No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
New IP Technologies

This document introduces the implementations and configurations of popular features on a Huawei router.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NFVI Distributed Gateway Function (BGP EVPN over E2E SR Tunnels)

Configuring the NFVI Distributed Gateway Function (BGP EVPN over E2E SR Tunnels)

In the NFVI telco cloud solution, the NFVI distributed gateway function allows mobile phone traffic to be processed by vUGWs and vMSEs and transmitted over a DCN through E2E SR tunnels as well as being transmitted within a DCN in load balancing mode.

Usage Scenario

The NFVI telco cloud solution uses the DCI+DCN networking. A large amount of mobile phone traffic is sent to vUGWs and vMSEs on the DCN. After being processed by the vUGWs and vMSEs, the mobile phone traffic is forwarded over the DCN to destination devices on the Internet. The destination devices send traffic to mobile phones in similar ways. To achieve these functions and ensure traffic load balancing on the DCN, you need to deploy the NFVI distributed gateway function.

Figure 3-155 shows the networking of an NFVI distributed gateway (BGP EVPN over E2E SR tunnels). DC-GWs, which are the border gateways of the DCN, exchange Internet routes with external devices over PEs. L2GW/L3GW1 and L2GW/L3GW2 are connected to VNFs. VNF1 and VNF2 that function as virtualized NEs are deployed to implement the vUGW functions and vMSE functions, respectively. VNF1 and VNF2 are each connected to L2GW/L3GW1 and L2GW/L3GW2 through IPUs.

In NFVI distributed gateway networking (BGP EVPN over E2E SR tunnels), the number of BDs needs to be planned based on the number of network segments corresponding to each IPU. An example assumes that the four IP addresses planned for four IPUs belong to four network segments. In this case, four BDs need to be planned. You need to configure the BDs and the corresponding VBDIF interfaces on all L2GW/L3GWs and bind all the VBDIF interfaces to the same L3VPN instance. In addition, the following functions need to be deployed on the DCN:

  • Establish BGP VPN peer relationships between VNFs and DC-GWs so that the VNFs can advertise mobile phone routes (UE IP) to DC-GWs.

  • On L2GW/L3GW1 and L2GW/L3GW2, configure static VPN routes with the IP addresses of VNFs as the destination addresses and the IP addresses of IPUs as next-hop addresses.

  • Deploy EVPN RRs which can be either a standalone device or a DC-GW. In this section, BGP EVPN peer relationships are established between all L2GW/L3GWs, PEs, and DC-GWs, DC-GWs are deployed as RRs to reflect EVPN routes, and other devices function as RR clients. The functions of a BGP EVPN RR are as follows:

    • DC-GWs can reflect the mobile phone routes learned by VNFs to L2GW/L3GWs and PEs so that mobile phone routes can be transmitted outside the DCN and the traffic sent to mobile phone users can be introduced to the DCN. Route-policies need to be configured DC-GWs so that the mobile phone routes sent by DC-GWs to L2GW/L3GWs and PEs carry the gateway addresses which are VNFs' loopback addresses.

    • DC-GWs receive the IP prefix routes destined for VNFs from an L2GW/L3GW based on BGP EVPN peer relationships and reflect the IP prefix routes to PEs and other L2GWs/L3GWs. The EVPN RR can also be used to synchronize the MAC or ARP routes of IPUs and the IP prefix routes destined for VNFs between L2GW/L3GWs.

  • Configure static default routes on PEs and use the EVPN RRs to reflect the static default routes to L2GW/L3GWs.

  • Deploy SR tunnels between PEs and L2GW/L3GWs and between DC-GWs and L2GW/L3GWs to carry service traffic.

  • The traffic transmitted between mobile phones and the Internet over VNFs is north-south traffic. The traffic transmitted between VNF1 and VNF2 is east-west traffic. To achieve load balancing of east-west traffic and north-south traffic, deploy the load balancing function on DC-GWs and L2GW/L3GWs.

The NFVI distributed gateway function supports both IPv4 and IPv6 services. If a step does not differentiate IPv4 and IPv6 services, this step applies to both IPv4 and IPv6 services.

Figure 3-155 NFVI distributed gateway networking

Pre-configuration Tasks

Before configuring the NFVI distributed gateway function, complete the following tasks:

  • Allow the routes between PEs and DC-GWs and between DC-GWs and L2GW/L3GWs to be reachable.

  • Deploy SR tunnels between PEs and L2GW/L3GWs and between DC-GWs and L2GW/L3GWs.

  • Configure the BD EVPN function on DC-GWs and L2GW/L3GWs. The configuration includes creating EVPN instances and L3VPN instances, establishing BGP EVPN peer relationships, and configuring VBDIF interfaces. On DC-GWs, the configuration involves only creating L3VPN instances and establishing BGP EVPN peer relationships.

  • Configure the static routes destined for VNF1 and VNF2 on L2GW/L3GWs by referring to Static VPN IPv4 Routes or Static VPN IPv6 Routes.

Configuring Route Recursion over SR Tunnels

By default, routes are recursed to a BD EVPN or BGP VPNv4/VPNv6 network over MPLS LDP tunnels. If SR tunnels are used to carry service traffic, the function to recurse routes over SR tunnels must be configured.

Context

You can configure a tunnel policy or an SR-MPLS BE tunnel-preferred policy to recurse routes over SR tunnels.

Procedure

  • Configure a tunnel policy on PEs, DC-GWs, and L2GW/L3GWs and apply the tunnel policy. You can choose to recurse routes over SR-MPLS BE or SR-MPLS TE tunnels. For configuration details, see Configuring and Applying a Tunnel Policy.
  • Configure an SR-MPLS BE tunnel-preferred policy on PEs, DC-GWs, and L2GW/L3GWs so that users can choose to recurse routes over SR-MPLS BE tunnels.
    1. Run system-view

      The system view is displayed.

    2. Run segment-routing

      The segment routing view is displayed.

    3. Run tunnel-prefer segment-routing

      SR-MPLS BE tunnels are enabled to take precedence over other tunnels.

    4. Run commit

      The configuration is committed.

Configuring Route Advertisement on PEs

The route advertisement function allows PEs to advertise default static routes to L2GW/L3GWs through BGP EVPN RRs.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Create a route-policy to filter and modify the advertised and received routes. For configuration details, see Configuring a Route-Policy. You can run the apply gateway-ip none or apply ipv6 gateway-ip none command to delete gateway addresses from the VNF routes received from L2GW/L3GWs so that the routes sent from PEs to VNFs can be recursed over SR tunnels, instead of being forwarded based on gateway addresses.
  3. Configure default static VPN routes.

    • Run the ip route-static vpn-instance vpn-instance-name 0.0.0.0 { 0.0.0.0 | 0 } { nexthop-address | interface-type interface-number [ nexthop-address ] } [ tag tag ] command to create a default static VPN IPv4 route.

    • Run the ipv6 route-static vpn-instance vpn-instance-name :: 0 { nexthop-ipv6–address | interface-type interface-number [ nexthop-ipv6-address ] } [ tag tag ] command to create a default static VPN IPv6 route.

  4. Run ip vpn-instance vpn-instance-name

    The VPN instance view is displayed.

  5. Enter the IPv4 or IPv6 address family view of the VPN instance.

    • Run the ipv4-family command to enter the IPv4 address family view of the VPN instance.

    • Run the ipv6-family command to enter the IPv6 address family view of the VPN instance.

  6. Run import route-policy policy-name evpn

    The L3VPN instance is bound to an import route-policy. This route-policy is used to filter the routes received by the L3VPN instance so that the gateway addresses are deleted from the routes received from L2GW/L3GWs.

  7. Run quit

    Exit from the IPv4 or IPv6 address family view of the VPN instance.

  8. Run quit

    Exit from the VPN instance view.

  9. Run bgp { as-number-plain | as-number-dot }

    The BGP view is displayed.

  10. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

    • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

    • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

  11. Run network { 0.0.0.0 0 | :: 0 }

    Default static VPN routes are imported to the IPv4 or IPv6 address family of the BGP-VPN instance.

  12. Run advertise l2vpn evpn

    The function to advertise IP routes from the VPN instance to the EVPN instance is enabled.

  13. Run quit

    Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

  14. Run quit

    Exit from the BGP view.

  15. Run commit

    The configuration is committed.

Configuring Route Advertisement on DC-GWs

Route advertisement can be configured on DC-GWs to allow the DC-GWs to construct their own forwarding entries based on the received EVPN routes.

Procedure

  1. Configure DC-GWs to advertise the VPN loopback routes and the mobile phone routes received from VNFs through EVPN.
    1. Run system-view

      The system view is displayed.

    2. Run interface Loopback interface-number

      The loopback interface view is displayed.

    3. Run ip binding vpn-instance vpn-instance-name

      The loopback interface is bound to an L3VPN instance.

    4. (Optional) Run ipv6 enable

      IPv6 is enabled on the loopback interface. This step is mandatory when the loopback interface is configured with an IPv6 address.

    5. Configure an IPv4 or IPv6 address for the loopback interface.

      • Run the ip address ip-address { mask | mask-length } command to configure an IPv4 address for the loopback interface.

      • Run the ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } command to configure an IPv6 address for the loopback interface.

    6. Run quit

      Exit from the loopback interface view.

    7. Create a route-policy to filter and modify the advertised and received routes. For configuration details, see Configuring a Route-Policy. A route-policy must support the following functions:

      • Export route-policy: An if-match clause configured in the route-policy can be used to filter VPN loopback routes and mobile phone routes in the L3VPN instance. You can run the apply gateway-ip { origin-nexthop | ipv4-address } or apply ipv6 gateway-ip { origin-nexthop | ipv6-address } command to configure the original next-hop address of mobile phone routes as a gateway address.

      • Import route-policy: You can run the apply gateway-ip none or apply ipv6 gateway-ip none command to delete gateway addresses from the routes received from L2GW/L3GWs to ensure that the BGP VPN packets sent by DC-GWs to VNFs can be recursed over SR tunnels, instead of being forwarded through VBDIF interfaces based on gateway addresses (DC-GWs do not have VBDIF interfaces).

    8. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    9. Enter the IPv4 or IPv6 address family view of the VPN instance.

      • Run the ipv4-family command to enter the IPv4 address family view of the VPN instance.

      • Run the ipv6-family command to enter the IPv6 address family view of the VPN instance.

    10. Run export route-policy policy-name evpn

      The L3VPN instance is bound to an export route-policy. This route-policy is used to filter the routes advertised to the EVPN instance from the L3VPN instance so that the L3VPN instance advertises only the mobile phone routes and VPN loopback routes to the EVPN instance.

    11. Run import route-policy policy-name evpn

      The L3VPN instance is bound to an import route-policy. This route-policy is used to filter the routes received by the L3VPN instance so that the gateway addresses are deleted from the routes received from L2GW/L3GWs.

    12. Run quit

      Exit from the IPv4 or IPv6 address family view of the VPN instance.

    13. Run quit

      Exit from the VPN instance view.

    14. Create a route-policy to filter the mobile phone routes received by the DC-GW from the L2GW/L3GW and prohibit the advertisement of such mobile phone routes. For details about how to create a route-policy, see Configuring a Route-Policy.
    15. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    16. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    17. Run peer { group-name | ipv4-address } route-policy route-policy-name export

      The route-policy is used to prohibit DC-GWs from advertising mobile phone routes to each other.

    18. Run quit

      Exit from the BGP-EVPN address family view.

    19. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    20. Run import-route direct [ med med | route-policy route-policy-name ] *

      VPN loopback routes are imported to the IPv4 or IPv6 address family of the BGP-VPN instance.

    21. Run advertise l2vpn evpn

      The function to advertise IP routes from the VPN instance to the EVPN instance is enabled.

    22. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

    23. Run quit

      Exit from the BGP view.

  2. Establish BGP VPN peer relationships between DC-GWs and VNFs.
    1. Run route-policy route-policy-name deny node node

      A route-policy that denies all routes is created.

    2. Run quit

      Exit from the route-policy view.

    3. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    4. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    5. Run peer { ipv4-address | ipv6-address | group-name } as-number { as-number-plain | as-number-dot }

      A BGP VPN peer relationship is established.

    6. Run peer { ipv4-address | ipv6-address | group-name } connect-interface interface-type interface-number [ ipv4-source-address ]

      The source interface and source IP address are specified for the TCP connection to be set up between BGP peers.

