No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches VXLAN Best Practices

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Hardware Centralized VXLAN Using the Spine/Leaf Two-Layer Architecture

Hardware Centralized VXLAN Using the Spine/Leaf Two-Layer Architecture

NOTE:

This section describes the configurations that are different from the configurations of the gateway/spine/leaf three-layer architecture.

The configuration differences are as follows:

  • Configuration of connected interfaces between the gateway and leaf node
  • BGP route configuration on the leaf node
  • BGP route configuration on the gateway
  • BGP EVPN configuration on the gateway and leaf node

Networking Requirements

Figure 1 shows the hardware centralized VXLAN using the spine/leaf two-layer architecture.

Figure 3-2 Hardware centralized VXLAN using the spine/leaf two-layer architecture
  • Server layer: Servers are connected to the VXLAN network through Layer 2 sub-interfaces.
  • Leaf nodes: Servers are connected to leaf nodes through stacking, Multi-Chassis Link Aggregation Group (M-LAG), or super virtual fabric (SVF). Leaf nodes and spine nodes communicate at Layer 3. A stack, M-LAG, or SVF system consisting of leaf nodes functions as a virtual tunnel end point (VTEP) to allow server traffic to access the VXLAN.
  • Spine nodes/GWs: Two gateways (GWs) constitute an M-LAG, and serve as dual-active gateways. The gateways and leaf nodes communicate at Layer 3, and connect to external routers Router-1 and Router-2.
  • FWs: Two firewalls (FWs) are configured to work in active/standby mirroring mode and connected to the two gateways in bypass mode.
  • LBs: Load balancers (LBs) are deployed by manufacturers.

Port Connection Planning

Deploy Leaf-CE6851HI-1 and Leaf-CE6851HI-2 as a stack. The port planning is as follows.

Planning Description

Local Device

Port

Remote Device

Port

Configure leaf node interconnection ports as stack ports and at least two stack links.

Leaf-CE6851HI-1

40GE1/0/1-2

Leaf-CE6851HI-2

40GE1/0/1-2

Leaf-CE6851HI-2

40GE1/0/1-2

Leaf-CE6851HI-1

40GE1/0/1-2

Configure ports on the leaf nodes and spine nodes for interconnection.

Leaf-CE6851HI-1

40GE1/0/3

Gateway-CE12808-1

40GE1/0/0

Leaf-CE6851HI-1

40GE1/0/4

Gateway-CE12808-2

40GE1/0/1

Leaf-CE6851HI-2

40GE1/0/3

Gateway-CE12808-2

40GE1/0/0

Leaf-CE6851HI-2

40GE1/0/4

Gateway-CE12808-1

40GE1/0/1

Configure ports on the leaf nodes and servers for interconnection. Connect the servers with dual NICs to the leaf nodes in load balancing mode to ensure link reliability.

Leaf-CE6851HI-1

10GE1/0/1-2

Server

Eth0

Leaf-CE6851HI-2

10GE1/0/1-2

Server

Eth1

Deploy Leaf-CE6851HI-3 and Leaf-CE6851HI-4 as an M-LAG. The port planning is as follows.

Planning Description

Local Device

Port

Remote Device

Port

Configure peer-link ports of the M-LAG to transmit protocol packets, as well as data packets when faults occur. Configure at least two member links for the peer-link to ensure reliability.

Leaf-CE6851HI-3

40GE1/0/1-2

Leaf-CE6851HI-4

40GE1/0/1-2

Leaf-CE6851HI-4

40GE1/0/1-2

Leaf-CE6851HI-3

40GE1/0/1-2

Configure ports on the leaf nodes and spine nodes for interconnection.

Leaf-CE6851HI-3

40GE1/0/3

Gateway-CE12808-1

40GE1/0/2

Leaf-CE6851HI-3

40GE1/0/4

Gateway-CE12808-2

40GE1/0/3

Leaf-CE6851HI-4

40GE1/0/3

Gateway-CE12808-2

40GE1/0/2

Leaf-CE6851HI-4

40GE1/0/4

Gateway-CE12808-1

40GE1/0/3

Configure ports on the leaf nodes and servers for interconnection. Connect the servers with dual NICs to the leaf nodes in load balancing mode to ensure link reliability and improve link utilization.

Leaf-CE6851HI-3

10GE1/0/1

Server

Eth0

Leaf-CE6851HI-4

10GE1/0/1

Server

Eth1

Connect Leaf-CE6851HI-5 and Leaf-CE6851HI-6 to three CE5810 switches and configure the five devices to form an SVF system. The port planning is as follows.

Planning Description

Local Device

Port

Remote Device

Port

Configure leaf node interconnection ports as stack ports and at least two stack links.

Leaf-CE6851HI-5

40GE1/0/1-2

Leaf-CE6851HI-6

40GE1/0/1-2

Leaf-CE6851HI-6

40GE1/0/1-2

Leaf-CE6851HI-5

40GE1/0/1-2

Configure ports on the leaf nodes and spine nodes for interconnection.

Leaf-CE6851HI-5

40GE1/0/3

Gateway-CE12808-1

40GE1/0/6

Leaf-CE6851HI-5

40GE1/0/4

Gateway-CE12808-2

40GE1/0/7

Leaf-CE6851HI-6

40GE1/0/3

Gateway-CE12808-1

40GE1/0/6

Leaf-CE6851HI-6

40GE1/0/4

Gateway-CE12808-2

40GE1/0/7

Configure ports on SVF parent nodes and leaf nodes for interconnection.

Leaf-CE6851HI-5

10GE1/0/1

CE5800-1

GE1/0/1

10GE1/0/2

CE5800-2

GE1/0/1

10GE1/0/3

CE5800-3

GE1/0/1

Leaf-CE6851HI-6

10GE1/0/1

CE5800-1

GE1/0/2

10GE1/0/2

CE5800-2

GE1/0/2

10GE1/0/3

CE5800-3

GE1/0/2

Configure ports on the SVF leaf nodes and servers for interconnection. Connect the servers with dual NICs to the SVF leaf nodes in load balancing mode to ensure link reliability.

CE5810-1

GE1/0/1

Server

Eth0

CE5810-2

GE1/0/1

Server

Eth1

Deploy Gateway-CE12808-1 and Gateway-CE12808-2. The port planning is as follows.

Planning Description

Local Device

Port

Remote Device

Port

Configure ports on the gateways and leaf nodes for interconnection.

Gateway-CE12808-1

40GE1/0/0-3

40GE1/0/6-7

Leaf-CE6851HI-1

Leaf-CE6851HI-2

Leaf-CE6851HI-3

Leaf-CE6851HI-4

Leaf-CE6851HI-5

Leaf-CE6851HI-6

40GE1/0/3-4

Gateway-CE12808-2

40GE1/0/0-3

40GE1/0/6-7

Leaf-CE6851HI-1

Leaf-CE6851HI-2

Leaf-CE6851HI-3

Leaf-CE6851HI-4

Leaf-CE6851HI-5

Leaf-CE6851HI-6

40GE1/0/3-4

Configure peer-link ports of the M-LAG to transmit protocol packets, as well as data packets when faults occur. Configure at least two member links across cards for the peer-link to ensure reliability.

Gateway-CE12808-1

40GE1/0/23

40GE2/0/23

Gateway-CE12808-2

40GE1/0/23

40GE2/0/23

Gateway-CE12808-2

40GE1/0/23

40GE2/0/23

Gateway-CE12808-1

40GE1/0/23

40GE2/0/23

NOTE:

Configure ports on the gateways and firewalls for interconnection.

NOTE:

Two firewalls in active/standby mirroring mode must use the same port to connect to a gateway. For example, if FW-1 connects to GW-1 through GE1/0/1, GE1/0/1 must be set for FW-2 to connect to GW-1.

The management link is not drawn in the physical topology diagram.

Gateway-CE12808-1

10GE3/0/0-1

FW-USG9560-1

FW-USG9560-2

GE1/0/1

Gateway-CE12808-1

10GE3/0/2-3

FW-USG9560-1

FW-USG9560-2

GE1/0/3

Gateway-CE12808-2

10GE3/0/0-1

FW-USG9560-1

FW-USG9560-2

GE1/0/2

Gateway-CE12808-2

10GE3/0/2~3

FW-USG9560-1

FW-USG9560-2

GE1/0/4

Configure ports on the gateways and egress routers for interconnection.

Gateway-CE12808-1

10GE3/0/4

Router-1

GE1/0/0

Gateway-CE12808-1

10GE3/0/5

Router-2

GE1/0/0

Gateway-CE12808-2

10GE3/0/4

Router-1

GE1/0/1

Gateway-CE12808-2

10GE3/0/5

Router-2

GE1/0/1

Configure Layer 3 interconnection interfaces between gateways, which are used to connect to egress routers in mesh mode.

Gateway-CE12808-1

10GE3/0/6

Gateway-CE12808-2

10GE3/0/6

VLAN Planning

The following table describes VLAN planning of the solution.

Planning Description

Suggestion

VLAN ID Example

VLAN for firewall interconnection

You are advised to use Layer 3 main interfaces for Layer 3 interconnection. Firewall interconnection involves interconnection of multiple network segments. Therefore, plan VLANs to share physical links.

11

12 (Create VLANIF 12 and bind it to a VPN.)

Tenant VLAN

Service capacity expansion needs to be considered as many tenants or services use VXLAN.

10

NOTE:

Before switching an interface on the CE6855HI or CE7855EI to Layer 3 mode, run the vlan reserved for main-interface startvlanid to endvlanid command to configure a dedicated reserved VLAN for the Layer 3 main interface.

BD and VNI Planning

The following table describes BD and VNI planning of the solution.

Planning Description

Suggestion

BD and VNI ID Example

BD

Plan the same number of BDs as the number of VLANs. You are advised to use the same BD ID as the VLAN ID.

BD 10 is used here.

VNI

Plan the number of VNIs as the number of BDs. You are advised to plan the VNI ID as the BD ID plus 10000. (A BD corresponds to a VNI. A VNI ID must be larger than 4096.)

VNI 10010 is used here.

RD and RT Planning

The following table describes the RD planning of the solution.

Planning Description

Suggestion

Example

RD of CE6851HI-1 and CE6851HI-2

_

11:1

RD of CE6851HI-3

_

13:1

RD of CE6851HI-4

_

14:1

RD of CE6851HI-5 and CE6851HI-6

_

15:1

RD of Gateway-CE12808-1

_

16:1

RD of Gateway-CE12808-2

_

17:1

The following table describes the RT planning of the solution.

Planning Description

Suggestion

Example

RT of CE6851HI-1 and CE6851HI-2

_

1:1

RT of CE6851HI-3

_

1:1

RT of CE6851HI-4

_

1:1

RT of CE6851HI-5 and CE6851HI-6

_

1:1

RT of Gateway-CE12808-1

_

1:1

RT of Gateway-CE12808-2

_

1:1

IP Address Planning

The following table lists NE interface address planning, including planning of interconnection network segment addresses, VTEP addresses, BGP Router-IDs, loopback addresses for BGP peer setup, M-LAG heartbeat detection addresses, and service network segment addresses.

Planning Description

Local Device

Remote Device

network segment addresses

Configure interface addresses for connecting the leaf nodes (Leaf-CE6851HI-1 and Leaf-CE6851HI-2) and gateways.

Leaf-CE6851HI-1&

CE6851HI-2

Gateway-CE12808-1

11.254.40.156/30

11.254.40.168/30

Gateway-CE12808-2

11.254.40.164/30

11.254.40.160/30

Configure interface addresses for connecting the leaf nodes (Leaf-CE6851HI-3 and Leaf-CE6851HI-4) and gateways.

Leaf-CE6851HI-3&

CE6851HI-4

Gateway-CE12808-1

11.254.41.156/30

11.254.41.168/30

Gateway-CE12808-2

11.254.41.164/30

11.254.41.160/30

Configure interface addresses for connecting the leaf nodes (Leaf-CE6851HI-5 and Leaf-CE6851HI-6) and gateways.

Leaf-CE6851HI-5&

CE6851HI-6

Gateway-CE12808-1

11.254.46.156/30

11.254.46.168/30

Gateway-CE12808-2

11.254.46.164/30

11.254.46.160/30

Configure interface addresses for connecting Gateway-CE12808-1 and Router-1.

Gateway-CE12808-1

Router-1

11.254.44.156/30

Configure interface addresses for connecting Gateway-CE12808-2 and Router-2.

Gateway-CE12808-2

Router-2

11.254.44.160/30

Connect Gateway-CE12808-1 to Gateway-CE12808-2.

Gateway-CE12808-1

Gateway-CE12808-2

11.254.44.164/30

Configure addresses of connected interfaces between Gateway-CE12808-1&2 and firewalls.

Gateway-CE12808-1

Gateway-CE12808-2

FW-USG9560-1

FW-USG9560-2

11.254.45.152/29

Virtual IP address: 11.254.45.153

11.254.45.160/29

Virtual IP address: 11.254.45.161

The following table describes planning for loopback addresses.

Planning Description

Device

IP Address/Mask

Configure Loopback0 addresses as VTEP IP addresses.

Leaf-CE6851HI-1&

CE6851HI-2

11.11.11.11/32

Leaf-CE6851HI-3

11.11.11.12/32

Leaf-CE6851HI-4

Same as that of Leaf-CE6851HI-3: 11.11.11.12/32

Leaf-CE6851HI-5&

CE6851HI-6

11.11.11.17/32

Gateway-CE12808-1

11.11.11.16/32

Gateway-CE12808-2

Same as that of Gateway-CE12808-1: 11.11.11.16/32

Configure Loopback1 addresses as M-LAG heartbeat detection addresses.

Leaf-CE6851HI-3

13.13.13.13/32

Leaf-CE6851HI-4

14.14.14.14/32

Gateway-CE12808-1

18.18.18.18/32

Gateway-CE12808-2

19.19.19.19/32

Configure Loopback2 addresses as the EBGP peer addresses for connecting to the remote routers.

Gateway-CE12808-1

21.21.21.21/32

Gateway-CE12808-2

22.22.22.22/32

The following table describes planning for service addresses.

Server

IP Address/Mask of the Tenant Network Segment

Address of the Gateway BDIF Interface

VRF

Remarks

Server 1

11.254.10.2/24

11.254.10.1/24

VPN 1

Server 2

11.254.10.3/24

11.254.10.1/24

VPN 1

Server 3

11.254.10.4/24

11.254.10.1/24

VPN 1

Route Planning

  • EBGP and OSPF are common routing protocols of underlay networks. BGP makes networks secure, flexible, stable, reliable, and efficient from the following aspects:
    • Uses authentication and the Generalized TTL Security Mechanism (GTSM) to ensure network security. TTL refers to time to live.
    • Provides various routing policies, enabling flexible routing.
    • Offers route aggregation and route dampening functions to prevent route flapping, enhancing network stability.
    • Uses the Transmission Control Protocol (TCP) with the port number 179 as the transport layer protocol and supports association with Bidirectional Forwarding Detection (BFD), as well as Auto Fast Reroute (FRR), Graceful Restart (GR), and Non-Stop Routing (NSR), enhancing network reliability.

In network evolution, EBGP applies to large-sized networks, and OSPF applies to middle- and small-sized networks. In this document, EBGP is used for the network.

The following table describes route planning.

NE

AS Domain Number

Router-ID

Leaf-CE6851HI-1&CE6851-2

65021

Loopback0 address

Leaf-CE6851HI-3

65022

Loopback1 address

Leaf-CE6851HI-4

65022

Loopback1 address

Leaf-CE6851HI-5&CE6851HI-6

65024

Loopback0 address

Gateway-CE12808-1

65000

Loopback1 address

Gateway-CE12808-2

65000

Loopback1 address

Router-1

65047

Loopback0 address

Router-2

65048

Loopback0 address

Configuring Interface Addresses for Connecting Gateways and Leaf Nodes

In this solution, spine nodes and gateways are deployed on the same devices. Therefore, connect the gateways to leaf nodes directly.

  1. Configure IP addresses for interfaces on Gateway-CE12808-1.

    [~Huawei] sysname Gateway-CE12808-1 
    [*Huawei] commit 
    [~Gateway-CE12808-1] interface 40ge 1/0/0 
    [~Gateway-CE12808-1-40GE1/0/0] description "to-Leaf-CE6851HI-1& CE6851HI-2" 
    [*Gateway-CE12808-1-40GE1/0/0] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/0] ip address 11.254.40.158 30 
    [*Gateway-CE12808-1-40GE1/0/0] commit 
    [~Gateway-CE12808-1-40GE1/0/0] quit 
    [~Gateway-CE12808-1] interface 40ge 1/0/1 
    [~Gateway-CE12808-1-40GE1/0/1] description "to-Leaf-CE6851HI-1& CE6851HI-2" 
    [*Gateway-CE12808-1-40GE1/0/1] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/1] ip address 11.254.40.170 30 
    [*Gateway-CE12808-1-40GE1/0/1] commit 
    [~Gateway-CE12808-1-40GE1/0/1] quit 
    [~Gateway-CE12808-1] interface 40ge 1/0/2 
    [~Gateway-CE12808-1-40GE1/0/2] description "to-Leaf-CE6851-3-40GE1/0/3" 
    [*Gateway-CE12808-1-40GE1/0/2] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/2] ip address 11.254.41.158 30 
    [*Gateway-CE12808-1-40GE1/0/2] commit 
    [~Gateway-CE12808-1-40GE1/0/2] quit 
    [~Gateway-CE12808-1] interface 40ge 1/0/3 
    [~Gateway-CE12808-1-40GE1/0/3] description "to-Leaf-CE6851-4-40GE1/0/4" 
    [*Gateway-CE12808-1-40GE1/0/3] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/3] ip address 11.254.41.170 30 
    [*Gateway-CE12808-1-40GE1/0/3] commit 
    [~Gateway-CE12808-1-40GE1/0/3] quit 
     
    [~Gateway-CE12808-1] interface 40ge 1/0/6 
    [~Gateway-CE12808-1-40GE1/0/6] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/6] ip address 11.254.46.158 30 
    [*Gateway-CE12808-1-40GE1/0/6] commit 
    [~Gateway-CE12808-1-40GE1/0/6] quit 
    [~Gateway-CE12808-1] interface 40ge 1/0/7 
    [~Gateway-CE12808-1-40GE1/0/7] undo portswitch 
    [*Gateway-CE12808-1-40GE1/0/7] ip address 11.254.46.170 30 
    [*Gateway-CE12808-1-40GE1/0/7] commit 
    [~Gateway-CE12808-1-40GE1/0/7] quit

  2. Configure IP addresses for interfaces on Gateway-CE12808-2.

    [~Huawei] sysname Gateway-CE12808-2 
    [*Huawei] commit 
    [~Gateway-CE12808-2] interface 40ge 1/0/0 
    [~Gateway-CE12808-2-40GE1/0/0] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/0] ip address 11.254.40.162 30 
    [*Gateway-CE12808-2-40GE1/0/0] commit 
    [~Gateway-CE12808-2-40GE1/0/0] quit 
    [~Gateway-CE12808-2] interface 40ge 1/0/1 
    [~Gateway-CE12808-2-40GE1/0/1] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/1] ip address 11.254.40.166 30 
    [*Gateway-CE12808-2-40GE1/0/1] commit 
    [~Gateway-CE12808-2-40GE1/0/1] quit 
    [~Gateway-CE12808-2] interface 40ge 1/0/2 
    [~Gateway-CE12808-2-40GE1/0/2] description "to-Leaf-CE6851-4-40GE1/0/3" 
    [*Gateway-CE12808-2-40GE1/0/2] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/2] ip address 11.254.41.162 30 
    [*Gateway-CE12808-2-40GE1/0/2] commit 
    [~Gateway-CE12808-2-40GE1/0/2] quit 
    [~Gateway-CE12808-2] interface 40ge 1/0/3 
    [~Gateway-CE12808-2-40GE1/0/3] description "to-Leaf-CE6851-3-40GE1/0/4" 
    [*Gateway-CE12808-2-40GE1/0/3] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/3] ip address 11.254.41.166 30 
    [*Gateway-CE12808-2-40GE1/0/3] commit 
    [~Gateway-CE12808-2-40GE1/0/3] quit 
    [~Gateway-CE12808-2] interface 40ge 1/0/6 
    [~Gateway-CE12808-2-40GE1/0/6] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/6] ip address 11.254.46.166 30 
    [*Gateway-CE12808-2-40GE1/0/6] commit 
    [~Gateway-CE12808-2-40GE1/0/6] quit 
    [~Gateway-CE12808-2] interface 40ge 1/0/7 
    [~Gateway-CE12808-2-40GE1/0/7] undo portswitch 
    [*Gateway-CE12808-2-40GE1/0/7] ip address 11.254.46.162 30 
    [*Gateway-CE12808-2-40GE1/0/7] commit 
    [~Gateway-CE12808-2-40GE1/0/7] quit

Configuring Routes on Leaf Nodes

In this solution, spine nodes and gateways are deployed on the same devices. Therefore, the BGP route configuration on leaf nodes is different from that in the three-layer architecture.

  1. Configure BGP routes on the stack to connect it to gateways.

    [~Leaf-CE6851HI-1&CE6851HI-2] bgp 65021  
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] router-id 11.11.11.11 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] timer keepalive 10 hold 30 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] group Gateway-CE12808 external 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer Gateway-CE12808 as-number 65000 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.158 as-number 65000 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.158 group Gateway-CE12808       
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.170 as-number 65000 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.170 group Gateway-CE12808 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.166 as-number 65000 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.166 group Gateway-CE12808       
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.162 as-number 65000 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] peer 11.254.40.162 group Gateway-CE12808 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] ipv4-family unicast 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp-af-ipv4] preference 20 200 10 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp-af-ipv4] network 11.11.11.11 255.255.255.255 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp-af-ipv4] maximum load-balancing 32 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp-af-ipv4] quit 
    [*Leaf-CE6851HI-1&CE6851HI-2-bgp] quit 
    [*Leaf-CE6851HI-1&CE6851HI-2] commit

  2. Configure BGP routes on Leaf-CE6851HI-3 to connect it to gateways.

    [~Leaf-CE6851HI-3] bgp 65022 
    [*Leaf-CE6851HI-3-bgp] router-id 13.13.13.13 
    [*Leaf-CE6851HI-3-bgp] timer keepalive 10 hold 30 
    [*Leaf-CE6851HI-3-bgp] group Gateway-CE12808 external 
    [*Leaf-CE6851HI-3-bgp] peer Gateway-CE12808 as-number 65000 
    [*Leaf-CE6851HI-3-bgp] peer 11.254.41.158 as-number 65000 
    [*Leaf-CE6851HI-3-bgp] peer 11.254.41.158 group Gateway-CE12808 
    [*Leaf-CE6851HI-3-bgp] peer 11.254.41.166 as-number 65000  
    [*Leaf-CE6851HI-3-bgp] peer 11.254.41.166 group Gateway-CE12808 
    [*Leaf-CE6851HI-3-bgp] ipv4-family unicast   
    [*Leaf-CE6851HI-3-bgp-af-ipv4] preference 20 200 10 
    [*Leaf-CE6851HI-3-bgp-af-ipv4] network 11.11.11.12 255.255.255.255 
    [*Leaf-CE6851HI-3-bgp-af-ipv4] network 100.125.100.0 255.255.255.0 
    [*Leaf-CE6851HI-3-bgp-af-ipv4] network 13.13.13.13 255.255.255.255 
    [*Leaf-CE6851HI-3-bgp-af-ipv4] maximum load-balancing 32 
    [*Leaf-CE6851HI-3-bgp-af-ipv4] quit 
    [*Leaf-CE6851HI-3-bgp] quit 
    [*Leaf-CE6851HI-3] commit

  3. Configure BGP routes on Leaf-CE6851HI-4 to connect it to gateways.

    [~Leaf-CE6851HI-4] bgp 65022 
    [*Leaf-CE6851HI-4-bgp] router-id 14.14.14.14 
    [*Leaf-CE6851HI-4-bgp] timer keepalive 10 hold 30 
    [*Leaf-CE6851HI-4-bgp] group Gateway-CE12808 external 
    [*Leaf-CE6851HI-4-bgp] peer Gateway-CE12808 as-number 65000 
    [*Leaf-CE6851HI-4-bgp] peer 11.254.41.170 as-number 65000  
    [*Leaf-CE6851HI-4-bgp] peer 11.254.41.170 group Gateway-CE12808 
    [*Leaf-CE6851HI-4-bgp] peer 11.254.41.162 as-number 65000 
    [*Leaf-CE6851HI-4-bgp] peer 11.254.41.162 group Gateway-CE12808 
    [*Leaf-CE6851HI-4-bgp] ipv4-family unicast  
    [*Leaf-CE6851HI-4-bgp-af-ipv4] preference 20 200 10 
    [*Leaf-CE6851HI-4-bgp-af-ipv4] network 11.11.11.12 255.255.255.255 
    [*Leaf-CE6851HI-4-bgp-af-ipv4] network 100.125.100.0 255.255.255.0 
    [*Leaf-CE6851HI-4-bgp-af-ipv4] network 14.14.14.14 255.255.255.255 
    [*Leaf-CE6851HI-4-bgp-af-ipv4] maximum load-balancing 32 
    [*Leaf-CE6851HI-4-bgp-af-ipv4] quit 
    [*Leaf-CE6851HI-4-bgp] quit 
    [*Leaf-CE6851HI-4] commit

  4. Configure BGP routes on the SVF system to connect the system to gateways.

    [~Leaf-CE6851HI-5&CE6851HI-6] bgp 65024 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] router-id 11.11.11.17 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] timer keepalive 10 hold 30 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] group Gateway-CE12808 external 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer Gateway-CE12808 as-number 65000 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.158 as-number 65000 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.158 group Gateway-CE12808 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.170 as-number 65000 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.170 group Gateway-CE12808 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.166 as-number 65000 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.166 group Gateway-CE12808 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.162 as-number 65000 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] peer 11.254.46.162 group Gateway-CE12808 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] ipv4-family unicast 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp-af-ipv4] preference 20 200 10 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp-af-ipv4] network 11.11.11.17 255.255.255.255 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp-af-ipv4] maximum load-balancing 32 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp-af-ipv4] quit 
    [*Leaf-CE6851HI-5&CE6851HI-6-bgp] quit 
    [*Leaf-CE6851HI-5&CE6851HI-6] commit

Configuring Routes on Gateways

In this solution, spine nodes and gateways are deployed on the same devices. Therefore, the BGP route configuration on gateways is different from that in the three-layer architecture.

