No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DNS, IP performance optimization, IPv6, DHCPv6, and IPv6 DNS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Centralized VXLAN Gateways to Function as DHCPv6 Relay Agents

Example for Configuring Centralized VXLAN Gateways to Function as DHCPv6 Relay Agents

Networking Requirements

On the network shown in Figure 8-26, an enterprise has VMs deployed in different data centers. VM 1 on VPN 1 belongs to VLAN 10, and VM 2 on VPN 1 belongs to VLAN 20. The DHCPv6 server resides on the public network. To allow VM 1 and VM 2 to request IPv6 addresses from the DHCPv6 server, configure DHCPv6 relay on Layer 3 VXLAN gateways.

Figure 8-26 Networking diagram for configuring Centralized VXLAN gateways to function as DHCPv6 relay agents

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure a VXLAN tunnel.
    1. Configure a routing protocol on Device 1, Device 2, and Device 3 to ensure communication at Layer 3.

    2. Configure a service access point on Device 1 and Device 3 to differentiate service traffic.

    3. Configure EVPN as the VXLAN control plane on Device 1, Device 2, and Device 3.

    4. Establish BGP EVPN peer relationships between Device 1, Device 2, and Device 3.

    5. Configure EVPN instances on Device 1, Device 2, and Device 3.

    6. Configure an ingress replication list on Device 1, Device 2, and Device 3.

    7. Create L3VPN instances on Device 2.

    8. Configure Device 2 as a Layer 3 VXLAN gateway.

  2. Configure DHCPv6 relay.
    1. Enable DHCPv6 relay on the VBDIF10 interface of Device 2.
    2. Specify the DHCPv6 server address on the VBDIF10 interface of Device 2.
    3. Enable the VBDIF10 interface of Device 2 to forward relay packets carrying the vss-control option and specify the source IP address of the relay packets.
  3. Configure the DHCPv6 server.

Data Preparation

To complete the configuration, you need the following data:

  • IP addresses of interfaces connecting devices
  • VMs' VLAN IDs (10 and 20)
  • BD ID (10)
  • VNI (5010)
  • EVPN instances' RDs (11:1, 21:1, and 31:2) and RT (1:1)
  • RD (10:1) of L3VPN instances, RT (3:3) of L3VPN instances

Precautions

  • When a CE6855HI, CE6856HI, or CE7855EI works as a Layer 3 VXLAN gateway, it can connect to a VXLAN network through VBDIF interfaces only. Otherwise, the switch cannot normally forward VXLAN packets.

VXLAN-related constraints are described in the procedure. To obtain more constraint information, see Licensing Requirements and Limitations for VXLANs.

Procedure

  1. Configure a routing protocol.

    Assign an IP address to each interface on Device 1, Device 2, and Device 3. Ensure that the 32-bit loopback address of each device is advertised after OSPF is enabled.

    # Configure Device 1.
    <HUAWEI> system-view
    [~HUAWEI] sysname Device1
    [*HUAWEI] commit
    [~Device1] interface loopback 1
    [*Device1-LoopBack1] ip address 2.2.2.2 32
    [*Device1-LoopBack1] quit
    [*Device1] interface 10ge 1/0/1
    [*Device1-10GE1/0/1] undo portswitch
    [*Device1-10GE1/0/1] ip address 192.168.1.1 24
    [*Device1-10GE1/0/1] quit
    [*Device1] ospf
    [*Device1-ospf-1] area 0
    [*Device1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
    [*Device1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
    [*Device1-ospf-1-area-0.0.0.0] quit
    [*Device1-ospf-1] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

    After OSPF is configured, the Devices can use OSPF to learn the IP addresses of loopback interfaces of each other and successfully ping each other.

  2. Configure the VXLAN tunnel mode and enable the VXLAN ACL extension function. (Perform this step on the CE6870EI/CE6875EI only.)

    # Configure Device 1. The configurations on Device 2 and Device 3 are similar to that on Device 1, and is not mentioned here.

    [~Device1] ip tunnel mode vxlan
    [*Device1] assign forward nvo3 acl extend enable
    [*Device1] commit
    
    NOTE:

    After modifying the VXLAN tunnel mode or enabling the VXLAN ACL extension function, you need to save the configuration and restart the device to make the configuration take effect. You can restart the device immediately or after completing all the configurations.

  3. Configure a service access point on Device 1 and Device 3.

    # Configure Device 1.
    [~Device1] bridge-domain 10
    [*Device1-bd10] quit
    [*Device1] interface 10GE1/0/2.1 mode l2
    [*Device1-10GE1/0/2.1] encapsulation dot1q vid 10
    [*Device1-10GE1/0/2.1] bridge-domain 10
    [*Device1-10GE1/0/2.1] quit
    [*Device1] commit

    Repeat these steps for Device 3. For configuration details, see Configuration Files in this section.

  4. Configure EVPN as the VXLAN control plane on Device 1, Device 2, and Device 3.

    # Configure Device 1.
    [~Device1] evpn-overlay enable
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  5. Configure BGP EVPN peer relationships between Device 1, Device 2, and Device 3.

    # Configure Device 1.

    [~Device1] bgp 100
    [*Device1-bgp] peer 3.3.3.3 as-number 100
    [*Device1-bgp] peer 3.3.3.3 connect-interface LoopBack1
    [*Device1-bgp] peer 4.4.4.4 as-number 100
    [*Device1-bgp] peer 4.4.4.4 connect-interface LoopBack1
    [*Device1-bgp] l2vpn-family evpn
    [*Device1-bgp-af-evpn] peer 3.3.3.3 enable
    [*Device1-bgp-af-evpn] peer 4.4.4.4 enable
    [*Device1-bgp-af-evpn] quit
    [*Device1-bgp] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  6. Configure EVPN instances on Device 1, Device 2, and Device 3.

    # Configure Device 1.
    [~Device1] bridge-domain 10
    [~Device1-bd10] vxlan vni 5010
    [*Device1-bd10] evpn
    [*Device1-bd10-evpn] route-distinguisher 11:1
    [*Device1-bd10-evpn] vpn-target 1:1
    [*Device1-bd10-evpn] quit
    [*Device1-bd10] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  7. Configure an ingress replication list.

    # Configure Device 1.
    [~Device1] interface nve 1
    [*Device1-Nve1] source 2.2.2.2
    [*Device1-Nve1] vni 5010 head-end peer-list protocol bgp
    [*Device1-Nve1] quit
    [*Device1] commit

    Repeat the other steps for Device 2 and Device 3. For configuration details, see Configuration Files in this section.

  8. Configure L3VPN instances on Device 2.

    [~Device2] ip vpn-instance vpn1
    [*Device2-vpn-instance-vpn1] ipv6-family
    [*Device2-vpn-instance-vpn1-af-ipv6] route-distinguisher 10:1
    [*Device2-vpn-instance-vpn1-af-ipv6] vpn-target 3:3
    [*Device2-vpn-instance-vpn1-af-ipv6] commit
    [~Device2-vpn-instance-vpn1-af-ipv6] quit
    [~Device2-vpn-instance-vpn1] quit

  9. Configure a service loopback interface on Device 2 (This step only needs to be performed on the CE6850HI/CE6850U-HI/CE6851HI/CE6860EI/CE7850EI/CE8850EI/CE8860EI.)

    [~Device2] interface eth-trunk 2
    [*Device2-Eth-Trunk2] service type tunnel
    [*Device2-Eth-Trunk2] quit
    [*Device2] interface 10ge 1/0/5
    [*Device2-10GE1/0/5] eth-trunk 2
    [*Device2-10GE1/0/5] quit
    [*Device2] commit
    
    NOTE:
    • The member interfaces must be idle physical interfaces that do not transmit services. There is no requirement on the interface status.
    • Ensure that the Eth-Trunk bandwidth is at least twice the bandwidth required for transmitting Layer 3 VXLAN gateway traffic. For example, if traffic is sent from users to the gateway across the VXLAN network at a rate of 10 Gbit/s, add two 10GE interface to the Eth-Trunk that you want to use as the service loopback interface.

  10. Configure Device 2 as a Layer 3 VXLAN gateway.

    [~Device2] interface vbdif 10
    [*Device2-Vbdif10] ip binding vpn-instance vpn1
    [*Device2-Vbdif10] ipv6 enable
    [*Device2-Vbdif10] ipv6 address fc00:1::1 96
    [*Device2-Vbdif10] quit
    [*Device2] commit

  11. Verify the configuration.

    After completing the configurations, run the display vxlan tunnel command to check VXLAN tunnel information. Run the display vxlan vni command on Device 1, Device 2, and Device 3 to check that the VNI status is Up. The following example uses the command output on Device 2.

    [~Device2] display vxlan tunnel
    Number of vxlan tunnel : 2
    Tunnel ID   Source                Destination           State  Type     Uptime
    -----------------------------------------------------------------------------------
    4026531843  3.3.3.3               2.2.2.2               up     dynamic  0035h21m
    4026531844  3.3.3.3               4.4.4.4               up     dynamic  0035h22m
    [~Device2] display vxlan vni
    Number of vxlan vni : 1
    VNI            BD-ID            State
    ---------------------------------------
    5010           10               up

  12. Configure DHCPv6 relay on Device 2.

    [~Device2] dhcpv6 enable
    [*Device2] interface Vbdif10
    [*Device2-Vbdif10] dhcpv6 relay destination fc00:2::2 public-net
    [*Device2-Vbdif10] dhcpv6 vss-control insert enable
    [*Device2-Vbdif10] dhcpv6 relay source-ip-address fc00:2::1
    [*Device2-Vbdif10] commit

  13. Configure the DHCPv6 server.

    The DHCPv6 server must meet the following conditions:
    • An address pool is configured on the DHCPv6 server so that the DHCPv6 server can assign IPv6 addresses to DHCPv6 clients.

    • An address lease is configured to improve IP address usage efficiency.

  14. Verify the configuration.

    Run the display dhcpv6 relay statistics command on Device 2. The command output shows statistics about DHCPv6 messages.

    [~Device2] display dhcpv6 relay statistics
      -------------------------------------------------------------------
      Bad packets received                                :   0
      DHCPv6 packets received from clients                :   41357
             DHCPv6 SOLICIT packets received              :   41357
             DHCPv6 REQUEST packets received              :   0
             DHCPv6 CONFIRM packets received              :   0
             DHCPv6 RENEW packets received                :   0
             DHCPv6 REBIND packets received               :   0
             DHCPv6 DECLINE packets received              :   0
             DHCPv6 RELEASE packets received              :   0
             DHCPv6 INFORMATION-REQUEST packets received  :   0
    
      DHCPv6 packets received from relay agents or servers:   6
             DHCPv6 RELAY-FORWARD packets received        :   6
             DHCPv6 RELAY-REPLY packets received          :   0
    
      DHCPv6 packets sent to clients                      :   0
             DHCPv6 ADVERTISE packets sent                :   0
             DHCPv6 REPLY packets sent                    :   0
             DHCPv6 RECONFIGURE packets sent              :   0
    
      DHCPv6 packets sent to relay agents or servers      :   41333
             DHCPv6 RELAY-FORWARD packets sent            :   41333
             DHCPv6 RELAY-REPLY packets sent              :   0
    
      DHCPv6 packets dropped                              :   33
             Table full                                   :   0
             General error                                :   33
             IPSec authentication failed                  :   0
    
      -------------------------------------------------------------------

Configuration Files

  • Device 1 configuration file

    #
    sysname Device1
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE6870EI/CE6875EI.
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 11:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 10
     bridge-domain 10
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    interface Nve1
     source 2.2.2.2
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 3.3.3.3 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
    #
    return
  • Device 2 configuration file

    #
    sysname Device2
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE6870EI/CE6875EI.
    #
    dhcpv6 enable
    #
    evpn-overlay enable
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 10:1
      vpn-target 3:3 export-extcommunity
      vpn-target 3:3 import-extcommunity
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 21:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface Vbdif10
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address FC00:1::1/96
     dhcpv6 vss-control insert enable
     dhcpv6 relay destination FC00:2::2 public-net
     dhcpv6 relay source-ip-address FC00:2::1
    #
    interface Eth-Trunk2   //This step is required only for the CE6850HI/CE6850U-HI/CE6851HI/CE6860EI/CE7850EI/CE8850EI/CE8860EI.
     service type tunnel
     # 
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/2
     undo portswitch
     ip address 192.168.2.1 255.255.255.0
    #
    interface 10GE1/0/3
     undo portswitch
     ipv6 enable
     ipv6 address FC00:2::1 96
    #
    interface 10GE1/0/5   //This step is required only for the CE6850HI/CE6850U-HI/CE6851HI/CE6860EI/CE7850EI/CE8850EI/CE8860EI.
     eth-trunk 2 
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Nve1
     source 3.3.3.3
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 4.4.4.4 as-number 100
     peer 4.4.4.4 connect-interface LoopBack1
     #
      ipv4-family unicast
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 4.4.4.4 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.2.0 0.0.0.255
    #
    return
  • Device 3 configuration file

    #
    sysname Device3
    #
    assign forward nvo3 acl extend enable   //This step is required only for the CE6870EI/CE6875EI.
    #
    evpn-overlay enable
    #
    bridge-domain 10
     vxlan vni 5010
     evpn
      route-distinguisher 31:2
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    interface 10GE1/0/1
     undo portswitch
     ip address 192.168.2.2 255.255.255.0
    #
    interface 10GE1/0/2.1 mode l2
     encapsulation dot1q vid 20
     bridge-domain 10
    #
    interface LoopBack1
     ip address 4.4.4.4 255.255.255.255
    #
    interface Nve1
     source 4.4.4.4
     vni 5010 head-end peer-list protocol bgp
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
     #
     l2vpn-family evpn
      policy vpn-target
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.4 0.0.0.0
      network 192.168.2.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004354

Views: 69218

Downloads: 147

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next