No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VXLAN Tunnel

Configuring a VXLAN Tunnel

To allow VXLAN tunnel establishment using EVPN, configure EVPN as the VXLAN control plane, configure an EVPN instance, establish a BGP EVPN peer relationship, and configure ingress replication.

Context

VXLAN packets are transmitted through VXLAN tunnels. In distributed VXLAN gateway scenarios, perform the following steps on a VXLAN gateway to use EVPN for establishing VXLAN tunnels:
  1. Configure EVPN as the VXLAN control plane. Subsequent EVPN configurations can then be performed.

  2. Configure a BGP EVPN peer relationship. Configure VXLAN gateways to establish BGP EVPN peer relationships so that they can exchange EVPN routes. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.

  3. (Optional) Configure an RR. If you configure an RR, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR. The deployment of RRs reduces the number of BGP EVPN peer relationships to be established, simplifying configuration. A live-network device can be used as an RR, or a standalone RR can be deployed. Spine nodes are generally used as RRs, and leaf nodes as RR clients.

  4. Configure an EVPN instance. EVPN instances are used to receive and advertise EVPN routes.

  5. Configure ingress replication. After ingress replication is configured for a VNI, the system uses BGP EVPN to construct a list of remote VTEPs. After a VXLAN gateway receives BUM packets, its sends a copy of the BUM packets to every VXLAN gateway in the list.

  6. (Optional) Configure subscription to the status of the exact route to a VXLAN tunnel destination. After this function is configured, a VXLAN tunnel is considered Up only if its source IP address and the destination IP address are reachable.

Procedure

  1. Configure EVPN as the VXLAN control plane.
    1. Run system-view

      The system view is displayed.

    2. Run evpn-overlay enable

      EVPN is configured as the VXLAN control plane.

      By default, EVPN does not function as the VXLAN control plane.

  2. Configure a BGP EVPN peer relationship. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR. If a spine node and a VXLAN gateway reside in different ASs, the VXLAN gateway must establish an EBGP EVPN peer relationship with the spine node.
    1. Run bgp as-number [ instance instance-name ]

      BGP is enabled, and the BGP or BGP multi-instance view is displayed.

      By default, BGP is disabled. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.

    2. (Optional) Run router-id ipv4-address

      A BGP router ID is configured.

      By default, no router ID is configured for BGP. Instead, the router ID configured for route management using the router id command is used.

    3. Run peer ipv4-address as-number as-number

      A peer device is configured as a BGP peer.

      By default, no BGP peer is configured, and no AS number is specified for a peer.

    4. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      A source interface and a source address are specified to set up a TCP connection with the BGP peer.

      By default, BGP uses the outbound interface of packets as the source interface.

      NOTE:

      When loopback interfaces are used to establish a BGP connection, running the peer connect-interface command on both ends is recommended to ensure the connectivity. If this command is run on only one end, the BGP connection may fail to be established.

    5. (Optional) Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum number of hops allowed for an EBGP EVPN connection is configured.

      hop-count defaults to 255.

      Generally, EBGP EVPN peers are directly connected. If they are not directly connected, run the peer ebgp-max-hop command so that they can establish a connection over multiple hops.

      NOTE:

      If loopback interfaces are used to establish an EBGP EVPN connection, run the peer ebgp-max-hop command with hop-count greater than or equal to 2. Otherwise, the EBGP EVPN connection cannot be established.

    6. Run l2vpn-family evpn

      The BGP-EVPN address family view or BGP multi-instance EVPN address family address family view is displayed.

      By default, the BGP-EVPN address family or BGP multi-instance EVPN address family is not enabled.

    7. Run peer { ipv4-address | group-name } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

      By default, only peers in the BGP IPv4 unicast address family are automatically enabled.

    8. (Optional) Run peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

      A route-policy is specified for routes received from or to be advertised to a BGP EVPN peer or peer group.

      After the route-policy is applied, the routes received from or to be advertised to a specified BGP EVPN peer or peer group will be filtered, ensuring that only desired routes are imported or advertised. This configuration helps manage routes and reduce required routing entries and system resources.

    9. (Optional) Run peer { group-name | ipv4-address } next-hop-invariable

      The device is configured to advertise routes to EBGP EVPN peers without changing the next hops.

      By default, a BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.

      If a spine node has established an EBGP EVPN peer relationship with a gateway, run the peer next-hop-invariable command on the spine node and ensure that the route's next hop received by the gateway is pointing to another gateway.

    10. (Optional) Run peer { group-name | ipv4-address } mac-limit number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      The maximum number of MAC advertisement routes allowed to be received from each peer is configured.

