Configuring Three-Segment VXLAN to Implement Layer 3 Interworking

Procedure

1. Configure BGP EVPN within DC A and DC B to establish VXLAN tunnels. For details, see Configuring VXLAN in Distributed Gateway Mode Using BGP EVPN.
2. Configure BGP EVPN on Leaf2 and Leaf3 to establish a VXLAN tunnel between them. For details, see Configuring VXLAN in Distributed Gateway Mode Using BGP EVPN.
3. (Optional) Configure Leaf2 and Leaf3 as RRs. For details, see Configuring a BGP Route Reflector.
4. Configure Leaf2 and Leaf3 to advertise routes that are re-originated by the EVPN address family to BGP EVPN peers.
   1. Run bgp as-number

      The BGP view is displayed.

   2. Run l2vpn-family evpn

      The BGP-EVPN address family view is displayed.

   3. Run peer { ipv4-address | group-name } import reoriginate

      The function to re-originate routes received from BGP EVPN peers is enabled.

   4. Run peer { ipv4-address | group-name } advertise route-reoriginated evpn { mac-ip | ip | mac-ipv6 | ipv6 }

      The function to advertise re-originated EVPN routes to BGP EVPN peers is enabled. After route re-origination is enabled, Leaf2 or Leaf3 changes the next hop of a received EVPN route to itself, replaces the router MAC address in the gateway MAC address attribute with its own router MAC address, and replaces the Layer 3 VNI with the VPN instance Layer 3 VNI.

      After route re-origination is enabled, Leaf2 or Leaf3 changes the next hop of a received EVPN route to itself, replaces the router MAC address in the gateway MAC address attribute with its own router MAC address, and replaces the Layer 3 VNI with the VPN instance Layer 3 VNI.

   5. Run quit

      Return to the BGP view.

5. (Optional) Configure local EVPN route leaking on Leaf2 and Leaf3. To use different VPN instances for different service access in a data center, and to shield the VPN instance allocation within the data center from the external network by using an external VPN instance for communication with other data centers, perform the following steps on each edge leaf node:
   1. Run ipv4-family vpn-instance vpn-instance-name or ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 or IPv6 address family view is displayed.

      Here, vpn-instance-name specifies the name of the source VPN instance for local route leaking, which corresponds to the name of the VPN instance used to provide access for different services in the local data center.

   2. Run local-cross export evpn-rt-match

      The function to leak locally imported routes and routes received from VPN peers to other VPN instances is enabled.

   3. Run local-cross allow-remote-cross-route

      The function to leak routes imported from the remote EVPN instance to other local VPN instances is enabled.

   4. Run quit

      Return to the BGP view.

   5. Run ipv4-family vpn-instance vpn-instance-name or ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 or IPv6 address family view is displayed.

      Here, vpn-instance-name specifies the name of the destination VPN instance for local route leaking, which corresponds to the name of the VPN instance used for communication with the external network.

   6. Run advertise l2vpn evpn include-local-cross-route

      The VPN instance is enabled to advertise all local cross routes as EVPN IP prefix routes.

      By default, locally leaked routes in a VPN instance are neither advertised to peers through BGP EVPN. After this step is performed, the external VPN instance can advertise routes leaked from other local service VPN instances to peers through EVPN IP prefix routes. In this way, the external VPN instance can communicate with other data centers.

      

      The EVPN ERT of the source VPN instance must be in the EVPN IRT list of the destination VPN instance, so that local route leaking can be correctly implemented.

6. Run commit

   The configuration is committed.