Configuring Layer 2 DCI

Configuration Summary

Procedure

1. Configure basic device information and VPNs for device management.

   DCI Leaf-01-01	DCI Leaf-01-02	Description
   system-view immediately	system-view immediately	Enter the system view and set the immediate validation mode.
   sysname DCI Leaf-01-01	sysname DCI Leaf-01-02	Name the DCI leaf nodes.
   #	#	-
   ip vpn-instance Management_out	ip vpn-instance Management_out	Create a dedicated out-of-band management VPN instance named Management_out.
   ipv4-family	ipv4-family
   route-distinguisher 15:40	route-distinguisher 16:40
   #	#	-
   interface MEth0/0/0	interface MEth0/0/0	Add MEth0/0/0 to the dedicated out-of-band management VPN instance.
   ip binding vpn-instance Management_out	ip binding vpn-instance Management_out
   ip address 192.168.21.20 24	ip address 192.168.21.21 24	Configure unique IP addresses for management interfaces on the devices.
   #	#	-
   ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1	ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1	Configure a static route for remote management. Do not use a default route.
   #	#	-

   DCI Leaf-02-01	DCI Leaf-02-02	Description
   system-view immediately	system-view immediately	Enter the system view and set the immediate validation mode.
   sysname DCI Leaf-02-01	sysname DCI Leaf-02-02	Name the DCI leaf nodes.
   #	#	-
   ip vpn-instance Management_out	ip vpn-instance Management_out	Create a dedicated out-of-band management VPN instance named Management_out.
   ipv4-family	ipv4-family
   route-distinguisher 17:40	route-distinguisher 18:40
   #	#	-
   interface MEth0/0/0	interface MEth0/0/0	Add MEth0/0/0 to the dedicated out-of-band management VPN instance.
   ip binding vpn-instance Management_out	ip binding vpn-instance Management_out
   ip address 192.168.21.22 24	ip address 192.168.21.23 24	Configure unique IP addresses for management interfaces on the devices.
   #	#	-
   ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1	ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1	Configure a static route for remote management. Do not use a default route.
   #	#	-

2. Configure the user name and password for device maintenance and management.

   DCI Leaf Node	Description
   user-interface console 0	Configure a console port login password to improve security. This configuration is mandatory.
   authentication-mode password
   set authentication password cipher Huawei@123
   #	-
   user-interface maximum-vty 21	Set the maximum number of VTY user interfaces to 21.
   user-interface vty 0 20	-
   authentication-mode aaa	Set the authentication mode to AAA.
   user privilege level 3	Set the user level to 3.
   protocol inbound ssh	Specify the SSH protocol to improve security.
   #	-
   stelnet server enable	Enable the STelnet service on an SSH server.
   #	-
   aaa	Enter the AAA view.
   local-user huawei password irreversible-cipher Admin@123	Set the local user name to huawei and password to Admin@123 for an administrator to log in to and maintain the device.
   local-user huawei service-type ssh	Specify the SSH protocol.
   local-user huawei level 3	Set the user level of the huawei user.
   #	-
   ssh user huawei	Create an SSH user.
   ssh user huawei authentication-type password	-
   ssh user huawei service-type stelnet	-

3. Configure the DCI leaf nodes to connect to the NMS.

   DCI Leaf Node	Description
   snmp-agent	Enable the SNMP agent.
   snmp-agent sys-info version v3	Set the SNMP version to SNMPv3, which must be the same as the SNMP version used by the NMS.
   snmp-agent mib-view included myview iso	Configure the MIB view that can be accessed by the NMS. To ensure that the NMS can manage devices normally (for example, discovering device links based on LLDP), the MIB view must contain the iso node.
   snmp-agent group v3 uhmroot privacy write-view myview notify-view myview	-
   snmp-agent usm-user v3 uhmroot group dc-admin	Set the SNMPv3 user name to uhmroot, which must be the same as the security name on the NMS.
   snmp-agent usm-user v3 uhmroot authentication-mode sha	Configure the authentication mode and password for the uhmroot user, which must correspond to the authentication protocol and password on the NMS.
   Huawei12#$	-
   Huawei12#$	-
   snmp-agent usm-user v3 uhmroot privacy-mode aes128	Set the encryption mode and password of the uhmroot user, which must correspond to the proprietary protocol and encryption password on the NMS.
   Huawei12#$	-
   Huawei12#$	-
   #	-
   snmp-agent trap enable	Enable the trap function for all modules. By default, the trap function of some modules is disabled.
   snmp-agent trap source MEth0/0/0	Set the source interface for sending traps to MEth0/0/0.
   #	-
   rsa local-key-pair create	Generate a local key pair.
   #	-
   user-interface vty 0 4	-
   authentication-mode aaa	-
   protocol inbound ssh	Set the protocol type supported by VTY user interfaces to SSH.
   #	-
   stelnet server enable	Enable the STelnet service on an SSH server.
   #	-
   aaa	-
   local-user client password irreversible-cipher Huawei@123	Create a user named client and set a password for the user, which must be the same as the STelnet user name and password used by the NMS.
   local-user client level 3	-
   local-user client service-type ssh	Set the access type of the client user to SSH, which must be the same as the login protocol on the NMS.
   #	-
   ssh user client	Create an SSH user.
   ssh user client authentication-type password	Set the authentication mode of the client user to password authentication, which must be the same as that on the NMS.
   ssh user client service-type stelnet	Set the service type of the SSH user client to STelnet.
   set net-manager vpn-instance Management-out	Set Management-out as the default VPN instance for the NMS to manage devices.
   #	-
   lldp enable	Enable LLDP.
   #	-

4. Configure VXLAN optimization commands.
   • CE16800, CE6881, and CE6863:

     DCI Leaf Node	Description
     vxlan tunnel-status track exact-route	Enable subscription to the status of the exact route to the VXLAN tunnel destination to optimize network convergence performance.
     port high-performance mode { mode1 | mode2 | mode3 | mode4 | mode5 }	(Optional) When the CE6863 is used, configure the high-performance mode of the switch to adjust the bandwidth of internal interfaces. Configuration suggestion: When four or more 100GE uplink interfaces (two for each chip) are deployed, configure mode2 to adjust the bandwidth of internal interfaces to 400GE. In this case, interfaces 21 to 28 are unavailable. If the 400GE bandwidth does not meet requirements, you can configure mode3/4/5 to adjust the bandwidth of internal interfaces to 450GE to 600GE. In this case, more physical interfaces are unavailable.

   • CE12800, CE6870, and CE6875:

     DCI Leaf Node	Description	Remarks
     assign forward nvo3 acl extend enable	Enable the NVO3 ACL extension function. To make the configuration take effect, restart the device.	-
     set forward capability enhanced	Set the card interoperability mode to enhanced mode. To make the configuration take effect, restart the device.	This configuration applies only to the CE12800.
     set serdes capability enhanced	Set the SerDes rate mode to enhanced mode. To make the configuration take effect, restart the device.	This configuration applies only to the CE12800.
     vxlan tunnel-status track exact-route	Enable subscription to the status of the exact route to the VXLAN tunnel destination to optimize network convergence performance.	-

   • CE6857, CE6865, CE8861, and CE8868:

