Traffic Forwarding Issue with EVPNs on NCS-540

malik.naeem · ‎10-11-2024

Hello,

We having problem in creating L2VPN EVPN using NCS-540.

We already have multiple NCS-5508 and NCS-55A2 in our network, and we have no issue in running EVPNs. But the same config is not working on NCS-540.

The control plane seems to be fine as the PE devices are successfully exchanging the MAC addresses but the traffic is not flowing across the VPN.

Below are some configuration details:

##################################################
Config on PE-1 (NCS5508 -- IOS-XR 7.2.2)
##################################################

interface Bundle-Ether12.999 l2transport
encapsulation dot1q 999
!
l2vpn
bridge group bg999
bridge-domain bd999
interface Bundle-Ether12.999
!
evi 999
!
!
!
!
evpn
evi 999
bgp
route-target import 18053:999
route-target export 18053:999
!
advertise-mac
!
!
!

##################################################
Config on PE-2 (NCS540 -- IOS-XR 7.7.21)
##################################################

interface TenGigE0/0/0/1.999 l2transport
encapsulation dot1q 999
!
l2vpn
bridge group bg999
bridge-domain bd999
interface TenGigE0/0/0/1.999
!
evi 999
!
!
!
!
evpn
evi 999
bgp
route-target import 18053:999
route-target export 18053:999
!
advertise-mac
!
!
!

##################################################
Verifications - On PE-1
##################################################

RP/0/RP0/CPU0:NCS5508#show bgp l2vpn evpn bridge-domain bd999
BGP router identifier 10.240.0.1, local AS number 18053
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 510062957
BGP NSR Initial initsync version 81 (Reached)
BGP NSR/ISSU Sync-Group versions 510062957/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.240.0.1:999 (default for vrf bd999)
*> [1][0190.77ee.0fd8.ee00.0100][0]/120
0.0.0.0 0 i
*>i[2][0][48][0005.9b28.27ef][0]/104
10.240.0.98 100 0 i
*>i[2][0][48][0005.9b28.27fc][0]/104
10.240.0.98 100 0 i
*> [2][0][48][9077.ee0f.d8ed][0]/104
0.0.0.0 0 i
*> [3][0][32][10.240.0.1]/80
0.0.0.0 0 i
*>i[3][0][32][10.240.0.98]/80
10.240.0.98 100 0 i

Processed 6 prefixes, 6 paths

##################################################

RP/0/RP0/CPU0:NCS5508#show l2vpn forwarding bridge-domain bg999:bd999 mac-address location 0/0/cPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location <r/s/i>

Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0005.9b28.27ef static BD id: 53 N/A N/A N/A
0005.9b28.27fc static BD id: 53 N/A N/A N/A
9077.ee0f.d8ed static BE12.999 N/A N/A N/A

##################################################
Verifications - On PE-2
##################################################

RP/0/RP0/CPU0:NCS540#sh bgp l2vpn evpn bridge-domain bd999
BGP router identifier 10.240.0.98, local AS number 18053
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0
BGP main routing table version 103
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.240.0.98:999 (default for vrf bd999)
*>i[1][0190.77ee.0fd8.ee00.0100][0]/120
10.240.0.1 100 0 i
*>i[1][0190.77ee.0fd8.ee00.0100][4294967295]/120
10.240.0.1 100 0 i
*> [2][0][48][0005.9b28.27ef][0]/104
0.0.0.0 0 i
*> [2][0][48][0005.9b28.27fc][0]/104
0.0.0.0 0 i
*>i[2][0][48][9077.ee0f.d8ed][0]/104
10.240.0.1 100 0 i
*>i[3][0][32][10.240.0.1]/80
10.240.0.1 100 0 i
*> [3][0][32][10.240.0.98]/80
0.0.0.0 0 i

Processed 7 prefixes, 7 paths
RP/0/RP0/CPU0:NCS540#

##################################################

RP/0/RP0/CPU0:NCS540#show l2vpn forwarding bridge-domain bg999:bd999 mac-address location 0/0/cPU0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location <r/s/i>

Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0005.9b28.27ef dynamic Te0/0/0/1.999 N/A 09 Oct 15:00:11 N/A
0005.9b28.27fc dynamic Te0/0/0/1.999 N/A 09 Oct 15:00:11 N/A
9077.ee0f.d8ed EVPN BD id: 0 N/A N/A N/A
RP/0/RP0/CPU0:NCS540#

Please note that the exact same config is working on other NCS55A2 & NCS5508 nodes. The problem is only being faced on NCS540.

Are we missing something? Do we need to do any additional config on the NCS540?

Regards,

tkarnani · ‎10-11-2024

on the l2transport interface, looks like you are missing "rewrite ingresss tag pop 1 symmetric"

other than that it would be a data path issue, you can use a tool such as span to file to narrow down where the traffic is being los
https://community.cisco.com/t5/service-providers-knowledge-base/7-1-2-feature-introduction-span-to-file/ta-p/4652573

malik.naeem · ‎10-13-2024

Thanks for your response.

"rewrite ingresss tag pop 1 symmetric" is not applicable in our case as we are trying to forward tagged traffic (and also we dont have double tags).

MHM Cisco World · ‎10-14-2024

If the bridge receive tag frame then you need rewite ingress.

Also bridge use between different point connect to same device here you need brdige between psudo and interface direct connect<<- i will try find example for you for this case

MHM