Example for Configuring VRRP over VXLAN with Inter-DC Master and Backup Gateways
Applicable Products and Versions
- This example applies to CE16800, CE12800, CE12800E, CE8800, CE7800, CE6800 (excluding the CE6820, CE6850EI, CE6810EI, and CE6810LI), and CE5880EI series switches running V200R002C50 or later versions.
- For details about the mapping between software versions and switch models, see the Hardware Query Tool.
Networking Requirements
On the network shown in Figure 1-12, an enterprise has two DCs deployed in different regions. It is required that the two DCs back up each other and active-active gateways be deployed in each DC to improve reliability. To achieve this, configure VRRP over VXLAN to implement inter-DC master/backup gateway.
Device |
Interface |
IP Address |
---|---|---|
Spine1 |
10GE1/0/1 |
192.168.1.1/24 |
10GE1/0/2 |
192.168.5.1/24 |
|
Loopback1 |
1.1.1.1/32 |
|
Loopback2 |
5.5.5.5/32 |
|
Spine2 |
10GE1/0/1 |
192.168.2.1/24 |
10GE1/0/2 |
192.168.6.1/24 |
|
Loopback1 |
1.1.1.1/32 |
|
Loopback2 |
6.6.6.6/32 |
|
Leaf1 |
10GE1/0/1 |
192.168.1.2/24 |
10GE1/0/2 |
192.168.2.2/24 |
|
Loopback1 |
3.3.3.3/32 |
|
Spine3 |
10GE1/0/1 |
192.168.3.1/24 |
10GE1/0/2 |
192.168.6.2/24 |
|
Loopback1 |
2.2.2.2/32 |
|
Loopback2 |
7.7.7.7/32 |
|
Spine4 |
10GE1/0/1 |
192.168.4.1/24 |
10GE1/0/2 |
192.168.5.2/24 |
|
Loopback1 |
2.2.2.2/32 |
|
Loopback2 |
8.8.8.8/32 |
|
Leaf2 |
10GE1/0/1 |
192.168.3.2/24 |
10GE1/0/2 |
192.168.4.2/24 |
|
Loopback1 |
4.4.4.4/32 |
Configuration Roadmap
Configure a routing protocol for VXLAN tunnel establishment. In this example, OSPF is used.
Establish a VXLAN tunnel between spine switches in different DCs, and configure a VNI and bind it to a BD.
Establish a VXLAN tunnel between leaf switches and between a leaf switch and a spine switch, and configure a VNI and bind it to a BD.
Create a VBDIF interface on each Spine and configure VRRP for master/backup gateway negotiation.
Deploy a DFS group on the two spine switches in each DC for device pairing, allowing active-active gateway implementation.
Configure Layer 2 sub-interfaces on the Leaf in each DC for host access.
(Optional) Perform either of the following configurations to prevent packet loss during traffic switchback after the master devices recover.
After VRRP status becomes stable, configure the two master VRRP devices to advertise VTEP routes after a delay that is longer than the time taken by VRRP-becoming-master. If the two master devices need to be restarted due to failures, manually power off one master device and do not restore it until the other master device recovers.
Configure a VTEP direct route on the loopback interfaces of the two master VRRP devices and associate the direct route with the VRRP status, so that the cost of the direct route can be adjusted according to the VRRP status. Specifically, if VRRP is not in the Master state, the cost increases, and the route priority decreases. Configure a dynamic routing protocol to import the direct route, to ensure that the VRRP status affects route selection of the dynamic routing protocol and traffic is imported to the recovery link only after VRRP status becomes Master. In addition, enable the backup VRRP devices to forward service traffic through VBDIF interfaces. If multiple VRRP backup groups need to be configured, configure the VRRP backup group that is associated with the loopback interface route as the mVRRP backup group and the rest as service VRRP backup groups, and bind the service VRRP backup groups to the mVRRP backup group.
Data Preparation
To complete the configuration, you need the following data:
Interface IP addresses (For details, see Table 1-13.)
OSPF area (0)
BD ID (10)
VNI ID (10)
Procedure
- Configure a routing protocol.
# Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4. For configuration details, see Configuration Files.
<HUAWEI> system-view [~HUAWEI] sysname Spine1 [*HUAWEI] commit [~Spine1] interface loopback 1 [*Spine1-LoopBack1] ip address 1.1.1.1 32 [*Spine1-LoopBack1] quit [*Spine1] interface loopback 2 [*Spine1-LoopBack2] ip address 5.5.5.5 32 [*Spine1-LoopBack2] quit [*Spine1] interface 10ge 1/0/1 [*Spine1-10GE1/0/1] undo portswitch [*Spine1-10GE1/0/1] ip address 192.168.1.1 24 [*Spine1-10GE1/0/1] quit [*Spine1] interface 10ge 1/0/2 [*Spine1-10GE1/0/2] undo portswitch [*Spine1-10GE1/0/2] ip address 192.168.5.1 24 [*Spine1-10GE1/0/2] quit [*Spine1] ospf [*Spine1-ospf-1] area 0 [*Spine1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [*Spine1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [*Spine1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [*Spine1-ospf-1-area-0.0.0.0] network 192.168.5.0 0.0.0.255 [*Spine1-ospf-1-area-0.0.0.0] quit [*Spine1-ospf-1] quit [*Spine1] commit
# After OSPF is configured, leaf and spine switches can learn the IP addresses of loopback interfaces of each other using OSPF and successfully ping each other.
- Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.)
# Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4.
[~Spine1] ip tunnel mode vxlan [*Spine1] assign forward nvo3 acl extend enable [*Spine1] commit
After configuring the VXLAN tunnel mode and enabling the VXLAN ACL extension function, save the configuration and restart the switch to make the configuration take effect.
- Configure a service access point on Leaf1 and Leaf2, respectively.
# Configure Leaf1. Repeat this step for Leaf2.
[~Leaf1] bridge-domain 10 [*Leaf1-bd10] quit [*Leaf1] interface 10ge 1/0/3.1 mode l2 [*Leaf1-10GE1/0/3.1] encapsulation dot1q vid 10 [*Leaf1-10GE1/0/3.1] bridge-domain 10 [*Leaf1-10GE1/0/3.1] quit [*Leaf1] commit
- Configure VXLAN tunnels in DCs and between DC1 and DC2.# Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4. For configuration details, see Configuration Files.
[~Spine1] evpn-overlay enable [*Spine1] commit [~Spine1] bgp 100 [*Spine1-bgp] peer 3.3.3.3 as-number 100 [*Spine1-bgp] peer 3.3.3.3 connect-interface loopback 2 [*Spine1-bgp] peer 4.4.4.4 as-number 100 [*Spine1-bgp] peer 4.4.4.4 connect-interface loopback 2 [*Spine1-bgp] peer 6.6.6.6 as-number 100 [*Spine1-bgp] peer 6.6.6.6 connect-interface loopback 2 [*Spine1-bgp] peer 7.7.7.7 as-number 100 [*Spine1-bgp] peer 7.7.7.7 connect-interface loopback 2 [*Spine1-bgp] peer 8.8.8.8 as-number 100 [*Spine1-bgp] peer 8.8.8.8 connect-interface loopback 2 [*Spine1-bgp] l2vpn-family evpn [*Spine1-bgp-af-evpn] peer 3.3.3.3 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 4.4.4.4 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 6.6.6.6 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 7.7.7.7 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 8.8.8.8 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] quit [*Spine1-bgp] quit [*Spine1] commit [~Spine1] bridge-domain 10 [*Spine1-bd10] vxlan vni 10 [*Spine1-bd10] evpn [*Spine1-bd10-evpn] route-distinguisher 10:1 [*Spine1-bd10-evpn] vpn-target 11:1 [*Spine1-bd10-evpn] quit [*Spine1-bd10] quit [*Spine1] commit [~Spine1] interface nve 1 [*Spine1-Nve1] source 1.1.1.1 [*Spine1-Nve1] vni 10 head-end peer-list protocol bgp [*Spine1-Nve1] quit [*Spine1] commit
# Configure Leaf1. Repeat this step for Leaf2. For configuration details, see Configuration Files.
[~Leaf1] evpn-overlay enable [*Leaf1] commit [~Leaf1] bgp 100 [*Leaf1-bgp] peer 4.4.4.4 as-number 100 [*Leaf1-bgp] peer 4.4.4.4 connect-interface loopback 1 [*Leaf1-bgp] peer 5.5.5.5 as-number 100 [*Leaf1-bgp] peer 5.5.5.5 connect-interface loopback 1 [*Leaf1-bgp] peer 6.6.6.6 as-number 100 [*Leaf1-bgp] peer 6.6.6.6 connect-interface loopback 1 [*Leaf1-bgp] peer 7.7.7.7 as-number 100 [*Leaf1-bgp] peer 7.7.7.7 connect-interface loopback 1 [*Leaf1-bgp] peer 8.8.8.8 as-number 100 [*Leaf1-bgp] peer 8.8.8.8 connect-interface loopback 1 [*Leaf1-bgp] l2vpn-family evpn [*Leaf1-bgp-af-evpn] peer 4.4.4.4 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 5.5.5.5 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 6.6.6.6 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 7.7.7.7 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 8.8.8.8 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] quit [*Leaf1-bgp] quit [*Leaf1] commit [~Leaf1] bridge-domain 10 [~Leaf1-bd10] vxlan vni 10 [*Leaf1-bd10] evpn [*Leaf1-bd10-evpn] route-distinguisher 50:1 [*Leaf1-bd10-evpn] vpn-target 11:1 [*Leaf1-bd10-evpn] quit [*Leaf1-bd10] quit [*Leaf1] commit [~Leaf1] interface nve 1 [*Leaf1-Nve1] source 3.3.3.3 [*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp [*Leaf1-Nve1] quit [*Leaf1] commit
- Configure all-active gateways in the DC on spine switches.
# Configure service loopback interfaces on spine switches. (This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.)
Configure Spine1. Repeat this step for Spine2, Spine3 and Spine4. For configuration details, see Configuration Files.
[~Spine1] interface eth-trunk 1 [*Spine1-Eth-Trunk1] service type tunnel [*Spine1-Eth-Trunk1] trunkport 10ge 1/0/5 [*Spine1-Eth-Trunk1] quit [*Spine1] commit
# Configure Spine1.
[~Spine1] interface vbdif 10 [*Spine1-Vbdif10] ip address 10.1.1.2 24 [*Spine1-Vbdif10] mac-address 0000-5e00-0105 [*Spine1-Vbdif10] quit [*Spine1] dfs-group 1 [*Spine1-dfs-group-1] source ip 5.5.5.5 [*Spine1-dfs-group-1] active-active-gateway [*Spine1-dfs-group-1-active-active-gateway] peer 6.6.6.6 [*Spine1-dfs-group-1-active-active-gateway] quit [*Spine1-dfs-group-1] quit [*Spine1] commit
# Configure Spine2.
[~Spine2] interface vbdif 10 [*Spine2-Vbdif10] ip address 10.1.1.2 24 [*Spine2-Vbdif10] mac-address 0000-5e00-0105 [*Spine2-Vbdif10] quit [*Spine2] dfs-group 1 [*Spine2-dfs-group-1] source ip 6.6.6.6 [*Spine2-dfs-group-1] active-active-gateway [*Spine2-dfs-group-1-active-active-gateway] peer 5.5.5.5 [*Spine2-dfs-group-1-active-active-gateway] quit [*Spine2-dfs-group-1] quit [*Spine2] commit
# Repeat this step for Spine3 and Spine4. For configuration details, see Configuration Files.
- Configure VRRP.
# Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.
[~Spine1] interface vbdif 10 [~Spine1-Vbdif10] vrrp vrid 1 virtual-ip 10.1.1.1 [*Spine1-Vbdif10] vrrp vrid 1 priority 130 [*Spine1-Vbdif10] quit [*Spine1] commit
# Configure Spine3. Repeat this step for Spine4. For configuration details, see Configuration Files.[~Spine3] interface vbdif 10 [~Spine3-Vbdif10] vrrp vrid 1 virtual-ip 10.1.1.1 [*Spine3-Vbdif10] vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100 [*Spine3-Vbdif10] quit [*Spine3] commit
- (Optional) Perform either of the following configurations to prevent packet loss during traffic switchback after the master devices recover.
- Configure the VTEPs on the two VRRP master devices to advertise routes in delayed mode. (The mode is used in this example.)
# Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.
[~Spine1] ospf [~Spine1-ospf-1] stub-router on-startup 180 [*Spine1-ospf-1] quit [*Spine1] commit
- Configure association between VTEP direct routes and VRRP states on the loopback interfaces of the two VRRP master devices. (The mode is not used in this example, and is for reference only.)
# Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.
[~Spine1] interface loopback 1 [~Spine1-LoopBack1] direct-route track vrrp interface vbdif 10 vrid 1 degrade-cost 20 [*Spine1-LoopBack1] quit [*Spine1] interface vbdif 10 [*Spine1-Vbdif10] vrrp vrid 1 backup-forward [*Spine1-Vbdif10] quit [*Spine1] ospf [*Spine1-ospf-1] default cost inherit-metric [*Spine1-ospf-1] quit [*Spine1] commit
- Configure the VTEPs on the two VRRP master devices to advertise routes in delayed mode. (The mode is used in this example.)
Verifying the Configuration
After completing the configurations, run the display vxlan tunnel command on spine and leaf switches of the two DCs to view VXLAN tunnel information and run the display vrrp interface interface-type interface-number verbose command on spine switches to view mVRRP status information. The following example shows the command output on Spine1.
[~Spine1] display vxlan tunnel
Number of vxlan tunnel : 3
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 1.1.1.1 2.2.2.2 up dynamic 0035h21m
4026531842 1.1.1.1 3.3.3.3 up dynamic 0035h22m
4026531843 1.1.1.1 4.4.4.4 up dynamic 0035h23m
[~Spine1] display vrrp interface vbdif 10 verbose
Vbdif 10 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
PriorityRun : 130
PriorityConfig : 130
MasterPriority : 130
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config Type : Normal
Create Time : 2016-10-29 05:41:23
Last Change Time : 2016-10-29 05:41:33
Configuration Files
Spine1 configuration file
# sysname Spine1 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # dfs-group 1 source ip 5.5.5.5 # active-active-gateway peer 6.6.6.6 # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 10:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface Vbdif10 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 priority 130 mac-address 0000-5e00-0105 # interface Eth-Trunk1 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. service type tunnel # interface 10GE1/0/1 undo portswitch ip address 192.168.1.1 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.5.1 255.255.255.0 # interface 10GE1/0/5 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. eth-trunk 1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface LoopBack2 ip address 5.5.5.5 255.255.255.255 # interface Nve1 source 1.1.1.1 vni 10 head-end peer-list protocol bgp # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack2 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack2 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack2 peer 7.7.7.7 as-number 100 peer 7.7.7.7 connect-interface LoopBack2 peer 8.8.8.8 as-number 100 peer 8.8.8.8 connect-interface LoopBack2 # ipv4-family unicast peer 3.3.3.3 enable peer 4.4.4.4 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # l2vpn-family evpn policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # ospf 1 stub-router on-startup 180 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 5.5.5.5 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.5.0 0.0.0.255 # return
Spine2 configuration file
# sysname Spine2 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # dfs-group 1 source ip 6.6.6.6 # active-active-gateway peer 5.5.5.5 # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 20:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface Vbdif10 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 priority 130 mac-address 0000-5e00-0105 # interface Eth-Trunk1 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. service type tunnel # interface 10GE1/0/1 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.6.1 255.255.255.0 # interface 10GE1/0/5 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. eth-trunk 1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface LoopBack2 ip address 6.6.6.6 255.255.255.255 # interface Nve1 source 1.1.1.1 vni 10 head-end peer-list protocol bgp # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack2 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack2 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack2 peer 7.7.7.7 as-number 100 peer 7.7.7.7 connect-interface LoopBack2 peer 8.8.8.8 as-number 100 peer 8.8.8.8 connect-interface LoopBack2 # ipv4-family unicast peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # l2vpn-family evpn policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # ospf 1 stub-router on-startup 180 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 6.6.6.6 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.6.0 0.0.0.255 # return
Spine3 configuration file
# sysname Spine3 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # dfs-group 1 source ip 7.7.7.7 # active-active-gateway peer 8.8.8.8 # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 30:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface Vbdif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100 mac-address 0000-5e00-0106 # interface Eth-Trunk1 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. service type tunnel # interface 10GE1/0/1 undo portswitch ip address 192.168.3.1 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.6.2 255.255.255.0 # interface 10GE1/0/5 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. eth-trunk 1 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # interface LoopBack2 ip address 7.7.7.7 255.255.255.255 # interface Nve1 source 2.2.2.2 vni 10 head-end peer-list protocol bgp # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack2 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack2 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack2 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack2 peer 8.8.8.8 as-number 100 peer 8.8.8.8 connect-interface LoopBack2 # ipv4-family unicast peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 8.8.8.8 enable # l2vpn-family evpn policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 8.8.8.8 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 7.7.7.7 0.0.0.0 network 192.168.3.0 0.0.0.255 network 192.168.6.0 0.0.0.255 # return
Spine4 configuration file
# sysname Spine4 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # dfs-group 1 source ip 8.8.8.8 # active-active-gateway peer 7.7.7.7 # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 40:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface Vbdif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100 mac-address 0000-5e00-0106 # interface Eth-Trunk1 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. service type tunnel # interface 10GE1/0/1 undo portswitch ip address 192.168.4.1 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.5.2 255.255.255.0 # interface 10GE1/0/5 //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI. eth-trunk 1 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # interface LoopBack2 ip address 8.8.8.8 255.255.255.255 # interface Nve1 source 2.2.2.2 vni 10 head-end peer-list protocol bgp # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack2 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack2 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack2 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack2 peer 7.7.7.7 as-number 100 peer 7.7.7.7 connect-interface LoopBack2 # ipv4-family unicast peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable # l2vpn-family evpn policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 8.8.8.8 0.0.0.0 network 192.168.4.0 0.0.0.255 network 192.168.6.0 0.0.0.255 # return
Leaf1 configuration file
# sysname Leaf1 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 50:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface 10GE1/0/1 undo portswitch ip address 192.168.1.2 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Nve1 source 3.3.3.3 vni 10 head-end peer-list protocol bgp # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack1 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack1 peer 7.7.7.7 as-number 100 peer 7.7.7.7 connect-interface LoopBack1 peer 8.8.8.8 as-number 100 peer 8.8.8.8 connect-interface LoopBack1 # ipv4-family unicast peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # l2vpn-family evpn policy vpn-target peer 4.4.4.4 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # return
Leaf2 configuration file
# sysname Leaf2 # assign forward nvo3 acl extend enable //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI. # evpn-overlay enable # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 60:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # interface 10GE1/0/1 undo portswitch ip address 192.168.3.2 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 192.168.4.2 255.255.255.0 # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # interface Nve1 source 4.4.4.4 vni 10 head-end peer-list protocol bgp # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack1 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack1 peer 7.7.7.7 as-number 100 peer 7.7.7.7 connect-interface LoopBack1 peer 8.8.8.8 as-number 100 peer 8.8.8.8 connect-interface LoopBack1 # ipv4-family unicast peer 3.3.3.3 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # l2vpn-family evpn policy vpn-target peer 3.3.3.3 enable peer 5.5.5.5 enable peer 6.6.6.6 enable peer 7.7.7.7 enable peer 8.8.8.8 enable # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 # return