No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VRRP over VXLAN with Inter-DC Master and Backup Gateways on VXLAN and VLAN Networks Respectively

Example for Configuring VRRP over VXLAN with Inter-DC Master and Backup Gateways on VXLAN and VLAN Networks Respectively

Networking Requirements

On the network shown in Figure 12-14, an enterprise has two DCs deployed in different regions. DC1 uses VXLAN and DC2 uses VLAN. It is required that the two DCs back up each other and active-active gateways be deployed in DC1 to improve DC reliability. To achieve this, configure VRRP over VXLAN to implement inter-DC master/backup gateway.

Figure 12-14 VRRP over VXLAN with inter-DC master and backup gateways on VXLAN and VLAN networks respectively
Table 12-9 Interface IP addresses

Device Name

Interface Name

IP Address

L3GW1

10GE1/0/1

192.168.1.1/24

Loopback0

1.1.1.1/32

Loopback1

5.5.5.5/32

L3GW2

10GE1/0/1

192.168.2.1/24

10GE1/0/2

192.168.3.1/24

Loopback0

1.1.1.1/32

Loopback1

6.6.6.6/32

Device1

10GE1/0/1

192.168.1.2/24

10GE1/0/2

192.168.2.2/24

10GE1/0/3

192.168.4.1/24

Loopback0

3.3.3.3/32

L3GW3 VLANIF10 10.1.1.3/24
L3GW4 VLANIF10 10.1.1.4/24
VXLAN proxy

10GE1/0/1

192.168.3.2/24

10GE1/0/2

192.168.4.2/24

Loopback0

2.2.2.2/32

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure a routing protocol for VXLAN tunnel establishment. Either static routes or an IGP can be used. In this example, OSPF is used.

  2. Establish a VXLAN tunnel between the Device1 and each L3GW in DC1.

  3. Deploy a DFS group on the two L3GWs in DC1 for device pairing, allowing active-active gateway implementation.

  4. Configure Layer 2 sub-interfaces on Device1 for host access.

  5. Establish a VXLAN tunnel between the VXLAN proxy in DC2 and the Device1 and L3GWs in DC1.

  6. Configure VRRP on the VLANIF interfaces on the L3GWs in DC2.

  7. Configure VLAN on Device2 for host access.

Data Preparation

To complete the configuration, you need the following data:

  • Interface IP addresses (For details, see Table 12-9.)

  • OSPF area (0)

  • BD ID (10)

  • VNI ID (10)

  • VLAN ID (10)

Precautions

For the CE12800, in addition to the configuration in the procedure, you may also need to run the following commands based on actual requirements:
  • Run the assign forward nvo3 service extend enable command in the system view to enable the NVO3 service extension function.

    NOTE:

    By default, the NVO3 service extension function is disabled on the device. After the NVO3 service is deployed on a device, there is a high probability that other ACL-consuming services such as MQC, simplified ACL, traffic policing, BD traffic statistics collection, and DHCP fail to be configured on the device. You can enable the NVO3 ACL extension function to lower the configuration failure probability of EC (except the CE-L48GT-EC and CE-L48GS-EC cards), ED, EF, and EG series cards.

  • Run the assign forward nvo3 f-linecard compatibility enable command in the system view to ensure that VXLAN traffic can be forwarded when the card interoperability mode is non-enhanced mode.

    NOTE:

    If VXLAN traffic is forwarded between cards when the card interoperability mode is non-enhanced mode, the VXLAN traffic may fail to be forwarded. To use the VXLAN function, you must configure the assign forward nvo3 f-linecard compatibility enable command when the card interoperability mode is non-enhanced mode.

VXLAN-related constraints are described in the procedure. To obtain more constraint information, see Licensing Requirements and Limitations for VXLANs.

Procedure

  1. Configure a routing protocol.

    # Configure L3GW1. Repeat this step for L3GW2, Device1, and VXLAN proxy. For configuration details, see Configuration Files in this section.
    <HUAWEI> system-view
    [~HUAWEI] sysname L3GW1
    [*HUAWEI] commit
    [~L3GW1] interface loopback 0
    [*L3GW1-LoopBack0] ip address 1.1.1.1 32
    [*L3GW1-LoopBack0] quit
    [*L3GW1] interface 10ge 1/0/1
    [*L3GW1-10GE1/0/1] undo portswitch
    [*L3GW1-10GE1/0/1] ip address 192.168.1.1 24
    [*L3GW1-10GE1/0/1] quit
    [*L3GW1] ospf
    [*L3GW1-ospf-1] area 0
    [*L3GW1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
    [*L3GW1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [*L3GW1-ospf-1-area-0.0.0.0] quit
    [*L3GW1-ospf-1] quit
    [*L3GW1] commit
    

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (Perform this step on the CE12800 only.)

    # Configure L3GW1. Repeat this step for L3GW2, Device1, and VXLAN proxy. For configuration details, see Configuration Files in this section.
    [~L3GW1] ip tunnel mode vxlan
    [*L3GW1] assign forward nvo3 acl extend enable
    [*L3GW1] commit
    
    NOTE:

    After modifying the VXLAN tunnel mode or enabling the VXLAN ACL extension function, you need to save the configuration and restart the device to make the configuration take effect. You can restart the device immediately or after completing all the configurations.

  3. Establish a VXLAN tunnel between Device1, L3GW1 (L3GW2), and VXLAN proxy.

    # Configure L3GW1. Repeat this step for L3GW2. For configuration details, see Configuration Files in this section.
    [~L3GW1] interface nve 1
    [*L3GW1-Nve1] source 1.1.1.1
    [*L3GW1-Nve1] vni 10 head-end peer-list 2.2.2.2
    [*L3GW1-Nve1] vni 10 head-end peer-list 3.3.3.3
    [*L3GW1-Nve1] quit
    [*L3GW1] bridge-domain 10
    [*L3GW1-bd10] vxlan vni 10
    [*L3GW1-bd10] quit
    [*L3GW1] commit
    
    # Configure Device1.
    [~Device1] interface nve 1
    [*Device1-Nve1] source 3.3.3.3
    [*Device1-Nve1] vni 10 head-end peer-list 1.1.1.1
    [*Device1-Nve1] vni 10 head-end peer-list 2.2.2.2
    [*Device1-Nve1] quit
    [*Device1] bridge-domain 10
    [*Device1-bd10] vxlan vni 10
    [*Device1-bd10] quit
    [*Device1] commit
    

    For configuration details on the VXLAN proxy, see 7.

  4. Configure a VBDIF interface and VRRP on L3GW1 and L3GW2.

    # Configure L3GW1. Repeat this step for L3GW2. For configuration details, see Configuration Files in this section.
    [~L3GW1] interface vbdif 10
    [*L3GW1-Vbdif10] ip address 10.1.1.1 255.255.255.0
    [*L3GW1-Vbdif10] mac-address 0000-5e00-0102
    [*L3GW1-Vbdif10] vrrp vrid 1 virtual-ip 10.1.1.100
    [*L3GW1-Vbdif10] vrrp vrid 1 priority 120
    [*L3GW1-Vbdif10] quit
    [*L3GW1] commit
    

  5. Configure a DFS group on L3GW1 and L3GW2 for device pairing.

    # Configure L3GW1. Repeat this step for L3GW2. For configuration details, see Configuration Files in this section.
    [~L3GW1] interface loopback 1
    [*L3GW1-LoopBack1] ip address 5.5.5.5 32
    [*L3GW1-LoopBack1] quit
    [*L3GW1] dfs-group 1
    [*L3GW1-dfs-group-1] source ip 5.5.5.5
    [*L3GW1-dfs-group-1] active-active-gateway
    [*L3GW1-dfs-group-1-active-active-gateway] peer 6.6.6.6
    [*L3GW1-dfs-group-1-active-active-gateway] quit
    [*L3GW1-dfs-group-1] quit
    [*L3GW1] ospf 1
    [*L3GW1-ospf-1] area 0
    [*L3GW1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
    [*L3GW1-ospf-1-area-0.0.0.0] quit
    [*L3GW1-ospf-1] quit
    [*L3GW1] commit
    

  6. Configure a Layer 2 sub-interface on Device1 and bind it to a BD.

    # Configure Device1.
    [~Device1] interface 10ge 1/0/4.1 mode l2
    [*Device1-10GE1/0/4.1] bridge-domain 10
    [*Device1-10GE1/0/4.1] encapsulation dot1q vid 10
    [*Device1-10GE1/0/4.1] quit
    [*Device1] commit
    

  7. Establish a VXLAN tunnel between the VXLAN proxy and Device1 and between the VXLAN proxy and L3GW1 (L3GW2), add the VXLAN proxy to BD 10, and bind VLAN 10 of DC2 to BD 10. This configuration implements interconnection between the VXLAN and VLAN networks.

    # Configure the VXLAN proxy.
    [~VXLAN-proxy] interface nve 1
    [*VXLAN-proxy-Nve1] source 2.2.2.2
    [*VXLAN-proxy-Nve1] vni 10 head-end peer-list 1.1.1.1
    [*VXLAN-proxy-Nve1] vni 10 head-end peer-list 3.3.3.3
    [*VXLAN-proxy-Nve1] quit
    [*VXLAN-proxy] vlan batch 10
    [*VXLAN-proxy] bridge-domain 10
    [*VXLAN-proxy-bd10] vxlan vni 10
    [*VXLAN-proxy-bd10] l2 binding vlan 10
    [*VXLAN-proxy-bd10] quit
    [*VXLAN-proxy] commit
    
    # Add the VXLAN proxy to VLAN 10.
    [~VXLAN-proxy] vlan batch 10
    [*VXLAN-proxy] interface 10ge 1/0/3
    [*VXLAN-proxy-10GE1/0/3] port link-type trunk
    [*VXLAN-proxy-10GE1/0/3] port trunk allow-pass vlan 10
    [*VXLAN-proxy-10GE1/0/3] quit
    [*VXLAN-proxy] commit
    

  8. Configure VRRP on the VLANIF interfaces on the L3GWs in DC2.

    # Configure L3GW3. Repeat this step for L3GW4. For configuration details, see Configuration Files in this section.
    <HUAWEI> system-view
    [~HUAWEI] sysname L3GW3
    [*HUAWEI] commit
    [~L3GW3] vlan batch 10
    [*L3GW3] interface 10ge 1/0/1
    [*L3GW3-10GE1/0/1] port link-type trunk
    [*L3GW3-10GE1/0/1] port trunk allow-pass vlan 10
    [*L3GW3-10GE1/0/1] quit
    [~L3GW3] interface vlanif 10
    [*L3GW3-Vlanif10] ip address 10.1.1.3 255.255.255.0
    [*L3GW3-Vlanif10] vrrp vrid 1 virtual-ip 10.1.1.100
    [*L3GW3-Vlanif10] vrrp vrid 1 priority 100
    [*L3GW3-Vlanif10] quit
    [*L3GW3] commit
    

  9. Configure VLAN on Device2.

    # Configure Device2.
    <HUAWEI> system-view
    [~HUAWEI] sysname Device2
    [*HUAWEI] commit
    [~Device2] vlan batch 10
    [*Device2] interface 10ge 1/0/1
    [*Device2-10GE1/0/1] port link-type trunk
    [*Device2-10GE1/0/1] port trunk allow-pass vlan 10
    [*Device2-10GE1/0/1] quit
    [*Device2] interface 10ge 1/0/2
    [*Device2-10GE1/0/2] port link-type trunk
    [*Device2-10GE1/0/2] port trunk allow-pass vlan 10
    [*Device2-10GE1/0/2] quit
    [*Device2] interface 10ge 1/0/3
    [*Device2-10GE1/0/3] port link-type trunk
    [*Device2-10GE1/0/3] port trunk allow-pass vlan 10
    [*Device2-10GE1/0/3] quit
    [*Device2] interface 10ge 1/0/4
    [*Device2-10GE1/0/4] port link-type trunk
    [*Device2-10GE1/0/4] port trunk allow-pass vlan 10
    [*Device2-10GE1/0/4] quit
    [*Device2] commit
    

  10. Verify the configuration.

    After completing the configurations, run the display vxlan tunnel command on L3GW1, L3GW2, the VXLAN proxy, and Device1 to view the VXLAN tunnel information and run the display vrrp interface interface-type interface-number verbose command on the L3GWs to view the mVRRP status information. The command output on L3GW1 is used as an example.

    [~L3GW1] display vxlan tunnel
    Number of vxlan tunnel : 2
    Tunnel ID   Source                Destination           State  Type     Uptime
    -----------------------------------------------------------------------------------
    4026531841  1.1.1.1               2.2.2.2               up     static   0035h21m
    4026531842  1.1.1.1               3.3.3.3               up     static   0035h22m
    
    [~L3GW1] display vrrp interface vbdif 10 verbose
    Vbdif10 | Virtual Router 1
    State          : Master
    Virtual IP     : 10.1.1.100
    Master IP      : 10.1.1.1
    PriorityRun    : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt        : YES   Delay Time : 0s   Remain : --
    Hold Multiplier: 3
    TimerRun       : 1s
    TimerConfig    : 1s
    Auth Type      : NONE
    Virtual MAC    : 0000-5e00-0101
    Check TTL      : YES
    Config Type    : Normal
    Create Time       : 2017-02-13 14:36:26
    Last Change Time  : 2017-02-13 14:38:29
    

Configuration Files

  • L3GW1 configuration file

    #
    sysname L3GW1
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    dfs-group 1
     source ip 5.5.5.5
     #
     active-active-gateway
      peer 6.6.6.6
    #
    bridge-domain 10
     vxlan vni 10
    #
    interface Vbdif10
     ip address 10.1.1.1 255.255.255.0
     vrrp vrid 1 virtual-ip 10.1.1.100
     vrrp vrid 1 priority 120
     mac-address 0000-5e00-0102
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #
    interface LoopBack0
     ip address 1.1.1.1 255.255.255.255
    #
    interface LoopBack1
     ip address 5.5.5.5 255.255.255.255
    #
    interface Nve1
     source 1.1.1.1
     vni 10 head-end peer-list 2.2.2.2
     vni 10 head-end peer-list 3.3.3.3
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 5.5.5.5 0.0.0.0
      network 192.168.1.0 0.0.0.255
    #
    return
  • L3GW2 configuration file

    #
    sysname L3GW2
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    dfs-group 1
     source ip 6.6.6.6
     #
     active-active-gateway
      peer 5.5.5.5
    #
    bridge-domain 10
     vxlan vni 10
    #
    interface Vbdif10
     ip address 10.1.1.1 255.255.255.0
     vrrp vrid 1 virtual-ip 10.1.1.100
     vrrp vrid 1 priority 120
     mac-address 0000-5e00-0102
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.2.1 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.3.1 255.255.255.0
    #
    interface LoopBack0
     ip address 1.1.1.1 255.255.255.255
    #
    interface LoopBack1
     ip address 6.6.6.6 255.255.255.255
    #
    interface Nve1
     source 1.1.1.1
     vni 10 head-end peer-list 2.2.2.2
     vni 10 head-end peer-list 3.3.3.3
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 6.6.6.6 0.0.0.0
      network 192.168.2.0 0.0.0.255
      network 192.168.3.0 0.0.0.255
    #
    return
  • VXLAN proxy configuration file

    #
    sysname VXLAN-proxy
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    vlan batch 10
    #
    bridge-domain 10
     l2 binding vlan 10
     vxlan vni 10
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.3.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.4.2 255.255.255.0
    #
    interface 10GE1/0/3
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack0
     ip address 2.2.2.2 255.255.255.255
    #
    interface Nve1
     source 2.2.2.2
     vni 10 head-end peer-list 1.1.1.1
     vni 10 head-end peer-list 3.3.3.3
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.3.0 0.0.0.255
      network 192.168.4.0 0.0.0.255
    #
    return
  • L3GW3 configuration file

    #
    sysname L3GW3
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.3 255.255.255.0
     vrrp vrid 1 virtual-ip 10.1.1.100
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • L3GW4 configuration file

    #
    sysname L3GW4
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.4 255.255.255.0
     vrrp vrid 1 virtual-ip 10.1.1.100
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Device1 configuration file

    #
    sysname Device1
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    bridge-domain 10
     vxlan vni 10
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.2.2 255.255.255.0
    #
    interface 10GE1/0/3
     undo portswitch
     ip address 192.168.4.1 255.255.255.0
    #
    interface 10GE1/0/4.1 mode l2
     bridge-domain 10
     encapsulation dot1q vid 10
    #
    interface LoopBack0
     ip address 3.3.3.3 255.255.255.255
    #
    interface Nve1
     source 3.3.3.3
     vni 10 head-end peer-list 1.1.1.1
     vni 10 head-end peer-list 2.2.2.2
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
      network 192.168.4.0 0.0.0.255
    #
    return
  • Device2 configuration file

    #
    sysname Device2
    #
    vlan batch 10
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/3
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/4
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 25321

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next