No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - VPN 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DCI Scenarios

DCI Scenarios

Data Center Interconnection (DCI) provides solutions to interconnect data centers. Using Virtual extensible local area network (VXLAN), Ethernet virtual private network (EVPN), and BGP/MPLS IP VPN technologies, DCI solutions allow packets that are exchanged between data centers to be transmitted securely and reliably over carrier networks, allowing VMs in different data centers to communicate with each other.

DCI-related concepts are described as follows.

Table 12-7  Basic DCI concepts

Concept

Description

Overlay network

  • An overlay network is a logical network deployed over a physical network and can be regarded as a network connected through virtual or logical links.
  • An overlay network has its own control plane and forwarding plane.
  • An overlay network is a step forward for a physical network towards cloud and virtualization. An overlay network is critical for cloud network convergence because it frees cloud resource pool capabilities from various restrictions of the physical network.

Underlay network

An underlay network is the physical network that bears the overlay network.

Separate deployment

Separate deployment indicates that data center gateways are independent from PEs on the DCI backbone network.

Integrated deployment

Integrated deployment indicates that a device functions not only as a data center gateway but also as a PE on the DCI backbone network. Integrated deployment applies when data centers are established by carriers themselves.

DCI Scenarios

As shown in Figure 12-45, the devices access DCI-PE-GWs through a VXLAN or VLAN. MPLS VPN and MPLS EVPN can be deployed on the DCI backbone network to implement Layer 3 forwarding and Layer 2 forwarding, respectively.

Figure 12-45  Basic DCI scenarios

DCI Control Plane

DCI solutions are responsible for Layer 3 Route Advertisement and Layer 2 Route Advertisement on the control plane.

Layer 3 Route Advertisement

A data center uses EVPN to send IRB or IP prefix routes with tenant host IP addresses to an edge device on a carrier network. After receiving the VXLAN-encapsulated routes, the edge device changes them to MPLS-encapsulated VPNv4 routes, and sends the VPNv4 routes to its VPNv4 peer.

Table 12-8  Routes on the data center and carrier network sides
Side

Route

Fields Carried in the Route

Data center

EVPN IRB route

  • RD1: route distinguisher of an EVPN instance
  • VM-MAC: MAC address of a VM host
  • VM-IP: IP address of a VM host
  • Label1: Layer 2 VXLAN network identifier (L2VNI) of a VXLAN tunnel
  • Label2: Layer 3 VXLAN network identifier (L3VNI) of a VXLAN tunnel
  • NHP: next-hop IP address of a route, which is the virtual tunnel end point (VTEP) address of a device in the data center
  • ExtCommunity: extended community attribute of the route, including the VXLAN, Router-MAC, and export route target (ERT) attributes

EVPN IP prefix route

  • RD1: route distinguisher of an EVPN instance
  • VM-IP: IP address of a VM host
  • Label1: L3VNI of a VXLAN tunnel
  • NHP: next-hop IP address of a route, which is the virtual tunnel end point (VTEP) address of a device in the data center
  • ExtCommunity: extended community attribute of the route, including the VXLAN, Router-MAC, and ERT attributes

Carrier network

VPNv4 route

  • RD2: route distinguisher of the VPNv4 route
  • VM-IP: IP address of a VM host
  • Label: VPN label and public network label carried in the VPNv4 route
  • NHP: next-hop IP address of a route, which is the IP address used to establish the VPNv4 peer relationship
  • ExtCommunity: extended community attribute of the route, including only the ERT attribute
In DCI solutions, a carrier network can carry Layer 3 traffic, in both integrated and separated deployment scenarios. In the two scenarios, Layer 3 route advertisement processes on the DCI backbone network are the same. This section describes the Layer 3 route advertisement process only in the integrated deployment scenario. Figure 12-46 shows the networking of the integrated deployment scenario.
Figure 12-46  Basic MPLS integrated deployment scenario

Figure 12-47 illustrates the Layer 3 route advertisement process. The detailed process is described as follows:
  1. After receiving a VM host route from Device 1, DCI-PE1-GW1 parses the route, regardless of whether it is an IRB or IP prefix route.
  2. Based on the RT of the VM host route, DCI-PE1-GW1 crosses the VPNv4 route to a local VPN instance.
  3. DCI-PE1-GW1 changes the next hop of the EVPN route to the IP address used to establish the VPNv4 peer relationship, performs re-encapsulation, and replaces the RD and RT of the EVPN route with the RD and RT of the L3VPN instance, respectively. In addition, DCI-PE1-GW1 applies for an MPLS label and sends the VPNv4 route to DCI-PE2-GW2.
  4. Based on the RT of the VPNv4 route, DCI-PE2-GW2 crosses the VPNv4 route to a local VPN instance.
  5. DCI-PE2-GW2 changes the next hop of the VPNv4 route to the local VTEP address, performs re-encapsulation, replaces the RD and RT of the VPNv4 route with the RD and RT of the L3VPN instance, respectively. In addition, DCI-PE2-GW2 adds the L3VNI and sends the EVPN route to Device 2.
Figure 12-47  Layer 3 routes in an MPLS integrated deployment scenario

Layer 2 Route Advertisement

A data center sends EVPN routes with tenant host MAC addresses to an edge device on a carrier network. After receiving the routes, the edge device changes them into MPLS-encapsulated EVPN routes, and sends the EVPN routes to its EVPN peer.

Table 12-9  Routes on the data center and carrier network sides
Side

Route

Fields Carried in the Route

Data center

EVPN MAC route or ARP route

  • RD1: route distinguisher of an EVPN instance
  • VM-MAC: MAC address of a VM host
  • VM-IP: IP address of a VM host, which is carried only in ARP routes
  • Label1: L2VNI of a VXLAN tunnel
  • NHP: next-hop IP address of a route, which is the virtual tunnel end point (VTEP) address of a device in the data center or the IP address used to establish an EVPN peer relationship
  • ExtCommunity: extended community attribute of the route, including the VXLAN and ERT attributes

Carrier network

EVPN ARP or ARP route

  • RD2: route distinguisher of the EVPN route
  • VM-MAC: MAC address of a VM host
  • VM-IP: IP address of a VM host, which is carried only in ARP routes
  • Label: VPN label and public network label carried in the EVPN route
  • NHP: next-hop IP address of a route, which is the IP address of an EVPN peer or the IP address used to establish an EVPN peer relationship
  • ExtCommunity: extended community attribute of the route, including only the ERT attribute

In DCI solutions, a carrier network can carry Layer 2 traffic only in the integrated deployment scenario.

Figure 12-48 illustrates the Layer 2 route advertisement process. The detailed process is described as follows:
  1. After receiving a VM host MAC route from Device 1, DCI-PE1-GW1 parses and learns the route.
  2. Based on the RT of the VM host MAC route, DCI-PE1-GW1 crosses the EVPN route to a local EVPN instance.
  3. DCI-PE1-GW1 changes the next hop of the EVPN route to the IP address used to establish the EVPN peer relationship, performs re-encapsulation, and replaces the RD and RT of the VXLAN-encapsulated EVPN route with the RD and RT of the EVPN instance, respectively. In addition, DCI-PE1-GW1 applies for an MPLS label and sends the EVPN route to DCI-PE2-GW2.
  4. Based on the RT of the EVPN route, DCI-PE2-GW2 crosses the EVPN route to a local EVPN instance.
  5. DCI-PE2-GW2 changes the next hop of the EVPN route to the local VTEP IP address, performs re-encapsulation, and replaces the RD and RT of the EVPN route with the RD and RT of the EVPN instance, respectively. In addition, DCI-PE2-GW2 adds the L2VNI and sends the EVPN route to Device 2.
Figure 12-48  Layer 2 routes in an MPLS integrated deployment scenario

DCI Data Plane

In DCI solutions, after a device on a carrier network receives a packet from a data center, the device forwards the packet through the data plane. The packet is then transmitted hop by hop over the backbone network, implementing inter-data center communication.
  • Layer 3 Traffic Forwarding

    In DCI solutions, a carrier network can carry Layer 3 traffic, in both integrated and separated deployment scenarios. In the two scenarios, traffic forwarding processes on the data plane over the DCI backbone network are the same. This section describes the traffic forwarding process only in the integrated deployment scenario.
    Figure 12-49  Basic MPLS integrated deployment scenario

    On the network shown in Figure 12-49, Layer 3 traffic forwarding on the data plane is described as follows:
    1. After receiving a VXLAN packet carrying a VM host route from Device 1 in data center A, DCI-PE1-GW1 parses the packet and obtains the corresponding VPN instance according to VNI carried in the packet. In addition, DCI-PE1-GW1 searches the VPN instance for the outbound interface and encapsulation information based on the prefix of the VM host route's destination IP address. Because the outbound interface is an MPLS tunnel interface, DCI-PE1-GW1 encapsulates the inner Layer 3 packet using MPLS and sends the MPLS packet through the MPLS tunnel over the backbone network.
    2. After DCI-PE2-GW2 receives double-tagged MPLS packet, it parses the packet using MPLS, removes the outer MPLS public network label, and obtains the corresponding VPN instance based on the VPN label. Then, DCI-PE2-GW2 searches the VPN forwarding table based on the prefix of the VM host route's destination IP address. Because the next hop is a VXLAN tunnel interface and the VTEP of the VXLAN tunnel is Device 2 in data center B. DCI-PE2-GW2 encapsulates the original data packages and attributes such as L3VNI and Router-MAC into a VXLAN packet and sends it to Device 2.
  • Layer 2 Traffic Forwarding

    In DCI solutions, a carrier network can carry Layer 2 traffic only in the integrated deployment scenario.

    On the network shown in Figure 12-49, Layer 2 traffic forwarding on the data plane is described as follows:
    1. After receiving a VXLAN packet carrying a VM MAC route from Device 1 in data center A, DCI-PE1-GW1 parses the packet and obtains the corresponding Layer 2 broadcast domain according to the VNI carried in the packet. In addition, DCI-PE1-GW1 searches the Layer 2 broadcast domain for the outbound interface and encapsulation information based on the destination MAC address of the VM host. Because the outbound interface is an MPLS tunnel interface, DCI-PE1-GW1 encapsulates the inner Layer 2 packet using MPLS and sends the MPLS packet through the MPLS tunnel over the backbone network.
    2. After DCI-PE2-GW2 receives the MPLS packet, it parses the packet using MPLS, removes the outer MPLS public network label, and obtains the Layer 2 broadcast domain based on the EVPN label and BD ID. Then, DCI-PE2-GW2 searches the Layer 2 broadcast domain based on the destination MAC address of the VM host. Because the outbound interface is a VXLAN tunnel interface and the VTEP of the VXLAN tunnel is Device 2 in data center B, DCI-PE2-GW performs VXLAN encapsulation based on the VXLAN tunnel information, and sends the VXLAN packet to Device 2.
Download
Updated: 2018-07-04

Document ID: EDOC1100027166

Views: 42635

Downloads: 165

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next