No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an EVPN to Carry Layer 3 Services

Configuring an EVPN to Carry Layer 3 Services

On DCI and IP RAN networks, you can configure EVPN functions to carry Layer 3 services.

Usage Scenario

On a traditional network, the BGP/MPLS IP VPN function is used to carry Layer 3 services. To additionally carry Layer 2 services, users have to deploy an L2VPN over the existing network, which increases deployment and O&M costs. To address this problem, users can deploy an EVPN to carry Layer 3 services. To additionally carry Layer 2 services, users only add some EVPN configurations, implementing the bearer of both Layer 2 and Layer 3 services. This does not increase the deployment and O&M costs.

EVPN can replace BGP/MPLS IP VPN in the following scenarios to carry Layer 3 services:
  • Intra-AS mutual VPN communication

    On the network shown in Figure 11-4, the VPNs at Site 1 and Site 2 need to communicate with each other through a public MPLS network. To implement this communication, perform the following configurations:
    1. Configure an L3VPN instance on each PE to manage VPN routes.

    2. Establish a BGP EVPN peer relationship between the PEs to transmit EVPN routes carrying VPN routes.

    3. Establish an IGP neighbor relationship or BGP peer relationship between each PE and CE at the access side to mutually transmit VPN routes.

    Figure 11-4 Intra-AS mutual VPN communication
  • Inter-AS mutual VPN communication

    On the network shown in Figure 11-5, the VPNs at Site 1 and Site 2 need to communicate with each other through two public MPLS networks in different ASs. To implement this communication, perform the following configurations:
    1. Configure an L3VPN instance on each PE to manage VPN routes.

    2. Establish IBGP EVPN peer relationships between PEs and ASBRs and an EBGP EVPN peer relationship between the ASBRs to transmit EVPN routes carrying VPN routes between the PEs.

    3. Establish an IGP neighbor relationship or BGP peer relationship between each PE and CE at the access side to mutually transmit VPN routes.

    Figure 11-5 Inter-AS mutual VPN communication
  • DCI network

    The EVPN function applies to traditional DCs that interconnect through a DCI network. On the network shown in Figure 11-6, DC-GWs and DCI-PEs are separately deployed. The DCI-PEs consider the connected DC-GWs as CEs, receive VM IP routes from the DCs through a routing protocol, and save and maintain the received routes. Deploying an EVPN over the DCI backbone network allows VM IP routes to be transmitted between DCs, implementing inter-DC VM communication. To implement this communication, perform the following configurations:
    1. Configure an L3VPN instance on each PE to manage VM IP routes.

    2. Establish an IBGP EVPN peer relationship between the PEs to transmit EVPN routes carrying VM IP routes.

    3. Establish an IGP neighbor relationship or BGP peer relationship between each PE and DC-GW to mutually transmit VM IP routes.

    Figure 11-6 DCI network

Pre-configuration Tasks

Before configuring an EVPN to carry Layer 3 services, ensure Layer 3 route reachability on the IPv4 network.

Configuration Procedures

Figure 11-7 Flowchart for configuring an EVPN to carry Layer 3 services

Configuring an L3VPN Instance

You can configure an L3VPN instance to store and manage received VPN routes or VM routes.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ip vpn-instance vpn-instance-name

    A VPN instance is created, and the VPN instance view is displayed.

  3. Run ipv4-family

    The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

  4. Run route-distinguisher route-distinguisher

    An RD is configured for the VPN instance IPv4 address family.

  5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

    VPN targets are configured for the VPN instance IPv4 address family to mutually import routes with the remote PE's L3VPN instance.

    When the local PE advertises EVPN routes to the remote PE, the EVPN routes carry the export VPN target configured using this command. When the local PE receives an EVPN route from the remote end, the route can be imported into the routing table of the VPN instance IPv4 address family only if the VPN target carried in the EVPN route is included in the import VPN target list of the VPN instance IPv4 address family.

  6. Run evpn mpls routing-enable

    EVPN is enabled to generate and advertise IP prefix routes and IRB routes.

  7. (Optional) Run tnl-policy policy-name evpn

    EVPN routes that can be imported into the VPN instance IPv4 address family are associated with a tunnel policy.

    This configuration allows data packets between PEs to be forwarded through a TE tunnel.

  8. Run quit

    Exit from the VPN instance IPv4 address family view.

  9. Run quit

    Exit from the VPN instance view.

  10. Run interface interface-type interface-number.subinterface-number

    An Ethernet sub-interface is created, and the Ethernet sub-interface view is displayed.

  11. (Optional) Run vlan-type dot1q vlan-id

    A VLAN to be associated with the Ethernet sub-interface is specified, and the VLAN encapsulation type is set.

  12. Run ip binding vpn-instance vpn-instance-name

    The Ethernet sub-interface is bound to the L3VPN instance.

  13. Run ip address ip-address { mask | mask-length }

    An IP address is configured for the Ethernet sub-interface.

  14. Run commit

    The configuration is committed.

Configuring BGP EVPN Peer Relationships

You can configure BGP EVPN peer relationships between PEs or between PEs and ASBRs as required to mutually transmit EVPN routes between the PEs. Additionally, you can configure BGP RRs to minimize the number of BGP EVPN peer relationships, saving network resources.

Procedure

  • Configure BGP EVPN peers.

    NOTE:

    If a BGP RR needs to be configured on the network, establish BGP EVPN peer relationships between all the PEs and the RR.

    1. Run bgp { as-number-plain | as-number-dot }

      BGP is enabled, and the BGP view is displayed.

    2. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The remote PE is specified as the BGP peer.

    3. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      A source interface and a source IP address are specified to set up a TCP connection between the BGP peers.

      NOTE:

      When loopback interfaces are used to establish a BGP connection, it is recommended that the peer connect-interface command be run on both ends to ensure correct connection. If this command is run on only one end, the BGP connection may fail to be established.

    4. (Optional) Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum number of hops allowable is set for an EBGP EVPN connection.

      Generally, EBGP EVPN peers are directly connected. If they are not directly connected, run the peer ebgp-max-hop command to allow the EBGP EVPN peers to establish a multi-hop TCP connection.

      NOTE:

      If loopback interfaces are used for an EBGP EVPN connection, the peer ebgp-max-hop command must be run, with the hop-count value greater than or equal to 2. If this configuration is absent, the EBGP EVPN connection fails to be established.

    5. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    6. Run import-route { direct | isis process-id | ospf process-id | rip process-id | static } [ med med | route-policy route-policy-name ] *

      The device is enabled to import non-BGP routing protocol routes into the BGP-VPN instance IPv4 address family. To advertise host IP routes, only enable the device to import direct routes. To advertise the routes of the network segment where a host resides, configure a dynamic routing protocol (such as OSPF) to advertise the network segment routes. Then enable the device to import routes of the configured routing protocol.

    7. Run advertise l2vpn evpn

      The BGP device is enabled to advertise IP prefix routes to the BGP peer. This configuration allows the BGP device to advertise both host IP routes and routes of the network segment where the host resides.

    8. Run quit

      Exit from the BGP-VPN instance IPv4 address family view.

    9. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    10. Run peer { ipv4-address | group-name } enable

      The local BGP device is enabled to exchange EVPN routes with a peer or peer group.

    11. Run quit

      Exit from the BGP view.

    12. Run commit

      The configuration is committed.

  • (Optional) Configure an RR. To minimize the number of BGP EVPN peers on the network, deploy an RR so that the PEs establish BGP EVPN peer relationships only with the RR.
    1. Run bgp { as-number-plain | as-number-dot }

      BGP is enabled, and the BGP view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } reflect-client

      The local device is configured as an RR, and a peer or peer group is specified as the RR client.

      The NE where the peer reflect-client command is run functions as the RR, and the specified peer or peer group functions as a client.

    4. (Optional) Run undo reflect between-clients

      Route reflection between clients through the RR is disabled.

      By default, route reflection between clients through an RR is enabled.

      If the clients of an RR have established full-mesh connections with each other, run the undo reflect between-clients command to disable route reflection between clients through the RR to reduce the link cost. The undo reflect between-clients command applies only to RRs.

    5. (Optional) Run reflector cluster-id cluster-id

      A cluster ID is configured for the RR.

      If a cluster has multiple RRs, run this command to set the same cluster ID for these RRs to prevent routing loops.

      The reflector cluster-id command applies only to RRs.

    6. Run commit

      The configuration is committed.

Configuring Route Exchange Between a PE and an Access-side Device

To implement route exchange between a PE and an access-side device, BGP or an IGP can be deployed between them, or static routes (including default routes) destined for each other can be configured on them. You can choose a dynamic routing protocol or static routes according to your network plan.

Procedure

  1. For configuration details, see Configuring Route Exchange Between PEs and CEs.

(Optional) Re-Encapsulating IRB Routes into IP Prefix Routes and ARP Routes

If you want to convert the IRB routes carrying the network segment address of a tenant host that are received by a device into host IP prefix routes or ARP routes, you must enable the device to re-encapsulate IRB routes into the desired routes.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run evpn

    The global EVPN configuration view is created and displayed.

  3. Run irb-reoriginated compatible

    The device is enabled to re-encapsulate IRB routes into IP prefix routes and ARP routes.

  4. Run commit

    The configuration is committed.

Verifying the Configuration of an EVPN to Carry Layer 3 Services

After configuring an EVPN to carry Layer 3 services, check the configurations.

Prerequisites

EVPN functions have been configured.

Procedure

  • Run the display bgp evpn { all | route-distinguisher route-distinguisher | vpn-instance vpn-instance-name } routing-table [ { ad-route | es-route | inclusive-route | mac-route | prefix-route } prefix ] command to check information about BGP EVPN routes.
  • Run the display ip routing-table vpn-instance vpn-instance-name command on the local PE to check information about VPN routes received from the remote PE.

Example

Run the display bgp evpn all routing-table command on a PE. The command output shows information about BGP EVPN routes.

[~PE] display bgp evpn all routing-table

 Local AS number : 100

 BGP Local router ID is 3.3.3.3
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 EVPN address family:
 Number of Mac Routes: 5
 Route Distinguisher: 20:2
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:3892-6c61-0300:0:0.0.0.0                          0.0.0.0
 *                                                            0.0.0.0
 *>    0:48:3892-6c61-0300:32:192.168.30.2                    0.0.0.0
 *>    0:48:38ba-16b3-9b05:0:0.0.0.0                          0.0.0.0
 *>    0:48:38ba-16b3-9b05:32:192.168.30.1                    0.0.0.0
    

 EVPN-Instance evrf1:
 Number of Mac Routes: 5
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:3892-6c61-0300:0:0.0.0.0                          0.0.0.0
 *                                                            0.0.0.0
 *>    0:48:3892-6c61-0300:32:192.168.30.2                    0.0.0.0
 *>    0:48:38ba-16b3-9b05:0:0.0.0.0                          0.0.0.0
 *>    0:48:38ba-16b3-9b05:32:192.168.30.1                    0.0.0.0

 EVPN address family:
 Number of Ip Prefix Routes: 4
 Route Distinguisher: 10:1
       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
 *>i   0:192.168.20.0:24                                      2.2.2.2
 Route Distinguisher: 10:2
       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
 *>i   0:192.168.20.0:24                                      2.2.2.2
 *>    0:192.168.30.0:24                                      0.0.0.0
 *>    0:192.168.30.1:32                                      0.0.0.0
    

 EVPN-Instance __RD_1_10_2__:
 Number of Ip Prefix Routes: 3
       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
 *>i   0:192.168.20.0:24                                      2.2.2.2
 *>    0:192.168.30.0:24                                      0.0.0.0
 *>    0:192.168.30.1:32                                      0.0.0.0

Run the display ip routing-table vpn-instance vpn-instance-name command on the local PE. The command output shows information about VPN routes received from the remote PE.

[~PE] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
         Destinations : 5        Routes : 5         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

   192.168.20.0/24  IBGP    255  0             RD  2.2.2.2         GigabitEthernet0/1/0
   192.168.30.0/24  Direct  0    0             D   192.168.30.1    Vbdif10
   192.168.30.1/32  Direct  0    0             D   127.0.0.1       Vbdif10
 192.168.30.255/32  Direct  0    0             D   127.0.0.1       Vbdif10
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27488

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next