No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VXLAN in Distributed Gateway Mode Using BGP EVPN

Configuring VXLAN in Distributed Gateway Mode Using BGP EVPN

Distributed VXLAN gateways can be configured to address problems that occur in legacy centralized VXLAN gateway networking, for example, forwarding paths are not optimal, and the ARP entry specification is a bottleneck on Layer 3 gateways.

Usage Scenario

In legacy networking, a centralized Layer 3 gateway is deployed on a spine node. On the network shown in Figure 17-9, packets across different networks must be forwarded through a centralized Layer 3 gateway, resulting in the following problems:
  • Forwarding paths are not optimal. All Layer 3 traffic must be transmitted to the centralized Layer 3 gateway for forwarding.
  • The ARP entry specification is a bottleneck. ARP entries must be generated for tenants on the Layer 3 gateway. However, only a limited number of ARP entries can be configured for the Layer 3 gateway, impeding data center network expansion.
Figure 17-9 Centralized VXLAN gateway networking

To address these problems, distributed VXLAN gateways can be configured. On the network shown in Figure 17-10, Server 1 and Server 2 on different network segments both connect to Leaf 1. When Server 1 and Server 2 communicate, traffic is forwarded only through Leaf 1, not through any spine node.

Figure 17-10 Distributed VXLAN gateway networking
Distributed VXLAN gateway networking has the following characteristics:
  • Flexible deployment. A leaf node can function as both Layer 2 and Layer 3 VXLAN gateways.

  • Improved network expansion capabilities. A leaf node only needs to learn the ARP entries of servers attached to it. A centralized Layer 3 gateway in the same scenario, however, has to learn the ARP entries of all servers on the network. Therefore, the ARP entry specification is no longer a bottleneck on a distributed VXLAN gateway.

Pre-configuration Tasks

Before configuring VXLAN in distributed gateway mode, ensure that reachable routes are available.

Configuration Procedures

Figure 17-11 Flowchart for configuring distributed VXLAN gateways
NOTE:

If only VMs on the same network segment need to communicate with each other, Layer 3 VXLAN gateways do not need to be deployed. If VMs on different network segments need to communicate with each other or VMs on the same network segment need to communicate with external networks, Layer 3 VXLAN gateways must be deployed.

Configuring a Service Access Point

Layer 2 sub-interfaces are used for service access on VXLANs. These Layer 2 sub-interfaces can have different encapsulation types configured to transmit various types of data packets. A bridge domain (BD) is a broadcast domain. After a Layer 2 sub-interface is associated with a BD, the sub-interface can transmit data packets through this BD.

Context

As shown in Table 17-4, Layer 2 sub-interfaces can have different encapsulation types configured to transmit various types of data packets.
Table 17-4 Traffic encapsulation types

Traffic Encapsulation Type

Description

dot1q

This type of sub-interface accepts only packets with a specified tag.

When encapsulating an original packet to a VXLAN packet, this type of sub-interface removes all the VLAN tags from the original packet. When decapsulating a VXLAN packet, if the packet carries an inner VLAN tag, the sub-interface replaces the tag with a specified tag before forwarding the packet to the destination. If the packet does not carry any inner VLAN tag, it adds a specified VLAN tag before forwarding.

The dot1q traffic encapsulation type has the following restrictions:
  • The VLAN ID encapsulated by a Layer 2 sub-interface cannot be the same as that allowed to pass by the Layer 2 interface where the sub-interface resides.
  • The VLAN IDs encapsulated by a Layer 2 sub-interface and a Layer 3 sub-interface cannot be the same.

untag

This type of sub-interface accepts only untagged packets.

When encapsulating an original packet to a VXLAN packet, this type of sub-interface does not add any VLAN tag. When decapsulating a VXLAN packet, if the packet carries an inner VLAN tag, the sub-interface removes the VLAN tag before forwarding. For a QinQ packet, the sub-interface removes only the outer VLAN tag.

The untag traffic encapsulation type has the following restrictions:
  • The physical interface where the sub-interface resides must have only default configurations.
  • Only Layer 2 physical interfaces and Layer 2 Eth-Trunk interfaces can have untag Layer 2 sub-interfaces created.
  • Only one untag Layer 2 sub-interface can be created on a main interface.

default

This type of sub-interface accepts all packets, irrespective of whether the packets carry VLAN tags.

For VXLAN packet encapsulation or decapsulation, this type of sub-interface does not perform any VLAN tag-related action on the original packets, be it addition, replacement, or removal.

The default traffic encapsulation type has the following restrictions:
  • The interface where the sub-interface resides must not be added to any VLAN.
  • Only Layer 2 physical interfaces and Layer 2 Eth-Trunk interfaces can have default Layer 2 sub-interfaces created.
  • If default is configured for a Layer 2 sub-interface on a main interface, the main interface cannot have other types of Layer 2 sub-interfaces configured.

qinq

Packets received by this type of sub-interface carry two or more VLAN tags. The sub-interface determines whether to accept the packets based on the innermost two VLAN tags.

Configure a service access point on a Layer 2 gateway:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run bridge-domain bd-id

    A BD is created, and the BD view is displayed.

  3. (Optional) Run description description

    A description is configured for the BD.

  4. Run quit

    Return to the system view.

  5. Run interface interface-type interface-number.subnum mode l2

    A Layer 2 sub-interface is created, and the sub-interface view is displayed.

    NOTE:

    Before running this command, ensure that the Layer 2 main interface does not have the port link-type dot1q-tunnel command configuration. If the configuration has existed, run the undo port link-type command to delete it.

  6. Run encapsulation { dot1q [ vid vid ] | default | untag | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] } ] }

    A traffic encapsulation type is specified for the Layer 2 sub-interface.

  7. Run rewrite pop { single | double }

    The sub-interface is enabled to remove single or double VLAN tags from received packets.

    If the received packets each carry a single VLAN tag, specify single.

    If the traffic encapsulation type is specified as qinq in the preceding step using the encapsulation qinq vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } command, specify double.

  8. Run bridge-domain bd-id

    The Layer 2 sub-interface is added to the BD so that the sub-interface can transmit data packets through this BD.

    NOTE:

    If a default Layer 2 sub-interface is added to a BD, no BDIF interface can be created for the BD.

  9. Run commit

    The configuration is committed.

Configuring a VXLAN Tunnel

To allow VXLAN tunnel establishment using EVPN, configure an EVPN instance, establish a BGP EVPN peer relationship, and configure ingress replication.

Context

VXLAN packets are transmitted through VXLAN tunnels. In distributed VXLAN gateway scenarios, perform the following steps on a VXLAN gateway to use EVPN for establishing VXLAN tunnels:
  1. Configure a BGP EVPN peer relationship. Configure VXLAN gateways to establish BGP EVPN peer relationships so that they can exchange EVPN routes. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.

  2. (Optional) Configure an RR. The deployment of RRs reduces the number of BGP EVPN peer relationships to be established, simplifying configuration. A live-network device can be used as an RR, or a standalone RR can be deployed. Spine nodes are generally used as RRs, and leaf nodes as RR clients.

  3. Configure an EVPN instance. EVPN instances are used to receive and advertise EVPN routes.

  4. Configure ingress replication. After ingress replication is configured for a VNI, the system uses BGP EVPN to construct a list of remote VTEPs. After a VXLAN gateway receives BUM packets, its sends a copy of the BUM packets to every VXLAN gateway in the list.

NOTE:

BUM packet forwarding is implemented only using ingress replication. To establish a VXLAN tunnel between a Huawei device and a non-Huawei device, ensure that the non-Huawei device also has ingress replication configured. Otherwise, communication fails.

Procedure

  1. Configure a BGP EVPN peer relationship. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR. If the spine node and gateway reside in different ASs, the gateway must establish an EBGP EVPN peer relationship with the spine node.
    1. Run bgp as-number

      BGP is enabled, and the BGP view is displayed.

    2. (Optional) Run router-id ipv4-address

      A router ID is set.

    3. Run peer ipv4-address as-number as-number

      The peer device is configured as a BGP peer.

    4. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      A source interface and a source address are specified to set up a TCP connection with the BGP peer.

      NOTE:

      When loopback interfaces are used to establish a BGP connection, running the peer connect-interface command on both ends is recommended to ensure the connectivity. If this command is run on only one end, the BGP connection may fail to be established.

    5. (Optional) Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum number of hops is set for an EBGP EVPN connection.

      In most cases, a directly connected physical link must be available between EBGP EVPN peers. If you want to establish EBGP EVPN peer relationships between indirectly connected peers, run the peer ebgp-max-hop command. The command also can configure the maximum number of hops for an EBGP EVPN connection.

      NOTE:

      When the IP address of loopback interface to establish an EBGP EVPN peer relationship, run the peer ebgp-max-hop (of which the value of hop-count is not less than 2) command. Otherwise, the peer relationship fails to be established.

    6. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    7. Run peer { ipv4-address | group-name } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

    8. Run peer { ipv4-address | group-name } advertise encap-type vxlan

      The device is enabled to advertise VXLAN-encapsulated EVPN routes to its peers.

    9. (Optional) Run peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

      A routing policy is specified for routes received from or to be advertised to a BGP EVPN peer or peer group.

      After the routing policy is applied, the routes received from or to be advertised to a specified BGP EVPN peer or peer group will be filtered, ensuring that only desired routes are imported or advertised. This configuration helps manage routes and reduce required routing entries and system resources.

    10. (Optional) Run peer { ipv4-address | group-name } next-hop-invariable

      The device is prevented from changing the next hop address of a route when advertising the route to an EBGP peer. If the spine node and gateway have established an EBGP EVPN peer relationship, run the peer next-hop-invariable command to ensure that the next hops of routes received by the gateway point to other gateways.

    11. (Optional) Run peer { group-name | ipv4-address } mac-limit number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      The maximum number of MAC advertisement routes that can be received from each peer is configured.

      If an EVPN instance may import many invalid MAC advertisement routes from peers and these routes occupy a large proportion of the total MAC advertisement routes. If the received MAC advertisement routes exceed the specified maximum number, the system displays an alarm, instructing users to check the validity of the MAC advertisement routes received in the EVPN instance.

    12. Run quit

      Exit from the BGP-EVPN address family view.

    13. Run quit

      Exit from the BGP view.

  2. (Optional) Configure an RR. If an RR is configured, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR, reducing the number of BGP EVPN peer relationships to be established and simplifying configuration.
    1. Run bgp as-number

      The BGP view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } enable

      The device is enabled to exchange EVPN routes with a specified peer or peer group.

    4. (Optional) Run peer { ipv4-address | group-name } next-hop-invariable

      The device is prevented from changing the next hop address of a route when advertising the route to an EBGP peer.

    5. Run peer { ipv4-address | group-name } reflect-client

      The device is configured as an RR and an RR client is specified.

    6. Run undo policy vpn-target

      The function to filter received EVPN routes based on VPN targets is disabled. If you do not perform this step, the RR will fail to receive and reflect the routes sent by clients.

    7. Run quit

      Exit from the BGP-EVPN address family view.

    8. Run quit

      Exit from the BGP view.

  3. Configure an EVPN instance.
    1. Run evpn vpn-instance vpn-instance-name bd-mode

      A BD EVPN instance is created, and the EVPN instance view is displayed.

    2. Run route-distinguisher route-distinguisher

      An RD is configured for the EVPN instance.

    3. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

    4. (Optional) Run import route-policy policy-name

      The current EVPN instance is associated with an import routing policy.

      To control route import more precisely, perform this step to associate the EVPN instance with an import routing policy and set attributes for eligible routes.

    5. (Optional) Run export route-policy policy-name

      The current EVPN instance is associated with an export routing policy.

      To control route export more precisely, perform this step to associate the EVPN instance with an export routing policy and set attributes for eligible routes.

    6. (Optional) Run tnl-policy policy-name

      The EVPN instance is associated with a tunnel policy.

      This configuration enables PEs to use TE tunnels to transmit data packets.

    7. (Optional) Run mac limit number { simply-alert | mac-unchanged }

      The maximum number of MAC addresses allowed by an EVPN instance is configured.

      After a device learns a large number of MAC addresses, system performance may deteriorate when the device is busy processing services. This is because MAC addresses consume system resources. To improve system security and reliability, run the mac limit command to configure the maximum number of MAC addresses allowed by an EVPN instance. If the number of MAC addresses learned by an EVPN instance exceeds the maximum number, the system displays an alarm message, instructing you to check the validity of MAC addresses in the EVPN instance.

    8. Run quit

      Exit from the EVPN instance view.

    9. Run bridge-domain bd-id

      The BD view is displayed.

      By default, no BD is created.

    10. Run vxlan vni vni-id split-horizon-mode

      A VNI is created and associated with the BD, and split horizon is applied to the BD.

    11. Run evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ]

      A specified EVPN instance is bound to the BD. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.

    12. Run quit

      Return to the system view.

  4. Configure an ingress replication list.
    1. Run interface nve nve-number

      An NVE interface is created, and the NVE interface view is displayed.

    2. Run source ip-address

      An IP address is configured for the source VTEP.

    3. Run vni vni-id head-end peer-list protocol bgp

      An ingress replication list is configured.

      After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets to.

    4. Run quit

      Return to the system view.

  5. (Optional) Configure MAC addresses for NVE interfaces.

    In distributed VXLAN gateway (EVPN BGP) scenarios, if you want to use active-active VXLAN gateways to load-balance traffic, configure the same VTEP MAC address on the two VXLAN gateways. Otherwise, the two gateways cannot forward traffic properly on the VXLAN network.

    1. Run interface nve nve-number

      The NVE interface view is displayed.

    2. Run mac-address mac-address

      A MAC address is configured for the NVE interface.

    3. Run quit

      Exit from the NVE interface view.

  6. Run commit

    The configuration is committed.

Configuring a Layer 3 VXLAN Gateway

When distributed VXLAN gateways are deployed using BGP EVPN, Layer 3 VXLAN gateways must be configured to implement inter-subnet communication.

Context

In distributed VXLAN gateway scenarios, inter-subnet communication between hosts requires Layer 3 forwarding. To allow this, Layer 3 VXLAN gateways must learn host routes. Perform the following operations on VXLAN gateways:
  1. Configure a VPN instance whose routes can be installed into the routing table of the EVPN instance. This VPN instance is used to store host routes or network segment routes.

  2. Bind the VPN instance to a Layer 3 VXLAN gateway, enable distributed gateway, and configure host route advertisement.

  3. Configure the type of route to be advertised between VXLAN gateways. VXLAN gateways can send different information through different types of routes. If an RR is deployed on the network, only the type of route to be advertised between the RR and VXLAN gateways needs to be configured.

NOTE:

If tenants on the same network segment connect to different Layer 3 VXLAN gateways, the Layer 3 VXLAN gateways must have the same IP address and MAC address configured. When tenants are moved to a different location, the tenants can retain Layer 3 gateway configurations, reducing maintenance workload.

Procedure

  1. Configure a VPN instance whose routes can be installed into the routing table of the EVPN instance.
    1. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

    2. Run vxlan vni vni-id

      A VNI is created and mapped to the VPN instance.

    3. Run ipv4-family

      The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

    4. Run route-distinguisher route-distinguisher

      An RD is configured for the VPN instance IPv4 address family.

    5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the VPN instance IPv4 address family.

      A VPN target is the extended community attribute of BGP. It controls reception and advertisement of VPN routes. A maximum of eight VPN targets can be configured each time the vpn-target command is run. To configure more VPN targets for the VPN instance IPv4 address family, run the vpn-target command several times.

    6. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      The routes advertised by the VPN instance IPv4 address family to an EVPN instance do not carry the export VPN targets of the VPN instance IPv4 address family. Instead, the routes carry all VPN targets in the export VPN target list configured for the EVPN instance in the BD.

      vpn-target specified here must be the same as the RT configured for the EVPN instance in the BD view. This implementation ensures that routes in the VPN instance can be installed into the routing table of the specified EVPN instance.

    7. (Optional) Run import route-policy policy-name evpn

      The VPN instance IPv4 address family of the current VPN instance is associated with an import routing policy to filter routes imported from the EVPN instance.

      To control route import more precisely, perform this step to associate the VPN IPv4 address family with an import routing policy and set attributes for eligible routes.

    8. (Optional) Run export route-policy policy-name evpn

      The VPN instance IPv4 address family of the current VPN instance is associated with an export routing policy to filter routes to be advertised to the EVPN instance.

      To control route export more precisely, perform this step to associate the VPN IPv4 address family with an export routing policy and set attributes for eligible routes.

    9. Run quit

      The VPN instance IPv4 address family view is exited.

    10. Run quit

      The VPN instance view is exited.

  2. Bind the VPN instance to a Layer 3 gateway, enable distributed gateway, and configure host route advertisement.
    1. Run interface vbdif bd-id

      A VBDIF interface is created, and the VBDIF interface view is displayed.

    2. Run ip binding vpn-instance vpn-instance-name

      A VPN instance is bound to the VBDIF interface.

    3. Run ip address ip-address { mask | mask-length } [ sub ]

      An IP address is configured for the VBDIF interface to implement Layer 3 interworking.

    4. (Optional) Run mac-address mac-address

      A MAC address is configured for the VBDIF interface.

      By default, the MAC address of a VBDIF interface is the system MAC address. On a network with distributed or multi-active VXLAN gateways that need to be simulated into one, you need to run the mac-address command to configure the same MAC address for the VBDIF interfaces of VXLAN Layer 3 gateways.

    5. Run arp distribute-gateway enable

      Distributed gateway is enabled.

      NOTE:

      After distributed gateway is enabled on a Layer 3 gateway, the Layer 3 gateway discards network-side ARP messages and learns only user-side ARP messages.

    6. Perform either of the following steps to configure host route advertisement:

      • If VXLAN gateways advertise IRB routes to each other, run the arp collect host enable command for host route advertisement.

      • If VXLAN gateways advertise IP prefix routes to each other, run the arp vlink-direct-route advertise [ route-policy route-policy-name ] command for host route advertisement.

    7. Run quit

      Return to the system view.

  3. Configure the type of route to be advertised between VXLAN gateways. If an RR is deployed on the network, only the type of route to be advertised between the RR and VXLAN gateways needs to be configured.

    • Configure IRB route advertisement.

      1. Run bgp as-number

        The BGP view is displayed.

      2. Run l2vpn-family evpn

        The BGP-EVPN address family view is displayed.

      3. Run peer { ipv4-address | group-name } advertise irb

        IRB route advertisement is configured.

        IRB routes can be used to advertise host IP routes as well as ARP entries. In addition, host ARP entry advertisement allows VM migration in distributed gateway scenarios. As such, configuring IRB route advertisement is recommended.

      4. Run quit

        Exit from the BGP-EVPN address family view.

      5. Run quit

        Exit from the BGP view.

      6. Run commit

        The configuration is committed.

    • Configure IP prefix route advertisement.

      1. Run bgp as-number

        The BGP view is displayed.

      2. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family view is displayed.

      3. Run import-route { direct | isis process-id | ospf process-id | rip process-id | static } [ med med | route-policy route-policy-name ] *

        A type of route is imported to the BGP-VPN instance IPv4 address family view.

        If host IP route advertisement is required, configure direct in the command. If network segment route advertisement is required, use a dynamic routing protocol, such as OSPF. Then, configure the BGP-VPN instance IPv4 address family to import the routes of the dynamic routing protocol.

      4. Run advertise l2vpn evpn

        IP prefix route advertisement is configured.

        IP prefix routes are used to advertise host IP routes as well as network segment routes to which the host IP routes belong. If a large number of specific host routes are available, configure IP prefix route advertisement so that the network segment routes can be imported to the BGP-VPN instance IPv4 address family, sparing the VXLAN gateways from storing all specific host routes.

        NOTE:
        • A VXLAN gateway can advertise network segment routes only if the network segments attached to the gateway are unique network-wide.

        • After configuring IP prefix route advertisement, you must run the arp vlink-direct-route advertise command for host route advertisement. Then, VM migration will be affected. To avoid this problem, configure IRB route advertisement.

      5. Run quit

        Exit from the BGP-VPN instance IPv4 address family view.

      6. Run quit

        Exit from the BGP view.

      7. Run commit

        The configuration is committed.

  4. Run commit

    The configuration is committed.

(Optional) Configuring Static MAC Address Entries and MAC Address Limiting

Static MAC address entries can be configured for traffic forwarding, and MAC address limiting can be configured to improve VXLAN security.

Context

After the source NVE on a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, the local VTEP sends a copy of the BUM packets to every VTEP in the ingress replication list. Configuring static MAC address entries helps reduce broadcast traffic and prevent unauthorized data access from bogus users.

The maximum number of MAC addresses that a device can learn can be configured to limit the number of access users and prevent against attacks on MAC address tables. If the device has learned the maximum number of MAC addresses allowed, no more addresses can be learned. The device can also be configured to discard packets after learning the maximum allowed number of MAC addresses, improving network security.

If Layer 3 VXLAN gateway does not need to learn MAC addresses of packets in a BD, MAC address learning can be disabled from the BD to conserve MAC address entry resources. If the network topology of a VXLAN becomes stable and MAC address entry learning is complete, MAC address learning can also be disabled.

Configuring static MAC address entries and MAC address limiting applies to Layer 2 VXLAN gateways; disabling MAC address limiting applies to both Layer 2 and Layer 3 VXLAN gateways.

Procedure

  • Configure a static MAC address entry.

    1. Run system-view

      The system view is displayed.

    2. Run mac-address static mac-address bridge-domain bd-id source source-ip-address peer peer-ip vni vni-id

      A static MAC address entry is configured.

    3. Run commit

      The configuration is committed.

  • Configure MAC address limiting.

    1. Run system-view

      The system view is displayed.

    2. Run bridge-domain bd-id

      The BD view is displayed.

    3. Run mac-limit { action { discard | forward } | maximum max [ rate interval ] } *

      MAC address limiting is configured.

    4. Run commit

      The configuration is committed.

  • Disable MAC address learning.

    1. Run system-view

      The system view is displayed.

    2. Run bridge-domain bd-id

      The BD view is displayed.

    3. Run mac-address learning disable

      MAC address learning is disabled.

    4. Run commit

      The configuration is committed.

Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN

After configuring VXLAN in distributed gateway mode using BGP EVPN, verify the configuration, and you can find that VXLAN tunnels are dynamically established and are in the Up state.

Prerequisites

VXLAN in distributed gateway mode has been configured using BGP EVPN.

Procedure

  • Run the display bridge-domain [ bd-id [ brief | verbose ] ] command to check BD configurations.
  • Run the [ nve-number | main ] command to check NVE interface information.
  • Run the display evpn vpn-instance [ name vpn-instance-name ] command to check EVPN instance information.
  • Run the display bgp evpn peer [ [ ipv4-address ] verbose ] command to check BGP EVPN peer information.
  • Run the display vxlan peer [ vni vni-id ] command to check ingress replication lists of a VNI or all VNIs.
  • Run the display vxlan tunnel [ tunnel-id ] [ verbose ] command to check VXLAN tunnel information.
  • Run the display vxlan vni [ vni-id [ verbose ] ] command to check VNI information.
  • Run the display interface vbdif [ bd-id ] command to check VBDIF interface information and statistics.
  • Run the display mac-address limit bridge-domain bd-id command to check dynamically learning MAC address limiting configurations of a BD.
  • Run the display bgp evpn all routing-table command to check EVPN route information.
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 27239

Downloads: 18

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next