    7. Run peer { ipv4-address | ipv6-address | group-name } route-policy route-policy-name export

      The route-policy is applied so that DC-GWs do not advertise BGP VPN routes to VNFs. This prevents route loops.

    8. Run peer { ipv4-address | ipv6-address | group-name } reflect-client

      The RR function is configured to reflect BGP VPN routes. This function allows VNFs to share mobile phone routes.

    9. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

  3. Configure RRs in BGP EVPN so that EVPN routes can be synchronized between L2GW/L3GWs and the EVPN routes sent by L2GW/L3GWs can be reflected to PEs.
    1. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    2. Run peer { group-name | ipv4-address } reflect-client

      L2GW/L3GWs and PEs are configured as RR clients.

    3. Run peer { group-name | ipv4-address } next-hop-invariable

      DC-GWs are configured not to modify the next hop during route advertisement to PEs and L2GW/L3GWs and the next-hop address is still the IP address of an L2GW/L3GW when a PE receives routes from a VNF. Upon receipt of default routes, the next -hop addresses of L2GW/L3GWs are the IP addresses of PEs. In this way, routes are recursed over E2E SR-MPLS TE tunnels.

  4. Run commit

    The configuration is committed.

Configuring Route Advertisement on L2GW/L3GWs

Route advertisement can be configured on L2GW/L3GWs to allow the L2GW/L3GWs to construct their own forwarding entries based on the received EVPN or BGP routes.

Procedure

  1. Configure L2GW/L3GWs to generate ARP or ND entries for Layer 2 forwarding based on the ARP or ND information in EVPN routes.
    1. Run system-view

      The system view is displayed.

    2. Run interface vbdif bd-id

      A VBDIF interface is created, and the VBDIF interface view is displayed.

    3. Configure L2GW/L3GWs to generate ARP or ND entries for Layer 2 forwarding based on the ARP or ND information in EVPN routes.

      • Run the arp generate-rd-table enable command to allow L2GW/L3GWs to generate ARP entries for Layer 2 forwarding based on the ARP information in EVPN routes.

      • Run the ipv6 nd generate-rd-table enable command to allow L2GW/L3GWs to generate ND entries for Layer 2 forwarding based on the ND information in EVPN routes.

    4. (Optional) Run ipv6 nd dad attempts 0

      DAD is prohibited. This command is mandatory in IPv6 scenarios to prevent service interruptions occurred because the system detects that the IPv6 address of another device is the same as the VBDIF interface's IP address.

    5. Run quit

      Exit from the VBDIF interface view.

  2. Configure an L3VPN instance to advertise the static VPN routes destined for VNFs to an EVPN instance.
    1. Create a route-policy so that the static VPN routes destined for VNFs can be filtered out in the L3VPN instance. For configuration details, see Configuring a Route-Policy. During configuration of an apply clause, run the apply gateway-ip { origin-nexthop | ipv4-address } or apply ipv6 gateway-ip { origin-nexthop | ipv6-address } command to specify the original next-hop address of a static VPN route as a gateway address.
    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Enter the IPv4 or IPv6 address family view of the VPN instance.

      • Run the ipv4-family command to enter the IPv4 address family view of the VPN instance.

      • Run the ipv6-family command to enter the IPv6 address family view of the VPN instance.

    4. Run export route-policy policy-name evpn

      The L3VPN instance is bound to an export route-policy. This route-policy is used to filter the routes advertised to the EVPN instance from the L3VPN instance so that the L3VPN instance advertises only the static VPN routes destined for VNFs to the EVPN instance and gateway addresses are added to the static VPN routes.

    5. Run quit

      Exit from the IPv4 or IPv6 address family view of the VPN instance.

    6. Run quit

      Exit from the VPN instance view.

    7. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    8. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    9. Run import-route static [ med med | route-policy route-policy-name ] *

      Static routes are imported to the IPv4 or IPv6 address family of the BGP-VPN instance.

    10. Run advertise l2vpn evpn [ import-route-multipath ]

      The function to advertise IP routes from the VPN instance to the EVPN instance is enabled. If the load balancing function needs to be deployed on the network, specify the import-route-multipath parameter so that the VPN instance can advertise all the routes with the same destination address to the EVPN instance.

    11. (Optional) Run irb asymmetric

      The asymmetric mode is enabled for IRB routes. If L2GW/L3GWs are configured to advertise ARP or ND routes to each other, skip this step. If L2GW/L3GWs are configured to advertise IRB or IPBv6 routes to each other, perform this step so that L2GW/L3GWs do not generate IP prefix routes. This prevents route loops.

    12. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

  3. Run commit

    The configuration is committed.

Configuring the Load Balancing Function

The load balancing function needs to be deployed to achieve balanced loads of network traffic.

Procedure

  • Configure PEs.
    1. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    2. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    3. Run maximum load-balancing [ ebgp | ibgp ] number [ ecmp-nexthop-changed ]

      The maximum number of equal-cost routes for load balancing is set.

    4. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

    5. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    6. Run peer { ipv4-address | group-name } capability-advertise add-path { send | receive | both }

      The function to send or receive Add-Path routes from a specified peer is enabled.

    7. Run quit

      Exit from the BGP-EVPN address family view.

    8. Run quit

      Exit from the BGP view.

    9. Run commit

      The configuration is committed.

  • Configure DC-GWs.
    1. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    2. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    3. Run maximum load-balancing [ ebgp | ibgp ] number [ ecmp-nexthop-changed ]

      The maximum number of equal-cost routes for load balancing is set.

    4. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

    5. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    6. Run peer { ipv4-address | group-name } capability-advertise add-path { send | receive | both }

      The function to send or receive Add-Path routes from a specified peer is enabled.

    7. Run quit

      Exit from the BGP-EVPN address family view.

    8. Run quit

      Exit from the BGP view.

    9. Run commit

      The configuration is committed.

  • Configure L2GW/L3GWs.
    1. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    2. Enter the IPv4 or IPv6 address family view of a BGP-VPN instance.

      • Run the ipv4-family vpn-instance vpn-instance-name command to enter the IPv4 address family view of a BGP-VPN instance.

      • Run the ipv6-family vpn-instance vpn-instance-name command to enter the IPv6 address family view of a BGP-VPN instance.

    3. Run maximum load-balancing [ ebgp | ibgp ] number [ ecmp-nexthop-changed ]

      The maximum number of equal-cost routes for load balancing is set.

    4. Run quit

      Exit from the IPv4 or IPv6 address family view of the BGP-VPN instance.

    5. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    6. Run bestroute add-path path-number path-number

      BGP Add-Path is enabled, and the number of preferred routes that can be selected is configured.

    7. Run peer { ipv4-address | group-name } capability-advertise add-path { send | receive | both }

      The function to send or receive Add-Path routes from a specified peer is enabled.

    8. Run peer { ipv4-address | group-name } advertise add-path path-number path-number

      The number of preferred routes that can be advertised to a specified peer is configured.

    9. Run quit

      Exit from the BGP-EVPN address family view.

    10. Run quit

      Exit from the BGP view.

    11. Run commit

      The configuration is committed.

Verifying the Configurations of the NFVI DistributedGateway Function

After configuring the NFVI distributed gateway function, verify the configurations. On DC-GWs, you can view the VPN peer relationships between DC-GWs and VNFs and the information about the mobile phone routes received from VNFs.

Prerequisites

The NFVI distributed gateway function has been configured.

Procedure

  1. Run the display bgp { vpnv4 | vpnv6 } vpn-instance vpn-instance-name peer command on DC-GWs to check whether the VPN peer relationships have been established between DC-GWs and VNFs.
  2. Run the display bgp vpnv4 vpn-instance vpn-instance-name routing-table or display bgp vpnv6 vpn-instance vpn-instance-name routing-table command on DC-GWs to check whether DC-GWs can receive mobile phone routes from VNFs and whether the next-hop addresses of the mobile phone routes are VNF addresses.
  3. Run the display ip routing-table vpn-instance vpn-instance-name or display ipv6 routing-table vpn-instance vpn-instance-name command on DC-GWs to check whether the VPN routing tables of DC-GWs include mobile phone routes and whether the outbound interfaces of the mobile phone routes are VBDIF interfaces.
Translation
简体中文
Download
Updated: 2020-10-10

Document ID: EDOC1000173015

Views: 412419

Downloads: 4651

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :