No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VXLAN Tunnel

Configuring a VXLAN Tunnel

To allow VXLAN tunnel establishment using EVPN, configure EVPN as the VXLAN control plane, establish a BGP EVPN peer relationship, configure an EVPN instance, and configure ingress replication.

Context

In centralized VXLAN gateway scenarios, perform the following steps on the Layer 2 and Layer 3 VXLAN gateways to use EVPN for establishing VXLAN tunnels:
  1. Configure EVPN as the VXLAN control plane. Subsequent EVPN configurations can then be performed.

  2. Configure a BGP EVPN peer relationship. Configure VXLAN gateways to establish BGP EVPN peer relationships so that they can exchange EVPN routes. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.

  3. (Optional) Configure an RR. The deployment of RRs reduces the number of BGP EVPN peer relationships to be established, simplifying configuration. A live-network device can be used as an RR, or a standalone RR can be deployed. Layer 3 VXLAN gateways are generally used as RRs, and Layer 2 VXLAN gateways as RR clients.

  4. Configure an EVPN instance. EVPN instances are used to receive and advertise EVPN routes.

  5. Configure ingress replication. After ingress replication is configured for a VNI, the system uses BGP EVPN to construct a list of remote VTEPs. After a VXLAN gateway receives BUM packets, its sends a copy of the BUM packets to every VXLAN gateway in the list.

  6. (Optional) Configure subscription to the status of the exact route to a VXLAN tunnel destination. After this function is configured, a VXLAN tunnel is considered Up only if its source IP address and the destination IP address are reachable.

Procedure

  1. Configure EVPN as the VXLAN control plane.
    1. Run system-view

      The system view is displayed.

    2. Run evpn-overlay enable

      EVPN is configured as the VXLAN control plane.

      By default, EVPN is not configured as the VXLAN control plane.

  2. Configure a BGP EVPN peer relationship.
    1. Run bgp as-number [ instance instance-name ]

      BGP is enabled, and the BGP or BGP multi-instance view is displayed.

      By default, the BGP is disabled. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.

    2. (Optional) Run router-id ipv4-address

      A router ID is set.

      By default, no BGP Router ID is configured.

    3. Run peer ipv4-address as-number as-number

      The peer device is configured as a BGP peer.

      By default, no BGP peer is configured, and no AS number is specified for a peer or peer group.

    4. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      A source interface and a source address are specified to set up a TCP connection with the BGP peer.

      By default, the outbound interface of a BGP packet serves as the source interface of a BGP packet.

      NOTE:

      When loopback interfaces are used to establish a BGP connection, running the peer connect-interface command on both ends is recommended to ensure the connectivity. If this command is run on only one end, the BGP connection may fail to be established.

    5. (Optional) Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum number of hops is set for an EBGP EVPN connection.

      The default value of hop-count is 255.

      In most cases, a directly connected physical link must be available between EBGP EVPN peers. If you want to establish EBGP EVPN peer relationships between indirectly connected peers, run the peer ebgp-max-hop command. The command also can configure the maximum number of hops for an EBGP EVPN connection.

      NOTE:

      When the IP address of loopback interface to establish an EBGP EVPN peer relationship, run the peer ebgp-max-hop (of which the value of hop-count is not less than 2) command. Otherwise, the peer relationship fails to be established.

    6. Run l2vpn-family evpn

      The BGP-EVPN address family view or BGP multi-instance EVPN address family view is displayed.

      By default, the BGP-EVPN address family or BGP multi-instance EVPN address family view is disabled.

    7. Run peer { group-name | ipv4-address } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

      By default, only the peer in the BGP IPv4 unicast address family view is automatically enabled.

    8. (Optional) Run peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

      A routing policy is specified for routes received from or to be advertised to a BGP EVPN peer or peer group.

      After the routing policy is applied, the routes received from or to be advertised to a specified BGP EVPN peer or peer group will be filtered, ensuring that only desired routes are imported or advertised. This configuration helps manage routes and reduce required routing entries and system resources.

    9. (Optional) Run peer { group-name | ipv4-address } mac-limit number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      The maximum number of MAC advertisement routes that can be received from each peer is configured.

      If an EVPN instance may import many invalid MAC advertisement routes from peers and these routes occupy a large proportion of the total MAC advertisement routes. If the received MAC advertisement routes exceed the specified maximum number, the system displays an alarm, instructing users to check the validity of the MAC advertisement routes received in the EVPN instance.

    10. Run quit

      Exit from the BGP-EVPN address family view or BGP multi-instance EVPN address family view.

    11. Run quit

      Exit from the BGP or BGP multi-instance view.

  3. (Optional) Configure a Layer 3 VXLAN gateway as an RR. If an RR is configured, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR, reducing the number of BGP EVPN peer relationships to be established and simplifying configuration.
    1. Run bgp as-number [ instance instance-name ]

      The BGP or BGP multi-instance view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family view or BGP multi-instance EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

      By default, only the peer in the BGP IPv4 unicast address family view is automatically enabled.

    4. (Optional) Run peer { ipv4-address | group-name } next-hop-invariable

      The device is prevented from changing the next hop address of a route when advertising the route to an EBGP peer.

      By default, a BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.

    5. Run peer { ipv4-address | group-name } reflect-client

      The device is configured as an RR and an RR client is specified.

      By default, the route reflector and its client are not configured.

    6. Run undo policy vpn-target

      The function to filter received EVPN routes based on VPN targets is disabled. If you do not perform this step, the RR will fail to receive and reflect the routes sent by clients.

      By default, the VPN-Target filtering is enabled.

    7. Run quit

      Exit from the BGP-EVPN address family view or BGP multi-instance EVPN address family view.

    8. Run quit

      Exit from the BGP or BGP multi-instance view.

  4. Configure an EVPN instance.
    1. Run bridge-domain bd-id

      The BD view is displayed.

      By default, no bridge domain is created.

    2. Run vxlan vni vni-id

      A VNI is created and mapped to the BD.

      By default, no VNI is created.

    3. Run evpn

      An EVPN instance is created.

      By default, no EVPN instance is created for VXLANs.

    4. Run route-distinguisher { route-distinguisher | auto }

      An RD is configured for the EVPN instance.

      By default, no RD is configured for BD EVPN instances.

    5. Run vpn-target { vpn-target &<1-8> | auto } [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

      By default, no VPN target is configured for BD EVPN instances.

    6. (Optional) Run import route-policy policy-name

      The current EVPN instance is associated with an import routing policy.

      By default, an EVPN instance matches the export VPN targets of received routes against its import VPN targets to determine whether to import these routes. To control route import more precisely, perform this step to associate the EVPN instance with an import routing policy and set attributes for eligible routes.

    7. (Optional) Run export route-policy policy-name

      The current EVPN instance is associated with an export routing policy.

      By default, an EVPN instance adds all VPN targets in the export VPN target list to EVPN routes to be advertised to its peers. To control route export more precisely, perform this step to associate the EVPN instance with an export routing policy and set attributes for eligible routes.

    8. (Optional) Run mac-route no-advertise

      The device is disabled from sending local MAC routes with the current VNI to the EVPN peer.

      By default, local MAC routes can be advertised.

      In VXLAN Layer 3 gateway scenarios where Layer 2 traffic forwarding is not involved, to disable local MAC routes from being advertised to the EVPN peer gateway, perform this step. This configuration prevents an EVPN peer gateway from receiving MAC routes, therefore saving device resources.

    9. (Optional) Run mac rib-only

      The device is disabled from delivering a MAC entry for the MAC route received from the EVPN peer.

      By default, a device delivers MAC entries for remote MAC routes.

      If VXLAN Layer 3 gateways do not exchange Layer 2 traffic, perform this step to save forwarding entry resources.

    10. Run quit

      The EVPN instance view is exited.

    11. Run quit

      Return to the system view.

  5. Configure an ingress replication list.
    1. Run interface nve nve-number

      An NVE interface is created, and the NVE interface view is displayed.

    2. Run source ip-address

      An IP address is configured for the source VTEP.

      By default, no IP address is configured for any source VTEP.

    3. Run vni vni-id head-end peer-list protocol bgp

      An ingress replication list is configured.

      By default, no ingress replication list is configured for any VNI.

      After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets.

    4. Run quit

      Return to the system view.

  6. (Optional) Enable subscription to the status of the exact route to a VXLAN tunnel destination.

    Run vxlan tunnel-status track exact-route

    Subscription to the status of the exact route to the VXLAN tunnel destination is enabled. The VXLAN tunnel is Up only when the exact route to its destination IP address is reachable.

    By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled. A VXLAN tunnel is considered Up if its source IP address and the network segment where its destination IP address resides are reachable.

  7. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 25622

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next