EVPN L3VPN combines the BGP control plane of EVPN with the Layer 3 routing capabilities of traditional MPLS VPNs. Using EVPN route type 5 (IP Prefix Routes), PE routers advertise IP prefixes from customer VRFs across the SR-MPLS backbone — enabling scalable, automated inter-site IP routing without the operational complexity of separate BGP-VPNv4 and LDP deployments.
EVPN Route Type 5: IP Prefix Routes
Route type 5 is the foundation of EVPN L3VPN. Each PE router:
- Learns IP prefixes from CE devices (via static routes, BGP, OSPF, or connected routes in the VRF)
- Advertises them as EVPN type-5 routes with an SR label allocated from the Node SID space
- Remote PEs import the type-5 routes into their local VRF routing tables
- Traffic flows directly over SR-MPLS using the advertised label — no need for separate LDP or RSVP-TE
EVPN-L3VPN Topology
EVPN-L3VPN Configuration on OcNOS
! OcNOS -- PE1: EVPN L3VPN with VRF and type-5 advertisement
!
! Step 1: Create VRF for tenant isolation
vrf TENANT-A
rd 65001:1000
route-target import 65001:1000
route-target export 65001:1000
!
! Step 2: ISIS-SR underlay with TI-LFA
router isis CORE
net 49.0001.0000.0000.0001.00
is-type level-2-only
segment-routing mpls
fast-reroute per-prefix level-2 ti-lfa
address-family ipv4 unicast
segment-routing mpls
exit-address-family
!
interface lo
ip address 10.0.0.1/32
ip router isis CORE
isis segment-routing prefix-sid index 1
!
! Step 3: BGP EVPN session
router bgp 65001
bgp router-id 10.0.0.1
neighbor 10.0.0.2 remote-as 65001
neighbor 10.0.0.2 update-source lo
!
address-family l2vpn evpn
neighbor 10.0.0.2 activate
advertise-all-vni
exit-address-family
!
! VRF address family: advertise VRF routes as EVPN type-5
vrf TENANT-A
rd 65001:1000
route-target import 65001:1000
route-target export 65001:1000
!
address-family ipv4 unicast
redistribute connected
redistribute static
! If CE uses BGP:
neighbor 192.168.1.2 remote-as 65100
neighbor 192.168.1.2 activate
exit-address-family
!
! Step 4: Advertise VRF IPv4 routes as EVPN type-5 to remote PEs
router bgp 65001
address-family l2vpn evpn
advertise ipv4 unicast ! Generates type-5 routes from VRF table
exit-address-family! OcNOS -- PE2: Import EVPN type-5 routes from PE1
! PE2 mirrors PE1 config with its own RD and CE subnet
!
vrf TENANT-A
rd 65002:1000 ! Unique RD per PE
route-target import 65001:1000 ! Import PE1 routes
route-target export 65001:1000 ! Export to PE1
!
router bgp 65002
vrf TENANT-A
address-family ipv4 unicast
redistribute connected
neighbor 192.168.2.2 remote-as 65200 ! CE-B
neighbor 192.168.2.2 activate
exit-address-family
!
router bgp 65002
address-family l2vpn evpn
advertise ipv4 unicast
exit-address-familyDCI Use Case: EVPN L3VPN for Data Center Interconnect
! OcNOS -- DCI: EVPN type-5 for inter-DC routing
! Border Leaf exports DC VRF subnets to remote DC via EVPN
!
vrf DC-FABRIC
rd 65001:2000
route-target import 65001:2000 ! Import from remote DC
route-target export 65001:2000 ! Export local DC subnets
!
router bgp 65001
vrf DC-FABRIC
address-family ipv4 unicast
redistribute connected ! Advertise all local subnets
maximum-paths 4 ! ECMP to remote DCs
exit-address-family
!
router bgp 65001
address-family l2vpn evpn
advertise ipv4 unicast ! Export DC routes as type-5 to WAN
exit-address-familyVerification Commands
! OcNOS -- EVPN L3VPN verification
!
! Check EVPN type-5 routes in BGP table:
show bgp l2vpn evpn route type prefix
! Expected: 10.10.1.0/24 from PE1, 10.10.2.0/24 from PE2
!
! Verify routes are installed in VRF routing table:
show ip route vrf TENANT-A
!
! Check EVPN L3VPN label allocation:
show bgp l2vpn evpn route type prefix detail
!
! Verify ISIS-SR TI-LFA backup paths:
show isis fast-reroute summary
!
! End-to-end connectivity test:
ping vrf TENANT-A 10.10.2.1 source 10.10.1.1- Multi-Domain ISIS-SR with BGP-LU and EVPN
- EVPN-ELINE: Point-to-Point L2 Service
- EVPN-ELAN: Multipoint L2 Service
- OcNOS-SP Product Page
- Contact IP Infusion
IP Infusion Engineering Team