Configuring a DCI Scenario with a VLAN Base Accessing an MPLS EVPN IRB

In a DCI scenario, Ethernet sub-interfaces are associated with VLANs to access gateways or the DC network and the EVPN IRB function is enabled to allow the DCI network to carry Layer 2 or Layer 3 services.

Context

A VXLAN tunnel can be established in each DC to implement interworking between VMs in a DC. To achieve Layer 2 or Layer 3 service communication between VMs in a DC, associate Ethernet sub-interfaces with VLANs on PEs in the DCI backbone network, create an L3VPN or EVPN instance, and enable the EVPN IRB function. Such a network can be deployed in either of the following modes:

  • Centralized deployment mode: As shown in Figure 1, the DC gateway and the PE on the DCI backbone network are the same device (DCI-PE-GW). Specifically, the PE also functions as the DC gateway to access the DC network.

    Figure 1 Configuring a DCI scenario with a VLAN base accessing an MPLS EVPN IRB (The PE functions as a gateway)

  • Distributed deployment mode: As shown in Figure 2, the DC gateway and PE (DCI-PE) are separately deployed, and DCI-PE takes the gateway as a CE. After Ethernet sub-interfaces and VBDIF interfaces are associated with VLANs to receive Layer 2 and Layer 3 service traffic, the traffic can be forwarded to other DCs over the DCI backbone network.

    Figure 2 Configuring a DCI scenario with a VLAN base accessing an MPLS EVPN IRB (PE and gateway are separately deployed)

Pre-configuration Tasks

Before configuring a DCI scenario with a VLAN base accessing an MPLS EVPN IRB, complete the following task:

  • Configure Layer 3 route reachability on the IPv4 network.

Procedure

  1. Configure BGP EVPN peers.

    If a BGP RR needs to be configured on the network, establish BGP EVPN peer relationships between all the PEs and the RR.

    1. Run bgp { as-number-plain | as-number-dot }

      BGP is enabled, and the BGP view is displayed.

    2. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The remote PE is specified as the BGP peer.

    3. (Optional) Run peer ipv4-address connect-interface interface-type interface-number [ ipv4-source-address ]

      A source interface and a source IP address are specified to set up a TCP connection between the BGP peers.

      When loopback interfaces are used to establish a BGP connection, it is recommended that the peer connect-interface command be run on both ends to ensure correct connection. If this command is run on only one end, the BGP connection may fail to be established.

    4. Run ipv4-family vpn-instance vpn-instance-name or ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4/IPv6 address family view is displayed.

    5. Run import-route { direct | isis process-id | ospf process-id | rip process-id | static | ospfv3 process-id | ripng process-id } [ med med | route-policy route-policy-name ] *

      The device is enabled to import non-BGP routing protocol routes into the BGP-VPN instance IPv4/IPv6 address family. To advertise host IP routes, only enable the device to import direct routes. To advertise the routes of the network segment where a host resides, configure a dynamic routing protocol (such as OSPF) to advertise the network segment routes. Then enable the device to import routes of the configured routing protocol.

    6. Run advertise l2vpn evpn

      The BGP device is enabled to advertise IP prefix routes to the BGP peer. This configuration allows the BGP device to advertise both host IP routes and routes of the network segment where the host resides.

    7. Run quit

      Return to the BGP view.

    8. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    9. Run peer { ipv4-address | group-name } enable

      The local BGP device is enabled to exchange EVPN routes with a peer or peer group.

    10. Run peer { ipv4-address | group-name } advertise { irb | irbv6 }

      The BGP device is enabled to advertise IRB/IRBv6 routes to the BGP EVPN peer.

    11. Run quit

      Return to the BGP view.

    12. Run quit

      Return to the system view.

  2. (Optional) Configure an L3VPN instance to store and manage received VM routes. You must perform this step if you want the network to carry Layer 3 services.

    For IPv4 services, configure an IPv4 L3VPN instance.

    1. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and its view is displayed.

    2. Run ipv4-family

      The VPN instance IPv4 address family is created, and its view is displayed.

    3. Run route-distinguisher route-distinguisher

      An RD is set for the VPN instance IPv4 address family.

    4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      One or multiple VPN targets are set for the VPN instance IPv4 address family.

    5. Run evpn mpls routing-enable

      The device is enabled to generate and advertise EVPN IP prefix routes and IRB routes.

    6. (Optional) Run tnl-policy policy-name evpn

      A specified tunnel policy is applied to the VPN instance IPv4 address family to associate the tunnel policy with the EVPN routes leaked to the VPN instance IPv4 address family.

    7. (Optional) Run import route-policy policy-name evpn

      An import route-policy is applied to the VPN instance IPv4 address family to filter EVPN routes to be imported to the VPN instance IPv4 address family. Perform this step to apply an import route-policy to the VPN instance IPv4 address family and set attributes for eligible EVPN routes. This enables the device to more precisely control EVPN routes to be imported into the VPN instance IPv4 address family more precisely.

    8. (Optional) Run export route-policy policy-name evpn

      An export route-policy is applied to the VPN instance IPv4 address family to filter EVPN routes to be advertised. Perform this step to apply an export route-policy to the VPN instance IPv4 address family and set attributes for eligible EVPN routes. This enables the device to more precisely control EVPN routes to be advertised.

    9. Run quit

      Exit the VPN instance IPv4 address family view.

    10. Run quit

      Exit the VPN instance view.

    For IPv6 services, configure an IPv6 L3VPN instance.

    1. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and its view is displayed.

    2. Run ipv6-family

      The VPN instance IPv6 address family is created, and its view is displayed.

    3. Run route-distinguisher route-distinguisher

      An RD is set for the VPN instance IPv6 address family.

    4. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] evpn

      One or multiple VPN targets are set for the VPN instance IPv6 address family.

    5. Run evpn mpls routing-enable

      The device is enabled to generate and advertise EVPN IP prefix routes and IRB routes.

    6. (Optional) Run tnl-policy policy-name evpn

      A specified tunnel policy is applied to the VPN instance IPv6 address family to associate the tunnel policy with the EVPN routes leaked to the VPN instance IPv6 address family.

    7. (Optional) Run import route-policy policy-name evpn

      An import route-policy is applied to the VPN instance IPv6 address family to filter EVPN routes to be imported to the VPN instance IPv6 address family. Perform this step to apply an import route-policy to the VPN instance IPv6 address family and set attributes for eligible EVPN routes. This enables the device to more precisely control EVPN routes to be imported into the VPN instance IPv6 address family.

    8. (Optional) Run export route-policy policy-name evpn

      An export route-policy is applied to the VPN instance IPv6 address family to filter EVPN routes to be advertised. Perform this step to apply an export route-policy to the VPN instance IPv6 address family and set attributes for eligible EVPN routes. This enables the device to more precisely control EVPN routes to be advertised.

    9. Run quit

      Exit the VPN instance IPv6 address family view.

    10. Run quit

      Exit the VPN instance view.

  3. Configure access-side interfaces.

    • If you want the network to carry both Layer 2 and Layer 3 services, perform the following configurations:

      1. Run bridge-domain bd-id

        The BD view is displayed.

      2. Run evpn binding vpn-instance vpn-instance-name [ bd-tag bd-tag ]

        The BD is bound to an EVPN instance. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs.

      3. Run quit

        Return to the system view.

      4. Run interface interface-type interface-number.subnum mode l2

        A Layer 2 sub-interface is created, and its view is displayed.

      5. Run encapsulation { dot1q [ vid low-pe-vid [ to high-pe-vid ] ] | untag | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } ] }

        A traffic encapsulation type is configured, so that different interfaces can access different data packets.

      6. Run rewrite pop { single | double }

        The function to remove VLAN tags of received packets is enabled.

      7. Run bridge-domain bd-id

        The Layer 2 sub-interface is added to the BD, so that the sub-interface can transmit data packets through this BD.

      8. Run quit

        Return to the system view.

      9. Run interface vbdif bd-id

        A VBDIF interface is created, and its view is displayed.

      10. Run ip binding vpn-instance vpn-instance-name

        The VBDIF interface is bound to the VPN instance.

      11. (Optional) Run ipv6 enable

        IPv6 is enabled on the interface.

      12. Run ip address ip-address { mask | mask-length } [ sub ] or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

        An IPv4/IPv6 address is configured for the VBDIF interface to implement Layer 3 interworking.

      13. (Optional) Run mac-address mac-address

        A MAC address is specified for the VBDIF interface.

      14. Run vxlan anycast-gateway enable

        The distributed gateway function is enabled.

        After distributed gateway is enabled, the device discards the ARP packets received from the network side, learns only ARP packets from hosts on the user side, and generates host routes.

      15. Run arp collect host enable or ipv6 nd collect host enable

        Host information is collected.

      16. Run quit

        Return to the system view.

    • If you want the network to carry only Layer 2 services, perform the following configurations:

      1. Run bridge-domain bd-id

        The BD view is displayed.

      2. Run evpn binding vpn-instance evpn-name [ bd-tag bd-tag ]

        A specified EVPN instance is bound to the BD. By specifying different bd-tag values, you can bind multiple BDs with different VLANs to the same EVPN instance and isolate services in the BDs

      3. Run quit

        Return to the system view.

      4. Run interface interface-type interface-number.subnum mode l2

        A Layer 2 sub-interface is created, and its view is displayed.

      5. Run encapsulation { dot1q [ vid low-pe-vid [ to high-pe-vid ] ] | untag | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } ] }

        A traffic encapsulation type is configured, so that different interfaces can access different data packets.

      6. Run rewrite pop { single | double }

        The function to remove VLAN tags of received packets is enabled.

      7. Run bridge-domain bd-id

        The Layer 2 sub-interface is added to the BD, so that the sub-interface can transmit data packets through this BD.

      8. Run quit

        Return to the system view.

    • If you want the network to carry only Layer 3 services, see Binding Interfaces to a VPN Instance or Binding Interfaces to a IPv6 VPN Instance.

  4. Configure an EVPN instance in BD mode.
    1. Run evpn vpn-instance vpn-instance-name bd-mode

      An EVPN instance in BD mode is created, and the EVPN instance view is displayed.

    2. Run route-distinguisher route-distinguisher

      An RD is configured for the EVPN instance.

    3. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the EVPN instance. The export RT of the local EVPN instance must be the same as the import RT of the remote EVPN instance. Similarly, the import RT of the local EVPN instance must be the same as the export RT of the remote EVPN instance.

    4. (Optional) Run import route-policy policy-name

      The EVPN instance is associated with an import route-policy.

      To strictly control the import of routes into the EVPN instance, specify an import route policy to filter routes and set route attributes for routes that meet the filter criteria.

    5. (Optional) Run export route-policy policy-name

      The EVPN instance is associated with an export route-policy.

      To strictly control the advertisement of EVPN routes, specify an export route policy and set route attributes for routes that meet the filter criteria.

    6. (Optional) Run tnl-policy policy-name

      The current EVPN instance is associated with a tunnel policy.

      This configuration allows data packets between PEs to be forwarded through a TE tunnel.

    7. (Optional) Run mac limit number { simply-alert | mac-unchanged }

      The maximum number of MAC addresses allowable is set for the EVPN instance.

      If a device imports a large number of MAC addresses, which consumes a lot of system resources, device operation may be affected when the system processes many services concurrently. To improve system security and reliability, run the mac limit command to limit the number of MAC addresses to be imported into the EVPN instance. After this configuration, if the number of MAC addresses exceeds the preset value, an alarm is triggered to prompt you to check the validity of existing MAC addresses.

    8. Run quit

      Return to the system view.

  5. (Optional) Configure an RR. To minimize the number of BGP EVPN peers on the network, deploy an RR so that the PEs establish BGP EVPN peer relationships only with the RR.
    1. Run bgp { as-number-plain | as-number-dot }

      BGP is enabled, and the BGP view is displayed.

    2. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

    3. Run peer { ipv4-address | group-name } reflect-client

      The local device is configured as an RR, and a peer or peer group is specified as the RR client.

      The router where the peer reflect-client command is run functions as the RR, and the specified peer or peer group functions as a client.

    4. (Optional) Run undo reflect between-clients

      Route reflection between clients through the RR is disabled.

      If the clients of an RR have established full-mesh connections with each other, run the undo reflect between-clients command to disable route reflection between clients through the RR to reduce the link cost. The undo reflect between-clients command applies only to RRs.

    5. (Optional) Run reflector cluster-id { cluster-id-value | cluster-id-ipv4 }

      A cluster ID is configured for the RR.

      If a cluster has multiple RRs, run this command to set the same cluster ID for these RRs to prevent routing loops.

      The reflector cluster-id command applies only to RRs.

    6. Run quit

      Return to the BGP view.

    7. Run quit

      Return to the system view.

  6. Run commit

    The configuration is committed.

Parent Topic: Configuring DCI Functions
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >