Configuring NFVI Distributed Gateways (Symmetric Mode)

Usage Scenario

Huawei's NFVI telco cloud solution incorporates DCI and DCN solutions. A large volume of UE traffic enters the DCN and accesses the vUGW and vMSE on the DCN. After being processed by the vUGW and vMSE, the UE traffic is forwarded to destination devices on the Internet. Similarly, response traffic sent over the Internet from the destination devices to UEs also undergoes this process. To meet the preceding requirements and ensure that the UE traffic is load-balanced within the DCN, you need to deploy the NFVI distributed gateway function on DCN devices.

Figure 1 shows the networking diagram of NFVI distributed gateways. DC gateways are the DCN's border gateways and can be used to exchange Internet routes with the external network. L2GW/L3GW1 and L2GW/L3GW2 connect to virtualized network functions (VNFs). VNF1 and VNF2 can be deployed as virtualized NEs to respectively provide vUGW and vMSE functions and connect to L2GW/L3GW1 and L2GW/L3GW2 through the interface processing unit (IPU).

This networking combines the distributed gateway function and the VXLAN active-active gateway function:

• The VXLAN active-active gateway function is deployed on DC gateways. Specifically, a bypass VXLAN tunnel is established between DC gateways. Both DC gateways use the same virtual anycast VTEP address to establish VXLAN tunnels with L2GW/L3GW1 and L2GW/L3GW2.

• The distributed gateway function is deployed on L2GW/L3GW1 and L2GW/L3GW2, and a VXLAN tunnel is established between L2GW/L3GW1 and L2GW/L3GW2.

Figure 1 NFVI distributed gateway networking

On the NFVI distributed gateway network, the number of bridge domains (BDs) must be planned according to the number of network segments that the IPUs belong to. For example, if five IPU interfaces correspond to four network segments, four different BDs must be planned. In symmetric mode, you need to configure all BDs and VBDIF interfaces only on L2GWs/L3GWs and bind all VBDIF interfaces to the same L3VPN instance. In symmetric mode, you also need to perform the following configurations for NFVI distributed gateways:

• Establish VPN BGP peer relationships between VNFs and DC gateways, so that VNFs can advertise UE routes to DC gateways.
• Configure VPN static routes on L2GW/L3GW1 and L2GW/L3GW2, or configure L2GWs/L3GWs to establish VPN IGP neighbor relationships with VNFs to obtain VNF routes with next hop addresses being IPU addresses.
• Establish BGP EVPN peer relationships between any two of the DC gateways and L2GWs/L3GWs. L2GWs/L3GWs can then advertise VNF routes to DC gateways and other L2GWs/L3GWs through BGP EVPN peer relationships. DC gateways can advertise the local loopback route and default route as well as obtained UE routes to L2GWs/L3GWs through BGP EVPN peer relationships.
• Traffic forwarded between the UE and Internet through VNFs is called north-south traffic, and traffic forwarded between VNF1 and VNF2 is called east-west traffic. To balance both types of traffic, you need to configure load balancing on DC gateways and L2GWs/L3GWs.

In the NFVI distributed gateway scenario, the NetEngine 8000 F can function as either a DC gateway or an L2GW/L3GW. However, if the NetEngine 8000 F is used as an L2GW/L3GW, east-west traffic cannot be balanced.

Prerequisites

Before configuring NFVI distributed gateways (symmetric mode), complete the following tasks:

• Configure the static VXLAN active-active gateway function or dynamic VXLAN active-active gateway function, or dynamic IPv6 VXLAN active-active gateway function on each DC gateway and L2GW/L3GW.
• Configure VXLAN in distributed gateway mode using BGP EVPN, or configure IPv6 VXLAN in distributed gateway mode using BGP EVPN on each L2GW/L3GW.