No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VXLAN Tunnel

Configuring a VXLAN Tunnel


When deploying a VXLAN network, you need to configure the uplink interfaces of the devices for VXLAN tunnel establishment.

A VXLAN tunnel is established between IP addresses of two virtual tunnel end points (VTEPs). Border Gateway Protocol (BGP) Ethernet VPN (EVPN) can be used to dynamically establish VXLAN tunnels by establishing a BGP EVPN peer relationship between two VTEPs and using BGP EVPN routes to transmit VXLAN network identifiers (VNIs) and VTEP IP addresses between the peer.


A VXLAN tunnel is specified by a pair of VTEP IP addresses. When a local VTEP receives the same remote VTEP IP address repeatedly, only one VXLAN tunnel can be established, but packets are encapsulated with different VNIs before being forwarded through the tunnel.


  1. Establish a BGP EVPN peer relationship.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The remote PE is configured as a BGP EVPN peer.

    4. Run peer ipv4-address connect-interface loopback interface-number

      An interface is specified for setting up a TCP connection with the BGP EVPN peer.

    5. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    6. Run peer { ipv4-address | group-name } enable

      The ability to exchange EVPN routes with the peer or in a group is enabled.

    7. (Optional) Run peer ipv4-address group group-name

      The BGP EVPN peer is added to a peer group.

      Adding the BGP EVPN peer to a peer group simplifies configuration and management of the BGP network.

    8. (Optional) Run peer { group-name | ipv4-address } route-policy route-policy-name export

      The BGP EVPN peer (group) is configured to advertise only specified routes.

      To strictly control EVPN route advertisement, you need to configure an export routing policy. It can filter routes to be advertised to other EVPN peers (group).

    9. (Optional) Run peer { ipv4-address | group-name } route-policy route-policy-name import

      The BGP EVPN peer (group) is configured to receive only specified routes.

      To strictly control EVPN route acceptance, you need to configure an import routing policy. It can filter routes received from other EVPN peers (group).

    10. (Optional) Run undo policy vpn-target

      The device is disabled from filtering received EVPN routes by the VPN target.

    11. (Optional) Run peer { group-name | ipv4-address } mac-limit mac-limit [ idle-forever | idle-timeout times ]

      The maximum number of MAC advertisement routes received from a peer is specified.

      An EVPN instance may import many unused MAC advertisement routes from some peers. It is recommended that you run this command when the number of received MAC advertisement routes from the peers occupies a large percentage of the total number of MAC advertisement routes on the device.

    12. Run quit

      Exit from the BGP-EVPN address family view and return to the BGP view.

    13. Run quit

      Exit from the BGP view and return to the system view.

  2. Configure an IP address for the source VTEP.
    1. Run interface nve nve-number

      An NVE interface is created, and the NVE interface view is displayed.

      By default, no NVE interface is created.

    2. Run source ip-address

      An IP address is configured for the source VTEP.

      By default, no IP address is configured for a source VTEP.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153615

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next