No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Centralized VXLAN Gateways to Function as DHCPv6 Relay Agents

Example for Configuring Centralized VXLAN Gateways to Function as DHCPv6 Relay Agents

Networking Requirements

On the network shown in Figure 12-17, an enterprise has VMs deployed in different data centers. VM 1 on VPN 1 belongs to VLAN 10, and VM 2 on VPN 1 belongs to VLAN 20. The DHCPv6 server resides on the public network. To allow VM 1 and VM 2 to request IPv6 addresses from the DHCPv6 server, configure DHCPv6 relay on Layer 3 VXLAN gateways.

Figure 12-17 Networking diagram for configuring Centralized VXLAN gateways to function as DHCPv6 relay agents

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure a VXLAN tunnel.
    1. Configure a routing protocol on Device 1, Device 2, and Device 3 to ensure communication at Layer 3.

    2. Configure a service access point on Device 1 and Device 3 to differentiate service traffic.

    3. Configure EVPN as the VXLAN control plane on Device 1, Device 2, and Device 3.

    4. Establish BGP EVPN peer relationships between Device 1, Device 2, and Device 3.

    5. Configure EVPN instances on Device 1, Device 2, and Device 3.

    6. Configure an ingress replication list on Device 1, Device 2, and Device 3.

    7. Create L3VPN instances on Device 2.

    8. Configure Device 2 as a Layer 3 VXLAN gateway.

  2. Configure DHCPv6 relay.
    1. Enable DHCPv6 relay on the VBDIF10 interface of Device 2.
    2. Specify the DHCPv6 server address on the VBDIF10 interface of Device 2.
    3. Enable the VBDIF10 interface of Device 2 to forward relay packets carrying the vss-control option and specify the source IP address of the relay packets.
  3. Configure the DHCPv6 server.

Data Preparation

To complete the configuration, you need the following data:

  • IP addresses of interfaces connecting devices
  • VMs' VLAN IDs (10 and 20)
  • BD ID (10)
  • VNI (5010)
  • EVPN instances' RDs (11:1, 21:1, and 31:2) and RT (1:1)
  • RD (10:1) of L3VPN instances, RT (3:3) of L3VPN instances

Precautions

For the CE12800, in addition to the configuration in the procedure, you may also need to run the following commands based on actual requirements:
  • Run the assign forward nvo3 service extend enable command in the system view to enable the NVO3 service extension function.

    NOTE:

    By default, the NVO3 service extension function is disabled on the device. After the NVO3 service is deployed on a device, there is a high probability that other ACL-consuming services such as MQC, simplified ACL, traffic policing, BD traffic statistics collection, and DHCP fail to be configured on the device. You can enable the NVO3 ACL extension function to lower the configuration failure probability of EC (except the CE-L48GT-EC and CE-L48GS-EC cards), ED, EF, and EG series cards.

  • Run the assign forward nvo3 f-linecard compatibility enable command in the system view to ensure that VXLAN traffic can be forwarded when the card interoperability mode is non-enhanced mode.

    NOTE:

    If VXLAN traffic is forwarded between cards when the card interoperability mode is non-enhanced mode, the VXLAN traffic may fail to be forwarded. To use the VXLAN function, you must configure the assign forward nvo3 f-linecard compatibility enable command when the card interoperability mode is non-enhanced mode.

VXLAN-related constraints are described in the procedure. To obtain more constraint information, see Licensing Requirements and Limitations for VXLANs.

Procedure

  1. Configure a routing protocol.

    Assign an IP address to each interface on Device 1, Device 2, and Device 3. Ensure that the 32-bit loopback address of each device is advertised after OSPF is enabled.

    # Configure Device 1.
    <HUAWEI> system-view
    [~HUAWEI] sysname Device1
    [*HUAWEI] commit
    [~Device1] interface loopback 1
    [*Device1-LoopBack1] ip address 2.2.2.2 32
    [*Device1-LoopBack1] quit
    [*Device1] interface 10ge 1/0/1
    [*Device1-10GE1/0/1] undo portswitch
    [*Device1-10GE1/0/1] ip address 192.168.1.1 24
    [*Device1-10GE1/0/1] quit
    [*Device1] ospf
    [*Device1-ospf-1] area 0
    [*Device1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
    [*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [*Device1-ospf-1-area-0.0.0.0] quit
    [*Device1-ospf-1] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

    After OSPF is configured, the Devices can use OSPF to learn the IP addresses of loopback interfaces of each other and successfully ping each other.

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (Perform this step on the CE12800 only.)

    # Configure Device 1. The configurations on Device 2 and Device 3 are similar to that on Device 1, and is not mentioned here.

    [~Device1] ip tunnel mode vxlan
    [*Device1] assign forward nvo3 acl extend enable
    [*Device1] commit
    
    NOTE:

    After modifying the VXLAN tunnel mode or enabling the VXLAN ACL extension function, you need to save the configuration and restart the device to make the configuration take effect. You can restart the device immediately or after completing all the configurations.

  3. Configure a service access point on Device 1 and Device 3.

    # Configure Device 1.
    [~Device1] bridge-domain 10
    [*Device1-bd10] quit
    [*Device1] interface 10GE1/0/2.1 mode l2
    [*Device1-10GE1/0/2.1] encapsulation dot1q vid 10
    [*Device1-10GE1/0/2.1] bridge-domain 10
    [*Device1-10GE1/0/2.1] quit
    [*Device1] commit

    Repeat these steps for Device 3. For configuration details, see Configuration Files in this section.

  4. Configure EVPN as the VXLAN control plane on Device 1, Device 2, and Device 3.

    # Configure Device 1.
    [~Device1] evpn-overlay enable
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  5. Configure BGP EVPN peer relationships between Device 1, Device 2, and Device 3.

    # Configure Device 1.

    [~Device1] bgp 100
    [*Device1-bgp] peer 3.3.3.3 as-number 100
    [*Device1-bgp] peer 3.3.3.3 connect-interface LoopBack1
    [*Device1-bgp] peer 4.4.4.4 as-number 100
    [*Device1-bgp] peer 4.4.4.4 connect-interface LoopBack1
    [*Device1-bgp] l2vpn-family evpn
    [*Device1-bgp-af-evpn] peer 3.3.3.3 enable
    [*Device1-bgp-af-evpn] peer 4.4.4.4 enable
    [*Device1-bgp-af-evpn] quit
    [*Device1-bgp] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  6. Configure EVPN instances on Device 1, Device 2, and Device 3.

    # Configure Device 1.
    [~Device1] bridge-domain 10
    [~Device1-bd10] vxlan vni 5010
    [*Device1-bd10] evpn
    [*Device1-bd10-evpn] route-distinguisher 11:1
    [*Device1-bd10-evpn] vpn-target 1:1
    [*Device1-bd10-evpn] quit
    [*Device1-bd10] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  7. Configure an ingress replication list.

    # Configure Device 1.
    [~Device1] interface nve 1
    [*Device1-Nve1] source 2.2.2.2
    [*Device1-Nve1] vni 5010 head-end peer-list protocol bgp
    [*Device1-Nve1] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  8. Configure L3VPN instances on Device 2.

    [~Device2] ip vpn-instance vpn1
    [*Device2-vpn-instance-vpn1] ipv6-family
    [*Device2-vpn-instance-vpn1-af-ipv6] route-distinguisher 10:1
    [*Device2-vpn-instance-vpn1-af-ipv6] vpn-target 3:3
    [*Device2-vpn-instance-vpn1-af-ipv6] commit
    [~Device2-vpn-instance-vpn1-af-ipv6] quit
    [~Device2-vpn-instance-vpn1] quit

  9. Configure Device 2 as a Layer 3 VXLAN gateway.

    [~Device2] interface vbdif 10
    [*Device2-Vbdif10] ip binding vpn-instance vpn1
    [*Device2-Vbdif10] ipv6 enable
    [*Device2-Vbdif10] ipv6 address fc00:1::1 96
    [*Device2-Vbdif10] quit
    [*Device2] commit

  10. Verify the configuration.

    After completing the configurations, run the display vxlan tunnel command to check VXLAN tunnel information. Run the display vxlan vni command on Device 1, Device 2, and Device 3 to check that the VNI status is Up. The following example uses the command output on Device 2.

    [~Device2] display vxlan tunnel
    Number of vxlan tunnel : 2
    Tunnel ID   Source                Destination           State  Type     Uptime
    -----------------------------------------------------------------------------------
    4026531843  3.3.3.3               2.2.2.2               up     dynamic  0035h21m
    4026531844  3.3.3.3               4.4.4.4               up     dynamic  0035h22m
    [~Device2] display vxlan vni
    Number of vxlan vni : 1
    VNI            BD-ID            State
    ---------------------------------------
    5010           10               up

  11. Configure DHCPv6 relay on Device 2.

    [~Device2] dhcpv6 enable
    [*Device2] interface Vbdif10
    [*Device2-Vbdif10] dhcpv6 relay destination fc00:2::2 public-net
    [*Device2-Vbdif10] dhcpv6 vss-control insert enable
    [*Device2-Vbdif10] dhcpv6 relay source-ip-address fc00:2::1
    [*Device2-Vbdif10] commit

  12. Configure the DHCPv6 server.

    The DHCPv6 server must meet the following conditions:
    • An address pool is configured on the DHCPv6 server so that the DHCPv6 server can assign IPv6 addresses to DHCPv6 clients.

    • An address lease is configured to improve IP address usage efficiency.

  13. Verify the configuration.

    Run the display dhcpv6 relay statistics command on Device 2. The command output shows statistics about DHCPv6 messages.

    [~Device2] display dhcpv6 relay statistics
      -------------------------------------------------------------------
      Bad packets received                                :   0
      DHCPv6 packets received from clients                :   41357
             DHCPv6 SOLICIT packets received              :   41357
             DHCPv6 REQUEST packets received              :   0
             DHCPv6 CONFIRM packets received              :   0
             DHCPv6 RENEW packets received                :   0
             DHCPv6 REBIND packets received               :   0
             DHCPv6 DECLINE packets received              :   0
             DHCPv6 RELEASE packets received              :   0
             DHCPv6 INFORMATION-REQUEST packets received  :   0
    
      DHCPv6 packets received from relay agents or servers:   6
             DHCPv6 RELAY-FORWARD packets received        :   6
             DHCPv6 RELAY-REPLY packets received          :   0
    
      DHCPv6 packets sent to clients                      :   0
             DHCPv6 ADVERTISE packets sent                :   0
             DHCPv6 REPLY packets sent                    :   0
             DHCPv6 RECONFIGURE packets sent              :   0
    
      DHCPv6 packets sent to relay agents or servers      :   41333
             DHCPv6 RELAY-FORWARD packets sent            :   41333
             DHCPv6 RELAY-REPLY packets sent              :   0
    
      DHCPv6 packets dropped                              :   33
             Table full                                   :   0
             General error                                :   33
             IPSec authentication failed                  :   0
    
      -------------------------------------------------------------------

Configuration Files

  • Device 1 configuration file

    #
    sysname Device1
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 11:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    interface Nve1
     source 2.2.2.2
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
    #
    return
  • Device 2 configuration file

    #
    sysname Device2
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    dhcpv6 enable
    #
    evpn-overlay enable
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 10:1
      vpn-target 3:3 export-extcommunity
      vpn-target 3:3 import-extcommunity
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 21:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface Vbdif10
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address FC00:1::1/96
     dhcpv6 vss-control insert enable
     dhcpv6 relay destination FC00:2::2 public-net
     dhcpv6 relay source-ip-address FC00:2::1
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.2.1 255.255.255.0
    #
    interface 10GE1/0/3
     undo portswitch
     ipv6 enable
     ipv6 address FC00:2::1 96
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Nve1
     source 3.3.3.3
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
      ipv4-family unicast
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
    #
    return
  • Device 3 configuration file

    #
    sysname Device3
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE12800.
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 31:2
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.2.2 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 20
     bridge-domain 10
    #
    interface LoopBack1
     ip address 4.4.4.4 255.255.255.255
    #
    interface Nve1
     source 4.4.4.4
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.4 0.0.0.0
      network 192.168.2.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 24741

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next