No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
CloudEngine 16800, 12800, 9800, 8800, 7800, 6800, and 5800 Series Switches Typical Configuration Examples (V100 and V200)
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VRRP over VXLAN with Inter-DC Master and Backup Gateways

Example for Configuring VRRP over VXLAN with Inter-DC Master and Backup Gateways

Applicable Products and Versions

  • This example applies to CE16800, CE12800, CE12800E, CE8800, CE7800, CE6800 (excluding the CE6820, CE6850EI, CE6810EI, and CE6810LI), and CE5880EI series switches running V200R002C50 or later versions.
  • For details about the mapping between software versions and switch models, see the Hardware Query Tool.

Networking Requirements

On the network shown in Figure 1-12, an enterprise has two DCs deployed in different regions. It is required that the two DCs back up each other and active-active gateways be deployed in each DC to improve reliability. To achieve this, configure VRRP over VXLAN to implement inter-DC master/backup gateway.

Figure 1-12 VRRP over VXLAN with inter-DC master and backup gateways on different VXLAN networks

Table 1-13 Interface IP Addresses

Device

Interface

IP Address

Spine1

10GE1/0/1

192.168.1.1/24

10GE1/0/2

192.168.5.1/24

Loopback1

1.1.1.1/32

Loopback2

5.5.5.5/32

Spine2

10GE1/0/1

192.168.2.1/24

10GE1/0/2

192.168.6.1/24

Loopback1

1.1.1.1/32

Loopback2

6.6.6.6/32

Leaf1

10GE1/0/1

192.168.1.2/24

10GE1/0/2

192.168.2.2/24

Loopback1

3.3.3.3/32

Spine3

10GE1/0/1

192.168.3.1/24

10GE1/0/2

192.168.6.2/24

Loopback1

2.2.2.2/32

Loopback2

7.7.7.7/32

Spine4

10GE1/0/1

192.168.4.1/24

10GE1/0/2

192.168.5.2/24

Loopback1

2.2.2.2/32

Loopback2

8.8.8.8/32

Leaf2

10GE1/0/1

192.168.3.2/24

10GE1/0/2

192.168.4.2/24

Loopback1

4.4.4.4/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol for VXLAN tunnel establishment. In this example, OSPF is used.

  2. Establish a VXLAN tunnel between spine switches in different DCs, and configure a VNI and bind it to a BD.

  3. Establish a VXLAN tunnel between leaf switches and between a leaf switch and a spine switch, and configure a VNI and bind it to a BD.

  4. Create a VBDIF interface on each Spine and configure VRRP for master/backup gateway negotiation.

  5. Deploy a DFS group on the two spine switches in each DC for device pairing, allowing active-active gateway implementation.

  6. Configure Layer 2 sub-interfaces on the Leaf in each DC for host access.

  7. (Optional) Perform either of the following configurations to prevent packet loss during traffic switchback after the master devices recover.

    • After VRRP status becomes stable, configure the two master VRRP devices to advertise VTEP routes after a delay that is longer than the time taken by VRRP-becoming-master. If the two master devices need to be restarted due to failures, manually power off one master device and do not restore it until the other master device recovers.

    • Configure a VTEP direct route on the loopback interfaces of the two master VRRP devices and associate the direct route with the VRRP status, so that the cost of the direct route can be adjusted according to the VRRP status. Specifically, if VRRP is not in the Master state, the cost increases, and the route priority decreases. Configure a dynamic routing protocol to import the direct route, to ensure that the VRRP status affects route selection of the dynamic routing protocol and traffic is imported to the recovery link only after VRRP status becomes Master. In addition, enable the backup VRRP devices to forward service traffic through VBDIF interfaces. If multiple VRRP backup groups need to be configured, configure the VRRP backup group that is associated with the loopback interface route as the mVRRP backup group and the rest as service VRRP backup groups, and bind the service VRRP backup groups to the mVRRP backup group.

Data Preparation

To complete the configuration, you need the following data:

  • Interface IP addresses (For details, see Table 1-13.)

  • OSPF area (0)

  • BD ID (10)

  • VNI ID (10)

Procedure

  1. Configure a routing protocol.

    # Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4. For configuration details, see Configuration Files.

    <HUAWEI> system-view
[~HUAWEI] sysname Spine1
[*HUAWEI] commit
[~Spine1] interface loopback 1
[*Spine1-LoopBack1] ip address 1.1.1.1 32
[*Spine1-LoopBack1] quit
[*Spine1] interface loopback 2
[*Spine1-LoopBack2] ip address 5.5.5.5 32
[*Spine1-LoopBack2] quit
[*Spine1] interface 10ge 1/0/1
[*Spine1-10GE1/0/1] undo portswitch
[*Spine1-10GE1/0/1] ip address 192.168.1.1 24
[*Spine1-10GE1/0/1] quit
[*Spine1] interface 10ge 1/0/2
[*Spine1-10GE1/0/2] undo portswitch
[*Spine1-10GE1/0/2] ip address 192.168.5.1 24
[*Spine1-10GE1/0/2] quit
[*Spine1] ospf
[*Spine1-ospf-1] area 0
[*Spine1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[*Spine1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[*Spine1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[*Spine1-ospf-1-area-0.0.0.0] network 192.168.5.0 0.0.0.255
[*Spine1-ospf-1-area-0.0.0.0] quit
[*Spine1-ospf-1] quit
[*Spine1] commit

    # After OSPF is configured, leaf and spine switches can learn the IP addresses of loopback interfaces of each other using OSPF and successfully ping each other.

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.)

    # Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4.

    [~Spine1] ip tunnel mode vxlan
[*Spine1] assign forward nvo3 acl extend enable
[*Spine1] commit

    After configuring the VXLAN tunnel mode and enabling the VXLAN ACL extension function, save the configuration and restart the switch to make the configuration take effect.

  3. Configure a service access point on Leaf1 and Leaf2, respectively.

    # Configure Leaf1. Repeat this step for Leaf2.

    [~Leaf1] bridge-domain 10
[*Leaf1-bd10] quit
[*Leaf1] interface 10ge 1/0/3.1 mode l2
[*Leaf1-10GE1/0/3.1] encapsulation dot1q vid 10
[*Leaf1-10GE1/0/3.1] bridge-domain 10
[*Leaf1-10GE1/0/3.1] quit
[*Leaf1] commit
  4. Configure VXLAN tunnels in DCs and between DC1 and DC2.
    # Configure Spine1. Repeat this step for Leaf1, Leaf2, Spine2, Spine3, and Spine4. For configuration details, see Configuration Files.
    [~Spine1] evpn-overlay enable
[*Spine1] commit
[~Spine1] bgp 100
[*Spine1-bgp] peer 3.3.3.3 as-number 100
[*Spine1-bgp] peer 3.3.3.3 connect-interface loopback 2
[*Spine1-bgp] peer 4.4.4.4 as-number 100
[*Spine1-bgp] peer 4.4.4.4 connect-interface loopback 2
[*Spine1-bgp] peer 6.6.6.6 as-number 100
[*Spine1-bgp] peer 6.6.6.6 connect-interface loopback 2
[*Spine1-bgp] peer 7.7.7.7 as-number 100
[*Spine1-bgp] peer 7.7.7.7 connect-interface loopback 2
[*Spine1-bgp] peer 8.8.8.8 as-number 100
[*Spine1-bgp] peer 8.8.8.8 connect-interface loopback 2
[*Spine1-bgp] l2vpn-family evpn
[*Spine1-bgp-af-evpn] peer 3.3.3.3 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Spine1-bgp-af-evpn] peer 4.4.4.4 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Spine1-bgp-af-evpn] peer 6.6.6.6 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Spine1-bgp-af-evpn] peer 7.7.7.7 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Spine1-bgp-af-evpn] peer 8.8.8.8 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Spine1-bgp-af-evpn] quit
[*Spine1-bgp] quit
[*Spine1] commit
[~Spine1] bridge-domain 10
[*Spine1-bd10] vxlan vni 10
[*Spine1-bd10] evpn
[*Spine1-bd10-evpn] route-distinguisher 10:1
[*Spine1-bd10-evpn] vpn-target 11:1
[*Spine1-bd10-evpn] quit
[*Spine1-bd10] quit
[*Spine1] commit
[~Spine1] interface nve 1
[*Spine1-Nve1] source 1.1.1.1
[*Spine1-Nve1] vni 10 head-end peer-list protocol bgp
[*Spine1-Nve1] quit
[*Spine1] commit

    # Configure Leaf1. Repeat this step for Leaf2. For configuration details, see Configuration Files.

    [~Leaf1] evpn-overlay enable
[*Leaf1] commit
[~Leaf1] bgp 100
[*Leaf1-bgp] peer 4.4.4.4 as-number 100
[*Leaf1-bgp] peer 4.4.4.4 connect-interface loopback 1
[*Leaf1-bgp] peer 5.5.5.5 as-number 100
[*Leaf1-bgp] peer 5.5.5.5 connect-interface loopback 1
[*Leaf1-bgp] peer 6.6.6.6 as-number 100
[*Leaf1-bgp] peer 6.6.6.6 connect-interface loopback 1
[*Leaf1-bgp] peer 7.7.7.7 as-number 100
[*Leaf1-bgp] peer 7.7.7.7 connect-interface loopback 1
[*Leaf1-bgp] peer 8.8.8.8 as-number 100
[*Leaf1-bgp] peer 8.8.8.8 connect-interface loopback 1
[*Leaf1-bgp] l2vpn-family evpn
[*Leaf1-bgp-af-evpn] peer 4.4.4.4 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-af-evpn] peer 5.5.5.5 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-af-evpn] peer 6.6.6.6 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-af-evpn] peer 7.7.7.7 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-af-evpn] peer 8.8.8.8 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-af-evpn] quit
[*Leaf1-bgp] quit
[*Leaf1] commit
[~Leaf1] bridge-domain 10
[~Leaf1-bd10] vxlan vni 10
[*Leaf1-bd10] evpn
[*Leaf1-bd10-evpn] route-distinguisher 50:1
[*Leaf1-bd10-evpn] vpn-target 11:1
[*Leaf1-bd10-evpn] quit
[*Leaf1-bd10] quit
[*Leaf1] commit
[~Leaf1] interface nve 1
[*Leaf1-Nve1] source 3.3.3.3
[*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp
[*Leaf1-Nve1] quit
[*Leaf1] commit
  5. Configure all-active gateways in the DC on spine switches.

    # Configure service loopback interfaces on spine switches. (This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.)

    Configure Spine1. Repeat this step for Spine2, Spine3 and Spine4. For configuration details, see Configuration Files.

    [~Spine1] interface eth-trunk 1
[*Spine1-Eth-Trunk1] service type tunnel
[*Spine1-Eth-Trunk1] trunkport 10ge 1/0/5
[*Spine1-Eth-Trunk1] quit
[*Spine1] commit

    # Configure Spine1.

    [~Spine1] interface vbdif 10
[*Spine1-Vbdif10] ip address 10.1.1.2 24
[*Spine1-Vbdif10] mac-address 0000-5e00-0105
[*Spine1-Vbdif10] quit
[*Spine1] dfs-group 1 
[*Spine1-dfs-group-1] source ip 5.5.5.5
[*Spine1-dfs-group-1] active-active-gateway 
[*Spine1-dfs-group-1-active-active-gateway] peer 6.6.6.6
[*Spine1-dfs-group-1-active-active-gateway] quit
[*Spine1-dfs-group-1] quit
[*Spine1] commit

    # Configure Spine2.

    [~Spine2] interface vbdif 10
[*Spine2-Vbdif10] ip address 10.1.1.2 24
[*Spine2-Vbdif10] mac-address 0000-5e00-0105
[*Spine2-Vbdif10] quit
[*Spine2] dfs-group 1 
[*Spine2-dfs-group-1] source ip 6.6.6.6
[*Spine2-dfs-group-1] active-active-gateway 
[*Spine2-dfs-group-1-active-active-gateway] peer 5.5.5.5
[*Spine2-dfs-group-1-active-active-gateway] quit
[*Spine2-dfs-group-1] quit
[*Spine2] commit

    # Repeat this step for Spine3 and Spine4. For configuration details, see Configuration Files.

  6. Configure VRRP.

    # Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.

    [~Spine1] interface vbdif 10
[~Spine1-Vbdif10] vrrp vrid 1 virtual-ip 10.1.1.1
[*Spine1-Vbdif10] vrrp vrid 1 priority 130
[*Spine1-Vbdif10] quit
[*Spine1] commit
    # Configure Spine3. Repeat this step for Spine4. For configuration details, see Configuration Files.
    [~Spine3] interface vbdif 10
[~Spine3-Vbdif10] vrrp vrid 1 virtual-ip 10.1.1.1
[*Spine3-Vbdif10] vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100
[*Spine3-Vbdif10] quit
[*Spine3] commit
  7. (Optional) Perform either of the following configurations to prevent packet loss during traffic switchback after the master devices recover.
    • Configure the VTEPs on the two VRRP master devices to advertise routes in delayed mode. (The mode is used in this example.)

      # Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.

      [~Spine1] ospf
[~Spine1-ospf-1] stub-router on-startup 180
[*Spine1-ospf-1] quit
[*Spine1] commit
    • Configure association between VTEP direct routes and VRRP states on the loopback interfaces of the two VRRP master devices. (The mode is not used in this example, and is for reference only.)

      # Configure Spine1. Repeat this step for Spine2. For configuration details, see Configuration Files.

      [~Spine1] interface loopback 1
[~Spine1-LoopBack1] direct-route track vrrp interface vbdif 10 vrid 1 degrade-cost 20
[*Spine1-LoopBack1] quit
[*Spine1] interface vbdif 10
[*Spine1-Vbdif10] vrrp vrid 1 backup-forward
[*Spine1-Vbdif10] quit
[*Spine1] ospf
[*Spine1-ospf-1] default cost inherit-metric
[*Spine1-ospf-1] quit
[*Spine1] commit

Verifying the Configuration

After completing the configurations, run the display vxlan tunnel command on spine and leaf switches of the two DCs to view VXLAN tunnel information and run the display vrrp interface interface-type interface-number verbose command on spine switches to view mVRRP status information. The following example shows the command output on Spine1.

[~Spine1] display vxlan tunnel
Number of vxlan tunnel : 3
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531841  1.1.1.1               2.2.2.2               up     dynamic  0035h21m
4026531842  1.1.1.1               3.3.3.3               up     dynamic  0035h22m
4026531843  1.1.1.1               4.4.4.4               up     dynamic  0035h23m
[~Spine1] display vrrp interface vbdif 10 verbose
Vbdif 10 | Virtual Router 1
State             : Master
Virtual IP        : 10.1.1.1
Master IP         : 10.1.1.2
PriorityRun       : 130
PriorityConfig    : 130
MasterPriority    : 130
Preempt           : YES   Delay Time : 0s   Remain : --
Hold Multiplier   : 3
TimerRun          : 1s
TimerConfig       : 1s
Auth Type         : NONE
Virtual MAC       : 0000-5e00-0101
Check TTL         : YES
Config Type       : Normal
Create Time       : 2016-10-29 05:41:23
Last Change Time  : 2016-10-29 05:41:33

Configuration Files

  • Spine1 configuration file

    #
sysname Spine1
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
dfs-group 1
 source ip 5.5.5.5
 #
 active-active-gateway
  peer 6.6.6.6
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 10:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface Vbdif10
 ip address 10.1.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.1
 vrrp vrid 1 priority 130
 mac-address 0000-5e00-0105
#
interface Eth-Trunk1   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 service type tunnel
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.1.1 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.5.1 255.255.255.0
#
interface 10GE1/0/5   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 eth-trunk 1
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
#
interface LoopBack2
 ip address 5.5.5.5 255.255.255.255
#
interface Nve1
 source 1.1.1.1
 vni 10 head-end peer-list protocol bgp
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack2
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack2
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack2
 peer 7.7.7.7 as-number 100
 peer 7.7.7.7 connect-interface LoopBack2
 peer 8.8.8.8 as-number 100
 peer 8.8.8.8 connect-interface LoopBack2
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
#
ospf 1
 stub-router on-startup 180
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.5.0 0.0.0.255
#
return

  • Spine2 configuration file

    #
sysname Spine2
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
dfs-group 1
 source ip 6.6.6.6
 #
 active-active-gateway
  peer 5.5.5.5
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 20:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface Vbdif10
 ip address 10.1.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.1
 vrrp vrid 1 priority 130
 mac-address 0000-5e00-0105
#
interface Eth-Trunk1   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 service type tunnel
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.2.1 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.6.1 255.255.255.0
#
interface 10GE1/0/5   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 eth-trunk 1
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
#
interface LoopBack2
 ip address 6.6.6.6 255.255.255.255
#
interface Nve1
 source 1.1.1.1
 vni 10 head-end peer-list protocol bgp
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack2
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack2
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack2
 peer 7.7.7.7 as-number 100
 peer 7.7.7.7 connect-interface LoopBack2
 peer 8.8.8.8 as-number 100
 peer 8.8.8.8 connect-interface LoopBack2
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
#
ospf 1
 stub-router on-startup 180
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 192.168.2.0 0.0.0.255
  network 192.168.6.0 0.0.0.255
#
return

