Configuring the Static VXLAN Active-Active Scenario
In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.
Context
On the network shown in Figure 4-86, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote NVE interface. A VTEP address is configured on the CPE to establish a VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.
The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.
Before an IPv6 network is used to transmit traffic between a CPE and PE, an IPv4 over IPv6 tunnel must be configured between them. To enable a VXLAN tunnel to recurse routes to the IPv4 over IPv6 tunnel, static routes must be configured on the CPE and PE, and the outbound interface of the route destined for the VXLAN tunnel's destination IP address must be set to the IPv4 over IPv6 tunnel interface.
Procedure
- Configure AC-side service access.
- Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see the section Configuring a VXLAN Tunnel.
- Configure a bypass VXLAN tunnel between PE1 and PE2.
- Configure FRR on the PEs.
Layer 2 communication
- Run the evpn command to enter the EVPN view.
- Run the vlan-extend private enable command to enable routes to be sent to carry the VLAN private extended community attribute.
- Run the vlan-extend redirect enable command to enable the function of redirecting received routes the VLAN private extended community attribute.
- Run the local-remote frr enable command to enable FRR for MAC routes between the local and remote ends.
- Run the quit command to exit from the EVPN view.
- Run the commit command to commit the configuration.
Layer 3 communication
- Run the bgp as-number command to enter the BGP view.
- Run the ipv4-family vpn-instance vpn-instance-name command to enable the BGP-VPN instance IPv4 address family and displays the address family view.
- Run the auto-frr command to enable BGP auto FRR.
- Run the peer { ipv4-address | group-name } enable command to enable the function of exchanging EVPN routes with a specified peer or peer group. The IP address is a CE address.
- Run the advertise l2vpn evpn command to enable a VPN instance to advertise IP routes to an EVPN instance.
- Run the quit command to exit from the BGP-VPN instance IPv4 address family view.
- Run the quit command to exit from the BGP view.
- Run the commit command to commit the configuration.
- (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
- (Optional) Configure a VXLAN over IPsec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.
For configuration details, see the section Example for Configuring VXLAN over IPsec.
Checking the Configuration
After configuring the VXLAN active-active scenario, check information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.