Configuring EVPN VPWS over SRv6 TE Policy

This section describes how to configure EVPN virtual private wire service (VPWS) over SRv6 TE Policy so that EVPN VPWSs can be carried over SRv6 TE Policies.

Usage Scenario

EVPN VPWS over SRv6 TE Policy uses public SRv6 TE Policies to carry EVPN VPWSs. As shown in Figure 1, PE1 and PE2 communicate through an IPv6 public network. An SRv6 TE Policy is deployed on the network to carry EVPN VPWSs.

Figure 1 EVPN VPWS over SRv6 TE Policy networking

Pre-configuration Tasks

Before configuring EVPN VPWS over SRv6 TE Policy, complete the following tasks:

Configure an SRv6 TE Policy manually or use a controller to dynamically deliver an SRv6 TE Policy.

You need to apply a tunnel policy to a specified EVPN instance that works in EVPN VPWS mode when configuring traffic steering.

Procedure

Configure EVPN and EVPL instances on each PE.
1. Run system-view
  The system view is displayed.
2. Run evpn source-address ip-address
  An EVPN source address is configured.
  
  In scenarios where a CE is dual-homed or multi-homed to PEs, you need to configure an EVPN source address on each PE to generate route distinguishers (RDs) for Ethernet segment routes and Ethernet auto-discovery per ES routes.
3. Run evpn vpn-instance vpn-instance-name vpws
  An EVPN instance that works in VPWS mode is created.
4. Run route-distinguisher route-distinguisher
  An RD is configured for the EVPN instance.
  
  An EVPN instance takes effect only after an RD is configured for it. The RDs of different EVPN instances on a PE must be different.
  
  After being configured, an RD cannot be modified but can be deleted. If the RD of an EVPN instance is deleted, VPN targets configured for the EVPN instance are also deleted.
5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
  VPN targets are configured for the EVPN instance.
  
  VPN targets are BGP extended community attributes used to control the receiving and advertisement of EVPN routes. A maximum of eight VPN targets can be configured using the vpn-target command. To configure more VPN targets for an EVPN instance address family, run the vpn-target command multiple times.
  
  An RT of an Ethernet segment route is generated using the middle six bytes of an ESI. For example, if the ESI is 0011.1001.1001.1001.1002, the Ethernet segment route uses 11.1001.1001.10 as its RT.
6. (Optional) Run default-color color-value
  The default color value is specified for the EVPN service to recurse to an SRv6 TE Policy.
  
  If a remote EVPN route without carrying the Color Extended Community is leaked to a local EVPN instance, the default color value is used for the recursion.
7. Run quit
  Return to the system view.
8. Run evpl instance evpl-id
  An EVPL instance is created.
9. Run evpn binding vpn-instance vpn-instance-name
  A specified EVPN instance that works in VPWS mode is bound to the current EVPL instance.
10. Run local-service-id service-id remote-service-id service-id
  The packets of the current EVPL instance are configured to carry the local and remote service IDs.
11. (Optional) Run mtu-match ignore
  The MTU matching check is ignored for the EVPL instance. In scenarios where a Huawei device interworks with a non-Huawei device through an EVPN VPWS, if the non-Huawei device does not support any MTU matching check for an EVPL instance, run the mtu-match ignore command to ignore the MTU matching check.
12. (Optional) Run load-balancing ignore-esi
  The device is disabled from checking ESI validity during EVPL instance load balancing.
  
  In an EVPN VPWS scenario where active-active protection is deployed, if each access-side device is single-homed to an aggregation-side device and no ESI is configured on the access interface, to implement active-active load balancing, you can run this command on the aggregation-side device to enable the device to ignore ESI validity check during EVPL instance load balancing.
13. Run quit
  Return to the system view.
14. Run commit
  The configuration is committed.
Configure an AC interface.
1. Run interface interface-type interface-number.subnum mode l2
  A Layer 2 sub-interface is created, and the sub-interface view is displayed.
  
  Before running this command, ensure that the Layer 2 interface on which a Layer 2 sub-interface is to be created does not have the port link-type dot1q-tunnel command configuration. If this configuration exists, run the undo port link-type command to delete the configuration.
  
  In addition to a Layer 2 sub-interface, an Ethernet main interface, Layer 3 sub-interface, or Eth-Trunk interface can also function as an AC interface.
2. Run encapsulation { dot1q [ vid low-pe-vid [ to high-pe-vid ] ] | untag | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } ] }
  An encapsulation type of packets allowed to pass through the Layer 2 sub-interface is configured.
3. Run evpl instance evpl-id
  A specified EVPL instance is bound to the Layer 2 sub-interface.
4. (Optional) Run evpn-vpws ignore-ac-state
  The interface is enabled to ignore the AC status.
  
  On a network with primary and backup links, if CFM is associated with an AC interface, run this command to ensure EVPN VPWS continuity. When the AC status of the interface becomes down, a primary/backup link switchover is triggered. As the interface has been enabled to ignore the AC status using this command, the EVPN VPWS does not need to be re-established during the link switchover.
5. Run quit
  Exit the Layer 2 sub-interface view.
6. Run commit
  The configuration is committed.
Establish a BGP EVPN peer relationship between PEs.
1. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
2. Run router-id ipv4-address
  A BGP router ID is configured.
3. Run peer ipv6-address as-number { as-number-plain | as-number-dot }
  The remote PE is configured as a peer.
4. Run peer ipv6-address connect-interface loopback interface-number
  The interface used to set up a TCP connection with the specified BGP peer is specified.
5. Run l2vpn-family evpn
  The BGP EVPN address family view is displayed.
6. Run peer ipv6-address enable
  The device is enabled to exchange EVPN routes with the specified peer.
7. Run peer ipv6-address advertise encap-type srv6
  The device is enabled to send EVPN routes carrying SRv6-encapsulated attributes to the specified peer.
8. Run quit
  Exit the BGP EVPN address family view.
9. Run quit
  Exit the BGP view.
10. Run commit
  The configuration is committed.
On each PE, configure EVPN VPWSs to recurse to an SRv6 TE Policy.
1. (Optional) Run evpn srv6 next-header-field { 59 | 143 }
  A value is set for the Next Header field in an SRv6 extension header.
  
  If the value is 59 in earlier versions, you can perform this step to change the value to 59 to ensure compatibility with the earlier versions.
2. Run segment-routing ipv6
  SRv6 is enabled, and the SRv6 view is displayed.
3. Run encapsulation source-address ipv6-address [ ip-ttl ttl-value ]
  A source address is specified for SRv6 EVPN encapsulation.
4. Run locator locator-name [ ipv6-prefix ipv6-address prefix-length [ static static-length | args args-length ] ^* ]
  An SRv6 locator is configured.
5. (Optional) Run opcode func-opcode end-dx2 evpl-instance evpl-instance-id
  A static SID opcode is configured.
  
  An End.DX2 SID can be either dynamically allocated through BGP or manually configured. If you want to run the segment-routing ipv6 locator locator-name command to enable dynamic End.DX2 SID allocation through BGP, you can skip this step.
6. Run quit
  Exit the SRv6 locator view.
7. Run quit
  Exit the SRv6 view.
8. Run evpl instance evpl-id
  The view of an EVPL instance is displayed.
9. Run segment-routing ipv6 locator locator-name
  The device is enabled to add SIDs to EVPN routes to be sent.
  
  If there are static SIDs in the range of the locator specified using locator-name, use the static SIDs. Otherwise, use dynamically allocated SIDs.
10. Run quit
  Exit the view of the EVPL instance.
11. Run evpn vpn-instance vpn-instance-name vpws
  The view of the EVPN instance that works in VPWS mode is displayed.
12. Run segment-routing ipv6 traffic-engineer [ best-effort ]
  The function to recurse EVPN VPWSs to SRv6 TE Policies is enabled.
  
  If an SRv6 BE path exists on the network, you can set the best-effort parameter, allowing the SRv6 BE path to function as a best-effort path in the case of an SRv6 TE Policy fault.
13. Run quit
  Return to the system view.
14. Run commit
  The configuration is committed.
(Optional) Verify EVPN VPWS connectivity.
1. Configure an End.OP SID on the remote PE.
  1. Run segment-routing ipv6
    The SRv6 view is displayed.
  2. Run locator locator-name
    The locator view is displayed.
  3. Run opcode func-opcode end-op
    An End.OP SID opcode is configured.
  4. Run commit
    The configuration is committed.
2. Perform the following steps on the local PE:
  1. Run segment-routing ipv6
    The SRv6 view is displayed.
  2. Run remote end-op op-sid prefix-length
    A remote End.OP SID is configured.
  3. Run commit
    The configuration is committed.
3. Perform the following steps on the local PE:
  - Run ping evpn vpws local-ce-id remote-ce-id end-op endOp [ -a source-ip | -c count | -exp exp-value | -m interval | -s packet-size | -t time-out | -r reply-mode | -tc tc ] ^*
    A ping operation is performed to check the EVPN VPWS status.
  - Run tracert evpn vpws local-ce-id remote-ce-id end-op endOp [ -a source-ip | -exp exp-value | -s packet-size | -t timeout | -h max-ttl | -r reply-mode | -tc tc ] ^* [ pipe | uniform ]
    A tracert operation is performed to check the EVPN VPWS status.

Verifying the Configuration

After configuring EVPN VPWS over SRv6 TE Policy, verify the configuration.

Run the display bgp evpn evpl command to check all EVPL instance information.
Run the display bgp evpn { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table [ { ad-route | es-route | inclusive-route | mac-route | prefix-route } prefix ] command to check BGP EVPN route information. The command output shows that the value of Relay Tunnel Out-Interface is SRv6 TE Policy.
Run the display evpn vpn-instance [ name vpn-instance-name ] tunnel-info command to check information about the tunnel associated with a specified EVPN instance.
Run the display evpn vpn-instance name vpn-instance-name tunnel-info nexthop nexthopIpv6Addr command to check information about the tunnel that is associated with a specified EVPN instance and matches a specified next hop.