No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Typical Configuration Examples

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VLAN Hand-off to Implement DCI

Example for Configuring VLAN Hand-off to Implement DCI

Applicable Products and Versions

This example applies to the CE12800, CE12800E, CE8800, CE7800, CE5880EI, and CE6800 (excluding CE6850EI, CE6810EI, and CE6810LI) V200R002C50 or later.

Networking Requirements

As shown in Figure 2-48, BGP EVPN is configured to establish VXLAN tunnels in both DC A and DC B so that the VMs deployed in each DC can communicate with each other. Through layer 2 sub-interface, Leaf 2 accesses DCI-VTEP 1 and Leaf 3 accesses DCI-VTEP2. EVPN is configured to establish a VXLAN tunnel between DCI-VTEP 1 and DCI-VTEP2 so that the VMs can communicate across DCs. Leaf 2 and Leaf 3 decapsulate the VXLAN packets they receive from DCs and send them to a DCI-VTEP. The DCI-VTEP receives these packets, re-encapsulates them into VXLAN packets, and then sends them to the peer DCI-VTEP. This process allows VXLAN tunnels to provide end-to-end bearing for inter-DC packets and ensures that the VMs in different DCs can communicate with each other.

Figure 2-48 Configuring VLAN hand-off
Table 2-10 Interface IP addresses

Device

Interface

IP Address

Device

Interface

IP Address

Device1

10GE1/0/1

192.168.50.1/24

Device2

10GE1/0/1

192.168.60.1/24

10GE1/0/2

192.168.1.1/24

10GE1/0/2

192.168.1.2/24

LoopBack0

1.1.1.1/32

LoopBack0

2.2.2.2/32

DCI-VTEP1

10GE1/0/1

192.168.50.2/24

DCI-VTEP2

10GE1/0/1

192.168.60.2/24

10GE1/0/2

-

10GE1/0/2

-

LoopBack0

9.9.9.9/32

LoopBack0

10.10.10.10/32

Spine1

10GE1/0/1

192.168.10.1/24

Spine2

10GE1/0/1

192.168.30.1/24

10GE1/0/2

192.168.20.1/24

10GE1/0/2

192.168.40.1/24

LoopBack0

3.3.3.3/32

LoopBack0

4.4.4.4/32

Leaf1

10GE1/0/1

192.168.10.2/24

Leaf4

10GE1/0/1

192.168.40.2/24

10GE1/0/2

-

10GE1/0/2

-

LoopBack0

5.5.5.5/32

LoopBack0

8.8.8.8/32

Leaf2

10GE1/0/1

192.168.20.2/24

Leaf3

10GE1/0/1

192.168.30.2/24

10GE1/0/2

-

10GE1/0/2

-

10GE1/0/3

-

10GE1/0/3

-

LoopBack0

6.6.6.6/32

LoopBack0

7.7.7.7/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure node IP addresses.

  2. Configure a routing protocol for nodes to communicate at Layer 3.

  3. Configure BGP EVPN in DC A and DC B to create VXLAN tunnels and establish IBGP peer relationships in DC A and DC B.

  4. Configure BGP EVPN on DCI-VTEPs to create a VXLAN tunnel between them.

  5. Configure layer 2 sub-interface access to VXLAN tunnel on Leaf 2, Leaf 3, DCI-VTEP 1, and DCI-VTEP 2.

Data Preparation

To complete the configuration, you need the following data:

  • VLAN IDs of VMs

  • BD IDs

  • Layer 2 VNIs

Procedure

  1. Assign an IP address to each node interface, including the loopback interface.

    For configuration details, see Configuration Files in this section.

  2. Configure a routing protocol.

    OSPF is used in this example. For configuration details, see Configuration File in this section.

  3. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (This step only needs to be performed on the CE12800, CE6870EI, and CE6875EI.)

    # Configure Leaf1. The configurations on Leaf2, Leaf3, Leaf4, DCI-VTEP1 and ECI-VTEP2 are similar to that on Leaf1, and is not mentioned here.

    [~Leaf1] ip tunnel mode vxlan
    [*Leaf1] assign forward nvo3 acl extend enable
    [*Leaf1] commit
    NOTE:

    After modifying the VXLAN tunnel mode or enabling the VXLAN ACL extension function, you need to save the configuration and restart the device to make the configuration take effect. You can restart the device immediately or after completing all the configurations.

  4. Configure BGP EVPN in DC A and DC B to create VXLAN tunnels.
    1. Configure service access points on leaf nodes.

      # Configure Leaf 1.

      [~Leaf1] bridge-domain 10
      [*Leaf1-bd10] quit
      [*Leaf1] interface 10ge 1/0/2.1 mode l2
      [*Leaf1-10GE1/0/2.1] encapsulation dot1q vid 10
      [*Leaf1-10GE1/0/2.1] bridge-domain 10
      [*Leaf1-10GE1/0/2.1] quit
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

    2. Configure EVPN as the VXLAN control plane on leaf nodes.

      # Configure Leaf 1.

      [~Leaf1] evpn-overlay enable
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

    3. Establish IBGP EVPN peer relationships between Leaf 1 and Leaf 2 in DC A and between Leaf 3 and Leaf 4 in DC B.

      # Configure Leaf 1.

      [~Leaf1] bgp 100
      [*Leaf1-bgp] peer 6.6.6.6 as-number 100
      [*Leaf1-bgp] peer 6.6.6.6 connect-interface LoopBack 0
      [*Leaf1-bgp] l2vpn-family evpn
      [*Leaf1-bgp-af-evpn] peer 6.6.6.6 enable
      [*Leaf1-bgp-af-evpn] quit
      [*Leaf1-bgp] quit
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

    4. Configure EVPN instances on leaf nodes.

      # Configure Leaf 1.

      [~Leaf1] bridge-domain 10
      [~Leaf1-bd10] vxlan vni 10
      [*Leaf1-bd10] evpn
      [*Leaf1-bd10-evpn] route-distinguisher 10:1
      [*Leaf1-bd10-evpn] vpn-target 11:1
      [*Leaf1-bd10-evpn] quit
      [*Leaf1-bd10] quit
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

    5. Enable ingress replication on leaf nodes.

      # Configure Leaf 1.

      [~Leaf1] interface nve 1
      [*Leaf1-Nve1] source 5.5.5.5
      [*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp
      [*Leaf1-Nve1] quit
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

    6. Configure Leaf 1 and Leaf 2 in DC A to advertise IRB routes to each other, and Leaf 3 and Leaf 4 in DC B to advertise IRB routes to each other.

      # Configure Leaf 1.

      [~Leaf1] bgp 100
      [~Leaf1-bgp] l2vpn-family evpn
      [~Leaf1-bgp-af-evpn] peer 6.6.6.6 advertise irb
      [*Leaf1-bgp-af-evpn] quit
      [*Leaf1-bgp] quit
      [*Leaf1] commit

      Repeat this step for Leaf 2, Leaf 3, and Leaf 4. For configuration details, see Configuration Files in this section.

  5. Configure BGP EVPN on DCI-VTEPs to create a VXLAN tunnel between them.
    1. Configure EVPN as the VXLAN control plane on DCI-VTEP 1 and DCI-VTEP 2.

      # Configure DCI-VTEP 1.

      [~DCI-VTEP1] evpn-overlay enable
      [*DCI-VTEP1] commit

      Repeat this step for DCI-VTEP 2. For configuration details, see Configuration Files in this section.

    2. Establish an EBGP EVPN peer relationship between DCI-VTEP 1 and DCI-VTEP 2.

      # Configure DCI-VTEP 1.

      [~DCI-VTEP1] bgp 100
      [*DCI-VTEP1-bgp] peer 10.10.10.10 as-number 200
      [*DCI-VTEP1-bgp] peer 10.10.10.10 connect-interface LoopBack 0
      [*DCI-VTEP1-bgp] peer 10.10.10.10 ebgp-max-hop 255
      [*DCI-VTEP1-bgp] l2vpn-family evpn
      [*DCI-VTEP1-bgp-af-evpn] peer 10.10.10.10 enable
      [*DCI-VTEP1-bgp-af-evpn] quit
      [*DCI-VTEP1-bgp] quit
      [*DCI-VTEP1] commit

      Repeat this step for DCI-VTEP 2. For configuration details, see Configuration Files in this section.

    3. Configure EVPN instances on DCI-VTEPs.

      # Configure DCI-VTEP 1.

      [~DCI-VTEP1] bridge-domain 10
      [*DCI-VTEP1-bd10] vxlan vni 10
      [*DCI-VTEP1-bd10] evpn
      [*DCI-VTEP1-bd10-evpn] route-distinguisher 10:5
      [*DCI-VTEP1-bd10-evpn] vpn-target 33:3
      [*DCI-VTEP1-bd10-evpn] quit
      [*DCI-VTEP1-bd10] quit
      [*DCI-VTEP1] commit

      Repeat this step for DCI-VTEP 2. For configuration details, see Configuration Files in this section.

    4. Enable ingress replication on DCI-VTEPs.

      # Configure DCI-VTEP 1.

      [~DCI-VTEP1] interface nve 1
      [~DCI-VTEP1-Nve1] source 9.9.9.9
      [~DCI-VTEP1-Nve1] vni 10 head-end peer-list protocol bgp
      [*DCI-VTEP1-Nve1] quit
      [*DCI-VTEP1] commit

      Repeat this step for DCI-VTEP 2. For configuration details, see Configuration Files in this section.

    5. Configure DCI-VTEP 1 and DCI-VTEP 2 to advertise IRB routes to each other.

      # Configure DCI-VTEP 1.

      [~DCI-VTEP1] bgp 100
      [*DCI-VTEP1-bgp] l2vpn-family evpn
      [*DCI-VTEP1-bgp-af-evpn] peer 10.10.10.10 advertise irb
      [*DCI-VTEP1-bgp-af-evpn] quit
      [*DCI-VTEP1-bgp] quit
      [*DCI-VTEP1] commit

      Repeat this step for DCI-VTEP 2. For configuration details, see Configuration Files in this section.

  6. Configure VLAN access to VXLAN tunnel.

    # Configure Leaf 2.

    [~Leaf2] interface 10ge 1/0/3.1 mode l2
    [*Leaf2-10GE1/0/3.1] encapsulation dot1q vid 10
    [*Leaf2-10GE1/0/3.1] bridge-domain 10
    [*Leaf2-10GE1/0/3.1] quit
    [*Leaf2] commit

    Repeat this step for Leaf 3, DCI-VTEP 1, and DCI-VTEP 2. For configuration details, see Configuration Files in this section.

Verifying the Configuration

Run the display vxlan tunnel command on a leaf node to check VXLAN tunnel information. The following example uses the command output on Leaf 1.
[~Leaf1] display vxlan tunnel
[~Leaf1] display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531841  5.5.5.5               6.6.6.6               up     dynamic  00:00:47

After configurations are complete, VMa1 and VMb2 can communicate with each other.

Configuration File

The following example is the CE12800 configuration file.

  • Spine 1 configuration file

    #
    sysname Spine1
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.10.1 255.255.255.0
    #               
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.20.1 255.255.255.0
    #               
    interface LoopBack0
     ip address 3.3.3.3 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.10.0 0.0.0.255
      network 192.168.20.0 0.0.0.255
    #
    return 
  • Leaf 1 configuration file

    #
    sysname Leaf1
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
     evpn
      route-distinguisher 10:1
      vpn-target 11:1 export-extcommunity
      vpn-target 11:1 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.10.2 255.255.255.0
    #  
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 5.5.5.5 255.255.255.255
    #
    interface Nve1  
     source 5.5.5.5 
     vni 10 head-end peer-list protocol bgp
    #
    bgp 100
     peer 6.6.6.6 as-number 100
     peer 6.6.6.6 connect-interface LoopBack0
     #
     ipv4-family unicast
      peer 6.6.6.6 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 6.6.6.6 enable
      peer 6.6.6.6 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 5.5.5.5 0.0.0.0
      network 192.168.10.0 0.0.0.255
    #
    return
  • Leaf 2 configuration file

    #
    sysname Leaf2
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
     evpn
      route-distinguisher 10:2
      vpn-target 11:1 export-extcommunity
      vpn-target 11:1 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.20.2 255.255.255.0
    #               
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface 10GE1/0/3.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 6.6.6.6 255.255.255.255
    #               
    interface Nve1  
     source 6.6.6.6 
     vni 10 head-end peer-list protocol bgp
    #               
    bgp 100
     peer 5.5.5.5 as-number 100
     peer 5.5.5.5 connect-interface LoopBack0
     #
     ipv4-family unicast
      peer 5.5.5.5 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 5.5.5.5 enable
      peer 5.5.5.5 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 6.6.6.6 0.0.0.0
      network 192.168.20.0 0.0.0.255
    #
    return
  • Spine 2 configuration file

    #
    sysname Spine2
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.30.1 255.255.255.0
    #               
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.40.1 255.255.255.0
    #
    interface LoopBack0
     ip address 4.4.4.4 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.4 0.0.0.0
      network 192.168.30.0 0.0.0.255
      network 192.168.40.0 0.0.0.255
    #
    return
  • Leaf 3 configuration file

    #
    sysname Leaf3
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
     evpn
      route-distinguisher 10:3
      vpn-target 22:2 export-extcommunity
      vpn-target 22:2 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.30.2 255.255.255.0
    #               
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface 10GE1/0/3.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 7.7.7.7 255.255.255.255
    #               
    interface Nve1  
     source 7.7.7.7 
     vni 10 head-end peer-list protocol bgp
    #               
    bgp 200
     peer 8.8.8.8 as-number 200
     peer 8.8.8.8 connect-interface LoopBack0
     #
     ipv4-family unicast
      peer 8.8.8.8 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 8.8.8.8 enable
      peer 8.8.8.8 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 7.7.7.7 0.0.0.0
      network 192.168.30.0 0.0.0.255
    #
    return
  • Leaf 4 configuration file

    #
    sysname Leaf4
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
     evpn
      route-distinguisher 10:4
      vpn-target 22:2 export-extcommunity
      vpn-target 22:2 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.40.2 255.255.255.0
    #               
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 8.8.8.8 255.255.255.255
    #               
    interface Nve1  
     source 8.8.8.8 
     vni 10 head-end peer-list protocol bgp
    #               
    bgp 200
     peer 7.7.7.7 as-number 200
     peer 7.7.7.7 connect-interface LoopBack0
     #
     ipv4-family unicast
      peer 7.7.7.7 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 7.7.7.7 enable
      peer 7.7.7.7 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 8.8.8.8 0.0.0.0
      network 192.168.40.0 0.0.0.255
    #
    return
  • DCI-VTEP 1 configuration file

    #
    sysname DCI-VTEP1
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
     evpn
      route-distinguisher 10:5
      vpn-target 33:3 export-extcommunity
      vpn-target 33:3 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.50.2 255.255.255.0
    #               
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 9.9.9.9 255.255.255.255
    #               
    interface Nve1  
     source 9.9.9.9 
     vni 10 head-end peer-list protocol bgp
    #               
    bgp 100
     peer 10.10.10.10 as-number 200
     peer 10.10.10.10 connect-interface LoopBack0
     peer 10.10.10.10 ebgp-max-hop 255
     #
     ipv4-family unicast
      peer 10.10.10.10 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 10.10.10.10 enable
      peer 10.10.10.10 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 9.9.9.9 0.0.0.0
      network 192.168.50.0 0.0.0.255
    #
    return
  • DCI-VTEP 2 configuration file

    #
    sysname DCI-VTEP2
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 10
      evpn
      route-distinguisher 11:6
      vpn-target 33:3 export-extcommunity
      vpn-target 33:3 import-extcommunity
    #               
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.60.2 255.255.255.0
    #               
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #               
    interface LoopBack0
     ip address 10.10.10.10 255.255.255.255
    #               
    interface Nve1  
     source 10.10.10.10 
     vni 10 head-end peer-list protocol bgp
    #               
    bgp 200
     peer 9.9.9.9 as-number 100
     peer 9.9.9.9 connect-interface LoopBack0
     peer 9.9.9.9 ebgp-max-hop 255
     #
     ipv4-family unicast
      peer 9.9.9.9 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 9.9.9.9 enable
      peer 9.9.9.9 advertise irb
    #
    ospf 1
     area 0.0.0.0
      network 10.10.10.10 0.0.0.0
      network 192.168.60.0 0.0.0.255
    #
    return
  • Device 1 configuration file

    #
    sysname Device1
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.50.1 255.255.255.0
    #               
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #               
    interface LoopBack0
     ip address 1.1.1.1 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.50.0 0.0.0.255
    #
    return 
  • Device 2 configuration file

    #
    sysname Device2
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.60.1 255.255.255.0
    #               
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #               
    interface LoopBack0
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.60.0 0.0.0.255
    #
    return 
Download
Updated: 2019-04-03

Document ID: EDOC1000039339

Views: 115534

Downloads: 7522

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next