      If an EVPN instance imports many invalid MAC advertisement routes from peers and these routes occupy a large proportion of the total MAC advertisement routes, run this command to configure the maximum number of MAC advertisement routes that can be received from each peer. If the number of received MAC advertisement routes exceeds the specified maximum number, the system displays an alarm, instructing you to check the validity of the MAC advertisement routes received in the EVPN instance.

    11. Run quit

      Exit from the BGP-EVPN address family or BGP multi-instance EVPN address family view.

    12. Run quit

      Exit from the BGP or BGP multi-instance view.

  3. (Optional) Configure an RR. If an RR is configured, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR, reducing the number of BGP EVPN peer relationships to be established and simplifying configuration.
    1. Run bgp as-number [ instance instance-name ]

      The BGP or BGP multi-instance view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family view or BGP multi-instance EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

      By default, only peers in the BGP IPv4 unicast address family are automatically enabled.

    4. (Optional) Run peer { group-name | ipv4-address } next-hop-invariable

      The device is configured to advertise routes to EBGP EVPN peers without changing the next hops.

      By default, a BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.

    5. Run peer { ipv4-address | group-name } reflect-client

      The device is configured as an RR, and an RR client is specified.

      By default, no RR or client is configured.

    6. Run undo policy vpn-target

      The device is disabled from filtering received EVPN routes based on VPN targets. If you do not perform this step, the RR will fail to receive and reflect the routes sent by clients.

      By default, the VPN-Target filtering is enabled.

    7. Run quit

      Exit from the BGP-EVPN address family or BGP multi-instance EVPN address family view.

    8. Run quit

      Exit from the BGP or BGP multi-instance view.

  4. Configure an EVPN instance.
    1. Run bridge-domain bd-id

      The BD view is displayed.

      By default, no BD is created.

    2. Run vxlan vni vni-id

      A VNI is created and mapped to the BD.

      By default, no VNI is created.

    3. Run evpn

      An EVPN instance is created.

      By default, no EVPN instance is created for VXLAN

    4. Run route-distinguisher { route-distinguisher | auto }

      An RD is configured for the EVPN instance.

      By default, no RD is configured for any EVPN instance.

    5. Run vpn-target { vpn-target &<1-8> | auto } [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

      By default, no VPN target is configured for any EVPN instance.

    6. (Optional) Run import route-policy policy-name

      The EVPN instance is associated with an import route-policy.

      By default, an EVPN instance matches the export VPN targets of received routes against its import VPN targets to determine whether to import these routes. To control route import more precisely, perform this step to associate the EVPN instance with an import route-policy and set attributes for eligible routes.

    7. (Optional) Run export route-policy policy-name

      The EVPN instance is associated with an export route-policy.

      By default, an EVPN instance adds all VPN targets in the export VPN target list to EVPN routes to be advertised to its peers. To control route export more precisely, perform this step to associate the EVPN instance with an export route-policy and set attributes for eligible routes.

    8. (Optional) Run mac-route no-advertise

      The device is disabled from sending local MAC routes with the current VNI to the EVPN peer.

      By default, local MAC routes can be advertised.

      In VXLAN Layer 3 gateway scenarios where Layer 2 traffic forwarding is not involved, to disable local MAC routes from being advertised to the EVPN peer gateway, perform this step. This configuration prevents an EVPN peer gateway from receiving MAC routes, therefore saving device resources.

    9. Run quit

      Exit from the EVPN instance view.

    10. Run quit

      Return to the system view.

  5. Configure ingress replication.
    1. Run interface nve nve-number

      An NVE interface is created, and the NVE interface view is displayed.

    2. Run source ip-address

      An IP address is configured for the source VTEP.

      By default, no IP address is configured for any VTEP.

    3. Run vni vni-id head-end peer-list protocol bgp

      Ingress replication is configured.

      By default, no ingress replication is configured for any VNI.

    4. Run quit

      Exit from the NVE interface view.

  6. (Optional) Configure a MAC address for the NVE interface.

    When distributed VXLAN gateways are deployed using BGP EVPN and active-active VXLAN gateway access is used, the two active-active VXLAN gateways must have the same VTEP MAC address configured to ensure proper traffic forwarding.

    1. Run interface nve nve-number

      The NVE interface view is displayed.

    2. Run mac-address mac-address

      A MAC address is configured for NVE interface.

      By default, the MAC address of an NVE interface is the system MAC address.

    3. Run quit

      Exit from the NVE interface view.

  7. (Optional) Enable subscription to the status of the exact route to a VXLAN tunnel destination.

    Run vxlan tunnel-status track exact-route

    Subscription to the status of the exact route to the VXLAN tunnel destination is enabled. The VXLAN tunnel is Up only when the exact route to its destination IP address is reachable.

    By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled. A VXLAN tunnel is considered Up if its source IP address and the network segment where its destination IP address resides are reachable.

  8. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 29796

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next