No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Layer 3 VXLAN Gateway

Configuring a Layer 3 VXLAN Gateway

When distributed VXLAN gateways are deployed using BGP EVPN, Layer 3 VXLAN gateways must be configured to implement inter-subnet communication.

Context

In distributed VXLAN gateway scenarios, inter-subnet communication between hosts requires Layer 3 forwarding. To allow this, Layer 3 VXLAN gateways must learn host routes. Perform the following operations on VXLAN gateways:

  • Configure a VPN instance whose routes can be installed into the routing table of the EVPN instance. This VPN instance is used to store host routes or network segment routes, differentiating tenants.

    NOTE:

    RDs are used to identify routes in EVPN and VPN instances. For multiple routes with the same prefix, if the RDs of the routes are the same, the routes are considered as the same route; if the RDs of the routes are different, the routes are considered as different routes. Therefore, when configuring RDs for an EVPN instance and a VPN instance, note the following points:

    • If routes need to implement ECMP, different RDs need to be configured. For example, when multiple border leaves are deployed and send the same route to the data center, different RDs need to be configured for the border leaves.

    • When routes do not need to implement ECMP, the same RD can be configured. For example, when distributed gateways with the same address are deployed in different locations and the network segment routes of the gateways do not need to implement ECMP, the same RD can be configured for service leaves connected to the gateways.

  • Bind the VPN instance to a Layer 3 VXLAN gateway, enable distributed gateway, and configure host route advertisement.

  • Configure the type of route to be advertised between VXLAN gateways. VXLAN gateways can send different routing information through different types of routes. If an RR is deployed on the network, only the type of route to be advertised between the RR and VXLAN gateways needs to be configured.

Procedure

  1. Configure a VPN instance whose routes can be installed into the routing table of the EVPN instance.

    On IPv4 overlay networks, perform the following operations:

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

      By default, no VPN instance is created.

    3. Run vxlan vni vni-id

      A VNI is created and mapped to the VPN instance.

      By default, a VNI is not bound to any VPN instance.

    4. Run ipv4-family

      The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

      By default, the IPv4 address family is not enabled for any VPN instance.

    5. Run route-distinguisher route-distinguisher

      An RD is configured for the VPN instance IPv4 address family.

      By default, no RD is configured for the VPN instance IPv4 address family.

    6. (Optional) Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the VPN instance IPv4 address family.

      By default, no VPN target is configured for the VPN instance IPv4 address family.

      If the current node needs to exchange L3VPN routes with other nodes in the same VPN instance, perform this step to configure an VPN target value for the VPN instance.

    7. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      VPN targets are configured for the VPN instance IPv4 address family for exchanging routes with the EVPN instance. vpn-target specified must be the same as the RT of the EVPN instance configured in the BD view.

      The routes advertised by the VPN instance IPv4 address family to an EVPN instance do not carry the export VPN targets of the VPN instance IPv4 address family. Instead, the routes carry all VPN targets in the export VPN target list configured for the EVPN instance in the BD.

      The routes advertised by an EVPN instance can be added to the routing table of the VPN instance IPv4 address family only when the VPN targets of the routes are carried in the import VPN target list of the VPN instance IPv4 address family.

    8. (Optional) Run import route-policy policy-name evpn

      The VPN instance IPv4 address family is associated with an import route-policy that is used to filter routes imported from the EVPN instance to the VPN instance IPv4 address family.

      By default, an EVPN instance matches the export VPN targets of received routes against the import VPN targets of the VPN instance IPv4 address family to determine whether to import these routes. To precisely import routes advertised by an EVPN instance to the VPN instance IPv4 address family, perform this step to associate the VPN instance IPv4 address family with an import route-policy and set attributes for eligible routes.

    9. (Optional) Run export route-policy policy-name evpn

      The VPN instance IPv4 address family is associated with an export route-policy that is used to filter routes advertised from the VPN instance IPv4 address family to the EVPN instance.

      By default, the routes advertised by the VPN instance IPv4 address family to an EVPN instance carry all export VPN targets of the VPN instance IPv4 address family. To precisely import routes advertised by the VPN instance IPv4 address family to an EVPN instance, perform this step to associate the VPN instance IPv4 address family with an export route-policy and set attributes for eligible routes.

    10. Run quit

      Exit from the VPN instance IPv4 address family view.

    11. Run quit

      Exit from the VPN instance view.

    On IPv6 overlay networks, perform the following operations:

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

      By default, no VPN instance is created.

    3. Run vxlan vni vni-id

      A VNI is created and mapped to the VPN instance.

      By default, a VNI is not bound to any VPN instance.

    4. Run ipv6-family

      The IPv6 address family is enabled for the VPN instance, and the VPN instance IPv6 address family view is displayed.

      By default, the IPv6 address family is not enabled for any VPN instance.

    5. Run route-distinguisher route-distinguisher

      An RD is configured for the VPN instance IPv6 address family.

      By default, no RD is configured for the VPN instance IPv6 address family.

    6. (Optional) Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the VPN instance IPv6 address family.

      By default, no VPN target is configured for the VPN instance IPv6 address family.

      If the current node needs to exchange L3VPN routes with other nodes in the same VPN instance, perform this step to configure an VPN target value for the VPN instance.

    7. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      VPN targets are configured for the VPN instance IPv6 address family for exchanging routes with the EVPN instance. vpn-target specified must be the same as the RT of the EVPN instance configured in the BD view.

      The routes advertised by the VPN instance IPv6 address family to an EVPN instance do not carry the export VPN targets of the VPN instance IPv6 address family. Instead, the routes carry all VPN targets in the export VPN target list configured for the EVPN instance in the BD.

      The routes advertised by an EVPN instance can be added to the routing table of the VPN instance IPv6 address family only when the VPN targets of the routes are carried in the import VPN target list of the VPN instance IPv6 address family.

    8. Run quit

      Exit from the VPN instance IPv6 address family view.

    9. Run quit

      Exit from the VPN instance view.

  2. Bind the VPN instance to a Layer 3 VXLAN gateway, enable distributed gateway, and configure host route advertisement.
    1. Run interface vbdif bd-id

      A VBDIF interface is created, and the VBDIF interface view is displayed.

      By default, no VBDIF interface is created.

    2. Run ip binding vpn-instance vpn-instance-name

      A VPN instance is bound to the VBDIF interface.

    3. Configure an IP address for the VBDIF interface to implement Layer 3 interworking.

      • On IPv4 overlay networks, run ip address ip-address { mask | mask-length } [ sub ]

        An IPv4 address is configured for the VBDIF interface.

      • On IPv6 overlay networks:

        1. Run ipv6 enable

          IPv6 is enabled for the VBDIF interface.

        2. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

          Or runipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

          A global unicast address is configured for the VBDIF interface.

      If different Layer 3 gateways connect to the same network segment, the same IP address must be configured for the VBDIF interfaces of these Layer 3 gateways.

    4. (Optional) Run mac-address mac-address

      A MAC address is configured for the VBDIF interface.

      By default, the MAC address of a VBDIF interface is the system MAC address.

      In a scenario where VBDIF interfaces and IP addresses configured for multiple gateways are the same, you need to run the mac-address command to configure the same MAC addresses for the VBDIF interfaces.

    5. Run vxlan anycast-gateway enable

      Distributed gateway is enabled.

      By default, distributed gateway is disabled.

      NOTE:

      After distributed gateway is enabled on a Layer 3 gateway, the Layer 3 gateway discards network-side ARP or NS packets and learns only user-side ARP or NS packets.

    6. Perform either of the following steps to configure host route advertisement:

      On IPv4 overlay networks:

      • If VXLAN gateways advertise IRB routes to each other, run arp collect host enable

      • If VXLAN gateways advertise IP prefix routes to each other, run arp direct-route enable [ route-policy route-policy-name ]

      On IPv6 overlay networks:
      • Run ipv6 nd direct-route enable [ route-policy route-policy-name ]

        IPv6 ND direct routes are advertised because VXLAN gateways can advertise only IP prefix routes.

    7. Run quit

      Exit from the VBDIF interface view.

  3. Configure the type of route to be advertised between VXLAN gateways. If an RR has been deployed, configure the type of route to be advertised between VXLAN gateways and the RR.

    On IPv4 overlay networks, VXLAN gateways can advertise IRB and IP prefix routes.

    • Configure IRB route advertisement.

      1. Run bgp as-number [ instance instance-name ]

        The BGP or BGP multi-instance view is displayed.

      2. Run l2vpn-family evpn

        The BGP-EVPN address family view or BGP multi-instance EVPN address family view is displayed.

      3. Run peer { ipv4-address | group-name } advertise irb

        IRB route advertisement is configured.

      4. Run quit

        Exit from the BGP-EVPN address family or BGP multi-instance EVPN address family view.

      5. Run quit

        Exit from the BGP or BGP multi-instance view.

      6. Run commit

        The configuration is committed.

      IRB routes are Type 2 BGP EVPN routes that carry hosts' MAC and IP addresses as well as Layer 2 and Layer 3 VNIs. IRB routes can be used to advertise host IP routes as well as ARP entries. After IRB route advertisement is configured, running the arp broadcast-suppress [ mismatch-discard ] enable command implements ARP broadcast suppression. In addition, host ARP entry advertisement allows VM migration in distributed gateway scenarios. As such, configuring IRB route advertisement is recommended.

    • Configure IP prefix route advertisement.

      1. Run bgp as-number [ instance instance-name ]

        The BGP or BGP multi-instance view is displayed.

      2. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family view or BGP multi-instance VPN instance IPv4 address family view is displayed.

      3. Run import-route { direct | isis process-id | ospf process-id | rip process-id | static } [ med med | route-policy route-policy-name ] *

        A type of route is imported to the BGP-VPN instance IPv4 address family or BGP multi-instance VPN instance IPv4 address family view.

        If host IP route advertisement is required, configure direct in the command. If network segment route advertisement is required, use a dynamic routing protocol, such as OSPF. Then, configure the BGP-VPN instance IPv4 address family to import the routes of the dynamic routing protocol.

      4. Run advertise l2vpn evpn

        IP prefix route advertisement is configured.

      5. Run quit

        Exit from the BGP-VPN instance IPv4 address family or BGP multi-instance VPN instance IPv4 address family view.

      6. Run quit

        Exit from the BGP or BGP multi-instance view.

      7. Run commit

        The configuration is committed.

      IP prefix routes are Type 5 BGP EVPN routes that carry host IP addresses or network segment addresses as well as Layer 3 VNIs. IP prefix routes are used to advertise host IP routes as well as network segment routes to which the host IP routes belong. If a large number of specific host routes are available, configure IP prefix route advertisement so that the network segment routes can be imported to the BGP-VPN instance IPv4 address family, sparing the VXLAN gateways from storing all specific host routes.

      NOTE:
      • A VXLAN gateway can advertise network segment routes only if the network segments attached to the gateway are unique network-wide.

      • After configuring IP prefix route advertisement, run the arp direct-route enable command to allow the device to generate direct routes to host IP addresses. This will affect VM migration.

    In case of an IPv6 overlay network, perform the following operations:

    • Configure IP prefix route advertisement.

      1. Run bgp as-number

        The BGP view is displayed.

      2. Run ipv6-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv6 address family view is displayed.

      3. Run import-route { direct | isis process-id | ospfv3 process-id | ripng process-id | static } [ med med | route-policy route-policy-name ] *

        Routes of other protocols are introduced to the IPv6 address family of the current BGP-VPN instance.

        To advertise host IPv6 routes, configure import of direct routes. To advertise routes on the IPv6 network segment where the host resides, use a dynamic routing protocol (such as OSPFv3) to advertise routes on the network segment and configure the dynamic routing protocol to import routes.

      4. Run advertise l2vpn evpn

        IP prefix route advertisement is configured.

      5. Run quit

        Exit from the BGP-VPN instance IPv6 address family view.

      6. Run quit

        Exit from the BGP view.

      7. Run commit

        The configuration is committed.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 30275

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next