Configuring the Static VXLAN Active-Active Scenario

In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.

Context

On the network shown in Figure 1, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote NVE interface. A VTEP address is configured on the CPE to establish a VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.

The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.

Before an IPv6 network is used to transmit traffic between a CPE and PE, an IPv4 over IPv6 tunnel must be configured between them. To enable a VXLAN tunnel to recurse routes to the IPv4 over IPv6 tunnel, static routes must be configured on the CPE and PE, and the outbound interface of the route destined for the VXLAN tunnel's destination IP address must be set to the IPv4 over IPv6 tunnel interface.

Figure 1 Networking diagram for configuring the static VXLAN active-active scenario

Procedure

  1. Configure AC-side service access.
    1. Configure an Eth-Trunk interface on CE1 to dual-home CE1 to PE1 and PE2.
    2. Configure service access points. For configuration details, see Configuring a VXLAN Service Access Point.
    3. Configure the same Ethernet Segment Identifier (ESI) for the links connecting CE1 to PE1 and PE2.

      1. Run interface eth-trunk

        The Eth-Trunk interface view is displayed.

      2. Run esi

        An ESI is configured.

      3. Run commit

        The configuration is committed.

  2. Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see Configuring a VXLAN Tunnel.
  3. Configure a bypass VXLAN tunnel between PE1 and PE2.
    1. Configure a BGP EVPN peer relationship.

      1. Run bgp as-number

        BGP is enabled, and the BGP view is displayed.

      2. Run peer ipv4-address as-number as-number

        The peer device is configured as a BGP peer.

      3. Run l2vpn-family evpn

        The BGP-EVPN address family view is displayed.

      4. Run peer { ipv4-address | group-name } enable

        The device is enabled to exchange EVPN routes with a specified peer or peer group.

      5. Run peer { ipv4-address | group-name } advertise encap-type vxlan

        The function to advertise EVPN routes that carry the VXLAN encapsulation attribute to the peer is enabled.

      6. Run quit

        Exit the BGP-EVPN address family view.

      7. Run quit

        Exit the BGP view.

      8. Run commit

        The configuration is committed.

    2. Configure a VPN instance or EVPN instance.

      • Layer 2 communication (Configure an EVPN instance.)

        1. Run evpn vpn-instance vpn-instance-name bd-mode

          A BD EVPN instance is created, and its view is displayed.

        2. Run route-distinguisher route-distinguisher

          An RD is configured for the EVPN instance.

        3. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
          VPN targets are configured for the EVPN instance.

          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

        4. Run quit

          Exit the EVPN instance view.

        5. Run bridge-domain bd-id

          The BD view is displayed.

        6. Run vxlan vni vni-id split-horizon-mode

          A VNI is created and associated with the BD, and split horizon is applied to the BD.

        7. Run evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ]

          A specified EVPN instance is bound to the BD. By specifying different bd-tag, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.

        8. Run quit

          Exit the BD view.

        9. Run commit

          The configuration is committed.

      • Layer 3 communication (Configure a VPN instance.)

        1. Run ip vpn-instance vpn-instance-name

          A VPN instance is created, and its view is displayed.

        2. Run ipv4-family [ unicast ]

          The IPv4 address family is enabled for a VPN instance.

        3. Run route-distinguisher route-distinguisher

          An RD is configured for the VPN instance.

        4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] [ evpn ]
          VPN targets are configured for the EVPN instance.

          The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

        5. Run quit

          Exit the VPN instance ipv4-family view.

        6. Run quit

          Exit the VPN instance view.

        7. Run bridge-domain bd-id

          The BD view is displayed.

        8. Run vxlan vni vni-id split-horizon-mode

          A VNI is created and associated with the BD, and split horizon is applied to the BD.

        9. Run quit

          Exit the BD view.

        10. Run commit

          The configuration is committed.

    3. Enable the inter-chassis VXLAN function on PE1 and PE2.

      1. Run evpn

        The EVPN view is displayed.

      2. Run bypass-vxlan enable

        The inter-chassis VXLAN function is enabled.

      3. Run quit

        Exit the EVPN view.

      4. Run commit

        The configuration is committed.

    4. Configure an ingress replication list.

      1. Run interface nve nve-number

        The NVE interface view is displayed.

      2. Run source ip-address

        An IP address is configured for the source VTEP.

      3. Run vni vni-id head-end peer-list protocol bgp

        An ingress replication list is configured.

      4. Run bypass source ip-address

        A source VTEP address is configured for the bypass VLAN tunnel.

      5. Run mac-address mac-address

        A VTEP MAC address is configured.

      6. Run quit

        Exit the NVE interface view.

      7. Run commit

        The configuration is committed.

  4. Configure FRR on the PEs.

    • Layer 2 communication

      1. Run evpn

        The EVPN view is displayed.

      2. Run vlan-extend private enable

        The function to add the VLAN private extended community attribute to routes to be sent to a peer is enabled.

      3. Run vlan-extend redirect enable

        The function to redirect the received routes that carry the VLAN private extended community attribute is enabled.

      4. Run local-remote frr enable

        Local-remote FRR is enabled.‏

      5. Run quit

        Exit the EVPN view.

      6. Run commit

        The configuration is committed.

    • Layer 3 communication

      1. Run bgp as-number

        The BGP view is displayed.

      2. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family is enabled, and its view is displayed.

      3. Run auto-frr

        BGP auto FRR is enabled.

      4. Run peer { ipv4-address | group-name } enable

        The function to exchange EVPN routes with a specified peer or peer group is enabled. The IP address is a CE address.

      5. Run advertise l2vpn evpn

        The function to advertise EVPN IP prefix routes from a VPN instance is enabled.

      6. Run quit

        Exit the BGP-VPN instance IPv4 address family view.

      7. Run quit

        Exit the BGP view.

      8. Run commitcommit

        The configuration is committed.

  5. (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
    1. Run evpn enhancement port port-id

      A UDP port is configured.

      The same UDP port number must be set for the PEs in the active state.

    2. Run commit

      The configuration is committed.

  6. (Optional) Configure a VXLAN over IPsec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.

    For configuration details, see the section Example for Configuring VXLAN over IPsec.

Verifying the Configuration

After configuring the VXLAN active-active scenario, verify information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.

Parent Topic: VXLAN Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >