MAC Duplication Suppression for EVPN

On an EVPN E-LAN, two PEs may be interconnected both through network-side and access-side links. If this is the case, a BUM traffic loop and MAC route flapping both occur, preventing devices from working properly. MAC duplication suppression for EVPN can resolve this problem.

Figure 1 BUM traffic loop over an EVPN
On the network shown in Figure 1, EVPN runs between PE1 and PE2. CE1 and CE2 access PE1 and PE2 respectively in one of the following ways: VLAN, QinQ, static or dynamic PW, or static VXLAN. PE1 and PE2 can communicate with each other both through network-side and access-side links, which induces a BUM traffic loop:

  1. After PE1 receives BUM traffic from CE1, PE1 first replicates it, and then forwards it to both the network-side and access-side links (traffic 1 in Figure 1).

  2. PE2 forwards the BUM traffic received from PE1 through the network-side link to the access-side link (traffic 2 in Figure 1). Equally, PE2 forwards the BUM traffic received from the access side to the network side (traffic 3 in Figure 1).

  3. PE1 forwards the BUM traffic received from PE2 through the network-side link to the access-side link (traffic 4 in Figure 1). Equally, PE1 forwards the BUM traffic received from the access side to the network side (traffic 5 in Figure 1).

  4. As steps 2 and 3 are repeated, BUM traffic is continuously transmitted between PE1 and PE2.

Figure 2 Route flapping over the EVPN
On the network shown in Figure 2, in addition to a BUM traffic loop, route flapping also occurs:

  1. After PE1 receives BUM traffic from CE1, PE1 learns CE1's MAC address (M1) from the source MAC address of the traffic. PE1 sends a MAC route with a destination address of M1 to PE2 by means of EVPN.

  2. Upon receipt, PE2 matches the RT of the MAC route, imports the MAC route into a matching EVPN instance, generates a MAC entry, and recurses the MAC route to the network-side VXLAN or MPLS tunnel to PE1.

  3. PE2 can also receive BUM traffic from PE1 through the direct access-side link between them. Upon receipt, PE2 also generates a MAC route to M1 based on the source MAC address of the traffic. In this case, PE2 considers M1 to have moved to its own access network. PE2 preferentially selects the MAC address received from the local access side. PE2 therefore sends the MAC route destined for M1 to PE1. This route carries the MAC mobility extended community attribute. The mobility sequence number is Seq0+1.

  4. Upon receipt, PE1 matches the RT of the MAC route, and imports the MAC route into a matching EVPN instance. PE1 preferentially selects the MAC route received from PE2 because this route has a larger mobility sequence number. PE1 then generates a MAC entry and recurses the MAC route to the network-side VXLAN or MPLS tunnel to PE2. PE1 then sends a MAC Withdraw message to PE2.

  5. After PE1 receives BUM traffic again from the access-side link, PE1 generates another MAC route to M1 and considers M1 to have moved to its own access network. PE1 preferentially selects the local MAC route to M1 and sends it to PE2. This route carries the MAC Mobility extended community attribute. The mobility sequence number is Seq0+2.

  6. Upon receipt, PE2 matches the RT of the MAC route and imports the MAC route into a matching EVPN instance. PE2 preferentially selects the MAC route received from PE1 because this route has a larger mobility sequence number. PE2 then generates a MAC entry and recurses the MAC route to the network-side VXLAN or MPLS tunnel to PE1. PE2 then sends a MAC Withdraw message to PE1.

  7. After PE2 receives BUM traffic again from PE1 through the direct access-side link between them, PE2 generates another MAC route to M1 and considers M1 to have moved to its own access network. PE2 preferentially selects the local MAC route and sends the MAC route destined for M1 to PE1. This route carries the MAC mobility extended community attribute. The mobility sequence number is Seq0+3.

  8. As steps 3 to 7 are repeated, the mobility sequence number of the MAC route is incremented by 1 continuously, causing route flapping on the network.

To prevent traffic loops and route flapping, the system starts the process of MAC duplication suppression. The system checks the number of times a MAC entry flaps within a detection period. If the number of MAC flaps exceeds the upper threshold, the system considers MAC route flapping to be occurring on the network and consequently suppresses the flapping MAC routes. The suppressed MAC routes cannot be sent to a remote PE through a BGP EVPN peer relationship.

In addition to suppressing MAC route flapping, you can also configure black-hole MAC routing and AC interface blocking:

  • After black-hole MAC routing has been configured, the system sets the suppressed MAC routes to black-hole routes. If a PE receives traffic with the same source or destination MAC address as the MAC address of a black-hole MAC route, the PE discards the traffic.

  • If AC interface blocking is also configured, that is, if the traffic comes from a local AC interface and the source MAC address of the traffic is the same as the MAC address of a black-hole MAC route, the AC interface is blocked. In this way, a loop can be removed quickly. Only BD-EVPN instances support AC interface blocking.

Parent Topic: EVPN Feature Description
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >