Configuring VXLAN in Centralized Gateway Mode Using BGP EVPN
When VXLAN in centralized gateway mode using BGP EVPN is deployed, traffic across network segments is forwarded through Layer 3 VXLAN gateways to implement centralized traffic management.
Usage Scenario
An enterprise has allocated VMs in different locations to a tenant. Some of the VMs reside on the same network segment, and the others reside on different network segments. To allow communication between VMs, deploy Layer 2 and Layer 3 VXLAN gateways and establish VXLAN tunnels.
- To allow VM 1 on Server 2 and VM 1 on Server 3 to communicate, deploy Layer 2 VXLAN gateways on Device 1 and Device 2 and establish a VXLAN tunnel between Device 1 and Device 2 so that tenants on the same network segment can communicate.
- To allow VM 1 on Server 1 and VM 1 on Server 3 to communicate, deploy a Layer 3 VXLAN gateway on Device 3 and establish a VXLAN tunnel between Device 1 and Device 3 and between Device 2 and Device 3 so that tenants on different network segments can communicate.
Either IPv4 or IPv6 addresses can be configured for VMs and Layer 3 VXLAN gateways. This means that a VXLAN overlay network can be an IPv4 or IPv6 network. Figure 16-7 shows an IPv4 overlay network.
Pre-configuration Tasks
Before configuring VXLAN in centralized gateway mode for static tunnel establishment, ensure that the network is reachable at Layer 3.
Configuration Procedures
If only VMs on the same network segment need to communicate with each other, Layer 3 VXLAN gateways do not need to be deployed. If VMs on different network segments need to communicate with each other or VMs on the same network segment need to communicate with external networks, Layer 3 VXLAN gateways must be deployed.
Differed Configuration Task |
IPv4 Overlay Network |
IPv6 Overlay Network |
|---|---|---|
Configuring a Layer 3 VXLAN Gateway |
Configure an IPv4 address for a VBDIF interface. |
Configure an IPv6 address for a VBDIF interface. |
- Configuring a VXLAN Service Access Point
Layer 2 sub-interfaces are used for service access on VXLANs. These Layer 2 sub-interfaces can have different encapsulation types configured to transmit various types of data packets. A bridge domain (BD) is a broadcast domain. After a Layer 2 sub-interface is associated with a BD, the sub-interface can transmit data packets through this BD. - Configuring a VXLAN Tunnel
To allow VXLAN tunnel establishment using EVPN, establish a BGP EVPN peer relationship, configure an EVPN instance, and configure ingress replication. - Configuring a Layer 3 VXLAN Gateway
To allow users on different network segments to communicate, a Layer 3 VXLAN gateway must be deployed, and the default gateway address of the users must be the IP address of the VBDIF interface of the Layer 3 gateway. - (Optional) Configuring Static MAC Address Entries and MAC Address Limiting
Static MAC address entries can be configured for traffic forwarding, and MAC address limiting can be configured to improve VXLAN security. - Verifying the Configuration of VXLAN in Centralized Gateway Mode Using BGP EVPN
After configuring VXLAN in centralized gateway mode for dynamic tunnel establishment, check VXLAN tunnel, VNI, and VBDIF interface information.
