Got it

EVPN CloudVPN Scenario Configuration

Latest reply: Jul 13, 2020 23:59:31 124 7 2 1

1. Network topology

The SNC functions as the RR and establishes BGP EVPN peer relationships with each FP. Configure a VXLAN tunnel between FP1 and FP2.

1

2. Configuration Procedure

2.1   Configuring OpenFlow

We only need to check EVPN configurations on the logical FP. Therefore, no forwarder is configured, and only configure on the SNC.

sdn controller

openflow listening-ip 99.1.1.1------(IP address of the controller for listening)

fp-id 1

type huawei-default

version default

role default

openflow controller

peer-address 99.1.1.2--------(IP address of the forwarder)

fp-id 2

type huawei-default

version default

role default

openflow controller

peer-address 99.1.1.9

In this case, you can enter the FP view for configuration.

2.2  Configuring VXLAN

Here, a Layer 2 VXLAN and a Layer 3 VXLAN are configured.

FP1:

bridge-domain 1---------(creat a BD)

vxlan vni 1-------- (bound to the VNI)

arp l2-proxy enable----------(Layer 2 proxy ARP is an effective method to reduce ARP processing pressure. It isolates ARP broadcast domains and preferentially performs local Layer 2 proxy for ARP requests. It learns user information by connecting gateways and user access devices or aggregation devices (TOR/EOR switches in data centers). When receiving an ARP request packet, the device directly responds to the ARP request packet if it can find the information about the destination user of the ARP request packet. Using Layer 2 proxy ARP can effectively isolate the ARP broadcast domain and reduce the impact of ARP broadcast.)

bridge-domain 2

vxlan vni 2

#

interface Nve1:1----------------(Layer 2 VXLAN)

source 20.2.2.2

vni 1 head-end peer-list 20.2.2.20

#

interface Nve1:2-------------------(Layer 3 VXLAN)

mode l3

source 100.1.1.1

vni 2 head-end peer-list 100.1.1.10

#

interface Vbdif1:1

mac-address 0001-0001-0001-----------(Gateway MAC address)

ip binding vpn-instance _SNC_1

ip address 193.2.1.2 255.255.255.0

arp distribute-gateway enable------------(Distributed gateway)

arp direct-route enable

#

interface Vbdif1:2

ip binding vpn-instance _SNC_1

#

interface vServiceIf1:1----------------------(Bind the physical interface.)

binding interface Ethernet3/0/1

#

interface vServiceIf1:1.100 mode l2-----------(Layer 2 sub-interface)

encapsulation dot1q vid 100--------------(VLAN tag encapsulation)

rewrite pop single-----------(The outer tag is removed for received packets.) 

bridge-domain 1-----------(bound to BD1)

#

interface vServiceIf1:2

binding interface Ethernet3/0/2

#

interface vServiceIf1:2.100

ip binding vpn-instance _SNC_1

ip address 34.1.1.2 255.255.255.0

encapsulation dot1q-termination

dot1q termination vid 2

arp broadcast enable

#

FP2:

#

bridge-domain 1

vxlan vni 1

arp l2-proxy enable

#

bridge-domain 2

vxlan vni 2

#

interface Nve2:1

source 20.2.2.20

vni 1 head-end peer-list 20.2.2.2

#

interface Nve2:2

mode l3

source 100.1.1.10

vni 2 head-end peer-list 100.1.1.1

#

interface Vbdif2:1

mac-address 0001-0001-0002

ip binding vpn-instance _SNC_1

ip address 193.2.1.1 255.255.255.0

arp distribute-gateway enable

arp direct-route enable

#

interface Vbdif2:2

ip binding vpn-instance _SNC_1

#

interface vServiceIf2:2

binding interface Ethernet3/0/1

#

interface vServiceIf2:2.100 mode l2

encapsulation dot1q vid 100

rewrite pop single

bridge-domain 1

#

interface vServiceIf2:3

binding interface Ethernet3/0/3

#

interface vServiceIf2:3.100

ip binding vpn-instance _SNC_1

ip address 67.1.1.1 255.255.255.0

encapsulation dot1q-termination

dot1q termination vid 2

arp broadcast enable

#

Configuration result

1

1

2.3  Configure BGP EVPN peers.

In this example, the SNC functions as an RR to establish BGP EVPN peer relationships with FP1 and FP2.

SNC:

interface vShortcutif0

ip address 10.2.3.3 255.255.255.255------(Configure an IP address for BGP connections.)

bgp 100

router-id 10.2.3.3

peer 100.1.1.1 as-number 100-------- (Specify the IP address and AS number of the BGP peer.)

peer 100.1.1.1 connect-interface vShortcutif0------- (specified interface)

peer 100.1.1.10 as-number 100

peer 100.1.1.10 connect-interface vShortcutif0

#

ipv4-family unicast

undo synchronization

peer 100.1.1.1 enable

peer 100.1.1.1 reflect-client--------(FP1 is configured as the RR client of the SNC.)

peer 100.1.1.10 enable

peer 100.1.1.10 reflect-client

#

l2vpn-family evpn

reflector cluster-id 167904003------(Reflector)

undo policy vpn-target

peer 100.1.1.1 enable-------(Configure a BGP EVPN peer.)

peer 100.1.1.1 reflect-client

peer 100.1.1.10 enable

peer 100.1.1.10 reflect-client

FP1:

bgp 100

router-id 100.1.1.1

peer 10.2.3.3 as-number 100

peer 10.2.3.3 connect-interface vShortcutif0

#

ipv4-family unicast

peer 10.2.3.3 enable

#

ipv4-family vpn-instance _SNC_1

import-route bgp-evrf------------ (Import BGP EVRF address family routes.)

#

l2vpn-family evpn

policy vpn-target------------------(Set EVPN route cross, IRT, and ERT.)

peer 10.2.3.3 enable

FP2:

bgp 100

router-id 100.1.1.10

peer 10.2.3.3 as-number 100

peer 10.2.3.3 connect-interface vShortcutif0

#

ipv4-family unicast

peer 10.2.3.3 enable

#

ipv4-family vpn-instance _SNC_1

import-route bgp-evrf------------ (Import BGP EVRF address family routes.)

#

l2vpn-family evpn

policy vpn-target

peer 10.2.3.3 enable

Configuration result

1

2.4  Configure an EVPN instance.

FP1:

evpn vpn-instance _SNC_1 vxlan-mode--------- (Configure an EVPN instance and specify the VXLAN mode.)

route-distinguisher 100.1.1.1:6------- (Configure a route distinguisher to distinguish instances.)

description vni-init:2

vpn-target 2:65535 export-extcommunity

vpn-target 2:65535 import-extcommunity

#

evpn vpn-instance _SNC_EVRF_FOR_VDC_L2 vxlan-mode

route-distinguisher 100.1.1.1:3

description vni-init:0

l2 vni all-------(The EVRF subscribes to all MAC/IP routes of the device from the VSTM.)

vpn-target 1:65535 import-extcommunity

#

ip vpn-instance _SNC_1

description 1

ipv4-family

route-distinguisher 100.1.1.1:5

vpn-target 2:65535 export-extcommunity

vpn-target 2:65535 import-extcommunity

vxlan vni 2------------(Specified L3 VNI, from VSTM)

#

bgp 100

#

evpn vpn-instance _SNC_1-------- (Enter the BGP EVPN address family.)

import-route direct-host ip-vpn-instance _SNC_1------ (Importing L3VPN Routes)

import-route direct-subnet ip-vpn-instance _SNC_1

import-route bgp ip-vpn-instance _SNC_1

distribute prefix-route ip-vpn-instance _SNC_1------- (delivering prefix routes to a specified L3VPN)

FP2:

evpn vpn-instance _SNC_1 vxlan-mode

route-distinguisher 100.1.1.10:8

description vni-init:2

vpn-target 2:65535 export-extcommunity

vpn-target 2:65535 import-extcommunity

#

evpn vpn-instance _SNC_EVRF_FOR_VDC_L2 vxlan-mode

route-distinguisher 100.1.1.10:4

description vni-init:0

l2 vni all

vpn-target 1:65535 import-extcommunity

#

ip vpn-instance _SNC_1

description 1

ipv4-family

route-distinguisher 100.1.1.10:7

vpn-target 2:65535 export-extcommunity

vpn-target 2:65535 import-extcommunity

vxlan vni 2

#

bgp 100

#

evpn vpn-instance _SNC_1

import-route direct-host ip-vpn-instance _SNC_1

import-route direct-subnet ip-vpn-instance _SNC_1

import-route bgp ip-vpn-instance _SNC_1

distribute prefix-route ip-vpn-instance _SNC_1

Configuration result

1

1

2.5  Configuring a User

Configure users to go online through XML packets.

FP1:

user 193.2.1.2 0001-0001-0001 vni 1 pe-vlan 0 ce-vlan 0 role gateway

FP2:

user 193.2.1.1 0001-0001-0002 vni 1 pe-vlan 0 ce-vlan 0 role gateway

role indicates the user mode, which can be gateway or vm interface vServiceif1:1.100.

2.6 Check the MAC addresses and prefixes of EVPN routes.

Here, only the information on FP1 is viewed. FP2 is symmetrical.

1

As shown in the preceding figure:

MAC route: The next hop obtained by the EVPN instance _SNC_EVRF_FOR_VDC_L2 is 20.2.2.20 (VXLAN VTEP IP address of FP2). The l2 vni all command imports all Layer 2 VXLAN routes to the _SNC_EVRF_FOR_VDC_L2 and advertises them to the SNC through BGP EVPN peers, the snc is released to FP1.

Prefix route: The _SNC_1 instance imports the L3VPN route to the EVPN instance. The VXLAN VNI 2 of the L3VPN imports the Layer 3 VXLAN to the VPN. The EVPN instance of the _SNC_1 has the route and advertises it to FP2.

View the detailed information.

1

The MAC route to 193.2.1.1 is from 10.2.3.3 (vShortcutif address of the SNC), and the Not advertised to any peer yet field indicates that FP1 has no BGP peer except the SNC and does not advertise the route.

1

The prefix route of 193.2.1.0/24 comes from the local FP and SNC. The prefix route of the local FP is advertised to 10.2.3.3 (SNC), and the prefix route of the second FP is not advertised because it comes from the SNC.

  • x
  • convention:

Created May 30, 2020 12:17:14 Helpful(0) Helpful(0)

Thank you for your support
View more
  • x
  • convention:

Created May 30, 2020 12:17:33 Helpful(0) Helpful(0)

Great idea
View more
  • x
  • convention:

Created May 31, 2020 02:30:42 Helpful(0) Helpful(0)

I think is great
View more
  • x
  • convention:

Created May 31, 2020 02:30:51 Helpful(0) Helpful(0)

EVPN CloudVPN Scenario Configuration-3323115-1
View more
  • x
  • convention:

MVE Created May 31, 2020 07:20:03 Helpful(0) Helpful(0)

Good scenario
View more
  • x
  • convention:

Created Jun 10, 2020 02:19:02 Helpful(0) Helpful(0)

Thank you
View more
  • x
  • convention:

Created 2 days 23:59 Helpful(0) Helpful(0)

Thanks
View more
  • x
  • convention:

Comment

Comment
You need to log in to comment to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.