No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VXLAN with Centralized Gateways in BGP EVPN Mode

Example for Configuring VXLAN with Centralized Gateways in BGP EVPN Mode

Networking Requirements

In Figure 12-4, an enterprise has VMs deployed in different data centers. VM 1 on Server 1 belongs to VLAN 10, VM 1 on Server 2 belongs to VLAN 20, and VM 1 on Server 3 belongs to VLAN 30. Server 1 and Server 2 reside in different network segments; Server 2 and Server 3 reside in the same network segment. To allow VM1s in different data centers to communicate with each other, configure a Layer 3 VXLAN gateway.

Figure 12-4 VXLAN with centralized gateways in BGP EVPN mode

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure a routing protocol on Device1, Device2, and Device3 to allow them to communicate at Layer 3.

  2. Configure a service access point on Device1 and Device3 to differentiate service traffic.

  3. Configure EVPN as the VXLAN control plane.

  4. Configure a BGP EVPN peer relationship.

  5. Configure EVPN instances.

  6. Configure an ingress replication list.

  7. Configure Device2 as a Layer 3 VXLAN gateway.

Data Preparation

The following data is needed to complete the configuration:

  • VMs' VLAN IDs (10, 20, and 30)

  • IP addresses of interfaces connecting devices

  • Interior Gateway Protocol (IGP) running between devices (OSPF in this example)

  • BD IDs (10 and 20)
  • VNI IDs (5010 and 5020)
  • EVPN instances' RDs (11:1, 12:1, 21:1, 23:1, and 31:2) and RTs (1:1 and 2:2)

Precautions

For the CE12800, in addition to the configuration in the procedure, you may also need to run the following commands based on actual requirements:
  • Run the assign forward nvo3 service extend enable command in the system view to enable the NVO3 service extension function.

    NOTE:

    By default, the NVO3 service extension function is disabled on the device. After the NVO3 service is deployed on a device, there is a high probability that other ACL-consuming services such as MQC, simplified ACL, traffic policing, BD traffic statistics collection, and DHCP fail to be configured on the device. You can enable the NVO3 ACL extension function to lower the configuration failure probability of EC (except the CE-L48GT-EC and CE-L48GS-EC cards), ED, EF, and EG series cards.

  • Run the assign forward nvo3 f-linecard compatibility enable command in the system view to ensure that VXLAN traffic can be forwarded when the card interoperability mode is non-enhanced mode.

    NOTE:

    If VXLAN traffic is forwarded between cards when the card interoperability mode is non-enhanced mode, the VXLAN traffic may fail to be forwarded. To use the VXLAN function, you must configure the assign forward nvo3 f-linecard compatibility enable command when the card interoperability mode is non-enhanced mode.

VXLAN-related constraints are described in the procedure. To obtain more constraint information, see Licensing Requirements and Limitations for VXLANs.

Procedure

  1. Configure a routing protocol.

    # Configure Device1. Repeat this step for Device2 and Device3. Configure the devices to advertise the 32-bit IP addresses of loopback interfaces.

    <HUAWEI> system-view
    [~HUAWEI] sysname Device1
    [*HUAWEI] commit
    [~Device1] interface loopback 1
    [*Device1-LoopBack1] ip address 2.2.2.2 32
    [*Device1-LoopBack1] quit
    [*Device1] interface 10ge 1/0/1
    [*Device1-10GE1/0/1] undo portswitch
    [*Device1-10GE1/0/1] ip address 192.168.1.1 24
    [*Device1-10GE1/0/1] quit
    [*Device1] ospf
    [*Device1-ospf-1] area 0
    [*Device1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
    [*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [*Device1-ospf-1-area-0.0.0.0] quit
    [*Device1-ospf-1] quit
    [*Device1] commit

    # After OSPF is configured, the devices can use OSPF to learn the IP addresses of each other's loopback interfaces and successfully ping each other. The following example shows the command output on Device1 after it pings Device3:

    [~Device1] ping 4.4.4.4
      PING 4.4.4.4: 56  data bytes, press CTRL_C to break
        Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=5 ms
        Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=2 ms
        Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=2 ms
        Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=3 ms
        Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=3 ms
    
      --- 4.4.4.4 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/3/5 ms

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (Perform this step on the CE12800 only.)

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] ip tunnel mode vxlan
    [*Device1] assign forward nvo3 acl extend enable
    [*Device1] commit
    
    NOTE:

    After modifying the VXLAN tunnel mode or enabling the VXLAN ACL extension function, save the configuration and restart the device to make the configuration take effect. Restart the device immediately or after completing all the configurations.

  3. Configure a service access point on Device1 and Device3.

    # Configure Device1. Repeat this step for Device3.

    [~Device1] bridge-domain 10
    [*Device1-bd10] quit
    [*Device1] interface 10ge 1/0/2.1 mode l2
    [*Device1-10GE1/0/2.1] encapsulation dot1q vid 10
    [*Device1-10GE1/0/2.1] bridge-domain 10
    [*Device1-10GE1/0/2.1] quit
    [*Device1] bridge-domain 20
    [*Device1-bd20] quit
    [*Device1] interface 10ge 1/0/3.1 mode l2
    [*Device1-10GE1/0/3.1] encapsulation dot1q vid 30
    [*Device1-10GE1/0/3.1] bridge-domain 20
    [*Device1-10GE1/0/3.1] quit
    [*Device1] commit

  4. Configure EVPN as the VXLAN control plane on Device1, Device2, and Device3.

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] evpn-overlay enable
    [*Device1] commit

  5. Configure a BGP EVPN peer relationship.

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] bgp 100
    [*Device1-bgp] peer 3.3.3.3 as-number 100
    [*Device1-bgp] peer 3.3.3.3 connect-interface LoopBack1
    [*Device1-bgp] peer 4.4.4.4 as-number 100
    [*Device1-bgp] peer 4.4.4.4 connect-interface LoopBack1
    [*Device1-bgp] l2vpn-family evpn
    [*Device1-bgp-af-evpn] peer 3.3.3.3 enable
    [*Device1-bgp-af-evpn] peer 4.4.4.4 enable
    [*Device1-bgp-af-evpn] quit
    [*Device1-bgp] quit
    [*Device1] commit

  6. Configure an EVPN instance on Device1, Device2, and Device3.

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] bridge-domain 10
    [~Device1-bd10] vxlan vni 5010
    [*Device1-bd10] evpn
    [*Device1-bd10-evpn] route-distinguisher 11:1
    [*Device1-bd10-evpn] vpn-target 1:1
    [*Device1-bd10-evpn] quit
    [*Device1-bd10] quit
    [*Device1] bridge-domain 20
    [*Device1-bd20] vxlan vni 5020
    [*Device1-bd20] evpn
    [*Device1-bd20-evpn] route-distinguisher 12:1
    [*Device1-bd20-evpn] vpn-target 2:2
    [*Device1-bd20-evpn] quit
    [*Device1-bd20] quit
    [*Device1] commit

  7. Configure an ingress replication list.

    # Configure Device1. Repeat this step for Device2 and Device3.

    [~Device1] interface nve 1
    [*Device1-Nve1] source 2.2.2.2
    [*Device1-Nve1] vni 5010 head-end peer-list protocol bgp
    [*Device1-Nve1] vni 5020 head-end peer-list protocol bgp
    [*Device1-Nve1] quit
    [*Device1] commit

  8. Configure Device2 as a Layer 3 VXLAN gateway.

    [~Device2] interface vbdif 10
    [*Device2-Vbdif10] ip address 192.168.10.10 24
    [*Device2-Vbdif10] quit
    [*Device2] interface vbdif 20
    [*Device2-Vbdif20] ip address 192.168.20.10 24
    [*Device2-Vbdif20] quit
    [*Device2] commit

  9. Verify the configuration.

    After completing the configurations, run the display vxlan tunnel and display vxlan vni commands on Device1, Device2, and Device3 to check the VXLAN tunnel and VNI information, respectively. The VNIs are Up. The following example shows the command output on Device1.

    [~Device1] display vxlan tunnel
    Number of vxlan tunnel : 2
    Tunnel ID   Source                Destination           State  Type     Uptime
    -----------------------------------------------------------------------------------
    4026531843  2.2.2.2               3.3.3.3               up     dynamic  0035h21m
    4026531844  2.2.2.2               4.4.4.4               up     dynamic  0036h21m
    [~Device1] display vxlan vni
    Number of vxlan vni : 2
    VNI            BD-ID            State
    ---------------------------------------
    5010           10               up
    5020           20               up

    VM1s on different servers can communicate.

Configuration Files

  • Device1 configuration file

    #
    sysname Device1
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 11:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    bridge-domain 20
     vxlan vni 5020
     evpn
      route-distinguisher 12:1
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #
    interface 10GE1/0/3.1 mode l2
     encapsulation dot1q vid 30
     bridge-domain 20
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    interface Nve1
     source 2.2.2.2
     vni 5010 head-end peer-list protocol bgp
     vni 5020 head-end peer-list protocol bgp
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
    #
    return
  • Device2 configuration file

    #
    sysname Device2
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 21:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    bridge-domain 20
     vxlan vni 5020
     evpn
      route-distinguisher 23:1
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    interface Vbdif10
     ip address 192.168.10.10 255.255.255.0
    #
    interface Vbdif20
     ip address 192.168.20.10 255.255.255.0
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.2.1 255.255.255.0
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Nve1
     source 3.3.3.3
     vni 5010 head-end peer-list protocol bgp
     vni 5020 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
    #
    return
  • Device3 configuration file

    #
    sysname Device3
    #
    assign forward nvo3 acl extend enable
    #
    evpn-overlay enable
    #
    bridge-domain 20
     vxlan vni 5020
     evpn
      route-distinguisher 31:2
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.2.2 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 20
     bridge-domain 20
    #
    interface LoopBack1
     ip address 4.4.4.4 255.255.255.255
    #
    interface Nve1
     source 4.4.4.4
     vni 5020 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.4 0.0.0.0
      network 192.168.2.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 29464

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next