< Home

Example for Configuring VXLAN for a Virtual Network in Distributed Gateway Mode (BGP EVPN Mode)

Networking Requirements

An enterprise has constructed a mature campus network but does not have a dedicated data center network. All the servers of the enterprise are scattered in different departments and do not support centralized placement. The enterprise wants to construct a virtual data center network over the existing campus network to meet the following requirements:
  • Servers scattered in different departments form a virtual network, realizing resource integration and flexible service deployment.
  • A lot of VMs are deployed on servers. VMs in the same network segment achieve Layer 2 interconnection while VMs in different network segments achieve Layer 3 interconnection.
  • The VXLAN Layer 3 gateway is moved downward to the VXLAN access device. The distributed gateway is deployed on the access device to optimize forwarding paths.
  • The core device is responsible for communication between the VXLAN network and external networks.
As shown in Figure 1, enterprise servers are deployed at different positions. Server1 and Server3 are in one network segment while Server2 and Server4 are in another network segment. Virtual extensible LAN (VXLAN) tunnels need to be used for Layer 2 interconnection between servers in the same network segment and for Layer 3 interconnection between servers in different network segments.
Figure 1 Configuring VXLAN for a virtual network in distributed gateway mode (BGP EVPN)

This example uses the S6730-S, S6730S-S, S5732-H, S5731-S, S5731S-S, S5731S-H, S6730-H, S6730S-H, S5731-H, S5720-HI, S5730-HI, or S6720-HI as an example to describe the configuration.

Data Preparation

Table 1 Configuring BGP EVPN-related data

Device

EVPN Instance

RD Value

BD

VNI

Router ID

Peer IP

VTEP1

-

-

-

-

10.1.1.1

10.2.2.2

10.3.3.3

VTEP2
evpn10:
  • IRT:10:1
  • ERT:10:1; 1:100

1:10

10

10

10.2.2.2

10.1.1.1

10.3.3.3
evpn20:
  • IRT:20:1
  • ERT:20:1; 1:100

1:20

20

20

10.2.2.2

10.1.1.1

10.3.3.3

VTEP3
evpn10:
  • IRT:10:1
  • ERT:10:1; 1:100

2:10

10

10

10.3.3.3

10.1.1.1

10.2.2.2
evpn20:
  • IRT:20:1
  • ERT:20:1; 1:100

2:20

20

20

10.3.3.3

10.1.1.1

10.2.2.2
Table 2 Configuring VPN instance-related data

Device

Interface

VPN Instance

VNI

RD Value

VTEP1

-
vpn1:
  • IRT(EVPN): 1:100
  • ERT(EVPN): 1:100

100

1:100

VTEP2

VBDIF 10
vpn1:
  • IRT(EVPN): 1:100
  • ERT(EVPN): 1:100

100

2:100

VBDIF 20

VTEP3

VBDIF 10
vpn1:
  • IRT(EVPN): 1:100
  • ERT(EVPN): 1:100

100

3:100

VBDIF 20
Figure 2 Overlapped RT configuration of EVPN and VPN instances

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol on VTEP1, VTEP2, and VTEP3 to ensure Layer 3 interconnection.
  2. Configure a deployment mode for the VXLAN access service on VTEP2 and VTEP3, and configure a VLAN on Switch2 and Switch3.
  3. Configure an EVPN instance on VTEP2 and VTEP3, and bind the instance to a bridge domain (BD).
  4. Configure a VPN instance on VTEP1, VTEP2, and VTEP3, and bind the VPN instance to a VBDIF interface on VTEP2 and VTEP3.
  5. Configure a BGP EVPN peer relationship between VTEP1, VTEP2, and VTEP3.
  6. Configure the destination address of the VXLAN tunnel on VTEP1, VTEP2, and VTEP3.
  7. Configure a VXLAN distributed gateway on VTEP2 and VTEP3.
  8. Configure a default route on VTEP1 and import BGP routes. VTEP1 is responsible for communication between users in the campus and those outside the campus.

Layer 3 interconnection of the campus network is the basis of the virtual network. If Layer 3 interconnection has been implemented on the existing campus network, ignore step 1.

Procedure

  1. Configure a routing protocol.

    # Configure IP addresses of interfaces on VTEP2. The configurations of VTEP1 and VTEP3 are similar to those of VTEP2, and are not mentioned here. When OSPF is used, the 32-bit loopback interface addresses of devices must be advertised.

    <HUAWEI> system-view
[HUAWEI] sysname VTEP2
[VTEP2] interface loopback 1
[VTEP2-LoopBack1] ip address 10.2.2.2 32
[VTEP2-LoopBack1] quit
[VTEP2] interface gigabitethernet 0/0/1
[VTEP2-GigabitEthernet0/0/1] undo portswitch
[VTEP2-GigabitEthernet0/0/1] ip address 192.168.1.1 24
[VTEP2-GigabitEthernet0/0/1] quit
[VTEP2] ospf router-id 10.2.2.2
[VTEP2-ospf-1] area 0
[VTEP2-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0
[VTEP2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[VTEP2-ospf-1-area-0.0.0.0] quit
[VTEP2-ospf-1] quit

    # After OSPF is configured, VTEP1, VTEP2, and VTEP3 can learn the loopback interface address of each other and successfully ping each other. The following shows the result when VTEP2 pings VTEP3.

    [VTEP2] ping 10.3.3.3
  PING 10.3.3.3: 56  data bytes, press CTRL_C to break
    Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=253 time=240 ms
    Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=253 time=5 ms
    Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=253 time=5 ms
    Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=253 time=14 ms
    Reply from 10.3.3.3: bytes=56 Sequence=5 ttl=253 time=5 ms

  --- 10.3.3.3 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 5/53/240 ms

  2. Configure VLAN access on Switch2 and Switch3 and configure the access point for the VXLAN service on VTEP2 and VTEP3.

    # Configure Switch2.

    <HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan batch 10 20
[Switch2] interface gigabitethernet 0/0/2
[Switch2-GigabitEthernet0/0/2] port link-type access
[Switch2-GigabitEthernet0/0/2] port default vlan 10
[Switch2-GigabitEthernet0/0/2] quit
[Switch2] interface gigabitethernet 0/0/3
[Switch2-GigabitEthernet0/0/3] port link-type access
[Switch2-GigabitEthernet0/0/3] port default vlan 20
[Switch2-GigabitEthernet0/0/3] quit
[Switch2] interface gigabitethernet 0/0/1
[Switch2-GigabitEthernet0/0/1] port link-type trunk
[Switch2-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch2-GigabitEthernet0/0/1] quit

    # Configure Switch3.

    <HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan batch 10 20
[Switch3] interface gigabitethernet 0/0/2
[Switch3-GigabitEthernet0/0/2] port link-type access
[Switch3-GigabitEthernet0/0/2] port default vlan 10
[Switch3-GigabitEthernet0/0/2] quit
[Switch3] interface gigabitethernet 0/0/3
[Switch3-GigabitEthernet0/0/3] port link-type access
[Switch3-GigabitEthernet0/0/3] port default vlan 20
[Switch3-GigabitEthernet0/0/3] quit
[Switch3] interface gigabitethernet 0/0/1
[Switch3-GigabitEthernet0/0/1] port link-type trunk
[Switch3-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[Switch3-GigabitEthernet0/0/1] quit

    # Configure VTEP2.

    [VTEP2] bridge-domain 10
[VTEP2-bd10] quit
[VTEP2] vcmp role silent
[VTEP2] interface gigabitethernet 0/0/2
[VTEP2-GigabitEthernet0/0/2] port link-type trunk
[VTEP2-GigabitEthernet0/0/2] quit
[VTEP2] interface gigabitethernet 0/0/2.1 mode l2
[VTEP2-GigabitEthernet0/0/2.1] encapsulation dot1q vid 10
[VTEP2-GigabitEthernet0/0/2.1] bridge-domain 10
[VTEP2-GigabitEthernet0/0/2.1] quit
[VTEP2] bridge-domain 20
[VTEP2-bd20] quit
[VTEP2] interface gigabitethernet 0/0/2.2 mode l2
[VTEP2-GigabitEthernet0/0/2.2] encapsulation dot1q vid 20
[VTEP2-GigabitEthernet0/0/2.2] bridge-domain 20
[VTEP2-GigabitEthernet0/0/2.2] quit

    # Configure VTEP3.

    [VTEP3] bridge-domain 10
[VTEP3-bd10] quit
[VTEP3] vcmp role silent
[VTEP3] interface gigabitethernet 0/0/2
[VTEP3-GigabitEthernet0/0/2] port link-type trunk
[VTEP3-GigabitEthernet0/0/2] quit
[VTEP3] interface gigabitethernet 0/0/2.1 mode l2
[VTEP3-GigabitEthernet0/0/2.1] encapsulation dot1q vid 10
[VTEP3-GigabitEthernet0/0/2.1] bridge-domain 10
[VTEP3-GigabitEthernet0/0/2.1] quit
[VTEP3] bridge-domain 20
[VTEP3-bd20] quit
[VTEP3] interface gigabitethernet 0/0/2.2 mode l2
[VTEP3-GigabitEthernet0/0/2.2] encapsulation dot1q vid 20
[VTEP3-GigabitEthernet0/0/2.2] bridge-domain 20
[VTEP3-GigabitEthernet0/0/2.2] quit

  3. Configure an EVPN instance on VTEP2 and VTEP3, and bind the instance to a BD.

    # Configure VTEP2.

    [VTEP2] evpn vpn-instance evpn10 bd-mode
[VTEP2-evpn-instance-evpn10] route-distinguisher 1:10
[VTEP2-evpn-instance-evpn10] vpn-target 10:1 both
[VTEP2-evpn-instance-evpn10] vpn-target 1:100 export-extcommunity
[VTEP2-evpn-instance-evpn10] quit
[VTEP2] bridge-domain 10
[VTEP2-bd10] vxlan vni 10
[VTEP2-bd10] evpn binding vpn-instance evpn10
[VTEP2-bd10] quit 
[VTEP2] evpn vpn-instance evpn20 bd-mode
[VTEP2-evpn-instance-evpn20] route-distinguisher 1:20
[VTEP2-evpn-instance-evpn20] vpn-target 20:1 both
[VTEP2-evpn-instance-evpn20] vpn-target 1:100 export-extcommunity
[VTEP2-evpn-instance-evpn20] quit
[VTEP2] bridge-domain 20
[VTEP2-bd20] vxlan vni 20
[VTEP2-bd20] evpn binding vpn-instance evpn20
[VTEP2-bd20] quit

    # Configure VTEP3.

    [VTEP3] evpn vpn-instance evpn10 bd-mode
[VTEP3-evpn-instance-evpn10] route-distinguisher 2:10
[VTEP3-evpn-instance-evpn10] vpn-target 10:1 both
[VTEP3-evpn-instance-evpn10] vpn-target 1:100 export-extcommunity
[VTEP3-evpn-instance-evpn10] quit
[VTEP3] bridge-domain 10
[VTEP3-bd10] vxlan vni 10
[VTEP3-bd10] evpn binding vpn-instance evpn10
[VTEP3-bd10] quit 
[VTEP3] evpn vpn-instance evpn20 bd-mode
[VTEP3-evpn-instance-evpn20] route-distinguisher 2:20
[VTEP3-evpn-instance-evpn20] vpn-target 20:1 both
[VTEP3-evpn-instance-evpn20] vpn-target 1:100 export-extcommunity
[VTEP3-evpn-instance-evpn20] quit
[VTEP3] bridge-domain 20
[VTEP3-bd20] vxlan vni 20
[VTEP3-bd20] evpn binding vpn-instance evpn20
[VTEP3-bd20] quit

  4. Configure a VPN instance on VTEP1, VTEP2, and VTEP3, and bind the VPN instance to a VBDIF interface on VTEP2 and VTEP3.

    # Configure VTEP1.

    [VTEP1] ip vpn-instance vpn1
[VTEP1-vpn-instance-vpn1] ipv4-family
[VTEP1-vpn-instance-vpn1-af-ipv4] route-distinguisher 1:100
[VTEP1-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn
[VTEP1-vpn-instance-vpn1-af-ipv4] quit
[VTEP1-vpn-instance-vpn1] vxlan vni 100
[VTEP1-vpn-instance-vpn1] quit

    # Configure VTEP2.

    [VTEP2] ip vpn-instance vpn1
[VTEP2-vpn-instance-vpn1] ipv4-family
[VTEP2-vpn-instance-vpn1-af-ipv4] route-distinguisher 2:100
[VTEP2-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn
[VTEP2-vpn-instance-vpn1-af-ipv4] quit
[VTEP2-vpn-instance-vpn1] vxlan vni 100
[VTEP2-vpn-instance-vpn1] quit
[VTEP2] interface vbdif 10
[VTEP2-Vbdif10] ip binding vpn-instance vpn1
[VTEP2-Vbdif10] quit 
[VTEP2] interface vbdif 20
[VTEP2-Vbdif20] ip binding vpn-instance vpn1
[VTEP2-Vbdif20] quit

    # Configure VTEP3.

    [VTEP3] ip vpn-instance vpn1
[VTEP3-vpn-instance-vpn1] ipv4-family
[VTEP3-vpn-instance-vpn1-af-ipv4] route-distinguisher 3:100
[VTEP3-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn
[VTEP3-vpn-instance-vpn1-af-ipv4] quit
[VTEP3-vpn-instance-vpn1] vxlan vni 100
[VTEP3-vpn-instance-vpn1] quit
[VTEP3] interface vbdif 10
[VTEP3-Vbdif10] ip binding vpn-instance vpn1
[VTEP3-Vbdif10] quit 
[VTEP3] interface vbdif 20
[VTEP3-Vbdif20] ip binding vpn-instance vpn1
[VTEP3-Vbdif20] quit

  5. Configure a BGP EVPN peer relationship between VTEP1, VTEP2, and VTEP3.

    # Configure VTEP1.

    [VTEP1] bgp 100
[VTEP1-bgp] router-id 10.1.1.1
[VTEP1-bgp] peer 10.2.2.2 as-number 100
[VTEP1-bgp] peer 10.2.2.2 connect-interface LoopBack1
[VTEP1-bgp] peer 10.3.3.3 as-number 100
[VTEP1-bgp] peer 10.3.3.3 connect-interface LoopBack1
[VTEP1-bgp] l2vpn-family evpn
[VTEP1-bgp-af-evpn] peer 10.2.2.2 enable
[VTEP1-bgp-af-evpn] peer 10.2.2.2 advertise irb
[VTEP1-bgp-af-evpn] peer 10.3.3.3 enable
[VTEP1-bgp-af-evpn] peer 10.3.3.3 advertise irb
[VTEP1-bgp-af-evpn] quit
[VTEP1-bgp] ipv4-family vpn-instance vpn1
[VTEP1-bgp-vpn1] advertise l2vpn evpn
[VTEP1-bgp-vpn1] import-route direct
[VTEP1-bgp-vpn1] quit
[VTEP1-bgp] quit

    # Configure VTEP2.

    [VTEP2] bgp 100
[VTEP2-bgp] router-id 10.2.2.2
[VTEP2-bgp] peer 10.1.1.1 as-number 100
[VTEP2-bgp] peer 10.1.1.1 connect-interface LoopBack1
[VTEP2-bgp] peer 10.3.3.3 as-number 100
[VTEP2-bgp] peer 10.3.3.3 connect-interface LoopBack1
[VTEP2-bgp] l2vpn-family evpn
[VTEP2-bgp-af-evpn] peer 10.1.1.1 enable
[VTEP2-bgp-af-evpn] peer 10.1.1.1 advertise irb
[VTEP2-bgp-af-evpn] peer 10.3.3.3 enable
[VTEP2-bgp-af-evpn] peer 10.3.3.3 advertise irb
[VTEP2-bgp-af-evpn] quit
[VTEP2-bgp] ipv4-family vpn-instance vpn1
[VTEP2-bgp-vpn1] advertise l2vpn evpn
[VTEP2-bgp-vpn1] import-route direct
[VTEP2-bgp-vpn1] quit
[VTEP2-bgp] quit

    # Configure VTEP3.

    [VTEP3] bgp 100
[VTEP3-bgp] router-id 10.3.3.3
[VTEP3-bgp] peer 10.1.1.1 as-number 100
[VTEP3-bgp] peer 10.1.1.1 connect-interface LoopBack1
[VTEP3-bgp] peer 10.2.2.2 as-number 100
[VTEP3-bgp] peer 10.2.2.2 connect-interface LoopBack1
[VTEP3-bgp] l2vpn-family evpn
[VTEP3-bgp-af-evpn] peer 10.1.1.1 enable
[VTEP3-bgp-af-evpn] peer 10.1.1.1 advertise irb
[VTEP3-bgp-af-evpn] peer 10.2.2.2 enable
[VTEP3-bgp-af-evpn] peer 10.2.2.2 advertise irb
[VTEP3-bgp-af-evpn] quit
[VTEP3-bgp] ipv4-family vpn-instance vpn1
[VTEP3-bgp-vpn1] advertise l2vpn evpn
[VTEP3-bgp-vpn1] import-route direct
[VTEP3-bgp-vpn1] quit
[VTEP3-bgp] quit

  6. Configure the destination address of the VXLAN tunnel on VTEP1, VTEP2, and VTEP3.

    # Configure VTEP1.

    [VTEP1] interface nve 1
[VTEP1-Nve1] source 10.1.1.1
[VTEP1-Nve1] quit

    # Configure VTEP2.

    [VTEP2] interface nve 1
[VTEP2-Nve1] source 10.2.2.2
[VTEP2-Nve1] vni 10 head-end peer-list protocol bgp
[VTEP2-Nve1] vni 20 head-end peer-list protocol bgp
[VTEP2-Nve1] quit

    # Configure VTEP3.

    [VTEP3] interface nve 1
[VTEP3-Nve1] source 10.3.3.3
[VTEP3-Nve1] vni 10 head-end peer-list protocol bgp
[VTEP3-Nve1] vni 20 head-end peer-list protocol bgp
[VTEP3-Nve1] quit

  7. Configure a VXLAN distributed gateway on VTEP2 and VTEP3.

    # Configure VTEP2.

    [VTEP2] interface vbdif 10
[VTEP2-Vbdif10] ip address 192.168.10.1 24
[VTEP2-Vbdif10] arp distribute-gateway enable
[VTEP2-Vbdif10] arp collect host enable
[VTEP2-Vbdif10] mac-address 0000-5e00-0101
[VTEP2-Vbdif10] quit
[VTEP2] interface vbdif 20
[VTEP2-Vbdif20] ip address 192.168.20.1 24
[VTEP2-Vbdif20] arp distribute-gateway enable
[VTEP2-Vbdif20] arp collect host enable
[VTEP2-Vbdif20] mac-address 0000-5e00-0102
[VTEP2-Vbdif20] quit

    # Configure VTEP3.

    [VTEP3] interface vbdif 10
[VTEP3-Vbdif10] ip address 192.168.10.1 24
[VTEP3-Vbdif10] arp distribute-gateway enable
[VTEP3-Vbdif10] arp collect host enable
[VTEP3-Vbdif10] mac-address 0000-5e00-0101
[VTEP3-Vbdif10] quit
[VTEP3] interface vbdif 20
[VTEP3-Vbdif20] ip address 192.168.20.1 24
[VTEP3-Vbdif20] arp distribute-gateway enable
[VTEP3-Vbdif20] arp collect host enable
[VTEP3-Vbdif20] mac-address 0000-5e00-0102
[VTEP3-Vbdif20] quit

  8. Configure a default route on VTEP1 and import BGP routes.

    # Configure VTEP1.

    [VTEP1] ip route-static vpn-instance vpn1 0.0.0.0 0 NULL0
[VTEP1] bgp 100
[VTEP1-bgp] ipv4-family vpn-instance vpn1
[VTEP1-bgp-vpn1] import-route static
[VTEP1-bgp-vpn1] default-route imported
[VTEP1] quit

  9. Verify configuration results.

    # After the preceding configuration, run the display vxlan vni and display vxlan tunnel commands on VTEP1, VTEP2, and VTEP3. You can view that the VNI state is up and VXLAN tunnel information is displayed. The following shows the result of VTEP2.

    [VTEP2] display vxlan vni
 VNI               BD-ID             State
 -----------------------------------------
 10                10                up   
 20                20                up   
 -----------------------------------------
 Number of vxlan vni bound to BD is : 2 

 VNI               VRF-ID            
 -----------------------------------------
 100               1                 
 -----------------------------------------
 Number of vxlan vni bound to VPN is : 1

    [VTEP2] display vxlan tunnel
 Tunnel ID       Source              Destination         State     Type      
 ----------------------------------------------------------------------------
 4026531841      10.2.2.2            10.3.3.3            up        l2 dynamic
 1               10.2.2.2            10.1.1.1            up        l3 dynamic
 2               10.2.2.2            10.3.3.3            up        l3 dynamic
 ----------------------------------------------------------------------------
 Number of vxlan tunnel : 
 Total : 3    Static: 0    L2 dynamic: 1    L3 dynamic: 2

    # After the configuration, users in the same network segment achieve Layer 2 interconnection. The following shows the result when Server1 VM1 pings Server3 VM1.

    C:\Users\VM1>ping 192.168.10.11

Pinging 192.168.10.11 with 32 bytes of data:
Reply from 192.168.10.11: bytes=32 time=1ms TTL=126
Reply from 192.168.10.11: bytes=32 time=1ms TTL=126
Reply from 192.168.10.11: bytes=32 time=1ms TTL=126
Reply from 192.168.10.11: bytes=32 time=1ms TTL=126

Ping statistics for 192.168.10.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

    # Users in different network segments achieve Layer 3 interconnection. The following shows the result when Server1 VM1 pings Server4 VM1.

    C:\Users\VM1>ping 192.168.20.11

Pinging 192.168.20.11 with 32 bytes of data:
Reply from 192.168.20.11: bytes=32 time=1ms TTL=126
Reply from 192.168.20.11: bytes=32 time=1ms TTL=126
Reply from 192.168.20.11: bytes=32 time=1ms TTL=126
Reply from 192.168.20.11: bytes=32 time=1ms TTL=126

Ping statistics for 192.168.20.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

  10. Verify the VM migration result.

    For example, VM1 (IP address: 192.168.10.10) is migrated from Server1 to Server3. Compare the ARP entries of VTEP2 and VTEP3 and the routing tables of VTEP1 before and after the migration to verify the migration result.

    Before the migration:

    # Check the routing table of VPN instance vpn1 on VTEP1.

    [VTEP1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: vpn1
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0           D   0.0.0.0         NULL0
   192.168.10.0/24  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.10.10/32  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.10.11/32  IBGP    255  0          RD   10.3.3.3        VXLAN
   192.168.20.0/24  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.20.10/32  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.20.11/32  IBGP    255  0          RD   10.3.3.3        VXLAN

    # Check the ARP table of VPN instance vpn1 on VTEP2.

    [VTEP2] display arp vpn-instance vpn1
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
                                    VLAN/CEVLAN(SIP/DIP)
------------------------------------------------------------------------------
192.168.10.1    0000-5e00-0101            I -         Vbdif10        vpn1               
192.168.10.10   0487-ea11-1502  3         D-0         GE0/0/2.1      vpn1               
                                            10/-
192.168.20.1    0000-5e00-0102            I -         Vbdif20        vpn1               
192.168.20.10   0487-ea41-1503  20        D-0         GE0/0/2.2       vpn1               
                                            20/-
------------------------------------------------------------------------------
Total:4         Dynamic:2       Static:0     Interface:2

    # Check the ARP table of VPN instance vpn1 on VTEP3.

    [VTEP3] display arp vpn-instance vpn1
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
                                    VLAN/CEVLAN(SIP/DIP)
------------------------------------------------------------------------------
192.168.10.1    0000-5e00-0101            I -         Vbdif10        vpn1               
192.168.10.11   0487-ea01-0506  17        D-0         GE0/0/2.1      vpn1               
                                            10/-
192.168.20.1    0000-5e00-0102            I -         Vbdif20        vpn1               
192.168.20.11   0487-ea81-0507  16        D-0         GE0/0/2.2      vpn1               
                                            20/-
------------------------------------------------------------------------------
Total:4         Dynamic:2       Static:0     Interface:2

    After the migration:

    # Check the routing table of VPN instance vpn1 on VTEP1.

    [VTEP1] display ip rputing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: vpn1
         Destinations : 6        Routes : 6        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0           D   0.0.0.0         NULL0
   192.168.10.0/24  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.10.10/32  IBGP    255  0          RD   10.3.3.3        VXLAN
  192.168.10.11/32  IBGP    255  0          RD   10.3.3.3        VXLAN
   192.168.20.0/24  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.20.10/32  IBGP    255  0          RD   10.2.2.2        VXLAN
  192.168.20.11/32  IBGP    255  0          RD   10.3.3.3        VXLAN

    # Check the ARP table of VPN instance vpn1 on VTEP2.

    [VTEP2] display arp vpn-instance vpn1
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
                                    VLAN/CEVLAN(SIP/DIP)
------------------------------------------------------------------------------
192.168.10.1    0000-5e00-0101            I -         Vbdif10        vpn1               
192.168.20.1    0000-5e00-0102            I -         Vbdif20        vpn1               
192.168.20.10   0487-ea41-1503  11        D-0         GE0/0/2.2      vpn1               
                                            20/-
------------------------------------------------------------------------------
Total:3         Dynamic:1       Static:0     Interface:2

    # Check the ARP table of VPN instance vpn1 on VTEP3.

    [VTEP3] display arp vpn-instance vpn1
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE 
                                    VLAN/CEVLAN(SIP/DIP)
------------------------------------------------------------------------------
192.168.10.1    0000-5e00-0101            I -         Vbdif10        vpn1               
192.168.10.11   0487-ea01-0506  11        D-0         GE0/0/2.1      vpn1               
                                            10/-
192.168.10.10   0487-ea11-1502  19        D-0         GE0/0/2.1      vpn1               
                                            10/-
192.168.20.1    0000-5e00-0102            I -         Vbdif20        vpn1               
192.168.20.11   0487-ea81-0507  9         D-0         GE0/0/2.2     vpn1               
                                            20/-
------------------------------------------------------------------------------
Total:5         Dynamic:3       Static:0     Interface:2

    # Compare the ARP entries of VTEP2 and VTEP3 and the routing tables of VTEP1 before and after the migration. The preceding command outputs show that the ARP entry of VM1 is deleted from the ARP table of VTEP2 and added to the ARP table of VTEP3, and the host route of VM1 is also switched from VTEP2 to VTEP3, ensuring the network connectivity after the migration.

Configuration Files

  • VTEP1 configuration file

    #
sysname VTEP1
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 1:100
  vpn-target 1:100 export-extcommunity evpn
  vpn-target 1:100 import-extcommunity evpn
 vxlan vni 100
#
interface GigabitEthernet0/0/1
 undo portswitch
 ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
 undo portswitch
 ip address 192.168.2.1 255.255.255.0
#
interface LoopBack1
 ip address 10.1.1.1 255.255.255.255
#
interface Nve1
 source 10.1.1.1
#
bgp 100
 router-id 10.1.1.1
 peer 10.2.2.2 as-number 100
 peer 10.2.2.2 connect-interface LoopBack1
 peer 10.3.3.3 as-number 100
 peer 10.3.3.3 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 10.2.2.2 enable
  peer 10.3.3.3 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 10.2.2.2 enable
  peer 10.2.2.2 advertise irb
  peer 10.3.3.3 enable
  peer 10.3.3.3 advertise irb
 #
 ipv4-family vpn-instance vpn1
  default-route imported
  import-route direct
  import-route static
  advertise l2vpn evpn
#
ospf 1 router-id 10.1.1.1
 area 0.0.0.0
  network 10.1.1.1 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.2.0 0.0.0.255
#
ip route-static vpn-instance vpn1 0.0.0.0 0 NULL0
#
return

  • VTEP2 configuration file

    #
sysname VTEP2
#
vcmp role silent
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 2:100
  vpn-target 1:100 export-extcommunity evpn
  vpn-target 1:100 import-extcommunity evpn
 vxlan vni 100
#
evpn vpn-instance evpn10 bd-mode
 route-distinguisher 1:10
 vpn-target 1:100 10:1 export-extcommunity
 vpn-target 10:1 import-extcommunity
#
evpn vpn-instance evpn20 bd-mode
 route-distinguisher 1:20
 vpn-target 1:100 20:1 export-extcommunity
 vpn-target 20:1 import-extcommunity
#
bridge-domain 10
 vxlan vni 10
 evpn binding vpn-instance evpn10
bridge-domain 20
 vxlan vni 20
 evpn binding vpn-instance evpn20
#
interface GigabitEthernet0/0/1
 undo portswitch
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
 port link-type trunk
#
interface GigabitEthernet0/0/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GigabitEthernet0/0/2.2 mode l2
 encapsulation dot1q vid 20
 bridge-domain 20
#
interface LoopBack1
 ip address 10.2.2.2 255.255.255.255
#
interface Vbdif10
 mac-address 0000-5e00-0101
 ip binding vpn-instance vpn1
 arp collect host enable
 arp distribute-gateway enable
 ip address 192.168.10.1 255.255.255.0
#
interface Vbdif20
 mac-address 0000-5e00-0102
 ip binding vpn-instance vpn1
 arp collect host enable
 arp distribute-gateway enable
 ip address 192.168.20.1 255.255.255.0
#
interface Nve1
 source 10.2.2.2
 vni 10 head-end peer-list protocol bgp
 vni 20 head-end peer-list protocol bgp
#
bgp 100
 router-id 10.2.2.2
 peer 10.1.1.1 as-number 100
 peer 10.1.1.1 connect-interface LoopBack1
 peer 10.3.3.3 as-number 100
 peer 10.3.3.3 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 10.1.1.1 enable
  peer 10.3.3.3 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 10.1.1.1 enable
  peer 10.1.1.1 advertise irb
  peer 10.3.3.3 enable
  peer 10.3.3.3 advertise irb
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  advertise l2vpn evpn
#
ospf 1 router-id 10.2.2.2
 area 0.0.0.0
  network 10.2.2.2 0.0.0.0
  network 192.168.1.0 0.0.0.255
#
return

  • VTEP3 configuration file

    #
sysname VTEP3
#
vcmp role silent
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 3:100
  vpn-target 1:100 export-extcommunity evpn
  vpn-target 1:100 import-extcommunity evpn
 vxlan vni 100
#
evpn vpn-instance evpn10 bd-mode
 route-distinguisher 2:10
 vpn-target 1:100 10:1 export-extcommunity
 vpn-target 10:1 import-extcommunity
#
evpn vpn-instance evpn20 bd-mode
 route-distinguisher 2:20
 vpn-target 1:100 20:1 export-extcommunity
 vpn-target 20:1 import-extcommunity
#
bridge-domain 10
 vxlan vni 10
 evpn binding vpn-instance evpn10
bridge-domain 20
 vxlan vni 20
 evpn binding vpn-instance evpn20
#
interface GigabitEthernet0/0/1
 undo portswitch
 ip address 192.168.2.2 255.255.255.0
#
interface GigabitEthernet0/0/2
 port link-type trunk
#
interface GigabitEthernet0/0/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GigabitEthernet0/0/2.2 mode l2
 encapsulation dot1q vid 20
 bridge-domain 20
#
interface LoopBack1
 ip address 10.3.3.3 255.255.255.255
#
interface Vbdif10
 mac-address 0000-5e00-0101
 ip binding vpn-instance vpn1
 arp collect host enable
 arp distribute-gateway enable
 ip address 192.168.10.1 255.255.255.0
#
interface Vbdif20
 mac-address 0000-5e00-0102
 ip binding vpn-instance vpn1
 arp collect host enable
 arp distribute-gateway enable
 ip address 192.168.20.1 255.255.255.0
#
interface Nve1
 source 10.3.3.3
 vni 10 head-end peer-list protocol bgp
 vni 20 head-end peer-list protocol bgp
#
bgp 100
 router-id 10.3.3.3
 peer 10.1.1.1 as-number 100
 peer 10.1.1.1 connect-interface LoopBack1
 peer 10.2.2.2 as-number 100
 peer 10.2.2.2 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 10.1.1.1 enable
  peer 10.2.2.2 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 10.1.1.1 enable
  peer 10.1.1.1 advertise irb
  peer 10.2.2.2 enable
  peer 10.2.2.2 advertise irb
 #
 ipv4-family vpn-instance vpn1
  import-route direct
  advertise l2vpn evpn
#
ospf 1 router-id 10.3.3.3
 area 0.0.0.0
  network 10.3.3.3 0.0.0.0
  network 192.168.2.0 0.0.0.255
#
return

  • Switch2 configuration file

    #
sysname Switch2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#
return

  • Switch3 configuration file

    #
sysname Switch3
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#
return
Parent Topic: Configuration Examples for VXLANs
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >