Configuring an EVPN Instance in BD Mode

To implement service access based on a BD and manage EVPN routes, configure EVPN instances in BD mode on PEs.

Context

EVPN instances are used to isolate EVPN routes from public routes and isolate the routes of EVPN instance from those of the other EVPN instances. EVPN instances are required in all EVPN networking solutions.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run evpn vpn-instance vpn-instance-name bd-mode

    A BD EVPN instance is created, and the EVPN instance view is displayed.

  3. (Optional) Run description description-information

    A description is configured for the EVPN instance.

    Similar to a hostname or an interface description, an EVPN instance description helps you memorize the EVPN instance.

  4. Run route-distinguisher route-distinguisher

    An RD is set for the EVPN instance.

    An EVPN instance takes effect only after an RD is configured for it. The RDs of different EVPN instances on the same PE must be different.

    After being configured, an RD cannot be modified but can be deleted. If the RD of an EVPN instance is deleted, VPN targets configured for the EVPN instance are also deleted.

  5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

    One or multiple VPN targets are set for the EVPN instance.

    VPN targets are BGP extended community attributes used to control the acceptance and advertisement of EVPN routes. A maximum of eight import VPN targets and eight export VPN targets can be configured each time the vpn-target command is run. To configure more VPN targets for an EVPN instance address family, run the vpn-target command multiple times.

    An RT of an Ethernet segment route is generated using the middle 6 bytes of an ESI. For example, if the ESI is 0011.1001.1001.1001.1002, the Ethernet segment route uses 11.1001.1001.10 as its RT.

  6. (Optional) Run filter-policy { acl-number | acl-name acl-name } export

    The EVPN instance is configured to filter EVPN routes to be advertised.

    To precisely control EVPN routes, an export route-policy must be configured. An export route-policy filters routes before they are sent to other PEs.

  7. (Optional) Run filter-policy { acl-number | acl-name acl-name } import

    The EVPN instance is configured to filter EVPN routes to be accepted.

    To precisely control EVPN routes, an import route-policy can be configured. An import route-policy filters routes that are received from other PEs and are to be accepted.

  8. (Optional) Run mac limit number [ simply-alert | mac-unchanged ]

    The maximum number of MAC addresses allowed in the EVPN instance is set.

    A device consumes more system resources as it learns more MAC addresses, meaning that the device may fail to operate when busy processing services. To limit the maximum number of MAC addresses allowed in an EVPN instance and thereby improving device security and reliability, run the mac limit command. After this configuration, if the number of MAC addresses exceeds the preset value, an alarm is triggered to prompt you to check the validity of existing MAC addresses.

    After the maximum number of MAC addresses allowed by an EVPN instance is configured, you can run the mac threshold-alarm upper-limit upper-limit-value lower-limit lower-limit-value command to configure an alarm threshold for MAC addresses allowed by the EVPN instance. The alarm generation and clearance help a device detect threshold-crossing events of MAC addresses.

  9. (Optional) Run tnl-policy policy-name

    The EVPN instance is associated with a tunnel policy.

    This configuration enables PEs to use TE or SR tunnels to transmit data packets.

  10. (Optional) Run bypass-vxlan disable

    Inter-chassis VXLAN is disabled in the instance.

    By default, after the bypass-vxlan enable command is run in the system view, only EVPN VXLAN-related functions can be deployed on the device. This step is required if you want to configure EVPN MPLS functions for some BD EVPN instances.

  11. (Optional) Run control-word enable

    The control word function is enabled for the EVPN.

    In load balancing mode, out-of-order packets may be generated when the device performs in-depth parsing on MPLS packets. In this case, you can enable the control word function in the EVPN instances on both ends to reassemble MPLS packets.

  12. (Optional) Run mac-route no-advertise

    The device is disabled from sending local MAC routes to its EVPN peer.

    In scenarios that do not involve Layer 2 traffic forwarding, perform this step to disable local MAC routes from being advertised to the EVPN peer. This configuration prevents the EVPN peer from receiving MAC routes, thereby conserving device resources.

  13. (Optional) Run local mac-only-route no-generate

    The device is disabled from generating EVPN MAC routes when the local MAC address exists in both a MAC address entry and an ARP/ND entry.

    If a MAC address entry and an ARP/ND entry on the device both contain the local MAC address, the device generates both an EVPN MAC/IP route and an EVPN MAC route by default. To optimize memory utilization, perform this step so that the device generates only EVPN MAC/IP routes. To ensure normal Layer 2 traffic forwarding, also run the mac-ip route generate-mac command on the peer device to enable the function to generate MAC entries based on MAC/IP routes.

  14. (Optional) Run mac-ip route generate-mac

    The function to generate MAC address entries based on MAC/IP routes is enabled.

    If the peer device is configured not to advertise MAC routes (using the mac-route no-advertise command) or not to generate MAC routes (using the local mac-only-route no-generate command), the local device cannot generate MAC entries by default. To ensure normal Layer 2 traffic forwarding, perform this step on the local device to enable the function to generate MAC entries based on MAC/IP routes.

  15. (Optional) Run mac-keep disable

    The device is disabled from retaining MAC addresses.

    In the MAC route withdrawal process, the device retains original MAC routes for a period of time by default after receiving MAC Withdraw messages. This function is used in fault recovery and switchback scenarios to prevent MAC route flapping. In the following scenarios, however, you need to perform this step on the remote PE to disable the remote PE from retaining MAC addresses:

    • Interworking between traditional VPLS and EVPN VPLS
    • Dual-homing access to EVPN through Eth-Trunk interfaces (LACP)
    • No upstream traffic from a CE to two PEs when the CE is dual-homed to the two PEs

    In the preceding scenario, when the fault is rectified and services are switched back, the device on the backup path clears the MAC address, whereas the remote PE maintains the MAC address by default. As a result, traffic is still diverted to the device on the backup path, causing traffic loss.

  16. Run commit

    The configuration is committed.

Parent Topic: Configuring BD-EVPN Functions
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >