Skip to main content
Versa Networks

Configure EVPN Multihoming for Hosts Using ZT-LAN

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

You can configure Ethernet VPN (EVPN) multihoming on Versa Operating SystemTM (VOSTM) devices to connect customer host devices with ZT-LAN devices. EVPN multihoming helps improve network performance and increase the reliability of traffic flows among multihomed devices.

EVPN Multihoming Concepts

An EVPN carries Layer 2 Ethernet traffic as a virtual private network using wide-area network (WAN) protocols. In EVPN mulithoming, a host device connects to two or more ZT-LAN devices using a set of Ethernet links. The set of Ethernet links is called an Ethernet segment (ES). Each shared Ethernet segment across the ZT-LAN devices is identified by an Ethernet segment identifier (ESI), which is a 10-octet, non-zero value that is unique across the network. You configure the ESI for an interface in much the same way as you configure a native VLAN ID.

EVPN Multihoming Modes

VOS devices support two EVPN multihoming modes: all-active and single-active.

In all-active mode, all the ZT-LAN devices to which the multihomed host connects are in active mode, which means that they can all forward traffic. All-active mode provides active-active redundancy among the ZT-LAN devices and allows load balancing of Layer 2 traffic across all the multihomed links to and from the host.

The following figure illustrates EVPN all-active multihoming mode. Here, Host A is multihomed to ZT-LAN Device1 and ZT-LAN Device2. Both ZT-LAN Device1 and ZT-LAN Device2 have active links to Host A using ESI 1, and both ZT-LAN devices can forward traffic.

EVPN-multihoming-active-active-v6.png

In single-active mode, only one of the ZT-LAN devices to which the multihomed host is  is in active mode, which means that active device is the only ZT-LAN device that forwards traffic. The remaining ZT-LAN devices are in standby mode. If the link to the active ZT-LAN device or the active ZT-LAN device itself fails, the standby link or ZT-LAN device becomes active and takes over forwarding traffic to and from the multihomed host.

The following figure illustrates single-active mode. Here, Host A is multihomed to ZT-LAN Device1 and ZT-LAN Device2. ZT-LAN Device1 is the designated forwarder device, which is the ZT-LAN device in a multihomed ZT-LAN device group responsible for forwarding broadcast, unknown, and multicast (BUM) traffic to and from a host device, and ZT-LAN Device1 has an active link to Host A over ESI 1. ZT-LAN Device2 has a standby link to Host A over ESI 1. If the active link between Host A and ZT-LAN Device1 fails, the standby link between Host A and ZT-LAN Device2 becomes active.

EVPN-multihoming-active-standby-v7.png

Forwarding Actions

The ZT-LAN device in a multihomed ZT-LAN device group that is responsible for forwarding broadcast, unknown, and multicast (BUM) traffic to and from a host is called the designated forwarder (DF). A backup designated forwarder (BDF), also called a non-designated forwarder (non-DF) device, is available if the designated forwarder encounters a failure.

In an EVPN multihomed topology, the forwarding action depends on the multihoming mode, as follows:

  • All-active mode
    • If the multihomed link on the ZT-LAN device is in active state and the device is a designated forwarder on the link, the link accepts and forwards BUM traffic arriving from the EVPN core.
    • If the multihomed link on the ZT-LAN device is in active state and the device is a backup designated forwarder on the link, the link forwards known unicast traffic from the EVPN core and drops BUM traffic from the EVPN core.
  • Single-active mode
    • If the multihomed link on the ZT-LAN device is in active state, the link accepts and forwards BUM traffic arriving from the EVPN core.
    • If the multihomed link on the ZT-LAN device is in standby state, the link drops unicast and BUM traffic arriving on the link, and the link does not forward unicast or BUM traffic to that link coming from other links in the bridge domain.

The following table describes how unicast and BUM traffic are forwarded in all-active and single-active EVPN multihoming modes.

Traffic Type All-Active Mode Single-Active Mode
Known unicast    
  • Local to EVPN core traffic
  • Load-balance traffic to all ZT-LAN devices on the multihomed link.
  • Only the designated forwarder ZT-LAN device learns MAC addresses and forwards traffic.
  • EVPN core to local traffic
  • Load-balance traffic from the EVPN core to all ZT-LAN devices on the multihomed link.
  • Remote ZT-LAN device learns MAC addresses only from the designated forwarder.
  • Remote ZT-LAN device forwards all known unicast traffic to designated forwarder ZT-LAN device.
BUM    
  • Local to EVPN core traffic
  • ZT-LAN device forwards received BUM traffic to all remote ZT-LAN devices over the EVPN core.
  • Only the ZT-LAN device that is the designated forwarder learns MAC addresses and forwards BUM traffic.
  • EVPN core to local traffic
  • Only the ZT-LAN device that is the designated forwarder forwards BUM traffic received from the EVPN core.
  • Only the ZT-LAN device that is the designated forwarder forwards BUM traffic received from EVPN core.

For BUM traffic, a BUM route has both regular and ZT-LAN-based bridge domain interfaces. When forwarding traffic to a multihomed ZT-LAN device, an extra ESI label is added to prevent transient loops in the network. For more information, see the Split Horizon section, below.

For the destination ZT-LAN device to forward packets, it first performs an EVPN lookup to determine the bridge domain. Then, it performs a MAC lookup and uses the information in the MAC entry to forward packets.

Split-Horizon Filtering

EVPNs implement split-horizon filtering to prevent packets from looping.

In all-active mode, split-horizon filtering works as follows. If the host sends a BUM packet to a ZT-LAN device that is a non-designated forwarder, the ZT-LAN device tags the packet with two labels, a split-horizon label (which is the ZT-LAN device's ESI) and an EVPN BUM label. The ZT-LAN device then forwards the BUM packet to the other ZT-LAN devices in the EVPN instance, including the designated forwarder ZT-LAN device for the Ethernet segment. Then, the designated forwarder ZT-LAN device to which the host is multihomed drops the packet and so does not forward it back to the originating host.

In the following figure, the non-designated forwarder device, ZT-LAN Device2, receives BUM traffic from Host A and forwards it to the other ZT-LAN device in the Ethernet segment, ZT-LAN Device1. Because ZT-LAN Device1 is the designated forwarder device, it drops the BUM traffic and does not forward it back to Host A.

split-horizon-v5.png

In single-active mode, split-horizon filtering prevents transient loops when the Ethernet segment fails or is recovering from a failure.

Configure EVPN Multihoming

You can configure EVPN multihoming using three types of interfaces:

  • Virtual network interface (vni)
  • Aggregate Ethernet interface (ae)
  • (Releases 22.1.1 and later) ENet interface (enet)

Note: The following configuration uses the enet interface type. You configure multihoming in the same way when using vni and ae interfaces. 

To configure EVPN multihoming:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select an appliance in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > Interfaces in the left menu bar. The Interfaces dashboard displays, and the VNI tab is selected by default.
  4. Select the ENet tab. 

    Interfaces-dashboard-enet-tab-border.png
  5. Click an interface name in the main pane. The Edit ENet Interface screen for the selected interface displays, and the General is selected by default.
     edit-Ethernet-interface-multihoming-tab-v5-border.png
  6. Click the Multihoming tab in the horizontal submenu and enter information for the following fields.
     
    Field Description
    Active Mode

    Select the active mode:

    • All Active—Use active-active mode.
    • Single Active—Use active-standby mode.
    ESI Enter the ESI hexadecimal list value, which is a 10-octet value separated by colons (:), for example, 00:10:00:00:00:00:00:00:01:00.

  7. Click OK.

Configure Link Aggregation for All-Active Multihoming

In all-active mode, the multihomed host can either connect to more than one ZT-LAN devices using static link aggregation (LAG) and the Link Aggregation Control Protocol (LACP).

Note: Link Aggregation for multihoming is supported only when using EVPN VXLAN.

Note: Multihomed hosts in single-active mode cannot use LAG to connect to multihomed ZT-LAN devices. However, links connecting to the same ZT-LAN device can use LAG.

The following figure shows a host that connects to two ZT-LAN devices, Switch1 and Switch2, using an aggregated Ethernet link, AE-1. The two ZT-LAN devices forward traffic from Host A to Host B through Switch3 over the local network.

multihoming-LAG-active-active.png

To enable LACP on a host, you configure the same LACP system identifier and administrative key on all the ZT-LAN devices that are bundled in the aggregated link. You also configure a unique chassis ID on each ZT-LAN device.

Note that you cannot configure xSTP on a link that has an ESI ID, or vice versa.

To configure link aggregation for all-active–mode multihoming:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select an appliance in the main pane. The view changes to Appliance view.
  2. Select Networking > Interfaces in the left menu bar. The Interfaces dashboard displays, and the VNI tab selected by default.
  3. Select the AE tab, then click the desired interface in the main pane. The Edit Ethernet Interface screen for the selected ae interface displays.
  4. In the General tab, enter information for the following fields.

    edit-ae-interface-border.png
    Field Description
    System ID/MAC Enter a user-defined system identifier for the device, which must be exactly 6 octets (for example, 20:10:00:00:00:03).
    Chassis ID

    Enter a chassis ID number. For multichassis LAG, a port from each VOS device should be uniquely identifiable. It is possible for each VOS device to assign the same port ID to its aggregate member interface. To avoid this issue, configure a unique chassis ID on each VOS device. The chassis ID is combined with the locally assigned port ID to determine a unique Actor_Port number that is sent in the LACPDU frame.

    Range: 1 through 7

    Default: None
    LACP Click the checkbox to enable LACP.
    Admin Key

    Enter an administrative key number. The administrative key, in conjunction with the system ID, enables ports from two separate VOS devices to behave as if they are part of the same aggregate interface. For multichassis LAG, configure the same administrative key and system ID on the two VOS devices. The administrative key corresponds to the Actor_Key value encoded in the LACPDU frame.

    Range: 1 through 65535

    Default: None
  5. Click OK.

Monitor Links in the EVPN Core

In all-active mode and in single-active mode, if the ZT-LAN device is the active device, and if the interface on the LAN-access side of the ZT-LAN device is operationally up, the host sends traffic to the ZT-LAN device. However, when the transport network at the ZT-LAN device is down, traffic on the LAN-access side of the ZT-LAN device is blackholed. To avoid the blackholing of traffic, you can configure a monitor group and apply it to the access side of the LAN interface configured for the Ethernet segment. Using monitor groups, if all the uplinks on the ZT-LAN device are down, the ZT-LAN device's interface toward the LAN-access side is brought down. With this configuration, traffic is not blocked if the EVPN-core side of network is down and a host sends traffic toward other ZT-LAN devices.

Depending on your scenario, you can configure the monitor group to contain different monitors, as follows:

  • Monitor group consists of monitors to each Controller node. One issue with monitoring for BGP Controllers is that if the ZT-LAN device loses connectivity to the Controller nodes, the LAN-side interface goes down even though the device is still able to connect to other devices. If only the network towards the Controller node is down, all the multihomed devices could bring down the LAN-side network.
  • Monitor group consists of monitors to each Controller node and to all multihomed peers. This option improves the probability of determining the black out. However, if the Controller nodes and all the multihomed peers encounter a split-brain scenario, the LAN interface goes down.
  • Monitor group consists of monitors to each Controller node, to each multihomed peer, and to some of the VOS devices. Of the first three options, this one has the best probability of detecting a transport network failure.
  • Monitor group consists of monitors to each Controller node, to each multihomed peer, and to all VOS devices participating in the bridge domain. This option works in all scenarios, but it requires that each VOS device perform a large amount of monitoring.

To configure monitors:

  1. In Director view, select the Administration tab in the top menu bar.
  2. Select Appliances in the left menu bar.
  3. Select a device in the main pane. The view changes to Appliance view.
  4. Select the Configuration tab in the top menu bar.
  5. Select Network > IP SLA > Monitor in the left menu bar.
  6. Click the add-icon-black-on-white.png Add icon to create a monitor for the Controller. The Add IP-SLA Monitor popup window displays. Enter information for the following fields.

    add-IP-SLA-monitor-border.png
     
    Field Description
    Name Enter a name for the IP SLA monitor object. This example uses the name Monitor-controller1.
    Interval

    Click, and enter the frequency, in seconds, at which to send ICMP packets to the IP address.

    Range: 1 through 60 seconds

    Default: 3 seconds
    Threshold

    Enter the maximum number of ICMP packets to send to the IP address. If the IP address does not respond after this number of packets, the monitor object, and hence the IP address, is marked as down.

    Range: 1 through 60

    Default: 5
    Monitor Type Select ICMP for the type of packets to send to the IP address.
    Monitor Subtype

    Select the No subtype option, which is the default setting.
    Source Interface Select the source interface on which to send the probe packets. This interface determines the routing instance through which to send the probe packets. This routing instance is the target routing instance for the probe packets.
    IP Address Enter the IP address of the Controller to monitor.
  7. Click OK.

To create a monitor group and add the monitor object:

  1. Continuing from the previous procedure, select Networking Networking-icon.png > IP-SLA > Group in the left menu bar.
  2. Click the add-icon-black-on-white.png Add icon to create a monitor group. The Add IP-SLA Monitor Group popup window displays. Enter information for the following fields.

    add-IP-SLA-monitor-group-v2-border.png
     
    Field Description
    Name Enter a name for the IP SLA monitor group. This example uses the name Monitor-Controllers-group.
    Operation

    Select the or boolean operation to perform on the monitors
    List of Monitors (Table)  
    • Available
    		 Displays the list of available monitors for this appliance. Select and click on the monitor that you want to add to the group. This example uses the names Monitor-controller1 and Monitor-controller2.
    • Selected
    		 Displays the monitor that you added to the group.
  3. Click OK.

Next, you associate the monitor group with a LAN interface as the standby option, with the match state configured as "Up". To configure this use case scenario:

  1. Continuing from the previous procedure, select Network > Interfaces in the left menu bar.
  2. Select the ENet tab, then select an enet interface in the main pane. The Edit ENet Interface popup window displays.
  3. Click the Sub Interfaces tab, then click a configured subinterface. The Edit Subinterface screen displays.
  4. Select the IPv4 tab, then select the Standby tab and the Activate on Monitor tab, and enter information for the following fields.

    edit-subinterface-IPv4-tab-border.png
     
    Field Description
    Monitor Group Select the monitor group, for example, Monitor-Controllers-group.
    Match State

    Select the Up option.
  5. Click OK.

Verify the EVPN Multihoming Configuration

To verify the EVPN multihoming configuration:

  1. In Director view, select the Monitor tab in the top menu bar.
  2. Select an organization from the drop-down list in the Organization field.
  3. Select the Devices tab.

    monitor-org-devices-vxlan-v2-border.png
     
  4. Select a device in the main pane. The screen displays information for the selected device. 
  5. Select the Networking tab, then select Switching.

    monitor-device-switching-vxlan-v2-border.png
  6. Select the MAC Address Table in the horizontal menu bar.
  7. Select a switch name from the first drop-down list.
  8. Select a VLAN from the second drop-down list.
  9. Select the type of output to display from the third drop-down list, either Brief (default) or Statistics. The screen displays bridge MAC table information.

    mac-address-table-vxlan-v2-border.png
  10. Select the EVPN Multihoming tab. The screen displays the EVPN monitoring data for the selected virtual switch and VLAN (Tenant1-default-switch and vlan-1001 in the screen capture below) for active-active mode. Note that EVPN monitoring data is not available for active-standby mode.

    EVPN-multihoming-monitor.png

Supported Software Information

Releases 21.2.1 and later support all content in this article, except:

  • Release 22.1.1 supports Ethernet interfaces.