This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
Why VXLAN L3 gateway allw...

Why VXLAN L3 gateway allways associated with a L3VPN (VPN instance)?

Created: Apr 9, 2019 06:33:55Latest reply: Apr 10, 2019 19:09:14 145 4 0 0
  Rewarded Hi-coins: 0 (problem resolved)
display all floors #1

Hello,


I´ve been reading the documentation on HEDEX for CloudEngine 6800, 7800 Series switches, and all the examples we see about VXLAN implementation, the L3VXLAN Gateway (VBDIf) is binded to a vpn-instance.


I wonder why it is so... the VBDIf cannot run on the public instance instead?

In case the VBDIf must run on a private vpn-instance, how can we export evpn host-routes to the public routing table?

VXLANvpn-instancevpnv4mplsvbdif
  • x
  • convention:

I have this problem too (0) Favorite(0) Share Report
Featured Answers
Admin Created Apr 9, 2019 09:39:50 Helpful(0) Helpful(0)

@Brunno hi!

The vbdif can be implemented on the public instance, please refer to the example:http://support.huawei.com/hedex/ ... 0168680&lang=en.

Path: Configuration > VXLAN configuration guide > Configuration examples for VXLANS > Example for configuring VXLAN using centralized gateway deployment in static mode.
  • x
  • convention:
All Answers
chenhui Admin Created Apr 9, 2019 09:23:59 Helpful(0) Helpful(0)

we can using route leaking to export the vpn-instance routing information to the public routing table.
  • x
  • convention:
chenhui Admin Created Apr 9, 2019 09:39:50 Helpful(0) Helpful(0)

@Brunno hi!

The vbdif can be implemented on the public instance, please refer to the example:http://support.huawei.com/hedex/ ... 0168680&lang=en.

Path: Configuration > VXLAN configuration guide > Configuration examples for VXLANS > Example for configuring VXLAN using centralized gateway deployment in static mode.
  • x
  • convention:
Brunno Created Apr 10, 2019 01:50:13 Helpful(0) Helpful(0)

Thanks for your support.
We´ve tried to leak host routes from the vpn-instance to the public instance, but when we tried to leak host routes form DIRECT (ARP/host route) and BGP (IBGP VPNv4 EVPN host route), but we only see the DIRECT subnet prefix being leaked to the public table.



Find the config below:

#
ip vpn-instance vxlan
ipv4-family
route-distinguisher 1:666
vpn-target 1:999 export-extcommunity evpn
vpn-target 1:999 import-extcommunity evpn
vxlan vni 5010
#

#
bridge-domain 999
statistics enable
description TESTE_VXLAN
vxlan vni 999
evpn
route-distinguisher 1:999
vpn-target 1:999 export-extcommunity
vpn-target 1:999 import-extcommunity
#

#
interface Vbdif999
ip binding vpn-instance vxlan
ip address 10.99.99.1 255.255.255.0
mac-address 0000-5e00-0010
vxlan anycast-gateway enable
arp collect host enable
#
#
ip import-rib vpn-instance vxlan protocol direct
#
ipv4-family unicast
import-route direct
import-route static
import-rib vpn-instance vxlan valid-route
peer 172.17.18.235 enable
#
#
l2vpn-family evpn
undo policy vpn-target
peer 172.17.18.235 enable
peer 172.17.18.235 advertise irb
#

VPN-INSTANCE routing-table on DC_CORE_1 (172.17.18.236):

<DC_CORE_1> disp ip routing-table vpn-instance vxlan
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vxlan
Destinations : 7 Routes : 7

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 172.17.18.254 Vlanif1802
10.99.99.0/24 Direct 0 0 D 10.99.99.1 Vbdif999
10.99.99.1/32 Direct 0 0 D 127.0.0.1 Vbdif999
10.99.99.40/32 IBGP 255 0 RD 172.17.18.235 VXLAN
10.99.99.41/32 IBGP 255 0 RD 172.17.18.235 VXLAN
10.99.99.255/32 Direct 0 0 D 127.0.0.1 Vbdif999
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<DC_CORE_1>

VPN-INSTANCE ARP table on DC_CORE_1:

<DC_CORE_1>disp arp vpn-instance vxlan
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time VLAN:VLAN or Bridge Domain

IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
------------------------------------------------------------------------------
10.99.99.1 0000-5e00-0010 I Vbdif999 vxlan
10.99.99.50 0050-56bd-ca62 19 D/BD999 Eth-Trunk2.999 vxlan
10.99.99.100 Incomplete 1 D Vbdif999 vxlan
------------------------------------------------------------------------------
Total:3 Dynamic:2 Static:0 Interface:1 OpenFlow:0


Public routing-table for 10.99.99.x on DC_CORE_1:

<DC_CORE_1>disp ip routing-table | i 10.99.99.
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 5838 Routes : 5838

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.99.99.0/24 Direct 0 0 D 10.99.99.1 Vbdif999
10.99.99.1/32 Direct 0 0 D 127.0.0.1 Vbdif999
10.99.99.255/32 Direct 0 0 D 127.0.0.1 Vbdif999

BGP EVPN routing-table on DC_CORE_1:
<DC_CORE_1>disp bgp vpnv4 vpn-instance vxlan routing-table

BGP Local router ID is 172.17.18.236
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found


VPN-Instance vxlan, Router ID 172.17.18.236:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.99.99.0/24 0.0.0.0 0 0 ?
*> 10.99.99.1/32 0.0.0.0 0 0 ?
*>i 10.99.99.40/32 172.17.18.235 100 0 ?
*>i 10.99.99.41/32 172.17.18.235 100 0 ?

----------------------------------------------------------------------------------------------------------------------------------
We expect to see the host routes of L3VPN IBGP listed above leaked to the public instance, but only the /24 subnet prefix (imported via "ip import-rib vpn-instance vxlan protocol direct" command).

How to see host routes from L3VPN BGP on public routing table?
How to see the host routes from ARP (local) on public routing table?
  • x
  • convention:
chenhui Admin Created Apr 10, 2019 19:09:14 Helpful(0) Helpful(0)

Posted by Brunno at 2019-04-10 01:50 Thanks for your support. We´ve tried to leak host routes from the vpn-instance to the public instan ...
Please check if there is a route could reach the next hop of the BGP route imported from vpn-instance.
or you can give a topology and detailed configuration,
  • x
  • convention:
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Fast reply Scroll to top