network
00:57:29
we can connect these across that core
00:57:32
mpls cook network whether it's an evpn
00:57:36
mpls
00:57:37
or a non-evpn mpls as we're showing here
00:57:41
by using the ipvpn routes
00:57:52
so we got a couple demonstrations coming
00:57:55
up where i'm going to go in and
00:57:56
configure some equipment the first one
00:57:59
i'm going to be taking a layer 2 service
00:58:02
across an evpn mpls core
00:58:06
so in the interest of saving time
00:58:09
this side of the network's already been
00:58:11
configured i'm just going to configure
00:58:13
up pe1 and pe3 and connect it across
00:58:17
and we'll see that these two devices can
00:58:20
communicate together
00:58:22
once i've done that
00:58:24
then i'm going to slip into another lab
00:58:27
and we're going to configure a layer 3
00:58:29
evpn service across an mpls core that is
00:58:33
not evpn capable it's an ipvpn core
00:58:38
and then say again in the interest of
00:58:40
saving time this side of the network's
00:58:42
already been pre-configured and so has
00:58:45
pe1 so i'll only be configuring up pe 3
00:58:49
here
00:58:51
but before i get into that
00:58:53
i would say you've been sitting long
00:58:55
enough how about we take a little break
00:59:00
say about 10 minute break
00:59:03
and then we'll come back and i'll be set
00:59:05
up ready to go
00:59:07
brian did you want to
00:59:08
i mean after the break is fine look at a
00:59:10
couple of these questions as well i
00:59:12
think there's and obviously i can't
00:59:13
answer any of them so
00:59:15
all right so yeah we can do the
00:59:17
questions yeah just a couple yeah just
00:59:19
so we don't get too bombarded at the end
00:59:21
there's all right yeah we can do that so
00:59:23
let's take 10 minutes come back we'll
00:59:24
hit the question list
00:59:26
and then i'll take you through a quick
00:59:29
run through
00:59:30
player two and then a layer three
00:59:32
service
00:59:33
awesome thanks brian
00:59:37
hey everyone you may have noticed i put
00:59:39
the link from yesterday's webinar in the
00:59:41
uh
00:59:43
in the chat
00:59:44
so um i'm also gonna i'll also send an
00:59:46
email i'm gonna try and get out uh today
00:59:48
or tomorrow
00:59:50
uh no today tomorrow's canada day won't
00:59:52
be in tomorrow
00:59:53
[Laughter]
00:59:55
well being a canadian in the us i get
00:59:58
friday and monday off
01:00:00
sweet
01:00:04
how do i get that i try to tell him in
01:00:07
that all the time being a canadian in
01:00:09
the u.s i should be able to get both
01:00:11
homes oh that doesn't actually work
01:00:13
it doesn't work that way but i keep
01:00:15
trying
01:00:21
all right
01:00:23
out there what do we have for questions
01:00:24
my friend oh right yeah it might be
01:00:27
better if you take a quick look through
01:00:29
it just because um
01:00:31
there's kind of a chain going on
01:00:35
let's see
01:00:37
oh yeah there's a lot
01:00:38
whoa
01:00:39
yeah so i think it starts with what kind
01:00:41
of multicast
01:00:43
tree for type
01:00:44
n3nl nlri is supported
01:00:48
ingress replication mldp
01:00:52
okay yeah exactly uh by default it is
01:00:57
ingress replication
01:01:00
but you can configure it for
01:01:02
multi
01:01:03
mldp or
01:01:05
point to multipoint rsvp if you wish to
01:01:08
do it by default it is ingress
01:01:10
replication
01:01:14
okay sorry i'm just trying to scroll
01:01:16
through this a little bit
01:01:22
so there's a bunch of others
01:01:26
can you are you seeing that in the chat
01:01:28
brian because yeah it's kind of
01:01:29
difficult for me to
01:01:31
determine what's the best approach to
01:01:33
looking at this
01:01:35
yeah so got that and the all active
01:01:38
scenario legs had to be used
01:01:43
yeah the customer equipment has to have
01:01:46
a lag configured on it in an all active
01:01:48
scenario to prevent loops from broadcast
01:01:52
or
01:01:53
multicast traffic
01:01:56
so let me pull up slide
01:01:59
here
01:02:00
there it is
01:02:03
and i don't want that
01:02:08
darn message i should have stayed home
01:02:09
my setup i'm more so used to it
01:02:20
so in the event of a multicast traffic
01:02:24
for example
01:02:27
i can't use my pin here
01:02:30
if i get a multicast frame for example
01:02:32
coming into pe one or a broadcast frame
01:02:35
coming into pe1 and i send it to ce1
01:02:39
ce1 could send that frame rate back
01:02:43
into the pe and then we would be
01:02:45
forwarding out to everybody and we'd
01:02:47
have this loop set up
01:02:49
so we
01:02:50
need to have this lag created on here
01:02:55
so that when it receives the multicast
01:02:57
frame it's not going to send it out
01:02:59
another interface associated to that leg
01:03:10
get rid of that
01:03:18
yeah it's the ce that needs the leg in
01:03:21
there
01:03:27
exactly yeah so it looks like
01:03:31
jay answered that perfect
01:03:36
what control plane types type 3 writes
01:03:38
on that mpls it's an ingress replication
01:03:41
point to multiple composite tunnels yeah
01:03:44
so he answered that way to go jake
01:03:47
uh when multiple communities added an
01:03:50
export policy statement so we can use
01:03:52
vrf import vrf export and vprn to column
01:03:56
yes
01:04:01
do we see
01:04:03
so i'm assuming here i've got a question
01:04:07
about
01:04:08
the import and export policies for vrf
01:04:11
targets and you are quite correct yes we
01:04:14
have
01:04:15
the ability to support multiple vrf
01:04:18
targets in a vprn scenario
01:04:20
i've not seen it configured in a vpls
01:04:23
scenario but i have no reason to doubt
01:04:26
that we could do so
01:04:28
in our lab setups we're just using the
01:04:32
standard
01:04:33
vrf target target and then put in the
01:04:36
community string target and the
01:04:39
as number and unique identifier
01:04:44
we are using
01:04:46
uh
01:04:48
vfrs
01:04:50
so it's going to use targeted vfrs
01:04:54
vrs i think is what we're saying here
01:04:59
yes we're using route targets
01:05:01
for all of our services whether it be a
01:05:05
virtual private wire service or a
01:05:07
virtual private land service or vprn
01:05:10
service we are using route targets
01:05:13
to identify which service
01:05:15
will import which routes because
01:05:17
remember this is uh
01:05:20
bgp sessions are appearing to all the
01:05:22
pes not all the pes are participating in
01:05:25
the same services
01:05:27
so we have to use these route targets to
01:05:29
identify which services on which pes
01:05:32
will be accepting the roads
01:05:38
in the symmetric model they use
01:05:43
nlri type 5 route
01:05:46
pvpn
01:05:48
yes
01:05:50
i am no artist
01:05:53
that is true
01:05:55
yeah we are using the type 5 evpn routes
01:05:58
in the symmetric model as well as you
01:06:01
saw with the
01:06:02
uh
01:06:06
we also utilize in the symmetric models
01:06:09
i go back
01:06:10
let's go down here
01:06:19
we have the options in the submetric
01:06:21
model all three of the options we'll use
01:06:24
the type five routes
01:06:26
it's only in the interface full
01:06:28
options whether they be numbered or not
01:06:31
that we also use not just a type 5 but a
01:06:35
type 2.
01:06:37
so in this option
01:06:39
only use the type 5 rep and this is what
01:06:42
everybody's familiar with
01:06:44
okay is the easiest one to put up it's
01:06:47
interfaceless the vprns are populating
01:06:50
the routes using the route targets we
01:06:52
don't have to worry about another vpls
01:06:56
service
01:06:58
it's when we get into the interface full
01:07:02
or we introduce this concept of the
01:07:04
supplementary broadcast domain and now
01:07:06
we're
01:07:07
sending two routes
01:07:09
to identify
01:07:11
how to get to the gateway ip address
01:07:14
as well as
01:07:15
exchanging the
01:07:17
ip prefix information
01:07:25
now vprn is not a root rudder vpls
01:07:28
routed vpls
01:07:30
is a service that has a logical
01:07:34
connection to a layer 3 service so we
01:07:37
eroded vpls
01:07:39
we don't have to
01:07:41
if you had a hair color of mine you
01:07:43
remember way back
01:07:46
that in the
01:07:47
service routers we used to either have
01:07:49
to have an s hook that brought the
01:07:52
bpls service to the vprn service
01:07:55
or we had a versatile
01:08:00
what was that versatile services module
01:08:02
where we could do a logical connection
01:08:05
but then we ident we created the routed
01:08:07
vpls where we can just do a logical
01:08:10
connection
01:08:11
between the two services so a routed
01:08:14
vpls is one with just a logical
01:08:16
connection to a layer 3 service
01:08:21
i used to have allow does must be that
01:08:24
rvpls with allow ip internal binding
01:08:28
and that's the way it used to be yes you
01:08:31
used to have to put that allow internal
01:08:33
ip binding
01:08:35
but in the
01:08:36
last couple releases they did away with
01:08:39
that and we'll see that here when i
01:08:41
create one
01:08:45
and then we
01:08:47
really don't need to identify that allow
01:08:49
ip internal binding anymore
01:08:55
i'll show you when i build one here
01:09:00
okay
01:09:02
that's we've got here
01:09:06
and darren's gonna share the recording
01:09:13
yeah i actually already shared it in the
01:09:15
chat but i will send an email as well
01:09:17
and hopefully get that at the next
01:09:19
couple hours
01:09:22
okay and we have gregory
01:09:25
if you use the class a address space
01:09:29
for example the ten network is a primary
01:09:31
example of private ip address space
01:09:35
uh
01:09:36
then the saving of the ip address is
01:09:38
unnecessary you are 100 correct yes
01:09:42
okay you're not going to be advertising
01:09:44
that
01:09:45
ip address space like i said the 10
01:09:47
network as you see here outside of your
01:09:50
network there's all sorts of policies
01:09:52
that will
01:09:53
be deployed to make sure that any of the
01:09:55
ip address spaces that are associated
01:09:58
with the rfc 1918
01:10:00
will not leave your network so yes you
01:10:03
are right
01:10:10
okay i'm trying to contrast the layer 3
01:10:13
evpn with a
01:10:14
traditional ip mpls vprn
01:10:20
the additional interface seems more
01:10:22
complicated than simply using the tunnel
01:10:24
autobind yes it is
01:10:27
is there another benefit for the
01:10:28
removable ldp is a requirement the
01:10:31
traditional model
01:10:32
well that's that's really the only
01:10:34
benefit is removing uh
01:10:39
the requirement for another control
01:10:42
plane protocol
01:10:44
i don't need ldp i don't need rsvp in
01:10:48
the control plane
01:10:50
if i don't have a if i have a simple ip
01:10:53
network then i can just simply do
01:10:56
vxlan across the networks
01:11:00
so that's the whole point about going to
01:11:03
that
01:11:05
but
01:11:06
i don't see why we couldn't just do this
01:11:08
as well inside that vxlan network i just
01:11:11
need a vxlan tunnel and vni
01:11:13
so this isn't a requirement
01:11:17
to go across a vxlan network
01:11:19
this is just an option
01:11:23
okay the concept of a backhaul vpls was
01:11:27
introduced years ago into the data
01:11:29
centers
01:11:31
and
01:11:33
so this is uh
01:11:34
just to carry on with those
01:11:41
yes the auto bind in my standard vprn
01:11:44
service
01:11:53
and so yeah so it is a bit
01:11:56
more complicated as for sure
01:12:02
what else
01:12:13
no you there was no requirement to
01:12:15
attend an extra session gregory
01:12:20
yesterday's session was strictly the sr
01:12:23
linux session
01:12:24
totally different box
01:12:26
different cli
01:12:30
and it was geared towards a data center
01:12:37
that's what we got
01:12:56
brian i wonder if we should uh go ahead
01:12:58
with a demonstration i think there's
01:13:00
still a lot
01:13:01
i'm just worried that we we keep people
01:13:03
on even though we still will share the
01:13:05
recording we'll try to come back to the
01:13:06
questions but i think uh
01:13:08
i think it's best to me maybe just carry
01:13:10
on right now all right we'll get going
01:13:12
on this yes i don't want to do what i
01:13:14
did yesterday
01:13:17
so right now i'm in the customer
01:13:18
equipment
01:13:20
get into the session we're going to be
01:13:21
doing a
01:13:25
layer 2 service to interconnect ce5 to
01:13:29
ce6 and right now as you can see i
01:13:31
cannot ping ce5 to ce6 so
01:13:36
it's going to fail and fail miserably
01:13:40
so the first thing we have to do is take
01:13:42
a look at our configurations
01:13:51
as you see i already have bgp ebpn set
01:13:55
up to pe 3 on this side of my data
01:13:58
center it is established but we're not
01:14:00
exchanging any routes because we don't
01:14:02
have any services
01:14:04
if i go to pe 3
01:14:13
i have my session back to pe one
01:14:17
and i also have a session to pe for
01:14:20
all both of these sessions are for
01:14:23
address family evpn
01:14:30
so the first thing i'm going to do is go
01:14:32
on to pe1 and we're going to configure
01:14:34
that vpls service
01:14:44
because it is mdcli we have to do this
01:14:49
get into the edit config mode so
01:14:51
configure service we're going to do
01:14:52
vpls1
01:14:55
i'm gonna turn it on
01:14:58
we're gonna co
01:15:00
if most of you know we have to associate
01:15:02
a service with a customer now we're
01:15:04
gonna start with the vxlan configuration
01:15:09
we have got to give it an instance
01:15:11
identifier and it's in here
01:15:14
if i can spell we identify what we're
01:15:16
going to use for a
01:15:18
vxlan network identifier in this case
01:15:21
we're doing
01:15:23
bni1
01:15:30
then
01:15:31
what we know we're doing bgp dash ebpn
01:15:36
are
01:15:37
evpn instance identifier
01:15:40
is going to be one as well
01:15:44
we're gonna for bgp vxlan one
01:15:49
we're gonna enable that and we're going
01:15:51
to associate it to that vxlan instance
01:15:54
that i configured just a second ago
01:15:56
which was vxlan instance one
01:15:59
so now bgp evpn knows what service we
01:16:02
have
01:16:03
and because i associated it to vxlan
01:16:06
instance one it knows what vni to use
01:16:10
for this specific service
01:16:17
i already did that
01:16:20
okay
01:16:30
now we have to connect
01:16:33
ce1 or ce5 into this service and if we
01:16:37
go back to ce5
01:16:39
we take a look at the interface it was
01:16:41
using vlan tag one
01:16:44
so i have to identify that vlan tag on
01:16:47
my sap
01:16:53
since it's model driven cli nothing's
01:16:56
happened until i hit commit
01:17:00
now with any luck
01:17:03
oh yes i'm inside the configure mode
01:17:13
so now you can see that we have sent
01:17:16
one update
01:17:18
that's because i turned on a vpls
01:17:20
service
01:17:22
it's using bgp evpn
01:17:24
so that update i sent is my imet route
01:17:28
the type three wrote to identify we have
01:17:31
a service
01:17:32
associated
01:17:34
on pe one
01:17:40
okay
01:17:43
now we haven't received anything for pe3
01:17:45
and if i run this command again over on
01:17:48
pe 3 we'll see that it doesn't have
01:17:51
anything either
01:17:52
because there is no service on pe 3 that
01:17:56
matches the route target that we're
01:17:57
utilizing from pe1
01:18:00
so now we gotta configure up pe3
01:18:04
so pe3's configuration
01:18:11
we're going to go on to configure
01:18:14
service again vpls1 in this instance
01:18:21
still requires a customer
01:18:24
so we'll use the default one
01:18:35
so it's one we're to identify our v and
01:18:38
i again
01:18:40
but here here's where it gets a little
01:18:42
different
01:18:45
because we're going
01:18:47
one side for vxlan the other side is
01:18:49
going to be mpls we're going to need two
01:18:52
instances of bgp so we have bgp instance
01:18:55
one and they require two distinct route
01:18:58
distinguishers
01:19:07
so we'll use rote distinguisher here for
01:19:09
bgp instance one
01:19:11
and then we'll do another bgp instance
01:19:14
only if i can spell
01:19:28
let's just keep those routes different
01:19:32
okay
01:19:33
now we go back to bgp in this case evpn
01:19:39
again we identify the evi service here
01:19:43
that pgp will be advertising for our vpn
01:19:46
again we're going to the vxlan now this
01:19:49
one is identifying that the vxlan is
01:19:52
going to be associated to that first bgp
01:19:55
instance bgp instance one
01:19:59
i'm going to turn this on
01:20:02
and well we're going to relate this
01:20:06
to that vxlan instance that i created
01:20:09
earlier so it's going to be
01:20:11
using the vni one
01:20:18
then we
01:20:20
get out of vx land
01:20:23
stay in bgp
01:20:25
we're going to do our mpls and associate
01:20:27
it to that second
01:20:30
instance of bgp
01:20:35
uh we're gonna do an autobind
01:20:37
because everybody loves autobind
01:20:40
and we set up the resolution
01:20:43
to use our filter
01:20:45
and then we configure our filter
01:20:48
for what kind of tunneling we're going
01:20:50
to support in this case we're just going
01:20:52
to support ldt
01:20:56
and we exit out of this exit of this
01:21:01
exit of this we do a quick info make
01:21:03
sure i haven't missed anything
01:21:07
so
01:21:09
our service is enabled we got our vxlan
01:21:12
instance one using vni one
01:21:16
we created two bgp instances gave them a
01:21:20
distinct route distinguisher for each
01:21:22
one
01:21:24
we associated our
01:21:27
to bgp instance one
01:21:31
and our mpls configuration we associated
01:21:35
the bgp instance two
01:21:39
under our vxlan for bgp vpn we referred
01:21:43
it back to vxlan instance 1 which gives
01:21:46
me my vni number
01:21:49
and for mpls we did the standard
01:21:52
autobind telling it to use an ldp tunnel
01:21:58
so that looks like we got everything so
01:22:00
if i do a commit
01:22:04
and we do that
01:22:08
quick up arrow we do a show bgp
01:22:12
we now see that
01:22:13
i not only have i sent one
01:22:16
i've received one and i'm utilizing it
01:22:18
so now we have know that pe 3
01:22:21
has sent out his imet wrote
01:22:26
i keep forgetting
01:22:27
this
01:22:36
mdcli okay
01:22:39
so now i've sent two
01:22:42
here
01:22:45
bgp so if i go over to pe4
01:22:50
one of the issues that we have here
01:22:56
we go over to pe4 which is already
01:22:59
pre-configured and we do a show service
01:23:03
id1 which is what we're all configured
01:23:05
with
01:23:06
and i say what are my vxlan destinations
01:23:09
for this service
01:23:12
and you can see it identifies pe2
01:23:16
as a vx land destination but it's also
01:23:18
identifying pe3 as a vx land destination
01:23:23
and that's because we sent that update
01:23:26
pe3 sent that update
01:23:29
for vxlan and
01:23:32
or mpls to both pe1 and pe4
01:23:36
because it's a bgp update and pe fork
01:23:38
accepted it because they all have the
01:23:40
same route target and it's all good
01:23:44
so we know pe4 and pe3 are not connected
01:23:47
via vx lan
01:23:50
so we need to lay on a couple policies
01:23:53
it's bgp bgp is controlled by policies
01:23:58
okay so we've got a couple policies
01:24:00
already configured
01:24:03
uh exit all
01:24:08
and if so
01:24:11
and these things will get rid of them
01:24:13
one is to reject it so if we go
01:24:16
configure
01:24:21
routine
01:24:22
options policy
01:24:24
now configure oh man
01:24:28
ah there we go policy options
01:24:34
so i've created a couple policies
01:24:38
we've identified the community strings
01:24:40
that are used for mpls and the community
01:24:43
strings that are identifying the
01:24:44
encapsulation for vxlan that pgp uses
01:24:48
and then i created one called mpls
01:24:51
underscore
01:24:52
export
01:24:54
where we're matching on evpn and the
01:24:57
community string that identifies vx land
01:25:00
communications and we will reject that
01:25:04
and accept everything else
01:25:06
and then for policy vx land export
01:25:10
we're doing bgp evpn matching on the
01:25:13
community string
01:25:15
mpls
01:25:19
and we're going to reject that and we
01:25:22
send it off
01:25:24
so
01:25:38
so we have our two groups
01:25:40
we have our group bvpn we have our two
01:25:42
neighbors
01:25:44
so a neighbor
01:26:08
oh
01:26:09
policy value what was that
01:26:12
darn i forgot the policy names already
01:26:20
mpls
01:26:26
exlan export that's what i want
01:26:34
there
01:26:38
and then 10 to 10.10.4
01:26:52
there we go
01:27:00
now
01:27:01
that should
01:27:06
taking a little while
01:27:15
it should remove
01:27:16
if i put the policies on correctly
01:27:20
should remove
01:27:24
and pls export so it should be doing
01:27:26
that vxlan export chat that's right
01:27:33
there just took bgp a little while
01:27:36
so now pe4 no longer sees it
01:27:41
so now
01:27:45
you can send the ping
01:27:51
we start getting the information
01:27:56
and if we do a show
01:27:58
router
01:28:00
bgp
01:28:02
summary again
01:28:05
we're seeing that i've sent
01:28:07
two ropes now
01:28:10
one will be the imet road of course and
01:28:12
the other one is the mac ip road
01:28:14
identifying the mac information
01:28:18
and if we do the same thing here
01:28:27
again i'm sending out multiple routes
01:28:32
with the mac ip information
01:28:39
so if i do a on pe one
01:28:52
we see the mac address
01:28:55
that is associated to my mpls tunnel
01:28:58
that goes over to
01:29:00
router number four
01:29:02
we learned it by evpn
01:29:05
and the mac address that's using vxlan
01:29:08
that goes to router number one
01:29:12
so we see that we have the connectivity
01:29:14
from vxlan
01:29:16
through mpls
01:29:18
back over to pe4 here
01:29:34
he received he has an mpls
01:29:36
infrastructure and then going over to
01:29:38
pe2 he uses vxlan so went vxlan through
01:29:42
mpls to vxlan
01:29:45
to get our communications
01:29:49
okay so we have layer two
01:29:53
vpls service going across the network
01:30:06
so that's it for the layer two stuff
01:30:21
all right
01:30:22
so
01:30:24
we're going to take a look now
01:30:26
because one of the common questions that
01:30:28
we always get when we're teaching a
01:30:30
class
01:30:31
is
01:30:32
most popular question that we get when
01:30:34
we're teaching the class is what time
01:30:35
does class end on friday
01:30:37
but the second most popular question is
01:30:40
what if
01:30:41
so what if the core
01:30:43
is not an evpn core
01:30:47
so on pe 3
01:30:49
we do a show router
01:30:52
bgp
01:30:54
summary
01:30:56
we see that we have an evpn session
01:30:59
established to pe1
01:31:02
but to pe4
01:31:04
we're running vpn ipv4 so we have an
01:31:07
mpls core
01:31:09
that is not
01:31:11
does not support evpn addressing
01:31:14
so we're going to go straight across a
01:31:16
standard ipv ip mpls core
01:31:22
so on pe1
01:31:29
we have a number of services set up
01:31:32
if we remember back to our diagram
01:31:36
not this one
01:31:41
uh oh actually was that one our diagram
01:31:45
we have vpls11 that connects my ce
01:31:48
device ce5
01:31:51
okay
01:31:53
that vpls connect 11 is connected up
01:31:56
into my vprn so let's take a look in
01:31:59
there
01:32:01
edit config private and we're going to
01:32:04
go under configure service vpls 11
01:32:08
because there was a question about this
01:32:10
routed vpls
01:32:13
as you can see we don't have to do that
01:32:16
allow ip internal binding anymore with
01:32:19
the newer releases all we i do is
01:32:21
identify it to route a vpls in the
01:32:24
service
01:32:25
turn give it a customer and a sap and
01:32:27
it's on
01:32:32
if i go into vprn
01:32:34
100
01:32:38
within there i've got an interface to
01:32:40
vpls11
01:32:42
it identifies the service right here and
01:32:44
that's the service name because that's
01:32:46
what i configured up
01:32:48
and then i have the gateway ip address
01:32:51
for the ce devices right here
01:32:54
i have the other interface that goes to
01:32:56
my supplementary broadcast domain
01:33:00
just have a mac address associated to it
01:33:02
because i don't need an ip
01:33:05
and we identify that we're using evpn
01:33:08
tunnel for my s
01:33:09
pd here connectivity
01:33:14
so it's become quite a bit easier to
01:33:16
make that routed vpls service so now on
01:33:19
pe 3
01:33:21
if i do a show service
01:33:24
service using
01:33:26
say we don't have any so we have to
01:33:28
configure these services
01:33:30
on pe 3 to allow
01:33:32
the ce5 to communicate to ce6
01:33:38
so the first thing we're going to
01:33:39
configure up is the supplementary
01:33:42
broadcast domain
01:33:43
okay so we're going to go into edit
01:33:46
config private
01:33:48
and we're going to configure service
01:33:50
vpls10
01:33:54
customer
01:33:55
one
01:33:56
okay so we need since it's communicating
01:33:59
to via vxlan
01:34:01
similar to what we did before
01:34:04
instance one
01:34:06
we're going to give it a bni of 10 this
01:34:08
time to match the other side
01:34:16
we have to remember have to tell it that
01:34:18
it is a road oh we got to back up though
01:34:23
it is eroded bpls
01:34:25
we still have to configure the bgpe vpn
01:34:33
get out of the road of vpls bgp
01:34:37
vpn
01:34:39
evi in this case is 10 for my service
01:34:43
identifier
01:34:45
routes we're going to to import ip
01:34:47
prefix and advertise those as true
01:34:52
okay
01:34:53
and then
01:34:55
vxlan information
01:34:59
in state enable
01:35:01
or associate that back to vxlan instance
01:35:04
one that i created
01:35:09
and we
01:35:10
exit out of that
01:35:13
so that
01:35:14
you do a quick info
01:35:19
the only thing i haven't done is turned
01:35:22
on the service yet
01:35:24
but i said
01:35:26
that looks like everything there so
01:35:27
admin state enable
01:35:32
and then commit
01:35:35
all right so that looks good
01:35:40
now if i do
01:35:50
we now see that we're exchanging evpn
01:35:53
information i sent one that'll be my
01:35:55
imet wrote
01:35:57
i've received
01:35:59
a couple from the bgp from pe1 one of
01:36:03
them be the imet ropes as well
01:36:06
but as you see there's still nothing
01:36:08
across my vpn
01:36:12
so we'll exit out of this
01:36:18
so now we got to configure up our vprn
01:36:20
service on pe3
01:36:30
okay so now we're gonna enable it right
01:36:33
now because sometimes i forget that give
01:36:36
a customer one
01:36:39
so we know
01:36:41
that we're gonna do bgp ibpn
01:36:44
because that's how we get to
01:36:46
router number four we have mpls
01:36:49
information here so we're gonna do do
01:36:51
in-state enable on that
01:36:55
we need a route distinguisher
01:37:03
and we also need a vrf target
01:37:06
and in this case we're going to just put
01:37:08
in the community
01:37:13
target
01:37:22
okay
01:37:23
so this command just identifies that i'm
01:37:25
going to use that community string for
01:37:28
both import and export rope targets
01:37:33
we're going to do auto bind
01:37:38
through our resolution fill by via
01:37:40
filter
01:37:41
and here we're going to just identify
01:37:43
that the filter
01:37:47
we'll be using ldp
01:37:56
i do quick info make sure i got
01:37:58
everything
01:37:59
wrote distinguisher wrote target
01:38:02
autobind
01:38:04
that looks good
01:38:12
just go back
01:38:13
i need an interface
01:38:16
to my spd
01:38:19
only
01:38:22
i'm going to give it a mac address
01:38:37
free
01:38:38
okay
01:38:40
the vpls
01:38:43
service that i'm going to bind it to is
01:38:45
10
01:38:46
evpn dash tunnel
01:38:53
and that should be it
01:38:56
so hopefully
01:39:07
so i've got my service
01:39:10
we know we're going across an iep
01:39:14
core ipvpn cores standard mp uh ip mpls
01:39:18
core
01:39:19
i've identified the route distinguishers
01:39:22
in the community
01:39:24
we're going to use ldp to go between pe3
01:39:27
and pe
01:39:28
4
01:39:29
and i've got the interface that connects
01:39:31
me to my supplementary broadcast domain
01:39:36
everything looks like i've got it
01:39:37
enabled
01:39:46
now
01:39:48
if i go over to pe1
01:39:57
as long as i did everything correctly
01:40:01
i see i've got the 11 network which is
01:40:04
local to me
01:40:05
and i've got the 12 network
01:40:08
that is the one that is on hanging off
01:40:10
of
01:40:11
cr's pe2
01:40:15
okay so if we go over to pe2
01:40:18
which is on the other data center
01:40:28
we'll see pe2
01:40:30
has the local network of pe1 in his
01:40:33
forwarding database
01:40:35
and as you can see the 12 network is
01:40:38
local to pe 2.
01:40:43
so now
01:40:46
i go into my ce
01:40:53
i see you have my of my local ip
01:41:11
i have to source this because if i go
01:41:13
outside of my
01:41:15
local networks
01:41:18
the router as most of you know the
01:41:20
router will use the system ip address as
01:41:22
its source
01:41:24
and nobody over in pe2 knows how to get
01:41:28
to that system ip address
01:41:31
and as you see we are now pinging across
01:41:34
the network
01:41:36
i apologize folks for taking so long
01:41:40
i know we've
01:41:42
gone quite a bit over the time
01:41:46
well maybe not no they're just coming up
01:41:48
oh yeah we're just coming up yeah it's
01:41:50
nine o'clock it was not the early start
01:41:53
today was only a seven o'clock start
01:41:56
there's potentially a lot more questions
01:41:58
as well so we still could go over yeah
01:42:01
let's
01:42:02
let's hit the questions
01:42:07
let's take over
01:42:14
i got to remember to bring a mousepad
01:42:16
when i come into these conference rooms
01:42:21
yeah the trackers don't work so well on
01:42:23
the uh unless you have a pad if it's a
01:42:25
white table or something like that i
01:42:27
don't think they work too well though
01:42:29
i'm always moving this thing around
01:42:31
trying to find it
01:42:35
yes let's see we got a number of
01:42:37
questions
01:42:44
what is it here
01:42:46
got me back in 10 minutes after the
01:42:48
break so it came back
01:42:52
still need stps though for mvpls and
01:42:56
miri
01:42:58
or the management vpls yet because the
01:43:01
management vpls
01:43:03
has to run the spanning tree through
01:43:06
for
01:43:07
one or more vpls services
01:43:10
and so
01:43:11
you would still need that sort of thing
01:43:13
i've not actually tried to run a
01:43:16
management vpls through vx well vxlan
01:43:19
doesn't have loops because we're
01:43:22
routing so it would only be if you're
01:43:25
using mesh sdps and a combination of
01:43:28
mesh and spoke sdps then i would need
01:43:31
some sort of management vpls
01:43:35
but yeah
01:43:45
see here's the video from yesterday
01:43:50
multiple communities yeah we talked
01:43:53
about that
01:43:57
in which sros is vpn's fully supported
01:44:04
i don't know when the evpn support first
01:44:07
came into the isros
01:44:11
release
01:44:13
i would imagine it was maybe a year or
01:44:16
so ago since we just put the course up
01:44:18
on it but
01:44:21
i
01:44:22
don't know the actual release number
01:44:23
where first became fully integrated
01:44:27
now all our courses have migrated to
01:44:30
mdcli
01:44:32
uh we still have one more to do i think
01:44:36
jose is in the process of updating the
01:44:39
multicast course to mdcli but i'm pretty
01:44:42
sure everything else has been migrated
01:44:45
to there i know i did the vpls course
01:44:49
okay
01:44:52
scaling differences between normal vpls
01:44:55
and an evpn
01:45:00
uh
01:45:03
scaling is always an issue to discuss
01:45:08
not so much from the service id numbers
01:45:10
the id number values i don't think have
01:45:13
changed
01:45:15
scaling is always dependent upon
01:45:19
more upon quality of service than it is
01:45:21
the actual service itself how many cues
01:45:24
how much memory
01:45:26
is being consumed by each
01:45:29
service and that's where a lot of the
01:45:31
scaling issues come into is
01:45:33
how much
01:45:34
memory is each service consuming
01:45:38
if you're not putting any queue
01:45:40
structures in then you can probably
01:45:42
support a lot more services
01:45:45
so scaling numbers are always hard to
01:45:48
quantify
01:45:52
see
01:45:54
in an all active scenario does the lag
01:45:56
require the support of lacp protocol
01:45:58
also
01:45:59
no you really don't require it
01:46:03
we can figure it up without lacp
01:46:08
you can utilize that
01:46:15
says take a screenshot with a snip tool
01:46:17
to the new
01:46:18
legs
01:46:21
thanks right
01:46:26
[Laughter]
01:46:29
uh he's asking his leg
01:46:32
two just simple legs
01:46:35
yeah we as i said we we can just have a
01:46:38
simple like we don't require the lacp
01:46:40
packets
01:46:42
uh the slide material
01:46:44
will be offered up i believe darren's
01:46:47
correct me if i'm wrong but it'll be
01:46:49
offered up in a pdf format
01:46:52
um
01:46:53
it's a possibility i'll have to look um
01:46:55
i i go on vacation next week so i can
01:46:58
look at the pdfs i know there's some
01:46:59
requests there there'll definitely be a
01:47:01
recording
01:47:02
um i just need to get it uploaded but um
01:47:05
i'll see if we can also do the slides as
01:47:07
well
01:47:14
yeah the lacp i see one here from jay
01:47:18
for the legs lacp for the eggs you would
01:47:20
require
01:47:22
and he's correct in identifying that if
01:47:24
there was some spoofing
01:47:27
okay to prevent spoofing from somebody
01:47:29
trying to say that they are a system
01:47:32
id and they really aren't
01:47:37
reporting session when i miss parts
01:47:39
thanks
01:47:41
cross connect aggregate group oh jason
01:47:44
[Laughter]
01:47:46
yes
01:47:47
the versatile services module with the
01:47:50
crossconnect aggregate group she had the
01:47:52
a-pass and the b-pass
01:48:05
oh we asked the
01:48:07
understand the bgp peerings i actually
01:48:10
had the bgp was actually
01:48:13
uh configured earlier so let me get into
01:48:17
here pe1
01:48:22
get out of there
01:48:32
so when we configure up bgp i put in a
01:48:35
group
01:48:36
i identified the as number and that
01:48:40
we're using family evpn so we did have
01:48:43
to do it in the base routing bgp context
01:48:48
okay
01:48:49
so we're the we already pre-configured
01:48:52
these routers
01:48:53
with the appropriate contacts here if we
01:48:59
out uh here we go on to config
01:49:02
router
01:49:03
bgp
01:49:06
you'll see that i have two families
01:49:08
one that has vpn ipv4 and one for evpn
01:49:13
and we associated pe1 with the evpn
01:49:16
family
01:49:17
and pe 4
01:49:19
with the vpn ipv4 family
01:49:23
sorry i prob i should have gone through
01:49:25
that
01:49:35
well in our case what is the underlay in
01:49:37
terms of igp in our case yes we are
01:49:40
using an igp as the underlay um
01:49:45
it's not a requirement anymore it used
01:49:47
to be that you could not use bgp to
01:49:50
resolve a bgp next top
01:49:53
so i initial in the older versions of
01:49:56
bgp i couldn't use ebgp to resolve an
01:50:00
ibgp next top but now you can there is a
01:50:02
switch that you can turn on
01:50:05
that will allow bgp to use bgp to
01:50:08
resolve the next hump but in this case
01:50:11
we are doing uh
01:50:14
if i do a show route again we do have an
01:50:17
igp running right now
01:50:22
and we're using ospf okay but uh
01:50:30
does the vni need to be the same as the
01:50:33
evi no it does not it just needs to be
01:50:35
unique okay ever so that's all we need
01:50:39
from it it needs to be unique
01:50:46
what if we have evpn vxlan towards pe1
01:50:51
tells you what if was the second best
01:50:53
question
01:50:54
and evpn vxlan between pe4
01:50:58
do we need to create two bgp instances
01:51:01
well that's very similar
01:51:07
to this but no in this case no you
01:51:10
wouldn't need to create two bgp
01:51:12
instances
01:51:14
because you would then be able to send
01:51:16
that vxlan flooding information across
01:51:19
so we'd be able to if all of them are
01:51:22
part of the same services so we could
01:51:24
just go ahead with a single vb bgp
01:51:27
instances
01:51:33
the route target is auto-generated yes
01:51:36
it utilizes the uh if we take a look
01:51:48
here we do uh
01:52:03
let's do an
01:52:05
imat
01:52:08
inclusive there we go
01:52:15
and
01:52:21
there we go so
01:52:22
as we see here
01:52:25
we created target and it was
01:52:27
auto-generated using the autonomous
01:52:30
system number
01:52:32
and in this case since we have vpls with
01:52:34
an evi number one it used the evi number
01:52:38
to auto create the community so the a s
01:52:41
and evi number were used to auto-create
01:52:44
the target
01:52:59
now
01:53:00
the two bgp what's the purpose of the
01:53:02
dual bgp instances one and two and that
01:53:05
was just to
01:53:07
have a separate instance that would
01:53:09
handle vxlan and the hand another second
01:53:12
instance that would handle the mpls
01:53:15
side as far as the advertisement goes
01:53:19
so they both serve the same purpose
01:53:22
but across different transport protocols
01:53:41
yes mdcli has been quite a learning
01:53:45
experiences
01:53:48
is there a free 7750 image for learning
01:53:51
purposes that i do not know tom
01:53:55
i don't know
01:53:57
that would be something
01:54:00
i'd have to look and see if there is
01:54:02
such a thing
01:54:14
okay virtual service runner okay good
01:54:17
thank you kevin
01:54:26
yeah we uh
01:54:28
as far as training labs yes darren
01:54:30
talked about it earlier today there is a
01:54:33
training knives my sr labs where you can
01:54:36
book time on it and you can identify
01:54:39
various
01:54:40
src scenarios that you want to populate
01:54:43
i believe it's
01:54:44
three hours at a crack
01:54:48
is there a vsr image that will give you
01:54:51
that you can just load up on your
01:54:53
unit or linux box
01:54:55
i don't know
01:54:57
i really don't know about that one
01:55:06
yeah we do support shout out to
01:55:08
container lab yes
01:55:14
what is the uses of bgp ebpn and bgp
01:55:18
vpls where was that
01:55:29
pgp evpn
01:55:32
is to
01:55:34
basically put all the parameters that we
01:55:36
want bgp
01:55:37
the bgp based context to advertise on
01:55:40
our behalf
01:55:43
pgp vpls
01:55:50
[Music]
01:55:52
and that would be this one
01:56:05
oh wrong wrong router i'm on the wrong
01:56:07
way
01:56:18
so this wouldn't be a good one to go
01:56:20
let's uh log out all these
01:56:24
let's get this guy this is one's just
01:56:26
doing bpls
01:56:44
i'm not seeing bgp vpls anywhere
01:56:52
here let's take a look
01:56:56
well it is there
01:56:59
let's see what we got
01:57:02
in groups
01:57:03
mid-state applied groups
01:57:07
maximum v i oh yes
01:57:12
yes yes yes this bgp vpls scenario let's
01:57:15
see if i can remember
01:57:17
this is for
01:57:19
auto configurations you would
01:57:22
identify
01:57:24
a label block
01:57:27
for this vpls service and then
01:57:31
you would automatically
01:57:33
create the service labels it's been a
01:57:35
while since i did this but you would use
01:57:38
this block and there's a calculation it
01:57:40
would go through
01:57:42
to automatically generate or identify
01:57:45
what service label you're going to use
01:57:47
to get to this vpls service
01:57:50
so instead of advertising out
01:57:53
like using uh tldp to advertise a
01:57:56
service label you would just strictly
01:57:58
use bgp vpls to advertise a block of
01:58:01
labels
01:58:02
and then the remote pe can then go
01:58:05
through this calculation to identify
01:58:08
which
01:58:10
label you're using for this specific
01:58:12
service
01:58:14
yeah it's covered in our vpls course
01:58:17
i have not taught it in a couple years
01:58:20
so i'm a little fuzzy on it but as
01:58:23
soon as i identified the max v e i d and
01:58:26
v i v e numbers
01:58:29
then that's where it comes from i'd i'll
01:58:31
have to get a
01:58:33
go through the course or for our vpls
01:58:35
course to
01:58:36
get a better understanding of it again
01:58:39
but that's what it's used for so we
01:58:41
don't need to have
01:58:43
tldp to identify what your service
01:58:46
labels we can just advertise out a block
01:58:48
of labels
01:58:49
and then there's a calculation that the
01:58:51
remote pe does to identify what is the
01:58:54
service label for this specific service
01:59:02
uh
01:59:04
does this example work just as well with
01:59:06
ipv6
01:59:10
oh
01:59:11
ian dickinson what are we talking about
01:59:14
here my friend
01:59:15
example are we just talking about
01:59:18
the services themselves then yes if it's
01:59:21
a vprn ipv4 vpr and ipv6 it would work
01:59:30
yeah
01:59:31
oh you're talking about the proxy
01:59:33
then yes for neighbor discovery cache
01:59:36
rather than arp yes that would work
01:59:51
share the sample configuration
01:59:55
this configuration here i could i could
01:59:57
share that with you i guess
02:00:00
it's the same thing you would get out of
02:00:02
our courseware a little different i
02:00:04
modified it a bit same sort of thing
02:00:17
is our image
02:00:21
and now it's
02:00:23
looks like we're coming to the end of
02:00:25
the questions
02:00:30
because everything i'm seeing is people
02:00:32
saying they're leaving
02:00:35
yeah i think we'll probably wrap it up
02:00:36
now um thanks a lot everyone for
02:00:38
attending
02:00:41
there is a link i put in here for
02:00:42
evaluation so if you get a chance please
02:00:44
take the opportunity to provide an
02:00:46
evaluation
02:00:47
and i also put a link for our linkedin
02:00:49
group as well
02:00:51
maybe
02:00:52
i'll put both of these links in again
02:00:54
since it may have got lost in the
02:00:56
chat so there's the linkedin group so
02:01:02
and then uh
02:01:04
here's the link for the evaluation as
02:01:06
well
02:01:09
so again thanks a lot everyone for
02:01:10
attending uh we hope you uh got some
02:01:12
value of this presentation
02:01:14
and uh
02:01:16
thanks a lot brian for taking the time
02:01:17
and uh everyone have yourself a great
02:01:19
rest your day
02:01:20
and i'll get it may not it may be a
02:01:22
while before i get the recording for
02:01:24
this just only because i'm on vacation
02:01:27
starting tomorrow yeah i think your
02:01:29
vacation is more important there oh my
02:01:32
goodness
02:01:34
hey we don't get a lot of warm weather
02:01:36
in canada so you got to take advantage
02:01:38
while you can
02:01:40
i i too would like to extend my
02:01:42
appreciation to you all for the
02:01:44
questions and the attention that you
02:01:46
spent

Description:

In this webinar, we'll discuss the concepts and benefits of L2 and L3 EVPN services. We'll also discuss at a high level the various BGP EVPN route types used to support the EVPN services, the basics of a L2 EVPN service, and its support for multi-homing. Finally, we’ll discuss the different interface-ful numbered forwarding model for L3 EVPN services.  The discussion will be followed by a demonstration of the configuration of an L2 EVPN service crossing multiple data centers using VXLAN / MPLS interconnect. Learn more about the Nokia Service Routing Certification (SRC) Program - https://www.nokia.com/networks/training/src/

Preparing download options

popular icon
Popular
hd icon
HD video
audio icon
Only sound
total icon
All
* — If the video is playing in a new tab, go to it, then right-click on the video and select "Save video as..."
** — Link intended for online playback in specialized players

Questions about downloading video

mobile menu iconHow can I download "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router" video?mobile menu icon

  • http://unidownloader.com/ website is the best way to download a video or a separate audio track if you want to do without installing programs and extensions.

  • The UDL Helper extension is a convenient button that is seamlessly integrated into YouTube, Instagram and OK.ru sites for fast content download.

  • UDL Client program (for Windows) is the most powerful solution that supports more than 900 websites, social networks and video hosting sites, as well as any video quality that is available in the source.

  • UDL Lite is a really convenient way to access a website from your mobile device. With its help, you can easily download videos directly to your smartphone.

mobile menu iconWhich format of "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router" video should I choose?mobile menu icon

  • The best quality formats are FullHD (1080p), 2K (1440p), 4K (2160p) and 8K (4320p). The higher the resolution of your screen, the higher the video quality should be. However, there are other factors to consider: download speed, amount of free space, and device performance during playback.

mobile menu iconWhy does my computer freeze when loading a "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router" video?mobile menu icon

  • The browser/computer should not freeze completely! If this happens, please report it with a link to the video. Sometimes videos cannot be downloaded directly in a suitable format, so we have added the ability to convert the file to the desired format. In some cases, this process may actively use computer resources.

mobile menu iconHow can I download "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router" video to my phone?mobile menu icon

  • You can download a video to your smartphone using the website or the PWA application UDL Lite. It is also possible to send a download link via QR code using the UDL Helper extension.

mobile menu iconHow can I download an audio track (music) to MP3 "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router"?mobile menu icon

  • The most convenient way is to use the UDL Client program, which supports converting video to MP3 format. In some cases, MP3 can also be downloaded through the UDL Helper extension.

mobile menu iconHow can I save a frame from a video "Introduction to L2/L3 EVPN Services Supported on the Nokia 7750 Service Router"?mobile menu icon

  • This feature is available in the UDL Helper extension. Make sure that "Show the video snapshot button" is checked in the settings. A camera icon should appear in the lower right corner of the player to the left of the "Settings" icon. When you click on it, the current frame from the video will be saved to your computer in JPEG format.

mobile menu iconWhat's the price of all this stuff?mobile menu icon

  • It costs nothing. Our services are absolutely free for all users. There are no PRO subscriptions, no restrictions on the number or maximum length of downloaded videos.