  1. Configure BGP routes on Gateway-CE12808-1.

    [~Gateway-CE12808-1] bgp 65000 
    [*Gateway-CE12808-1-bgp] router-id 18.18.18.18 
    [*Gateway-CE12808-1-bgp] timer keepalive 10 hold 30 
    [*Gateway-CE12808-1-bgp] group Router-1 external      //Configure a route to the egress router. 
    [*Gateway-CE12808-1-bgp] peer Router-1 as-number 65047 
    [*Gateway-CE12808-1-bgp] peer Router-1 ebgp-max-hop 10 
    [*Gateway-CE12808-1-bgp] peer Router-1 connect-interface loopback 2 
    [*Gateway-CE12808-1-bgp] peer 21.21.21.22 as-number 65047 
    [*Gateway-CE12808-1-bgp] peer 21.21.21.22 group Router-1 
    [*Gateway-CE12808-1-bgp] group Leaf-CE6851HI-1&CE6851HI-2 external  //Configure routes to the leaf nodes. 
    [*Gateway-CE12808-1-bgp] peer Leaf-CE6851HI-1&CE6851HI-2 as-number 65021 
    [*Gateway-CE12808-1-bgp] peer 11.254.40.157 as-number 65021             
    [*Gateway-CE12808-1-bgp] peer 11.254.40.157 group Leaf-CE6851HI-1&CE6851HI-2       
    [*Gateway-CE12808-1-bgp] peer 11.254.40.169 as-number 65021            
    [*Gateway-CE12808-1-bgp] peer 11.254.40.169 group Leaf-CE6851HI-1&CE6851HI-2 
    [*Gateway-CE12808-1-bgp] group Leaf-CE6851HI-3&4 external 
    [*Gateway-CE12808-1-bgp] peer Leaf-CE6851HI-3&4 as-number 65022 
    [*Gateway-CE12808-1-bgp] peer 11.254.41.157 as-number 65022 
    [*Gateway-CE12808-1-bgp] peer 11.254.41.157 group Leaf-CE6851HI-3&4 
    [*Gateway-CE12808-1-bgp] peer 11.254.41.169 as-number 65022 
    [*Gateway-CE12808-1-bgp] peer 11.254.41.169 group Leaf-CE6851HI-3&4 
    [*Gateway-CE12808-1-bgp] group Leaf-CE6851HI-5&CE6851HI-6 external 
    [*Gateway-CE12808-1-bgp] peer Leaf-CE6851HI-5&CE6851HI-6 as-number 65024 
    [*Gateway-CE12808-1-bgp] peer 11.254.46.157 as-number 65024  
    [*Gateway-CE12808-1-bgp] peer 11.254.46.157 group Leaf-CE6851HI-5&CE6851HI-6 
    [*Gateway-CE12808-1-bgp] peer 11.254.46.169 as-number 65024  
    [*Gateway-CE12808-1-bgp] peer 11.254.46.169 group Leaf-CE6851HI-5&CE6851HI-6 
    [*Gateway-CE12808-1-bgp] ipv4-family unicast 
    [*Gateway-CE12808-1-bgp-af-ipv4] preference 20 200 10 
    [*Gateway-CE12808-1-bgp-af-ipv4] network 11.11.11.16 255.255.255.255 
    [*Gateway-CE12808-1-bgp-af-ipv4] network 18.18.18.18 255.255.255.255 
    [*Gateway-CE12808-1-bgp-af-ipv4] network 21.21.21.21 255.255.255.255 
    [*Gateway-CE12808-1-bgp-af-ipv4] network 11.254.44.156 255.255.255.252 
    [*Gateway-CE12808-1-bgp-af-ipv4] network 11.254.45.152 255.255.255.248 
    [*Gateway-CE12808-1-bgp-af-ipv4] maximum load-balancing 32 
    [*Gateway-CE12808-1-bgp-af-ipv4] quit 
    [*Gateway-CE12808-1-bgp] quit 
    [*Gateway-CE12808-1] commit

  2. Configure BGP routes on Gateway-CE12808-2.

    [~Gateway-CE12808-2] bgp 65000 
    [*Gateway-CE12808-2-bgp] router-id 19.19.19.19 
    [*Gateway-CE12808-2-bgp] timer keepalive 10 hold 30 
    [*Gateway-CE12808-2-bgp] group Router-2 external    //Configure a route to the egress router. 
    [*Gateway-CE12808-2-bgp] peer Router-2 as-number 65048 
    [*Gateway-CE12808-2-bgp] peer Router-2 ebgp-max-hop 10 
    [*Gateway-CE12808-2-bgp] peer Router-2 connect-interface loopback 2 
    [*Gateway-CE12808-2-bgp] peer 22.22.22.23 as-number 65048 
    [*Gateway-CE12808-2-bgp] peer 22.22.22.23 group Router-2 
    [*Gateway-CE12808-2-bgp] group Leaf-CE6851HI-1&CE6851HI-2 external 
    [*Gateway-CE12808-2-bgp] peer Leaf-CE6851HI-1&CE6851HI-2 as-number 65021 
    [*Gateway-CE12808-2-bgp] peer 11.254.40.165 as-number 65021  
    [*Gateway-CE12808-2-bgp] peer 11.254.40.165 group Leaf-CE6851HI-1&CE6851HI-2 
    [*Gateway-CE12808-2-bgp] peer 11.254.40.161 as-number 65021 
    [*Gateway-CE12808-2-bgp] peer 11.254.40.161 group Leaf-CE6851HI-1&CE6851HI-2 
    [*Gateway-CE12808-2-bgp] group Leaf-CE6851HI-3&4 external  
    [*Gateway-CE12808-2-bgp] peer Leaf-CE6851HI-3&4 as-number 65022 
    [*Gateway-CE12808-2-bgp] peer 11.254.41.165 as-number 65022 
    [*Gateway-CE12808-2-bgp] peer 11.254.41.165 group Leaf-CE6851HI-3&4 
    [*Gateway-CE12808-2-bgp] peer 11.254.41.161 as-number 65022 
    [*Gateway-CE12808-2-bgp] peer 11.254.41.161 group Leaf-CE6851HI-3&4  
     
    [*Gateway-CE12808-2-bgp] group Leaf-CE6851HI-5&CE6851HI-6 external 
    [*Gateway-CE12808-2-bgp] peer Leaf-CE6851HI-5&CE6851HI-6 as-number 65024 
    [*Gateway-CE12808-2-bgp] peer 11.254.46.165 as-number 65024 
    [*Gateway-CE12808-2-bgp] peer 11.254.46.165 group Leaf-CE6851HI-5&CE6851HI-6 
    [*Gateway-CE12808-2-bgp] peer 11.254.46.161 as-number 65024 
    [*Gateway-CE12808-2-bgp] peer 11.254.46.161 group Leaf-CE6851HI-5&CE6851HI-6 
    [*Gateway-CE12808-2-bgp] ipv4-family unicast 
    [*Gateway-CE12808-2-bgp-af-ipv4] preference 20 200 10 
    [*Gateway-CE12808-2-bgp-af-ipv4] network 11.11.11.16 255.255.255.255  
    [*Gateway-CE12808-2-bgp-af-ipv4] network 19.19.19.19 255.255.255.255 
    [*Gateway-CE12808-2-bgp-af-ipv4] network 22.22.22.22 255.255.255.255 
    [*Gateway-CE12808-2-bgp-af-ipv4] network 11.254.44.160 255.255.255.252 
    [*Gateway-CE12808-2-bgp-af-ipv4] network 11.254.45.152 255.255.255.248 
    [*Gateway-CE12808-2-bgp-af-ipv4] maximum load-balancing 32 
    [*Gateway-CE12808-2-bgp-af-ipv4] quit 
    [*Gateway-CE12808-2-bgp] quit 
    [*Gateway-CE12808-2] commit

Configuring BGP EVPN

In this solution, the spine node and gateway are converged. When BGP EVPN is deployed in the VXLAN control plane, the gateway and leaf node need to establish a peer relationship. However, the peer relationship between the gateway and spine node does not need to be established.

  1. Enable EVPN in the VXLAN control plan on the Layer 3 centralized gateway. The configurations of other devices are similar and are not provided here.

    [~Gateway-CE12808-1] evpn-overlay enable 
    [~Gateway-CE12808-1] commit

  2. Establish BGP EVPN peer relationships between Layer 3 centralized gateways and leaf nodes.

    Establish a BGP EVPN peer relationship between Gateway-CE12808-1 and the leaf node. The configurations of other devices are similar and are not provided here.

    [~Gateway-CE12808-1] bgp 100 instance evpn1 
    [*Gateway-CE12808-1-bgp-instance-evpn1] router-id 18.18.18.18 
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 11.11.11.11 as-number 100 
    //Establish the BGP EVPN peer relationship with the stack composed of ToR switches.
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 11.11.11.11 connect-interface loopback 0 
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 13.13.13.13 as-number 100 
    //Establish the BGP EVPN peer relationship with Leaf-CE6851HI-3.
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 13.13.13.13 connect-interface loopback 0 
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 14.14.14.14 as-number 100 
    //Establish the BGP EVPN peer relationship with Leaf-CE6851HI-4.
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 14.14.14.14 connect-interface loopback 0 
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 11.11.11.17 as-number 100 
    //Establish the BGP EVPN peer relationship with the SVF.
    [*Gateway-CE12808-1-bgp-instance-evpn1] peer 11.11.11.17 connect-interface loopback 0 
    [*Gateway-CE12808-1-bgp-instance-evpn1] l2vpn-family evpn 
    [*Gateway-CE12808-1-bgp-instance-evpn1-af-evpn] peer 11.11.11.11 enable 
    [*Gateway-CE12808-1-bgp-instance-evpn1-af-evpn] peer 13.13.13.13 enable 
    [*Gateway-CE12808-1-bgp-instance-evpn1-af-evpn] peer 14.14.14.14 enable 
    [*Gateway-CE12808-1-bgp-instance-evpn1-af-evpn] peer 11.11.11.17 enable 
    [*Gateway-CE12808-1-bgp-instance-evpn1-af-evpn] quit 
    [*Gateway-CE12808-1-bgp-instance-evpn1] quit 
    [*Gateway-CE12808-1] commit

Translation
Download
Updated: 2018-07-02

Document ID: EDOC1100004176

Views: 17765

Downloads: 552

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next