No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Static VXLAN Active-Active Scenario

Configuring the Static VXLAN Active-Active Scenario

In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.

Context

On the network shown in Figure 17-14, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote NVE interface. A VTEP address is configured on the CPE to establish a VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.

The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.

NOTE:

Before an IPv6 network is used to transmit traffic between a CPE and PE, an IPv4 over IPv6 tunnel must be configured between them. To enable a VXLAN tunnel to be iterated to the IPv4 over IPv6 tunnel, static routes must be configured on the CPE and PE, and the outbound interface of the route destined for the VXLAN tunnel's destination IP address must be set to the IPv4 over IPv6 tunnel interface.

Figure 17-14 Networking diagram for configuring the static VXLAN active-active scenario

Procedure

  1. Configure AC-side service access.
    1. Configure an Eth-Trunk interface on CE1 to dual-home CE1 to PE1 and PE2.
    2. Configure service access points. For configuration details, see the section Configuring a VXLAN Service Access Point.
    3. Configure the same Ethernet Segment Identifier (ESI) for the links connecting CE1 to PE1 and PE2.

      1. Run the interface eth-trunk command to enter the Eth-Trunk interface view.
      2. Run the esi command to configure an ESI.
      3. Run the commit command to commit the configuration.

  2. Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see the section Configuring a VXLAN Tunnel.
  3. Configure a bypass VXLAN tunnel between PE1 and PE2.
    1. Configure a BGP EVPN peer relationship.

      1. Run the bgp as-number, BGP is enabled, and the BGP view is displayed.
      2. Run the peer ipv4-address as-number as-number. The peer device is configured as a BGP peer.
      3. Run the l2vpn-family evpn. The BGP-EVPN address family view is displayed.
      4. Run the peer { ipv4-address | group-name } enable. The device is enabled to exchange EVPN routes with a specified peer or peer group.
      5. Run the peer { ipv4-address | group-name } advertise encap-type vxlan. The device is enabled to exchange EVPN routes with a specified peer or peer group.
      6. Run the quit, exit from the BGP-EVPN address family view.
      7. Run the ipv4-family vpnv4. The BGP-VPNv4 address family view is displayed.
      8. Run the peer { ipv4-address | group-name } enable. The device is enabled to exchange routes with a specified peer or peer group.
      9. Run the undo synchronization, disables synchronization between BGP and an IGP.
      10. Run the quit, exit from the BGP-VPNv4 view.
      11. Run the quit, exit from the BGP view.
      12. Run the commit,command to commit the configuration.

    2. Configure a VPN instance or EVPN instance.

      • Layer 2 communication (Configure an EVPN instance.)

        1. Run the evpn vpn-instance vpn-instance-name bd-mode. A BD EVPN instance is created, and the EVPN instance view is displayed.
        2. Run the route-distinguisher route-distinguisher. An RD is configured for the EVPN instance.
        3. Run the vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

          VPN targets are configured for the EVPN instance.

          NOTE:
          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.
        4. Run the quit, exit from the EVPN instance view.
        5. Run the bridge-domain bd-id, the BD view is displayed.
        6. Run the vxlan vni vni-id split-horizon-mode.

          A VNI is created and associated with the BD, and split horizon is applied to the BD.

        7. Run the evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ], a specified EVPN instance is bound to the BD. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs..
        8. Run the quit, exit from the BD view.
        9. Run the commit,command to commit the configuration.
      • Layer 3 communication (Configure a VPN instance.)

        1. Run the ip vpn-instance vpn-instance-name, A VPN instance is created, and the VPN instance view is displayed.
        2. Run the ipv4-family [ unicast ], Enable the IPv4 address family for a VPN instance.
        3. Run the route-distinguisher route-distinguisher, An RD is configured for the VPN instance.
        4. Run the vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] [ evpn ]

          VPN targets are configured for the EVPN instance.

          NOTE:
          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.
        5. Run the quit, exit from the VPN instance ipv4-family view.
        6. Run the quit, exit from the VPN instance view.
        7. Run the bridge-domain bd-id, the BD view is displayed.
        8. Run the vxlan vni vni-id split-horizon-mode, A VNI is created and associated with the BD, and split horizon is applied to the BD.
        9. Run the quit, exit from the BD view.
        10. Run the commit,command to commit the configuration.

    3. Enable the inter-chassis VXLAN function on PE1 and PE2.

      1. Run the evpn command to enter the EVPN view.
      2. Run the bypass-vxlan enable command to enable the inter-chassis VXLAN function.
      3. Run the quit, exit from the EVPN view.
      4. Run the commit command to commit the configuration.

    4. Configure an ingress replication list.

      1. Run the interface nve nve-number command to enter the NVE interface view.
      2. Run the source ip-address, an IP address is configured for the source VTEP.
      3. Run the vni vni-id head-end peer-list protocol bgp, an ingress replication list is configured.
      4. Run the bypass source ip-address command configures a source VTEP address for the bypass VLAN tunnel.
      5. Run the mac-address mac-address command to configure a VTEP MAC address.
      6. Run the quit, exit from the NVE interface view.
      7. Run the commit command to commit the configuration.

  4. Configure FRR on the PEs.

    • Layer 2 communication

      1. Run the evpn command to enter the EVPN view.
      2. Run the vlan-extend private command to enable routes to be sent to carry the VLAN private extended community attribute.
      3. Run the vlan-extend redirect command to enable the function of redirecting received routes the VLAN private extended community attribute.
      4. Run the local-remote frr command to enable FRR for MAC routes between the local and remote ends.‏
      5. Run the quit, exit from the EVPN view.
      6. Run the commit command to commit the configuration.
    • Layer 3 communication

      1. Run the bgp as-number command to enter the BGP view.
      2. Run the ipv4-family vpn-instance vpn-instance-name command enables the BGP-IPv4 address family and displays the address family view.
      3. Run the auto-frr command to enable BGP auto FRR.
      4. Run the peer { ipv4-address | group-name } enablecommand to enable the function of exchanging EVPN routes with a specified peer or peer group. The IP address is a CE address.
      5. Run the advertise l2vpn evpn command to enable a VPN instance to advertise IP routes to an EVPN instance.
      6. Run the quit, exit from the BD view.
      7. Run the commit command to commit the configuration.

  5. (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
    1. Run the system-view command to enter the system view.
    2. Run the evpn enhancement port port-id command to configure a UDP port.

      The same UDP port number must be set for the PEs in the active state.

    3. Run the commit,command to commit the configuration.
  6. (Optional) Configure a VXLAN over IPSec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.

    For configuration details, see the section Example for Configuring VXLAN over IPsec.

Checking the Configuration

After configuring the VXLAN active-active scenario, check information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16517

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next