EVPN L3VPN HVPN

At present, the IP bearer network uses L2VPN and L3VPN (HVPN) to carry Layer 2 and Layer 3 services, respectively. The protocols are complex. EVPN can carry both Layer 2 and Layer 3 services. To simplify service bearer protocols, many IP bearer networks will evolve to EVPN. Specifically, L3VPN HVPN, which carries Layer 3 services, needs to evolve to EVPN L3VPN HVPN.

Figure 1 shows the basic architecture of an EVPN L3VPN HVPN consisting of mainly UPEs, SPE, and NPE:
  • UPE: A UPE is a device that is directly connected to a user and is referred to as an underlayer PE or a user-end PE, therefore shortened as UPE. UPEs provide access services for users.
  • SPE: An SPE is a superstratum PE or service provider-end PE, which is connected to UPEs and located at the core of a network. An SPE manages and advertises VPN routes.
  • NPE: An NPE is a network provider-end PE that is connected to SPEs and located at the network side.
Figure 1 Basic EVPN L3VPN HVPN architecture

EVPN L3VPN HVPN is classified into EVPN L3VPN HoVPN or EVPN L3VPN H-VPN:

  • EVPN L3VPN HoVPN: An SPE advertises only default routes or summarized routes to UPEs. UPEs do not have specific routes to NPEs and can only send service data to SPEs over default routes. As a result, route isolation is implemented. An EVPN L3VPN HoVPN can use devices with relatively poor route management capabilities as UPEs, reducing network deployment costs.

  • EVPN L3VPN H-VPN: SPEs advertise specific routes to UPEs. UPEs function as RR clients to receive the specific routes reflected by SPEs functioning as RRs. This mechanism facilitates route management and traffic forwarding control.

As L3VPN HoVPN evolves towards EVPN L3VPN HoVPN, the following interworking scenarios occur:

  • Interworking between EVPN L3VPN HoVPN and common L3VPN: EVPN L3VPN HoVPN is deployed between the UPEs and SPE, and L3VPN is deployed between the SPE and NPE. The SPE advertises only default routes or summarized routes to the UPEs. After receiving specific routes (EVPN routes) from the UPEs, the SPE encapsulates these routes into VPNv4 routes and advertises them to the NPE.

  • Interworking between L3VPN HoVPN and BD EVPN L3VPN: L3VPN HoVPN is deployed between the UPEs and SPE, and BD EVPN L3VPN is deployed between the SPE and NPE. The SPE advertises only default routes or summarized routes to the UPEs. After receiving specific routes (L3VPN routes) from the UPEs, the SPE encapsulates these routes into EVPN routes and advertises them to the NPE.

Route Advertisement from CE1 to Device 1 on an EVPN L3VPN HoVPN or EVPN L3VPN H-VPN

Figure 2 shows route advertisement from CE1 to Device 1 on an EVPN L3VPN HoVPN or EVPN L3VPN H-VPN.

  1. CE1 advertises an IPv4 route to the UPE using the IP protocol.

  2. The UPE converts the IPv4 route into an IP prefix route with the next hop being the UPE and then sends the IP prefix route to the SPE through a BGP-EVPN peer relationship.

  3. Upon receipt, the SPE advertises this route to the NPE in either of the following ways:

    • Using RR: Configure the SPE as an RR so that the RR directly reflects the received IP prefix route to the NPE, and change the next hop of the route to the SPE. An EVPN L3VPN H-VPN supports only this mode.

    • Using re-encapsulation: The SPE re-encapsulates the IP prefix route into a new IP prefix route with the next hop being the SPE. Then the SPE advertises the new route to the NPE through a BGP-EVPN peer relationship.

  4. After receiving the IP prefix route, the NPE imports the route into its VRF table under the condition that the route's next hop is reachable.

  5. The NPE advertises the IPv4 route to Device 1 using the IP protocol.

Figure 2 Route advertisement from CE1 to Device 1 on an EVPN L3VPN HoVPN or EVPN L3VPN H-VPN

Route Advertisement from Device 1 to CE1 on an EVPN L3VPN HoVPN

Figure 3 shows route advertisement from Device 1 to CE1 on an EVPN L3VPN HoVPN.

  1. Device 1 advertises an IPv4 route to the NPE using the IP protocol.

  2. The NPE converts the IPv4 route into an IP prefix route with the next hop being the NPE and then sends it to the SPE.

  3. Upon receipt, the SPE converts the IP prefix route into an IPv4 route and imports it into its VRF table under the condition that the route's next hop is reachable.

  4. The SPE imports a default route or summarized route into its VRF table, converts the default or summarized route into an IP prefix route with the next hop being the SPE, and then advertises the IP prefix route to the UPE.

  5. Upon receipt, the UPE converts the IP prefix route into an IPv4 route and imports it into its VRF table under the condition that the route's next hop is reachable.

  6. The UPE advertises the IPv4 route to CE1 using the IP protocol.

Figure 3 Route advertisement from Device 1 to CE1 on an EVPN L3VPN HoVPN

Route Advertisement from Device 1 to CE1 on an EVPN L3VPN H-VPN

Figure 4 shows route advertisement from Device 1 to CE1 on an EVPN L3VPN H-VPN.

  1. Device 1 advertises an IPv4 route to the NPE using the IP protocol.

  2. The NPE converts the IPv4 route into an IP prefix route with the next hop being the NPE and then sends it to the SPE.

  3. Upon receipt, the RR-enabled SPE advertises the IP prefix route to the UPE, and the route's next hop is changed to the SPE.

  4. Upon receipt, the UPE converts the IP prefix route into an IPv4 route and imports it into its VRF table under the condition that the route's next hop is reachable.

  5. The UPE advertises the IPv4 route to CE1 using the IP protocol.

Figure 4 Route advertisement from Device 1 to CE1 on an EVPN L3VPN H-VPN

Route Advertisement from Device 1 to CE1 on an EVPN L3VPN HoVPN or EVPN L3VPN H-VPN

Packet forwarding from Device 1 to CE1 on an EVPN L3VPN HoVPN or EVPN L3VPN H-VPN is as follows:

  1. Device 1 sends a VPN packet to the NPE.

  2. After receiving the packet, the NPE searches its VPN forwarding table for a tunnel to forward the packet based on the destination address of the packet. Then, the NPE adds a VPN label (inner) and a tunnel label (outer) to the packet and sends the packet to the SPE over the found tunnel.

  3. Upon receipt, the SPE removes the outer tunnel label, replaces the inner VPN label with a new one, and then adds the outer tunnel label to the packet. Then, the SPE forwards the packet to the UPE through the tunnel.

  4. After receiving the packet, the UPE removes the outer tunnel label and searches for a VPN instance corresponding to the packet based on the inner VPN label. Then, the UPE searches the forwarding table of the found VPN instance for the outbound interface of the packet based on the destination address of the packet. The UPE sends the packet from the corresponding outbound interface to CE1. The packet sent by the UPE is a pure IP packet with no label.

Packet Forwarding from CE1 to Device 1 on an EVPN L3VPN HoVPN

Packet forwarding from CE1 to Device 1 on an EVPN L3VPN HoVPN is as follows:

  1. CE1 sends a VPN packet to the UPE.

  2. After receiving the packet, the UPE searches its VPN forwarding table for a tunnel to forward the packet based on the destination address of the packet (the UPE does so by matching the destination address of the packet against the forwarding entry for the default route or summarized route). Then, the UPE adds a VPN label (inner) and a tunnel label (outer) to the packet and sends the packet to the SPE over the found tunnel.

  3. Upon receipt, the SPE removes the outer tunnel label and finds the corresponding VPN instance based on the inner VPN label. The SPE then removes the inner VPN label, searches the forwarding table of the VPN instance for a tunnel to forward the packet based on the destination address of the packet. Then, the SPE adds a new VPN label (inner) and tunnel label (outer) to the packet and sends the packet to the NPE through the found tunnel.

  4. After receiving the packet, the NPE removes the outer tunnel label and searches for a VPN instance corresponding to the packet based on the inner VPN label. Then, the NPE searches the forwarding table of the found VPN instance for the outbound interface of the packet based on the destination address of the packet. The NPE sends the packet from the corresponding outbound interface to Device 1. The packet sent by the NPE is a pure IP packet with no label.

Packet Forwarding from CE1 to Device 1 on an EVPN L3VPN H-VPN

Packet forwarding from CE1 to Device 1 on an EVPN L3VPN H-VPN is as follows:

  1. CE1 sends a VPN packet to the NPE.

  2. After receiving the packet, the UPE searches its VPN forwarding table for a tunnel to forward the packet based on the destination address of the packet (the UPE does so by matching the destination address of the packet against the forwarding entry for the specific route received from the SPE). Then, the UPE adds a VPN label (inner) and a tunnel label (outer) to the packet and sends the packet to the SPE over the found tunnel.

  3. Upon receipt, the SPE removes the outer tunnel label, replaces the inner VPN label with a new one, and then adds the outer tunnel label to the packet. Then, the SPE forwards the packet to the NPE through the tunnel.

  4. After receiving the packet, the NPE removes the outer tunnel label and searches for a VPN instance corresponding to the packet based on the inner VPN label. Then, the NPE searches the forwarding table of the found VPN instance for the outbound interface of the packet based on the destination address of the packet. The NPE sends the packet from the corresponding outbound interface to Device 1. The packet sent by the NPE is a pure IP packet with no label.

Route advertisement and packet forwarding in scenarios where EVPN L3VPN HoVPN and common L3VPN interwork or L3VPN HoVPN and BD EVPN L3VPN interwork differ from those processes on an EVPN L3VPN HoVPN or L3VPN HoVPN only in re-encapsulation of BGP VPNv4 or IP prefix routes on the SPE:

  • Interworking between EVPN L3VPN HoVPN and common L3VPN: After receiving the IP prefix route carrying CE1's specific route from the UPE, the SPE re-encapsulates the IP prefix route into a BGP VPNv4 route and advertises it to the NPE.

  • Interworking between L3VPN HoVPN and BD EVPN L3VPN: After receiving the BGP VPNv4 route carrying CE1's specific route from the UPE, the SPE re-encapsulates the BGP VPNv4 route into an IP prefix route and advertises it to the NPE.

Parent Topic: Application Scenarios for EVPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >