No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Dynamic VXLAN Active-Active Scenario

Configuring the Dynamic VXLAN Active-Active Scenario

In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.

Context

On the network shown in Figure 17-15, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote VTEP IP. A VTEP address is configured on the CPE to establish a dynamic VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.

The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.

Figure 17-15 Networking diagram for configuring the dynamic VXLAN active-active scenario

Procedure

  1. Configure AC-side service access.
    1. Configure an Eth-Trunk interface on CE1 to dual-home CE1 to PE1 and PE2.
    2. Configure service access points. For configuration details, see the section Configuring a VXLAN Service Access Point.
    3. Configure the same Ethernet Segment Identifier (ESI) for the links connecting CE1 to PE1 and PE2.

      1. Run the interface eth-trunk command to enter the Eth-Trunk interface view.
      2. Run the esi command to configure an ESI.
      3. Run the commit command to commit the configuration.

  2. Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see the section Configuring a VXLAN Tunnel.
  3. Configure a bypass VXLAN tunnel between PE1 and PE2.
    1. Configure a BGP EVPN peer relationship.

      1. Run the bgp as-number, BGP is enabled, and the BGP view is displayed.
      2. Run the peer ipv4-address as-number as-number. The peer device is configured as a BGP peer.
      3. Run the l2vpn-family evpn. The BGP-EVPN address family view is displayed.
      4. Run the peer { ipv4-address | group-name } enable. The device is enabled to exchange EVPN routes with a specified peer or peer group.
      5. Run the peer { ipv4-address | group-name } advertise encap-type vxlan. The device is enabled to exchange EVPN routes with a specified peer or peer group.
      6. Run the quit, exit from the BGP-EVPN address family view.
      7. Run the quit, exit from the BGP view.
      8. Run the commit,command to commit the configuration.

    2. Configure an EVPN instance.

      1. Run the evpn vpn-instance vpn-instance-name bd-mode. A BD EVPN instance is created, and the EVPN instance view is displayed.
      2. Run the route-distinguisher route-distinguisher. An RD is configured for the EVPN instance.
      3. Run the vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

        VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

      4. Run the quit, exit from the EVPN instance view.
      5. Run the bridge-domain bd-id, the BD view is displayed.
      6. Run the vxlan vni vni-id split-horizon-mode.

        A VNI is created and associated with the BD, and split horizon is applied to the BD.

      7. Run the evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ], a specified EVPN instance is bound to the BD. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.
      8. Run the quit, exit from theBDview.
      9. Run the commit,command to commit the configuration.

    3. Enable the inter-chassis VXLAN function on PE1 and PE2.

      1. Run the evpn command to enter the EVPN view.
      2. Run the bypass-vxlan enable command to enable the inter-chassis VXLAN function.
      3. Run the quit, exit from the EVPN view.
      4. Run the commit command to commit the configuration.

    4. Configure an ingress replication list.

      1. Run the interface nve nve-number command to enter the NVE interface view.
      2. Run the source ip-address, an IP address is configured for the source VTEP.
      3. Run the vni vni-id head-end peer-list protocol bgp, an ingress replication list is configured.
      4. Run the bypass source ip-address command configures a source VTEP address for the bypass VLAN tunnel.
      5. Run the mac-address mac-address command to configure a VTEP MAC address.
      6. Run the quit, exit from the NVE interface view.
      7. Run the commit command to commit the configuration.

  4. Configure FRR on the PEs.

    • Layer 2 communication

      1. Run the evpn command to enter the EVPN view.
      2. Run the vlan-extend private enable command to enable routes to be sent to carry the VLAN private extended community attribute.
      3. Run the vlan-extend redirect enable command to enable the function of redirecting received routes the VLAN private extended community attribute.
      4. Run the local-remote frr enable command to enable FRR for MAC routes between the local and remote ends.‏
      5. Run the quit, exit from the EVPN view.
      6. Run the commit command to commit the configuration.
    • Layer 3 communication

      1. Run the bgp as-number command to enter the BGP view.
      2. Run the ipv4-family vpn-instance vpn-instance-name command enables the BGP-IPv4 address family and displays the address family view.
      3. Run the auto-frr command to enable BGP auto FRR.
      4. Run the peer { ipv4-address | group-name } as-number as-number. The IP address of the peer and the number of the AS where the peer resides are specified.
      5. Run the advertise l2vpn evpn command to enable a VPN instance to advertise IP routes to an EVPN instance.
      6. Run the quit, exit from the BD view.
      7. Run the commit command to commit the configuration.

  5. (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
    1. Run the system-view command to enter the system view.
    2. Run the evpn enhancement port port-id command to configure a UDP port.

      The same UDP port number must be set for the PEs in the active state.

    3. Run the commit,command to commit the configuration.
  6. (Optional) Configure a VXLAN over IPSec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.

    For configuration details, see the section Example for Configuring VXLAN over IPsec.

Checking the Configuration

After configuring the VXLAN active-active scenario, check information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 27033

Downloads: 18

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next