     DCI Leaf Node	Description
     system resource standard	Set the system resource mode to the standard mode (default mode). To make the configuration take effect, restart the device.
     assign forward layer-3 resource large-overlay	Set the Layer 3 resource allocation mode to large-overlay so that the switch has a larger number of VXLAN overlay entries. To make the configuration take effect, restart the device.
     assign forward ipv6 longer-mask resource share-mode	Set the resource allocation mode of IPv6 addresses or IPv6 routes with the prefix length greater than 64 bits and less than 128 bits to the shared mode. In this mode, IPv4 addresses/routes share chip resources with IPv6 addresses/routes. To make the configuration take effect, restart the device.
     vxlan tunnel-status track exact-route	Enable subscription to the status of the exact route to the VXLAN tunnel destination to optimize network convergence performance.
     assign forward nvo3 dot1q 8021p-trusted	When original packets enter a Dot1q Layer 2 sub-interface, internal priority mapping is performed based on DSCP priorities and the default DiffServ profile by default. To map 802.1p priorities to internal priorities, run this command. To make the configuration take effect, restart the device.
     system tcam acl system tcam acl template template1 group mlag match ethernet destination-mac match forwarding source-trunk quit group safeinorsfc match ip source-ip destination-ip protocol fragment match tcp destination-port source-port tcp-flag l4port-range match udp destination-port source-port l4port-range match icmp icmp-type match forwarding bd-virtual-interface quit service m-lag group mlag service trafficpolicy-l3l4 group safeinorsfc # system tcam acl template template1 all	When the switch functions as the server leaf node, configure a TCAM ACL customization profile to ensure that M-LAG, single-hop SFC, and antivirus functions are successfully configured. Note the following points: Before configuring M-LAG, single-hop SFC, and antivirus, you must configure a TCAM ACL customization profile. Otherwise, the profile does not take effect. To make the profile take effect, restart the device. The TCAM ACL customization profile cannot be modified after being applied to all cards of a device.

   • CE6855, CE6856, and CE7855:

     DCI Leaf Node	Description
     system resource large-route	Set the system resource mode to the large-route mode. To make the configuration take effect, restart the device.
     assign forward ipv6 longer-mask resource share-mode max-dual-stack	Set the resource allocation mode of IPv6 addresses or IPv6 routes with a long prefix length to the max-dual-stack mode for the switch. The configuration is mandatory only if IPv6 addresses or IPv6 routes with the prefix length greater than 64 bits and less than 128 bits are used. To make the configuration take effect, restart the device.
     vxlan tunnel-status track exact-route	Enable subscription to the status of the exact route to the VXLAN tunnel destination to optimize network convergence performance.

   • CE6850HI, CE6850U-HI, CE6851, CE6860, CE7850, CE8850, and CE8860:

     DCI Leaf Node	Description
     system resource large-route	Set the system resource mode to the large-route mode. To make the configuration take effect, restart the device.
     assign forward ipv6 longer-mask resource share-mode max-dual-stack	Set the resource allocation mode of IPv6 addresses or IPv6 routes with a long prefix length to the max-dual-stack mode for the switch. The configuration is mandatory only if IPv6 addresses or IPv6 routes with the prefix length greater than 64 bits and less than 128 bits are used. To make the configuration take effect, restart the device.
     vxlan tunnel-status track exact-route	Enable subscription to the status of the exact route to the VXLAN tunnel destination to optimize network convergence performance.
     interface Eth-Trunk1 trunkport 40GE 1/0/3 to 40GE1/0/4 service type tunnel #	When the CE6850HI, CE6850U-HI, CE6851HI, CE6860EI, CE7850EI, CE8850EI, or CE8860EI functions as a Layer 3 VXLAN gateway, an external loopback interface must be configured. The bandwidth of the loopback interface must be at least twice the bandwidth occupied by traffic on the Layer 3 VXLAN gateway.

5. Configure an IP address of an NVE node and a DFS group.

   DCI Leaf-01-01	DCI Leaf-01-02	Description
   interface LoopBack0 description VTEP ip address 10.88.21.43 255.255.255.255 #	interface LoopBack0 description VTEP ip address 10.88.21.43 255.255.255.255 #	Configure the IP address of Loopback0 as the VTEP IP address. The IP addresses of the two devices that establish an M-LAG must be the same.
   interface Nve1 source 10.88.21.43 mac-address 0000-5e00-0101 #	interface Nve1 source 10.88.21.43 mac-address 0000-5e00-0101 #	Configure NVE interfaces on the devices. The IP addresses and MAC addresses of NVE interfaces on the two devices that establish an M-LAG must be the same. In a distributed gateway scenario, when active-active VXLAN gateways are deployed and work in loopback mode, NVE interfaces in different M-LAGs on the network must be configured with different MAC addresses. The MAC address range configured for NVE interfaces varies depending on the device model, which will be described later in this section.
   interface LoopBack1 description DFS-GROUP/ROUTER-ID ip address 10.88.21.41 255.255.255.255 #	interface LoopBack1 description DFS-GROUP/ROUTER-ID ip address 10.88.21.42 255.255.255.255 #	Configure an IP address for Loopback1. The IP address is used as the router ID and DFS group address, and Loopback1 is used as the source interface for establishing a BGP EVPN peer relationship.
   dfs-group 1 priority 150 source ip 10.88.21.41 consistency-check enable mode loose #	dfs-group 1 priority 100 source ip 10.88.21.42 consistency-check enable mode loose #	Configure a DFS group. Set the priority of the DFS group. The default value is 100. Configure the IP address of the DFS group. Enable M-LAG configuration consistency check in loose mode.

   DCI Leaf-02-01	DCI Leaf-02-02	Description
   interface LoopBack0 description VTEP ip address 10.88.21.46 255.255.255.255 #	interface LoopBack0 description VTEP ip address 10.88.21.46 255.255.255.255 #	Configure the IP address of Loopback0 as the VTEP IP address. The IP addresses of the two devices that establish an M-LAG must be the same.
   interface Nve1 source 10.88.21.46 mac-address 0000-5e00-0102 #	interface Nve1 source 10.88.21.46 mac-address 0000-5e00-0102 #	Configure NVE interfaces on the devices. The IP addresses and MAC addresses of NVE interfaces on the two devices that establish an M-LAG must be the same. In a distributed gateway scenario, when active-active VXLAN gateways are deployed and work in loopback mode, NVE interfaces in different M-LAGs on the network must be configured with different MAC addresses. The MAC address range configured for NVE interfaces varies depending on the device model, which will be described later in this section.
   interface LoopBack1 description DFS-GROUP/ROUTER-ID ip address 10.88.21.44 255.255.255.255 #	interface LoopBack1 description DFS-GROUP/ROUTER-ID ip address 10.88.21.45 255.255.255.255 #	Configure an IP address for Loopback1. The IP address is used as the router ID and DFS group address, and Loopback1 is used as the source interface for establishing a BGP EVPN peer relationship.
   dfs-group 1 priority 150 source ip 10.88.21.44 consistency-check enable mode loose #	dfs-group 1 priority 100 source ip 10.88.21.45 consistency-check enable mode loose #	Configure a DFS group. Set the priority of the DFS group. The default value is 100. Configure the IP address of the DFS group. Enable M-LAG configuration consistency check in loose mode.

   The MAC address range configured for NVE interfaces varies depending on the device model.

   • Fixed switches

     • The CE5880EI, CE6870EI, CE6875EI, and CE6880EI support MAC addresses in the range of 0000-5e00-0100 to 0000-5e00-01ff.

     • The CE6881 and CE6863 support MAC addresses in the range of 0000-5e00-0100 to 0000-5e00-01fe.

     • Other fixed switches support any unicast MAC addresses.

   • CE12800 series switches
     • When the CE12800 works in non-enhanced card interoperability mode, the following situations will occur:

       • If the switch is configured with the EA series card, CE-L48GT-EC card, or CE-L48GS-EC card, the MAC address supported by the switch is in the range from 0000-5e00-0100 to 0000-5e00-0107.

       • If the switch is configured with other cards (excluding the EA series card, CE-L48GT-EC card, and CE-L48GS-EC card), the MAC address supported by the switch is in the range from 0000-5e00-0100 to 0000-5e00-01ff.

     • When the CE12800 works in enhanced interoperability mode, the MAC address supported by the switch is in the range from 0000-5e00-0100 to 0000-5e00-01ff.
     • The MAC address supported by the CE12800E is in the range from 0000-5e00-0100 to 0000-5e00-01ff.
   • CE16800 series switches

     The MAC address supported by the CE16800 is in the range from 0000-5e00-0100 to 0000-5e00-01fe.

6. Configure M-LAG globally.

   DCI Leaf Node	Description
   stp tc-protection	Enable TC BPDU attack defense.
   stp mode rstp	Configure the working mode as RSTP. RSTP should be configured before the V-STP mode is configured.
   stp v-stp enable	Configure the M-LAG in V-STP mode on the DCI leaf nodes.
   #	-
   interface Eth-Trunk0	Create an Eth-Trunk for the peer-link.
   trunkport 40GE 1/0/1 to 1/0/2	Deploy the peer-link on multiple links. If multiple cards are installed on the switch, the peer-link must be deployed on different cards. When the interfaces on a card are of different types, configure port speed decrease or bundle interfaces at different rates. (To bundle interfaces, run the lacp mixed-rate link enable command to forward packets after the interfaces are added to an Eth-Trunk interface in LACP mode, and run the distribute-weight command to configure the weight of load sharing for a member interface.)
   mode lacp-static	-
   peer-link 1	-
   #	-

7. Configure interconnection interfaces between the DCI leaf nodes.

   DCI Leaf-01-01	DCI Leaf-01-02	Description
   interface 40GE1/0/3 description "to DCI Leaf2_1" undo portswitch ip address 10.125.2.1 255.255.255.252 #	interface 40GE1/0/3 description "to DCI Leaf2_1" undo portswitch ip address 10.125.2.9 255.255.255.252 #	Configure an interface for interconnecting with DCI Leaf2_1.
   interface 40GE1/0/4 description "to DCI Leaf2_2" undo portswitch ip address 10.125.2.5 255.255.255.252 #	interface 40GE1/0/4 description "to DCI Leaf2_2" undo portswitch ip address 10.125.2.13 255.255.255.252 #	Configure an interface for interconnecting with DCI Leaf2_2.
   interface Eth-Trunk2 trunkport 40GE 1/0/5 to 1/0/6 undo portswitch ip address 10.125.2.17 255.255.255.252 mode lacp-static #	interface Eth-Trunk2 trunkport 40GE 1/0/5 to 1/0/6 undo portswitch ip address 10.125.2.18 255.255.255.252 mode lacp-static #	Configure interconnection interfaces between DCI Leaf1 nodes.

   DCI Leaf-02-01	DCI Leaf-02-02	Description
   interface 40GE1/0/3 description "to DCI Leaf1_1" undo portswitch ip address 10.125.2.2 255.255.255.252 #	interface 40GE1/0/3 description "to DCI Leaf1_1" undo portswitch ip address 10.125.2.6 255.255.255.252 #	Configure an interface for interconnecting with DCI Leaf1_1.
   interface 40GE1/0/4 description "to DCI Leaf1_2" undo portswitch ip address 10.125.2.10 255.255.255.252 #	interface 40GE1/0/4 description "to DCI Leaf1_2" undo portswitch ip address 10.125.2.14 255.255.255.252 #	Configure an interface for interconnecting with DCI Leaf1_2.
   interface Eth-Trunk2 trunkport 40GE 1/0/5 to 1/0/6 undo portswitch ip address 10.125.2.21 255.255.255.252 mode lacp-static #	interface Eth-Trunk2 trunkport 40GE 1/0/5 to 1/0/6 undo portswitch ip address 10.125.2.22 255.255.255.252 mode lacp-static #	Configure interconnection interfaces between DCI Leaf2 nodes.

8. Configure EBGP routes on the underlay network.

   DCI Leaf-01-01	DCI Leaf-01-02	Description
   bfd #	bfd #	Enable BFD globally.
   bgp 65001 router-id 10.88.21.41	bgp 65001 router-id 10.88.21.42	-
   advertise lowest-priority all-address-family peer-up delay 360	advertise lowest-priority all-address-family peer-up delay 360	When the peer status changes from Down to Up, the priority of BGP routes is changed to be the lowest. Route advertisement is delayed to prevent packet loss during traffic switchback.
   peer 10.125.2.2 as-number 65002 peer 10.125.2.2 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.2 bfd enable peer 10.125.2.6 as-number 65002 peer 10.125.2.6 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.6 bfd enable	peer 10.125.2.10 as-number 65002 peer 10.125.2.10 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.10 bfd enable peer 10.125.2.14 as-number 65002 peer 10.125.2.14 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.14 bfd enable	Establish an EBGP peer relationship with DCI Leaf2_1. Configure BFD. Set the interval for receiving or sending BFD packets to 300 ms and the detection multiplier to 6 only when all devices in the networking support hardware-based BFD. In other scenarios, retain default values of BFD parameters. That is, the interval for receiving or sending BFD packets is 1000 ms and the detection multiplier is 3. Establish an EBGP peer relationship with DCI Leaf2_2.
   peer 10.125.2.18 as-number 65001 peer 10.125.2.18 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.18 bfd enable #	peer 10.125.2.17 as-number 65001 peer 10.125.2.17 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.17 bfd enable #	Establish an IBGP peer relationship between DCI Leaf1_1 and DCI Leaf1_2.
   ipv4-family unicast network 10.88.21.41 255.255.255.255 network 10.88.21.43 255.255.255.255 maximum load-balancing 2 peer 10.125.2.2 enable peer 10.125.2.6 enable peer 10.125.2.18 enable #	ipv4-family unicast network 10.88.21.42 255.255.255.255 network 10.88.21.43 255.255.255.255 maximum load-balancing 2 peer 10.125.2.10 enable peer 10.125.2.14 enable peer 10.125.2.17 enable #	Advertise the DFS group address and address of the interface for establishing an EVPN peer relationship. Advertise the VTEP IP address.

   DCI Leaf-02-01	DCI Leaf-02-02	Description
   bfd #	bfd #	Enable BFD globally.
   bgp 65002 router-id 10.88.21.44	bgp 65002 router-id 10.88.21.45	-
   advertise lowest-priority all-address-family peer-up delay 360	advertise lowest-priority all-address-family peer-up delay 360	When the peer status changes from Down to Up, the priority of BGP routes is changed to be the lowest. Route advertisement is delayed to prevent packet loss during traffic switchback.
   peer 10.125.2.1 as-number 65001 peer 10.125.2.1 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.1 bfd enable peer 10.125.2.9 as-number 65001 peer 10.125.2.9 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.9 bfd enable	peer 10.125.2.5 as-number 65001 peer 10.125.2.5 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.5 bfd enable peer 10.125.2.13 as-number 65001 peer 10.125.2.13 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.13 bfd enable	Establish an EBGP peer relationship with DCI Leaf1_1. Configure BFD. Set the interval for receiving or sending BFD packets to 300 ms and the detection multiplier to 6 only when all devices in the networking support hardware-based BFD. In other scenarios, retain default values of BFD parameters. That is, the interval for receiving or sending BFD packets is 1000 ms and the detection multiplier is 3. Establish an EBGP peer relationship with DCI Leaf1_2.
   peer 10.125.2.22 as-number 65002 peer 10.125.2.22 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.22 bfd enable #	peer 10.125.2.21 as-number 65002 peer 10.125.2.21 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 6 peer 10.125.2.21 bfd enable #	Establish an IBGP peer relationship between DCI Leaf2_1 and DCI Leaf2_2.
   ipv4-family unicast network 10.88.21.44 255.255.255.255 network 10.88.21.46 255.255.255.255 maximum load-balancing 2 peer 10.125.2.1 enable peer 10.125.2.9 enable peer 10.125.2.22 enable #	ipv4-family unicast network 10.88.21.45 255.255.255.255 network 10.88.21.46 255.255.255.255 maximum load-balancing 2 peer 10.125.2.5 enable peer 10.125.2.13 enable peer 10.125.2.21 enable #	Advertise the DFS group address and address of the interface for establishing an EVPN peer relationship. Advertise the VTEP IP address.

9. Configure EBGP EVPN peer relationships on the overlay network.

   DCI Leaf-01-01	DCI Leaf-01-02	Description
   evpn-overlay enable	evpn-overlay enable	Enable EVPN as the VXLAN control plane.
   bgp 1001 instance overlay router-id 10.88.21.41 peer 10.88.21.44 as-number 1002 peer 10.88.21.44 ebgp-max-hop 2 peer 10.88.21.44 connect-interface LoopBack1 peer 10.88.21.45 as-number 1002 peer 10.88.21.45 ebgp-max-hop 2 peer 10.88.21.45 connect-interface LoopBack1 #	bgp 1001 instance overlay router-id 10.88.21.42 peer 10.88.21.44 as-number 1002 peer 10.88.21.44 ebgp-max-hop 2 peer 10.88.21.44 connect-interface LoopBack1 peer 10.88.21.45 as-number 1002 peer 10.88.21.45 ebgp-max-hop 2 peer 10.88.21.45 connect-interface LoopBack1 #	Establish an EVPN EBGP peer relationship with DCI Leaf2_1. When loopback interfaces are used to establish an EBGP EVPN peer relationship, the maximum number of hops must be greater than or equal to 2. If DCI leaf nodes are not directly connected, adjust the parameter settings based on site requirements. Establish an EVPN EBGP peer relationship with DCI Leaf2_2.
   l2vpn-family evpn policy vpn-target peer 10.88.21.44 enable peer 10.88.21.44 advertise irb peer 10.88.21.45 enable peer 10.88.21.45 advertise irb #	l2vpn-family evpn policy vpn-target peer 10.88.21.44 enable peer 10.88.21.44 advertise irb peer 10.88.21.45 enable peer 10.88.21.45 advertise irb #	Configure IRB route advertisement to BGP EVPN peers.

   DCI Leaf-02-01	DCI Leaf-02-02	Description
   evpn-overlay enable	evpn-overlay enable	Enable EVPN as the VXLAN control plane.
   bgp 1002 instance overlay router-id 10.88.21.44 peer 10.88.21.41 as-number 1001 peer 10.88.21.41 ebgp-max-hop 2 peer 10.88.21.41 connect-interface LoopBack1 peer 10.88.21.42 as-number 1001 peer 10.88.21.42 ebgp-max-hop 2 peer 10.88.21.42 connect-interface LoopBack1 #	bgp 1002 instance overlay router-id 10.88.21.45 peer 10.88.21.41 as-number 1001 peer 10.88.21.41 ebgp-max-hop 2 peer 10.88.21.41 connect-interface LoopBack1 peer 10.88.21.42 as-number 1001 peer 10.88.21.42 ebgp-max-hop 2 peer 10.88.21.42 connect-interface LoopBack1 #	Establish an EVPN EBGP peer relationship with DCI Leaf1_1. When loopback interfaces are used to establish an EBGP EVPN peer relationship, the maximum number of hops must be greater than or equal to 2. If DCI leaf nodes are not directly connected, adjust the parameter settings based on site requirements. Establish an EVPN EBGP peer relationship with DCI Leaf1_2.
   l2vpn-family evpn policy vpn-target peer 10.88.21.41 enable peer 10.88.21.41 advertise irb peer 10.88.21.42 enable peer 10.88.21.42 advertise irb #	l2vpn-family evpn policy vpn-target peer 10.88.21.41 enable peer 10.88.21.41 advertise irb peer 10.88.21.42 enable peer 10.88.21.42 advertise irb #	Configure IRB route advertisement to BGP EVPN peers.

10. Configure interconnection links between the DCI leaf nodes and spine nodes.

    DCI Leaf Node	Description
    interface Eth-Trunk1 description"to Spine" port link-type trunk undo port trunk allow-pass vlan 1 trunkport 10GE 1/0/1 to 1/0/2 mode lacp-static dfs-group 1 m-lag 1 lacp timeout fast #	Create an Eth-Trunk and configure physical interfaces. Delete VLAN 1 from the Eth-Trunk.
    interface 10GE1/0/1 storm suppression unknown-unicast 5 storm suppression multicast 2 storm suppression broadcast 2 # interface 10GE1/0/2 storm suppression unknown-unicast 5 storm suppression multicast 2 storm suppression broadcast 2 #	Create an interface for interconnecting with Spine1. Configure unknown unicast traffic suppression. The recommended value is 5%. Configure multicast traffic suppression. The recommended value is 2%. Do not configure multicast traffic suppression when multicast services are deployed across DCs. Configure broadcast traffic suppression. The recommended value is 2%. Create an interface for interconnecting with Spine2. Configure unknown unicast traffic suppression. The recommended value is 5%. Configure multicast traffic suppression. The recommended value is 2%. Do not configure multicast traffic suppression when multicast services are deployed across DCs. Configure broadcast traffic suppression. The recommended value is 2%.

11. Configure VXLAN access at Layer 2.

    DCI Leaf Node	Description
    bridge-domain 5001 vxlan vni 1000 evpn route-distinguisher 10:1000 vpn-target 0:1000 export-extcommunity vpn-target 0:1000 import-extcommunity #	Configure a BD.
    interface Eth-Trunk1.2000 mode l2 encapsulation dot1q vid 2000 bridge-domain 5001 #	Configure a Layer 2 sub-interface. Configure the same service VLAN as that of the spine nodes.
    interface Nve1 vni 1000 head-end peer-list protocol bgp #	Configure an ingress replication list.

12. Set the aging time of MAC address entries to 30 minutes.

    DCI Leaf Node	Description
    mac-address aging-time 1800 #	Set the aging time of MAC address entries to 30 minutes to prevent a large number of routes on the VXLAN network from being repeatedly withdrawn and learned (which affects network processing performance) due to entry flapping on other networks.

13. Configure an ACL on the DCI leaf nodes to filter PVST BPDUs.
    When a DC configured with PVST+ or other non-STP spanning tree protocols is connected, perform this configuration to prevent BPDUs from being flooded to the remote DC.

    DCI Leaf Node	Description
    acl number 4000 rule 5 deny destination-mac 0100-0ccc-cccd rule 10 permit #	Reject PVST BPDUs.
    interface Eth-Trunk1 traffic-filter acl 4000 inbound #	Configure packet filtering on the access interface.

14. Configure CRC and disable unused interfaces.

    DCI Leaf-01-01	DCI Leaf-01-02	Description
    port-group group-member 10ge 1/0/3 to 10ge 1/0/48	port-group group-member 10ge 1/0/3 to 10ge 1/0/48	Create a temporary port group and add the unused physical interfaces to the port group.
    shutdown	shutdown	Shut down the interfaces.
    stp instance 0 cost 10000	stp instance 0 cost 10000	Increase the STP cost.
    port link-type trunk	port link-type trunk	-
    undo port trunk allow-pass vlan 1	undo port trunk allow-pass vlan 1	Delete VLAN 1 from the Eth-Trunk interface.
    #	#	-
    port-group group-member 40ge 1/0/1 to 40ge 1/0/6	port-group group-member 40ge 1/0/1 to 40ge 1/0/6	Create a temporary port group. CRC needs to be performed for all interfaces.
    trap-threshold crc-statistics 100 interval 10	trap-threshold crc-statistics 100 interval 10	Set the alarm threshold of CRC error packets to 100 and the alarm interval to 10s.
    port crc-statistics trigger error-down	port crc-statistics trigger error-down	Configure the interface to enter the Error-Down state when the number of received CRC error packets exceeds the threshold. In this way, services can be switched to the backup link in a timely manner, ensuring reliable data transmission.
    #	#	-