  • Spine3 configuration file

    #
sysname Spine3
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
dfs-group 1
 source ip 7.7.7.7
 #
 active-active-gateway
  peer 8.8.8.8
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 30:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface Vbdif10
 ip address 10.1.1.3 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.1
 vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100
 mac-address 0000-5e00-0106
#
interface Eth-Trunk1   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 service type tunnel
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.3.1 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.6.2 255.255.255.0
#
interface 10GE1/0/5   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 eth-trunk 1
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255
#
interface LoopBack2
 ip address 7.7.7.7 255.255.255.255
#
interface Nve1
 source 2.2.2.2
 vni 10 head-end peer-list protocol bgp
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack2
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack2
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack2
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack2
 peer 8.8.8.8 as-number 100
 peer 8.8.8.8 connect-interface LoopBack2
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 8.8.8.8 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 8.8.8.8 enable
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 7.7.7.7 0.0.0.0
  network 192.168.3.0 0.0.0.255
  network 192.168.6.0 0.0.0.255
#
return

  • Spine4 configuration file

    #
sysname Spine4
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
dfs-group 1
 source ip 8.8.8.8
 #
 active-active-gateway
  peer 7.7.7.7
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 40:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface Vbdif10
 ip address 10.1.1.3 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.1
 vrrp vrid 1 track ip route 1.1.1.1 255.255.255.255 increase 100
 mac-address 0000-5e00-0106
#
interface Eth-Trunk1   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 service type tunnel
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.4.1 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.5.2 255.255.255.0
#
interface 10GE1/0/5   //This step only needs to be performed on the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, and CE8860EI.
 eth-trunk 1
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255
#
interface LoopBack2
 ip address 8.8.8.8 255.255.255.255
#
interface Nve1
 source 2.2.2.2
 vni 10 head-end peer-list protocol bgp
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack2
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack2
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack2
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack2
 peer 7.7.7.7 as-number 100
 peer 7.7.7.7 connect-interface LoopBack2
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 8.8.8.8 0.0.0.0
  network 192.168.4.0 0.0.0.255
  network 192.168.6.0 0.0.0.255
#
return

  • Leaf1 configuration file

    #
sysname Leaf1
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 50:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.1.2 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.2.2 255.255.255.0
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255
#
interface Nve1
 source 3.3.3.3
 vni 10 head-end peer-list protocol bgp
#
bgp 100 
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack1
 peer 7.7.7.7 as-number 100
 peer 7.7.7.7 connect-interface LoopBack1
 peer 8.8.8.8 as-number 100
 peer 8.8.8.8 connect-interface LoopBack1
 #
 ipv4-family unicast
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 4.4.4.4 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255
#
return

  • Leaf2 configuration file

    #
sysname Leaf2
#
assign forward nvo3 acl extend enable   //This step only needs to be performed on the CE12800, CE16800 equipped with A series cards, CE6870EI, and CE6875EI.
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 60:1
  vpn-target 11:1 export-extcommunity
  vpn-target 11:1 import-extcommunity
#
interface 10GE1/0/1
 undo portswitch
 ip address 192.168.3.2 255.255.255.0
#
interface 10GE1/0/2
 undo portswitch
 ip address 192.168.4.2 255.255.255.0
#
interface LoopBack1
 ip address 4.4.4.4 255.255.255.255
#
interface Nve1
 source 4.4.4.4
 vni 10 head-end peer-list protocol bgp
#
bgp 100 
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack1
 peer 7.7.7.7 as-number 100
 peer 7.7.7.7 connect-interface LoopBack1
 peer 8.8.8.8 as-number 100
 peer 8.8.8.8 connect-interface LoopBack1
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
  peer 7.7.7.7 enable
  peer 8.8.8.8 enable
#
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 192.168.3.0 0.0.0.255
  network 192.168.4.0 0.0.0.255
#
return
Translation
Español Français 日本語 Русский 简体中文
Download
Updated: 2021-10-21

Document ID: EDOC1000039339

Views: 460913

Downloads: 10272

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :