Configuring a VXLAN Tunnel

Context

In centralized VXLAN gateway scenarios, perform the following steps on the Layer 2 and Layer 3 VXLAN gateways to use EVPN for establishing VXLAN tunnels:

Configure a BGP EVPN peer relationship. Configure VXLAN gateways to establish BGP EVPN peer relationships so that they can exchange EVPN routes. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.
(Optional) Configure an RR. The deployment of RRs reduces the number of BGP EVPN peer relationships to be established, simplifying configuration. A live-network device can be used as an RR, or a standalone RR can be deployed. Layer 3 VXLAN gateways are generally used as RRs, and Layer 2 VXLAN gateways as RR clients.
Configure an EVPN instance. EVPN instances are used to receive and advertise EVPN routes.
Configure ingress replication. After ingress replication is configured for a VNI, the system uses BGP EVPN to construct a list of remote VTEPs. After a VXLAN gateway receives BUM packets, its sends a copy of the BUM packets to every VXLAN gateway in the list.
(Optional) Configure subscription to the status of the exact route to a VXLAN tunnel destination. After this function is configured, a VXLAN tunnel is considered Up only if its source IP address and the destination IP address are reachable.

Procedure

Configure a BGP EVPN peer relationship.
1. Run system-view
  The system view is displayed.
2. Run bgp as-number
  BGP is enabled, and the BGP view is displayed.
  
  By default, the BGP is disabled. If an RR has been deployed, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR.
3. (Optional) Run router-id ipv4-address
  A router ID is set.
  
  By default, no BGP Router ID is configured.
4. Run peer ipv4-address as-number as-number
  The peer device is configured as a BGP peer.
  
  By default, no BGP peer is configured, and no AS number is specified for a peer.
5. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]
  A source interface and a source address are specified to set up a TCP connection with the BGP peer.
  
  By default, the outbound interface of a BGP packet serves as the source interface of a BGP packet.
  
  When loopback interfaces are used to establish a BGP connection, running the peer connect-interface command on both ends is recommended to ensure the connectivity. If this command is run on only one end, the BGP connection may fail to be established.
6. (Optional) Run peer ipv4-address ebgp-max-hop [ hop-count ]
  The maximum number of hops is set for an EBGP EVPN connection.
  
  The default value of hop-count is 255.
  
  In most cases, a directly connected physical link must be available between EBGP EVPN peers. If you want to establish EBGP EVPN peer relationships between indirectly connected peers, run the peer ebgp-max-hop command. The command also can configure the maximum number of hops for an EBGP EVPN connection.
  
  When the IP address of loopback interface to establish an EBGP EVPN peer relationship, run the peer ebgp-max-hop (of which the value of hop-count is not less than 2) command. Otherwise, the peer relationship fails to be established.
7. Run l2vpn-family evpn
  The BGP-EVPN address family view is displayed.
  
  By default, the BGP-EVPN address family view is disabled.
8. Run peer ipv4-address enable
  The device is enabled to exchange EVPN routes with a specified peer.
  
  By default, only the peer in the BGP IPv4 unicast address family view is automatically enabled.
9. (Optional) Run peer ipv4-address route-policy route-policy-name { import | export }
  A routing policy is specified for routes received from or to be advertised to a BGP EVPN peer.
  
  After the routing policy is applied, the routes received from or to be advertised to a specified BGP EVPN peer will be filtered, ensuring that only desired routes are imported or advertised. This configuration helps manage routes and reduce required routing entries and system resources.
10. (Optional) Run peer ipv4-address mac-limit number [ idle-forever | idle-timeout times ]
  The maximum number of MAC advertisement routes that can be received from each peer is configured.
  
  If an EVPN instance may import many invalid MAC advertisement routes from peers and these routes occupy a large proportion of the total MAC advertisement routes. If the received MAC advertisement routes exceed the specified maximum number, the system displays an alarm, instructing users to check the validity of the MAC advertisement routes received in the EVPN instance.
11. Run quit
  Exit from the BGP-EVPN address family view.
12. Run quit
  Exit from the BGP view.
(Optional) Configure an RR. If an RR is configured, each VXLAN gateway only needs to establish a BGP EVPN peer relationship with the RR, reducing the number of BGP EVPN peer relationships to be established and simplifying configuration.
1. Run bgp as-number
  The BGP view is displayed.
2. Run l2vpn-family evpn
  The BGP-EVPN address family view is displayed.
3. Run peer ipv4-address enable
  The device is enabled to exchange EVPN routes with a specified peer.
  
  By default, only the peer in the BGP IPv4 unicast address family view is automatically enabled.
4. (Optional) Run peer ipv4-address next-hop-invariable
  The device is prevented from changing the next hop address of a route when advertising the route to an EBGP peer.
  
  By default, a BGP EVPN speaker changes the next hops of routes to the interface that it uses to establish EBGP EVPN peer relationships before advertising these routes to EBGP EVPN peers.
5. Run peer ipv4-address reflect-client
  The device is configured as an RR and an RR client is specified.
  
  By default, the route reflector and its client are not configured.
6. (Optional) Run undo policy vpn-target
  The function to filter received EVPN routes based on VPN targets is disabled.
7. Run quit
  Exit from the BGP-EVPN address family view.
8. Run quit
  Exit from the BGP view.
Configure an EVPN instance.
1. (Optional) Run evpn mac-route enable
  The MAC route function for BGP EVPN is enabled.
  
  By default, the MAC route function for BGP EVPN is disabled.
2. Run evpn vpn-instance vpn-instance bd-mode
  An EVPN instance is created and the EVPN instance view is displayed.
  
  By default, no EVPN instance is configured.
3. Run route-distinguisher route-distinguisher
  An RD is configured for the EVPN instance.
  
  By default, no RD is configured for EVPN instances.
4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
  VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.
  
  By default, no VPN target is configured for EVPN instances.
  
  It is not recommended that one IRT be contained by more than 32 EVPN instances.
5. (Optional) Run mac-route no-advertise
  The device is configured not to advertise local MAC routes.
  
  By default, a device advertises local MAC routes.
6. (Optional) Run mac rib-only
  The device is not triggered by remote MAC routes to deliver MAC address entries.
  
  By default, a device is triggered by remote MAC routes to deliver MAC address entries.
7. Run quit
  The EVPN instance view is exited.
Create a bridge domain (BD) and bind it to an EVPN instance.
1. Run bridge-domain bd-id
  The BD view is displayed.
  
  By default, no BD is created.
2. Run vxlan vni vni-id
  A VNI is created and mapped to the BD.
  
  By default, no VNI is created.
3. Run evpn binding vpn-instance vpn-instance
  A BD is configured and bound to an EVPN instance.
  
  By default, no BD is bound to the EVPN instance.
4. Run quit
  The BD view is exited.
Configure an ingress replication list.
1. Run interface nve nve-number
  An NVE interface is created, and the NVE interface view is displayed.
2. Run source ip-address
  An IP address is configured for the source VTEP.
  
  By default, no IP address is configured for any source VTEP.
3. Run vni vni-id head-end peer-list protocol bgp
  An ingress replication list is configured.
  
  By default, no ingress replication list is configured for any VNI.
  
  After the ingress of a VXLAN tunnel receives broadcast, unknown unicast, and multicast (BUM) packets, it replicates these packets and sends a copy to each VTEP in the ingress replication list. The ingress replication list is a collection of remote VTEP IP addresses to which the ingress of a VXLAN tunnel should send replicated BUM packets to.
  
  BUM packet forwarding is implemented only using ingress replication. To establish a VXLAN tunnel between a Huawei device and a non-Huawei device, ensure that the non-Huawei device also has ingress replication configured. Otherwise, communication fails.
4. Run quit
  Return to the system view.
(Optional) Run vxlan tunnel-status track exact-route
Subscription to the status of the exact route to a VXLAN tunnel destination is enabled.

By default, subscription to the status of the exact route to a VXLAN tunnel destination is disabled.

By default, if the source IP address of a VXLAN tunnel is reachable using an exact route and the network segment where the destination IP address belongs is reachable using a route, this VXLAN tunnel is considered Up. In real-world networking, there may be multiple destination addresses on the same network segment. If the network segment is considered reachable because one of the destination addresses is reachable, the tunnel status is reported incorrectly when an IP address on this network segment becomes unreachable. As a result, network faults cannot be discovered in a timely manner. To address this issue, run the vxlan tunnel-status track exact-route command to enable subscription to the status of the exact route to a VXLAN tunnel destination. Subsequently, the VXLAN tunnel is considered Up only when the destination VTEP is reachable using an exact route.