EVPN E-Tree (Ethernet Tree) is a specialized multipoint Layer 2 service that enforces a root-and-leaf traffic hierarchy. While E-LAN allows any-to-any communication between all sites, E-Tree restricts leaf-to-leaf communication — traffic can only flow between root and leaf sites, never directly between two leaf sites. This makes E-Tree ideal for wholesale broadband aggregation, mobile backhaul, and managed service deployments where customer isolation is required.
E-Tree Traffic Model
EVPN-ETREE Use Cases
- Wholesale broadband aggregation — ISP connects subscriber sites (leaves) to a central gateway (root) while ensuring subscribers cannot communicate directly with each other
- Mobile backhaul — Cell sites (leaves) connect to a central packet core (root) with strict isolation between base stations
- Managed enterprise services — Branch offices (leaves) connect to headquarters (root) in a hub-and-spoke topology
EVPN-ETREE Configuration on OcNOS
! OcNOS -- Root PE: EVPN E-Tree root role
!
! Step 1: ISIS-SR underlay (standard)
router isis CORE
net 49.0001.0000.0000.0001.00
is-type level-2-only
segment-routing mpls
fast-reroute per-prefix level-2 ti-lfa
address-family ipv4 unicast
segment-routing mpls
exit-address-family
!
! Step 2: BGP EVPN
router bgp 65001
bgp router-id 10.0.0.1
neighbor 10.0.0.2 remote-as 65001
neighbor 10.0.0.2 update-source lo
neighbor 10.0.0.3 remote-as 65001
neighbor 10.0.0.3 update-source lo
!
address-family l2vpn evpn
neighbor 10.0.0.2 activate
neighbor 10.0.0.3 activate
exit-address-family
!
! Step 3: EVPN E-Tree instance -- ROOT role
l2vpn evpn
instance 300 vlan-based
rd 65001:300
route-target import 65001:300
route-target export 65001:300
!
evi 300
encapsulation mpls
etree root ! This PE is the root
!
! Step 4: Root CE-facing interface
interface eth-0-1
l2vpn evpn evi 300
encapsulation dot1q 300! OcNOS -- Leaf PE-1: EVPN E-Tree leaf role
! (Leaf PE-2 mirrors this configuration)
!
l2vpn evpn
instance 300 vlan-based
rd 65001:300
route-target import 65001:300
route-target export 65001:300
!
evi 300
encapsulation mpls
etree leaf ! This PE is a leaf
! Leaf role automatically enforces split-horizon:
! traffic received from one leaf will NOT be forwarded to other leaves
!
! Leaf CE-facing interface
interface eth-0-1
l2vpn evpn evi 300
encapsulation dot1q 300Multi-Homed Leaf Configuration
! OcNOS -- Multi-homed leaf: two PEs share the same ESI
! Both PE-1 and PE-2 are leaves; CE is dual-homed for redundancy
!
evpn
ethernet-segment 2
identifier 0200:0000:0000:0001:0000
multihoming-mode single-active ! One PE forwards at a time
!
!
interface bond0
evpn ethernet-segment 2
l2vpn evpn evi 300
encapsulation dot1q 300Verification
! OcNOS -- EVPN E-Tree verification
!
! Confirm root/leaf roles are correctly set:
show evpn evi detail
! Output should show: etree-role: root (or leaf)
!
! Verify split-horizon is active (leaf-to-leaf forwarding blocked):
show evpn ethernet-segment detail
!
! Check BGP E-Tree route community (carries root/leaf role information):
show bgp l2vpn evpn route type mac-ip detail
! Look for: E-Tree Route Community in extended community attribute
!
! Test traffic: hub CE should reach both spoke CEs
! Spoke CE-1 should NOT be able to ping spoke CE-2- EVPN-ELINE: Point-to-Point L2 Service
- EVPN-ELAN: Multipoint L2 Service
- EVPN-L3VPN over ISIS-SR
- OcNOS-SP Product Page
- Contact IP Infusion
IP Infusion Engineering Team