No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Implementation

Implementation

Overview

An EVPN is a VPN used for Layer 2 interworking. EVPN is similar to BGP/MPLS IP VPN. Using extended reachability information, EVPN implements MAC address learning and advertisement between Layer 2 networks at different sites on the control plane rather than on the data plane.

EVPN Routes

EVPN defines a new type of BGP network layer reachability information (NLRI), called the EVPN NLRI. The EVPN NLRI defines new types of EVPN routes for IP address learning and advertisement between Layer 3 networks at different sites.

During dynamic establishment of a VXLAN tunnel, EVPN functions as the VXLAN control plane and uses IP prefix routes defined by the EVPN NLRI to communicate VTEP addresses and host information. Therefore, EVPN implements VTEP discovery and host information learning on the control plane instead of the data plane.

An IP prefix route is type 5 route. The format of EVPN NLRI specific to IP prefix routes is shown in Figure 9-2.

Figure 9-2  Format of EVPN NLRI specific to IP prefix routes

The description of each field is as follows:

Field

Description

Route Distinguisher

Indicates the RD value of a VPN instance.

Ethernet Segment Identifier

Uniquely identifies a connection between the current PE and a peer CE.

Ethernet Tag ID

Indicates the actual VLAN ID configured on the current PE.

IP Prefix Length

Indicates the mask length carried in an IP prefix route.

IP Prefix

Indicates the IP prefix address carried in an IP prefix route.

GW IP Address

Indicates the default gateway address. This field is not used in a VXLAN scenario.

MPLS Label

Indicates the Layer 3 VNI carried in an IP prefix route.

The IP Prefix Length and IP Prefix fields carry information of a host IP address or network segment address to identify a host or network segment.

  • If the fields carry information of a host IP address, the information is used to advertise host IP routes on the control plane.

  • If the fields carry information of a network segment address, the information is used for hosts in a VXLAN to access an external network.

Related Concepts

  • VXLAN tunnel endpoint (VTEP)

    A VTEP encapsulates and decapsulates VXLAN packets. It is represented by an NVE.

    A VTEP connects to a physical network and is assigned a physical network IP address. This IP address is irrelevant to virtual networks.

    In VXLAN packets, the source IP address is the local node's VTEP address, and the destination IP address is the peer node's VTEP address. This pair of VTEP addresses corresponds to a VXLAN tunnel.

  • Network Virtualization Edge (NVE)

    An NVE is a network entity that is deployed at the network edge and implements network virtualization functions. NVEs encapsulate and convert VXLAN packets and then establish a Layer 2 overlay virtual network over the Layer 3 infrastructure.

  • VXLAN Network Identifier (VNI)

    A VNI is similar to a VLAN ID and is used to identify a VXLAN segment.

    A VNI identifies only one tenant. Even if multiple terminal users belong to the same VNI, they are considered one tenant.

    A VNI is associated with a VPN instance to allow VXLAN packets to be forwarded between sub-networks.

  • EVPN-VPN target

    A VPN instance is associated with one or more EVPN-VPN targets. EVPN-VPN targets are classified into the following types:

    • Export EVPN-VPN targets are carried in the EVPN routes to be advertised to remote EVPN peers.

    • Import EVPN-VPN targets are compared with the export EVPN-VPN targets carried in EVPN routes to determine which EVPN routes can be imported to the routing table of the local VPN instance IPv4 address family.

    EVPN-VPN targets control the sending and receiving of EVPN routes. During EVPN route cross, if one of the export EVPN-VPN targets carried in EVPN routes is the same as the import EVPN-VPN target configured in the local VPN instance IPv4 address family, the EVPN routes can be imported to the local VPN instance IPv4 address family.

Deploying a VXLAN Tunnel Using EVPN

As shown in Figure 9-3, a VXLAN tunnel is established in the following process:
  1. Device1 and Device2 each have a VPN instance created, and an EVPN peer relationship is established between them.
  2. Device1 and Device2 send IP prefix routes to each other. Device1 imports to its VPN instance the address of Host1 or address of the network segment to which Host1 belongs. Then Device1 sends an IP prefix route carrying the address to Device2. Device2 also performs the same operation.
  3. After Device1 and Device2 receive the IP prefix routes from each other, they each check the export EVPN-VPN target in the IP prefix routes. If the export EVPN-VPN target is the same as the import EVPN-VPN target configured in the local VPN instance IPv4 address family, they each accept the IP prefix route sent by the peer device. If the export and import EVPN-VPN targets are different, they each discard the IP prefix route. After accepting the IP prefix routes, Device1 and Device2 each save the peer VTEP IP address and VNI carried in the IP prefix routes. During packet forwarding, the saved information is encapsulated in the outer layer of the data packets, and then they are transmitted through the VXLAN tunnel.
Figure 9-3  Deploying a VXLAN tunnel using EVPN

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144764

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next