Configuring the Dynamic VXLAN Active-Active Scenario

In the scenario where a data center is interconnected with an enterprise site, a CE is dual-homed to a VXLAN network. In this way, carriers can enhance VXLAN access reliability to improve the stability of user services so that rapid convergence can be implemented in case of a fault.

Context

On the network shown in Figure 1, CE1 is dual-homed to PE1 and PE2. PE1 and PE2 use a virtual address as an NVE interface address at the network side, namely, an Anycast VTEP address. In this way, the CPE is aware of only one remote VTEP IP. A VTEP address is configured on the CPE to establish a dynamic VXLAN tunnel with the Anycast VTEP address so that PE1, PE2, and the CPE can communicate.

The packets from the CPE can reach CE1 through either PE1 or PE2. However, single-homed CEs may exist, such as CE2 and CE3. As a result, after reaching a PE, the packets from the CPE may need to be forwarded by the other PE to a single-homed CE. Therefore, a bypass VXLAN tunnel needs to be established between PE1 and PE2.

Figure 1 Networking diagram for configuring the dynamic VXLAN active-active scenario

Procedure

  1. Configure AC-side service access.
    1. Configure an Eth-Trunk interface on CE1 to dual-home CE1 to PE1 and PE2.
    2. Configure service access points. For configuration details, see Configuring a VXLAN Service Access Point.
    3. Configure the same Ethernet Segment Identifier (ESI) for the links connecting CE1 to PE1 and PE2.

      1. Run interface eth-trunk

        The Eth-Trunk interface view is displayed.

      2. Run esi esi

        An ESI is configured.

      3. Run commit

        The configuration is committed.

  2. Configure static VXLAN tunnels between the CPE and PEs. For configuration details, see Configuring a VXLAN Tunnel.
  3. Configure a bypass VXLAN tunnel between PE1 and PE2.
    1. Configure a BGP EVPN peer relationship.

      1. Run bgp as-number

        BGP is enabled, and the BGP view is displayed.

      2. Run peer ipv4-address as-number as-number

        The peer device is configured as a BGP peer.

      3. Run l2vpn-family evpndisplay the BGP-E

        The VPN address family view is displayed.

      4. Run peer { ipv4-address | group-name } enable

        The device is enabled to exchange EVPN routes with a specified peer or peer group.

      5. Run peer { ipv4-address | group-name } advertise encap-type vxlan

        The function to add the VXLAN encapsulation attribute to EVPN routes to be advertised to the peer is enabled.

      6. Run quit

        Exit the BGP-EVPN address family view.

      7. Run quit

        Exit the BGP view.

      8. Run commit

        The configuration is committed.

    2. Configure an EVPN instance.

      1. Run evpn vpn-instance vpn-instance-name bd-mode

        A BD EVPN instance is created, and its view is displayed.

      2. Run route-distinguisher route-distinguisher

        An RD is configured for the EVPN instance.

      3. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

        VPN targets are configured for the EVPN instance. The export VPN target of the local end must be the same as the import VPN target of the remote end, and the import VPN target of the local end must be the same as the export VPN target of the remote end.

      4. Run quit

        Exit the EVPN instance view.

      5. Run bridge-domain bd-id

        The BD view is displayed.

      6. Run vxlan vni vni-id split-horizon-mode

        A VNI is created and associated with the BD, and split horizon is applied to the BD.

      7. Run evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ]

        A specified EVPN instance is bound to the BD. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.

      8. Run quit

        Exit the BD view.

      9. Run commit

        The configuration is committed.

    3. Enable the inter-chassis VXLAN function on PE1 and PE2.

      1. Run evpn

        The EVPN view is displayed.

      2. Run bypass-vxlan enable

        The inter-chassis VXLAN function is enabled.

      3. Run quit

        Exit the EVPN view.

      4. Run commit

        The configuration is committed.

    4. Configure an ingress replication list.

      1. Run interface nve nve-number

        The NVE interface view is displayed.

      2. Run source ip-address

        An IP address is configured for the source VTEP.

      3. Run vni vni-id head-end peer-list protocol bgp

        An ingress replication list is configured.

      4. Run bypass source ip-address

        A source VTEP address is configured for the bypass VLAN tunnel.

      5. Run mac-address mac-address

        A VTEP MAC address is configured.

      6. Run quit

        Exit the NVE interface view.

      7. Run commit

        The configuration is committed .

  4. Configure FRR on the PEs.

    • Layer 2 communication

      1. Run evpn

        The EVPN view is displayed.

      2. Run vlan-extend private enable

        The function to add the VLAN private extended community attribute to routes to be sent to the peer is enabled.

      3. Run vlan-extend redirect enable

        The function to redirect the received routes that carry the VLAN private extended community attribute is enabled.

      4. Run local-remote frr enable

        Local-remote FRR is enabled.‏

      5. Run quitexit

        Exit the EVPN view.

      6. Run commit

        The configuration is committed.

    • Layer 3 communication

      1. Run bgp as-number

        The BGP view is displayed.

      2. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family is enabled, and its view is displayed.

      3. Run auto-frr

        BGP auto FRR is enabled.

      4. Run peer { ipv4-address | group-name } as-number as-number

        The IP address of the peer and the number of the AS where the peer resides are specified.

      5. Run advertise l2vpn evpn

        The function to advertise EVPN IP prefix routes from a VPN instance is enabled.

      6. Run quit

        Exit the BGP-VPN instance IPv4 address family view.

      7. Run quit

        Exit the BGP view.

      8. Run commit

        The configuration is committed.

  5. (Optional) Configure a UDP port on the PEs to prevent the receiving of replicated packets.
    1. Run evpn enhancement port port-id

      A UDP port is configured.

      The same UDP port number must be set for the PEs in the active state.

    2. Run commit

      The configuration is committed.

  6. (Optional) Configure a VXLAN over IPsec tunnel between the CPE and PE to enhance the security for packets traversing an insecure network.

    For configuration details, see the section Example for Configuring VXLAN over IPsec.

Verifying the Configuration

After configuring the VXLAN active-active scenario, verify information on the VXLAN tunnel, VNI status, and VBDIF. For details, see the section Verifying the Configuration of VXLAN in Distributed Gateway Mode Using BGP EVPN.

Parent Topic: VXLAN Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >