No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VXLAN Using BGP EVPN to Enable Communication Among Users on the Same Network Segment

Example for Configuring VXLAN Using BGP EVPN to Enable Communication Among Users on the Same Network Segment

Networking Requirements

On the network shown in Figure 12-1, an enterprise has VMs deployed in different data centers. VM1 on Server1 belongs to VLAN 30, and VM1 on Server2 belongs to VLAN 20. Server1 and Server2 are on the same network segment. The enterprise requires communication among users on the same network segment, which can be implemented using VXLAN.

Figure 12-1 Configuring VXLAN to enable communication among users on the same network segment

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure a routing protocol on Device1, Device2, and Device3 to ensure Layer 3 connectivity on the network.

  2. Configure service access points on Device1 and Device3 to differentiate service traffic.

  3. Enable EVPN as the VXLAN control plane.

  4. Establish BGP EVPN peer relationships.

  5. Configure an EVPN instance.

  6. Configure ingress replication.

Data Plan

To complete the configuration, you need the following data:

  • VMs' VLAN IDs (20 and 30)

  • IP addresses of interfaces connecting devices

  • Interior Gateway Protocol (IGP) routing protocol: Open Shortest Path First (OSPF)

  • BD ID (20)
  • VNI ID (5020)
  • RDs of the EVPN instance (12:1 and 31:2) and RT of the EVPN instance (2:2)

Precautions

For the CE12800, in addition to the configuration in the procedure, you may also need to run the following commands based on actual requirements:
  • Run the assign forward nvo3 service extend enable command in the system view to enable the NVO3 service extension function.

    NOTE:

    By default, the NVO3 service extension function is disabled on the device. After the NVO3 service is deployed on a device, there is a high probability that other ACL-consuming services such as MQC, simplified ACL, traffic policing, BD traffic statistics collection, and DHCP fail to be configured on the device. You can enable the NVO3 ACL extension function to lower the configuration failure probability of EC (except the CE-L48GT-EC and CE-L48GS-EC cards), ED, EF, and EG series cards.

  • Run the assign forward nvo3 f-linecard compatibility enable command in the system view to ensure that VXLAN traffic can be forwarded when the card interoperability mode is non-enhanced mode.

    NOTE:

    If VXLAN traffic is forwarded between cards when the card interoperability mode is non-enhanced mode, the VXLAN traffic may fail to be forwarded. To use the VXLAN function, you must configure the assign forward nvo3 f-linecard compatibility enable command when the card interoperability mode is non-enhanced mode.

VXLAN-related constraints are described in the procedure. To obtain more constraint information, see Licensing Requirements and Limitations for VXLANs.

Procedure

  1. Configure a routing protocol.

    # Configure Device1. Repeat this step for Device2 and Device3. When OSPF is used, each device advertises the 32-bit loopback interface address of the forwarder.

    <HUAWEI> system-view
    [~HUAWEI] sysname Device1
    [*HUAWEI] commit
    [~Device1] interface loopback 1
    [*Device1-LoopBack1] ip address 2.2.2.2 32
    [*Device1-LoopBack1] quit
    [*Device1] interface 10ge 1/0/1
    [*Device1-10GE1/0/1] undo portswitch
    [*Device1-10GE1/0/1] ip address 192.168.1.1 24
    [*Device1-10GE1/0/1] quit
    [*Device1] ospf
    [*Device1-ospf-1] area 0
    [*Device1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
    [*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [*Device1-ospf-1-area-0.0.0.0] quit
    [*Device1-ospf-1] quit
    [*Device1] commit

    # After OSPF is configured, the devices can learn the loopback interface address of each other and successfully ping each other.

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (Perform this step on the CE12800 only.)

    # Configure Device1. Repeat this step for Device3.

    [~Device1] ip tunnel mode vxlan
    [*Device1] assign forward nvo3 acl extend enable
    [*Device1] commit
    
    NOTE:

    After configuring the VXLAN tunnel mode and enabling the VXLAN ACL extension function, you need to save the configuration and restart the device to make the configuration take effect. You can restart the device immediately or after all the configurations are complete.

  3. Configure a service access point on Device1 and Device3, respectively.

    # Configure Device1. Repeat this step for Device3.

    [~Device1] bridge-domain 20
    [*Device1-bd20] quit
    [*Device1] interface 10ge 1/0/2.1 mode l2
    [*Device1-10GE1/0/2.1] encapsulation dot1q vid 30
    [*Device1-10GE1/0/2.1] bridge-domain 20
    [*Device1-10GE1/0/2.1] quit
    [*Device1] commit

  4. Enable EVPN as the VXLAN control plane on Device1, Device2, and Device3, respectively.

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] evpn-overlay enable
    [*Device1] commit

  5. Configure a BGP EVPN peer relationship. Specify Device1, and Device3 as BGP EVPN peers for Device2 and configure them as RR clients.

    # Specify BGP EVPN peers for Device2.
    [~Device2] bgp 100
    [*Device2-bgp] peer 2.2.2.2 as-number 100
    [*Device2-bgp] peer 2.2.2.2 connect-interface LoopBack1
    [*Device2-bgp] peer 4.4.4.4 as-number 100
    [*Device2-bgp] peer 4.4.4.4 connect-interface LoopBack1
    [*Device2-bgp] l2vpn-family evpn
    [*Device2-bgp-af-evpn] peer 2.2.2.2 enable
    [*Device2-bgp-af-evpn] peer 2.2.2.2 reflect-client
    [*Device2-bgp-af-evpn] peer 4.4.4.4 enable
    [*Device2-bgp-af-evpn] peer 4.4.4.4 reflect-client
    [*Device2-bgp-af-evpn] undo policy vpn-target
    [*Device2-bgp-af-evpn] quit
    [*Device2-bgp] quit
    [*Device2] commit

    # Specify BGP EVPN peers for Device1. Repeat this step for Device3.

    [~Device1] bgp 100
    [*Device1-bgp] peer 3.3.3.3 as-number 100
    [*Device1-bgp] peer 3.3.3.3 connect-interface LoopBack1
    [*Device1-bgp] l2vpn-family evpn
    [*Device1-bgp-af-evpn] peer 3.3.3.3 enable
    [*Device1-bgp-af-evpn] quit
    [*Device1-bgp] quit
    [*Device1] commit

  6. Configure an EVPN instance on Device1, and Device3, respectively.

    # Configure Device1. Repeat this step for Device3.

    [~Device1] bridge-domain 20
    [~Device1-bd20] vxlan vni 5020
    [*Device1-bd20] evpn
    [*Device1-bd20-evpn] route-distinguisher 12:1
    [*Device1-bd20-evpn] vpn-target 2:2
    [*Device1-bd20-evpn] quit
    [*Device1-bd20] quit
    [*Device1] commit

  7. Configure ingress replication.

    # Configure Device1. Repeat this step for Device3.

    [~Device1] interface nve 1
    [*Device1-Nve1] source 2.2.2.2
    [*Device1-Nve1] vni 5020 head-end peer-list protocol bgp
    [*Device1-Nve1] quit
    [*Device1] commit

  8. Verify the configuration.

    After completing the configurations, run the display vxlan tunnel command to check VXLAN tunnel information and run the display vxlan vni command on Device1 and Device3 to check the VNI status. The command outputs show that the VNI status is Up. The following example shows the command outputs on Device1.

    [~Device1] display vxlan tunnel
    Number of vxlan tunnel : 1
    Tunnel ID   Source                Destination           State  Type     Uptime                                                      
    ----------------------------------------------------------------------------------- 
    4026531844  2.2.2.2               4.4.4.4               up     dynamic  0023h22m
    [~Device1] display vxlan vni
    Number of vxlan vni : 1
    VNI            BD-ID            State
    ---------------------------------------
    5020           20               up

    VM1s on different servers can communicate.

Configuration Files

  • Device1 configuration file

    #
    sysname Device1
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 20
     vxlan vni 5020
     evpn
      route-distinguisher 12:1
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 30
     bridge-domain 20
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    interface Nve1
     source 2.2.2.2
     vni 5020 head-end peer-list protocol bgp
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.3 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 3.3.3.3 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
    #
    return
  • Device2 configuration file

    #
    sysname Device2
    #
    evpn-overlay enable
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.2.1 255.255.255.0
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 2.2.2.2 enable
      peer 2.2.2.2 reflect-client
      peer 4.4.4.4 enable
      peer 4.4.4.4 reflect-client
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
    #
    return
  • Device3 configuration file

    #
    sysname Device3
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 20
     vxlan vni 5020
     evpn
      route-distinguisher 31:2
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.2.2 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 20
     bridge-domain 20
    #
    interface LoopBack1
     ip address 4.4.4.4 255.255.255.255
    #
    interface Nve1
     source 4.4.4.4
     vni 5020 head-end peer-list protocol bgp
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.3 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 3.3.3.3 enable
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.4 0.0.0.0
      network 192.168.2.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 30922

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next