No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
New IP Technologies

This document introduces the implementations and configurations of popular features on a Huawei router.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Static VXLAN Active-Active Scenario

Configuring the Static VXLAN Active-Active Scenario

In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.

Context

On the network shown in Figure 4-86, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote NVE interface. A VTEP address is configured on the CPE to establish a VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.

The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.

Before an IPv6 network is used to transmit traffic between a CPE and PE, an IPv4 over IPv6 tunnel must be configured between them. To enable a VXLAN tunnel to recurse routes to the IPv4 over IPv6 tunnel, static routes must be configured on the CPE and PE, and the outbound interface of the route destined for the VXLAN tunnel's destination IP address must be set to the IPv4 over IPv6 tunnel interface.

Figure 4-86 Networking diagram for configuring the static VXLAN active-active scenario

Procedure

  1. Configure AC-side service access.
    1. Configure an Eth-Trunk interface on CE1 to dual-home CE1 to PE1 and PE2.
    2. Configure service access points. For configuration details, see the section Configuring a VXLAN Service Access Point.
    3. Configure the same Ethernet Segment Identifier (ESI) for the links connecting CE1 to PE1 and PE2.

      1. Run the interface eth-trunk command to enter the Eth-Trunk interface view.
      2. Run the esi command to configure an ESI.
      3. Run the commit command to commit the configuration.

  2. Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see the section Configuring a VXLAN Tunnel.
  3. Configure a bypass VXLAN tunnel between PE1 and PE2.
    1. Configure a BGP EVPN peer relationship.

      1. Run the bgp as-number command to enable BGP and enter the BGP view.
      2. Run the peer ipv4-address as-number as-number command to configure the peer device as a BGP peer.
      3. Run the l2vpn-family evpn command to enter the BGP-EVPN address family view.
      4. Run the peer { ipv4-address | group-name } enable command to enable the device to exchange EVPN routes with a specified peer or peer group.
      5. Run the peer { ipv4-address | group-name } advertise encap-type vxlan command to advertise EVPN routes that carry the VXLAN encapsulation attribute to the peer.
      6. Run the quit command to exit from the BGP-EVPN address family view.
      7. Run the quit command to exit from the BGP view.
      8. Run the commit command to commit the configuration.

    2. Configure a VPN instance or EVPN instance.

      • Layer 2 communication (Configure an EVPN instance.)

        1. Run the evpn vpn-instance vpn-instance-name bd-mode command to create a BD EVPN instance and enter the EVPN instance view.
        2. Run the route-distinguisher route-distinguisher command to configure an RD for the EVPN instance.
        3. Run the vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] command to configure VPN targets for the EVPN instance.

          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

        4. Run the quit command to exit from the EVPN instance view.
        5. Run the bridge-domain bd-id command to enter the BD view.
        6. Run the vxlan vni vni-id split-horizon-mode command to create a VNI, associate the VNI with the BD, and apply split horizon to the BD.
        7. Run the evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ] command to bind a specified EVPN instance to the BD. By specifying different bd-tag, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.
        8. Run the quit command to exit from the BD view.
        9. Run the commit command to commit the configuration.

      • Layer 3 communication (Configure a VPN instance.)

        1. Run the ip vpn-instance vpn-instance-name command to create a VPN instance and enter the VPN instance view.
        2. Run the ipv4-family [ unicast ] command to enable the IPv4 address family for a VPN instance.
        3. Run the route-distinguisher route-distinguisher command to configure an RD for the VPN instance.
        4. Run the vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] [ evpn ] command to configure VPN target for the EVPN instance.

          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

        5. Run the quit command to exit from the VPN instance ipv4-family view.
        6. Run the quit command to exit from the VPN instance view.
        7. Run the bridge-domain bd-id command to enter the BD view.
        8. Run the vxlan vni vni-id split-horizon-mode command to create a VNI, associate the VNI with the BD, and apply split horizon to the BD.
        9. Run the quit command to exit from the BD view.
        10. Run the commit command to commit the configuration.

    3. Enable the inter-chassis VXLAN function on PE1 and PE2.

      1. Run the evpn command to enter the EVPN view.
      2. Run the bypass-vxlan enable command to enable the inter-chassis VXLAN function.
      3. Run the quit command to exit from the EVPN view.
      4. Run the commit command to commit the configuration.

    4. Configure an ingress replication list.

      1. Run the interface nve nve-number command to enter the NVE interface view.
      2. Run the source ip-address command to configure an IP address for the source VTEP.
      3. Run the vni vni-id head-end peer-list protocol bgp command to configure an ingress replication list.
      4. Run the bypass source ip-address command to configure a source VTEP address for the bypass VLAN tunnel.
      5. Run the mac-address mac-address command to configure a VTEP MAC address.
      6. Run the quit command to exit from the NVE interface view.
      7. Run the commit command to commit the configuration.

  4. Configure FRR on the PEs.

    • Layer 2 communication

      1. Run the evpn command to enter the EVPN view.
      2. Run the vlan-extend private enable command to enable routes to be sent to carry the VLAN private extended community attribute.
      3. Run the vlan-extend redirect enable command to enable the function of redirecting received routes the VLAN private extended community attribute.
      4. Run the local-remote frr enable command to enable FRR for MAC routes between the local and remote ends.‏
      5. Run the quit command to exit from the EVPN view.
      6. Run the commit command to commit the configuration.

    • Layer 3 communication

      1. Run the bgp as-number command to enter the BGP view.
      2. Run the ipv4-family vpn-instance vpn-instance-name command to enable the BGP-VPN instance IPv4 address family and displays the address family view.
      3. Run the auto-frr command to enable BGP auto FRR.
      4. Run the peer { ipv4-address | group-name } enable command to enable the function of exchanging EVPN routes with a specified peer or peer group. The IP address is a CE address.
      5. Run the advertise l2vpn evpn command to enable a VPN instance to advertise IP routes to an EVPN instance.
      6. Run the quit command to exit from the BGP-VPN instance IPv4 address family view.
      7. Run the quit command to exit from the BGP view.
      8. Run the commit command to commit the configuration.

  5. (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
    1. Run the evpn enhancement port port-id command to configure a UDP port.

      The same UDP port number must be set for the PEs in the active state.

    2. Run the commit command to commit the configuration.
  6. (Optional) Configure a VXLAN over IPsec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.

    For configuration details, see the section Example for Configuring VXLAN over IPsec.

Checking the Configuration

After configuring the VXLAN active-active scenario, check information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.

Translation
简体中文
Download
Updated: 2020-10-10

Document ID: EDOC1000173015

Views: 281677

Downloads: 3953

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :