Procedure

1. Enable EVPN to function as the VXLAN control plane.
   1. Enter the system view.

      system-view

   2. Enable EVPN to function as the VXLAN control plane.

      evpn-overlay enable

      By default, EVPN is not enabled to function as the VXLAN control plane.

2. Configure BGP EVPN peer relationships.
   1. Enable BGP and enter the BGP or BGP multi-instance view.

      bgp as-number [ instance instance-name ]

      By default, BGP is disabled. If an RR has been deployed, each VXLAN gateway must establish a BGP EVPN peer relationship with the RR only.

   2. (Optional) Configure a BGP router ID.

      router-id ipv4-address

      By default, no BGP router ID is configured.

   3. Configure a peer device.

      peer ipv4-address as-number as-number

      By default, no BGP peer is configured, and no AS number is specified for a peer group.

   4. (Optional) Specify the source interface and source address used to establish a TCP connection with the BGP peer.

      peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      By default, the outbound interface of a BGP message serves as the source interface.

      When loopback interfaces are used to establish a BGP connection, running the peer connect-interface command on both ends is recommended to ensure connectivity. If this command is run on one end only, the BGP connection may fail to be established.

   5. (Optional) Set the maximum number of hops allowed by an EBGP EVPN connection.

      peer ipv4-address ebgp-max-hop [ hop-count ]

      The default value of hop-count is 255. In most cases, a directly connected physical link must be available between EBGP EVPN peers. If you want to establish EBGP EVPN peer relationships between indirectly connected peers, you must run the peer ebgp-max-hop command to configure the maximum number of hops for a TCP connection.

      When a loopback interface is used to establish an EBGP EVPN peer relationship, you must run the peer ebgp-max-hop (where the value of hop-count is not less than 2) command. Otherwise, the peer relationship fails to be established.

   6. Enter the BGP-EVPN address family view or BGP multi-instance EVPN address family view.

      l2vpn-family evpn

      By default, the BGP-EVPN address family view or BGP multi-instance EVPN address family view is disabled.

   7. Enable the ability to exchange EVPN routes with a specified peer or peer group.

      peer { group-name | ipv4-address } enable

      By default, the ability to exchange EVPN routes with a peer or peer group is enabled only in the BGP-IPv4 unicast address family.

   8. (Optional) Specify a route-policy for routes received from or to be advertised to a BGP EVPN peer or peer group.

      peer { group-name | ipv4-address } route-policy route-policy-name { import | export }

      The route-policy helps the device to import or advertise desired routes only. This not only facilitates route management, but also reduces the routing table size and system resource consumption.

   9. (Optional) Set the maximum number of MAC advertisement routes that can be received from a peer.

      peer { group-name | ipv4-address } mac-limit number [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

      If a large proportion of MAC advertisement routes imported from a peer or peer group to an EVPN instance are inapplicable, you are advised to run this command to limit the maximum number of such routes that can be imported. If the number of imported MAC advertisement routes exceed the specified maximum, the device displays an alarm, prompting you to check the validity of such routes imported to the EVPN instance.

   10. (Optional) Set the maximum hold-off time for re-establishing BGP peer relationships.

       peer ipv4-address graceful-restart static-timer restart-time

       Graceful restart (GR) prevents traffic interruption caused by the re-establishment of BGP peer relationships. To set the maximum hold-off time, run either of the following commands:

       • To set the maximum hold-off time for re-establishing all BGP peer relationships, run the graceful-restart timer restart command in the BGP view. The maximum hold-off time supported by this command is 3600s.

       • To set the maximum hold-off time for re-establishing a specified BGP EVPN peer relationship, run the peer graceful-restart static-timer command in the BGP EVPN view. This command allows you to set a hold-off time greater than 3600s.

       If both the graceful-restart timer restart time and peer graceful-restart static-timer commands are run, the peer graceful-restart static-timer command configuration takes precedence.

       This step can be performed only after GR is enabled using the graceful-restart command in the BGP view.

   11. (Optional) Enable next hop recursion of EVPN routes to default routes.

       nexthop recursive-lookup default-route

       If a configuration error or fault occurs, the next hop of the EVPN route from the local VTEP to the remote VTEP may be unreachable, preventing the VXLAN tunnel from being established. To prevent this situation, perform this step and configure the remote VTEP to send a default route to the local VTEP. When the next hop of the EVPN route from the local VTEP to the remote VTEP is unreachable, the EVPN route can recurse its next hop to the default route, allowing the VXLAN tunnel to be successfully established.

   12. (Optional) Perform the following operations to enable the function to advertise the routes carrying the Large-Community attribute to BGP EVPN peers:

       The Large-Community attribute can completely represent a 2-byte or 4-byte AS number, and has two 4-byte LocalData IDs. This enables the administrator to apply policies more flexibly. Before enabling the function to advertise the routes carrying the Large-Community attribute to BGP EVPN peers, configure the route-policy related to the Large-Community attribute and use the route-policy to set the Large-Community attribute.

       peer { ipv4-address | group-name } route-policy route-policy-name export
       peer { ipv4-address | group-name } advertise-large-community

       If the routes carrying the Large-Community attribute do not need to be advertised to a BGP EVPN peer in the peer group, run the peer ipv4-address advertise-large-community disable command.

   13. (Optional) Configure BGP to ignore the IGP metric when selecting the optimal route.

       bestroute igp-metric-ignore

       By default, BGP uses the IGP metric as one of the conditions for selecting the optimal route. To exclude the IGP metric of next-hop routes as a condition for selecting the optimal BGP EVPN route on a VTEP, perform this step.

   14. (Optional) Set the maximum number of routes that can be received from a peer.

       peer { peerIpv4Addr | group-name } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout times ]

       By default, there is no limit on the number of routes that can be received from a peer. If a VTEP receives many routes from its peers, excessive system resources are consumed. To prevent the VTEP from receiving too many routes, perform this step.

3. (Optional) Configure an RR. In this case, each VXLAN gateway needs to establish a BGP EVPN peer relationship with the RR only, reducing the number of BGP EVPN peer relationships to be established and simplifying configuration.
   1. Specify an RR and its clients.

      peer { ipv4-address | group-name } reflect-client

      By default, the RR and its clients are not configured.

   2. (Optional) Configure the RR not to change the next hops of routes to be advertised to an EBGP EVPN peer.

      peer { group-name | ipv4-address } next-hop-invariable

      By default, a BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.

   3. Disable the function to filter received EVPN routes based on VPN targets. If you do not perform this step, the RR will fail to receive and reflect the routes sent by clients.

      undo policy vpn-target

      By default, VPN-Target filtering is enabled.

   4. Exit the BGP-EVPN address family view or BGP multi-instance EVPN address family view.

      quit

   5. Exit the BGP view or BGP multi-instance view.

      quit

4. Configure an EVPN instance (one at a time).
   1. Enter the BD view.

      bridge-domain bd-id

   2. Create a VNI and associate the VNI with the BD.

      vxlan vni vni-id

      By default, no VNI is created.

   3. Create an EVPN instance in a BD.

      evpn

      By default, no EVPN instance is created for VXLANs.

   4. Configure an RD for the EVPN instance.

      route-distinguisher { route-distinguisher | auto }

      By default, no RD is configured for BD EVPN instances.

   5. Configure VPN targets for the EVPN instance.

      vpn-target { vpn-target &<1-8> | auto } [ both | export-extcommunity | import-extcommunity ]

      By default, no VPN target is configured for BD EVPN instances. The import and export VPN targets of the local end must be the same as the export and import VPN targets of the remote end, respectively.

   6. (Optional) Associate the EVPN instance with an import route-policy.

      import route-policy policy-name

      By default, an EVPN instance matches the export VPN targets of received routes against its import VPN targets to determine whether to import these routes. Perform this step to associate the EVPN instance with an import route-policy and set attributes for eligible routes. This enables you to control the routes to be imported into the EVPN instance more precisely.

   7. (Optional) Associate the EVPN instance with an export route-policy.

      export route-policy policy-name

      By default, an EVPN instance adds all VPN targets in the export VPN target list to EVPN routes to be advertised to its peers. Perform this step to associate the EVPN instance with an export route-policy and set attributes for eligible routes. This enables you to control the routes to be advertised more precisely.

   8. (Optional) Disable the device from sending local MAC routes with the current VNI to the EVPN peer.

      mac-route no-advertise

      Local MAC routes can be advertised by default. In Layer 3 gateway scenarios where Layer 2 traffic forwarding is not involved, perform this step to disable local MAC routes carrying the current VNI from being advertised to the EVPN peer gateway. This configuration prevents an EVPN peer gateway from receiving unnecessary MAC routes, thereby conserving device resources.

   9. (Optional) Disable the device from generating an EVPN MAC route when the local MAC address exists in both a MAC address entry and an ARP/ND entry.

      local mac-only-route no-generate

      If a MAC address entry and an ARP/ND entry on the local gateway both contain the local MAC address, the gateway generates both an EVPN MAC/IP route and an EVPN MAC route by default. To optimize memory utilization, perform this step so that the gateway generates only an EVPN MAC/IP route. To ensure normal Layer 2 traffic forwarding, run the mac-ip route generate-mac command on the peer gateway to enable the function to generate MAC address entries based on MAC/IP routes.

   10. (Optional) Enable the function to generate MAC address entries based on MAC/IP routes.

       mac-ip route generate-mac

       By default, the function is not enabled.

       If the peer gateway is configured not to advertise MAC routes (using the mac-route no-advertise command) or not to generate MAC routes (using the local mac-only-route no-generate command), the local gateway cannot generate MAC entries by default. To ensure normal Layer 2 traffic forwarding, perform this step on the local gateway to enable the function to generate MAC entries based on MAC/IP routes.

   11. Exit the EVPN instance view.

       quit

   12. Exit the BD view and return to the system view.

       quit

5. Configure ingress replication.
   1. Create an NVE interface and enter its view.

      interface nve nve-number

   2. Configure an IP address for the source VTEP.

      source ip-address

      By default, no IP address is configured for a VTEP.

   3. Configure ingress replication.

      vni vni-id head-end peer-list protocol bgp

      By default, no ingress replication is configured for a VNI.

      After receiving a BUM packet, the ingress of a VXLAN tunnel replicates the packet and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets.

6. (Optional) Configure a MAC address for the NVE interface.

   mac-address mac-address

   In BGP EVPN-based VXLAN tunnel establishment scenarios that use distributed active-active VXLAN gateways, both active-active VXLAN gateways must have the same VTEP MAC address to ensure proper traffic forwarding.

7. (Optional) Enable subscription to the status of the exact route to the VXLAN tunnel destination. The VXLAN tunnel can go up only when the exact route to its destination IP address is reachable.

   quit
   vxlan tunnel-status track exact-route

   By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled. A VXLAN tunnel is considered up if the exact route of its source IP address and the route of the network segment where its destination IP address resides are reachable.

8. (Optional) Enable the device to use the extension mode when encapsulating the outer UDP source port number into VXLAN packets.

   assign forward nvo3 udp src-port extend enable

   By default, the device does not use the extension mode when encapsulating the outer UDP source port number into VXLAN packets.