HPE FlexFabric 5950 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 5950 Series
  6. Configuration manual

HPE FlexFabric 5950 Series Configuration Manual

Hide thumbs Also See for FlexFabric 5950 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HPE FlexFabric 5950 Switch Series
EVPN Configuration Guide
Part number: 5200-2204a
Software version: Release 6123 and later
Document version: 6W101-20170120

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexFabric 5950 Series

Summary of Contents for HPE FlexFabric 5950 Series

  • Page 1 HPE FlexFabric 5950 Switch Series EVPN Configuration Guide Part number: 5200-2204a Software version: Release 6123 and later Document version: 6W101-20170120...
  • Page 2 © Copyright 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents EVPN overview ················································································ 1 EVPN network model ·················································································································· 1 Layered transport network ··········································································································· 2 MP-BGP extension for EVPN ······································································································· 2 Configuration automation ············································································································· 3 Assignment of traffic to VXLANs ···································································································· 3 Traffic from the local site to a remote site ·················································································· 3 Traffic from a remote site to the local site ··················································································...
  • Page 4 EVPN-DCI configuration task list ································································································· 59 Configuration prerequisites ········································································································ 60 Enabling DCI ·························································································································· 60 Enabling route nexthop replacement and route router MAC replacement ············································· 60 Configuring VXLAN mapping ······································································································ 61 Overview ························································································································· 61 Configuration restrictions and guidelines ················································································ 62 Configuration procedure ····································································································· 62 EVPN-DCI configuration examples ······························································································...

  • Page 5: Evpn Overview

    EVPN overview Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and Layer 3 connectivity between distant network sites across an IP network. EVPN uses MP-BGP in the control plane and VXLAN in the data plane. EVPN is typically used in data centers for multitenant services.

  • Page 6: Layered Transport Network

    Figure 1 EVPN network model VSI/VXLAN 10 VSI/VXLAN 10 VSI/VXLAN 20 VSI/VXLAN 20 VSI/VXLAN 30 VSI/VXLAN 30 VXLAN tunnel VTEP VTEP Server Server Transport network Site 1 Site 2 Layered transport network As shown in Figure 2, typically the EVPN transport network uses a layered structure. On the transport network, leaf nodes act as VTEPs to provide VXLAN services, and spine nodes perform forwarding for VXLAN traffic based on the outer IP header.

  • Page 7: Configuration Automation

    • Inclusive multicast Ethernet tag (IMET) route—Advertises VTEP and VXLAN mappings for automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment. • Ethernet segment route—Advertises ES and VTEP mappings. • IP prefix advertisement route—Advertises BGP IPv4 unicast routes as IP prefixes. The current software version does not support Ethernet auto-discovery routes and ES routes.

  • Page 8: Traffic From A Remote Site To The Local Site

    Figure 3 Identifying traffic from the local site VTEP Service instance 1: VLAN 2 Server VSI A VXLAN 10 VLAN 2 VM 1 Service instance 2: VLAN 3 VLAN 3 VSI B VM 2 VXLAN 20 VLAN 4 VM 3 Service instance 3: VLAN 4 VSI C...
  • Page 9 Figure 4 Intra-site unicast MAC table on VTEP 1 VM 1 VXLAN/VSI Interface VM 2 VXLAN 10/VSI A MAC 1 Interface A, VLAN 2 VM 3 VXLAN 10/VSI A MAC 4 Interface B, VLAN 3 Server 1 VM 7 Interface A VM 8 Interface B VXLAN tunnel...

  • Page 10: Flood

    Flood As shown in Figure 6, a VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. The source VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN.

  • Page 11: Distributed Evpn Gateway Deployment

    The VM sends an ARP request to obtain the MAC address of the VSI interface that acts as the gateway, and then sends the Layer 3 traffic to the centralized EVPN gateway. The local VTEP looks up the matching VSI's MAC address table and forwards the traffic to the centralized EVPN gateway through a VXLAN tunnel.
  • Page 12 Figure 8 Distributed EVPN gateway placement design L3 network Border gateway VTEP/Distributed EVPN gateway VTEP/Distributed VTEP/Distributed VXLAN tunnel VXLAN tunnel EVPN gateway EVPN gateway VTEP Server Server Server Server Server Server Site 1 Site 2 Site 3 Site 4 Site 5 Site 6 Symmetric IRB A distributed EVPN gateway uses symmetric IRB for Layer 3 forwarding, which means both the...
  • Page 13 Figure 9 Example of distributed EVPN gateway deployment VSI-interface1 VPN instance: vpna L3VNI: 1000 VSI-interface10 10.1.1.11 10.1.1.12 VM 1 VSI/VXLAN 10 VSI/VXLAN 10 VM 4 10.1.1.1/24 VPN instance: vpna 20.1.1.11 20.1.1.12 VSI-interface20 VM 2 VSI/VXLAN 20 VSI/VXLAN 20 VM 5 20.1.1.1/24 VPN instance: vpna VXLAN tunnel...
  • Page 14 • Switching and routing mode—Forwards Layer 2 traffic based on the MAC address table and forwards Layer 3 traffic based on the FIB table. In this mode, you need to enable ARP flood suppression on the distributed EVPN gateway to reduce flooding. •...

  • Page 15: Rd And Route Target Selection Of Bgp Evpn Routes

    Figure 11 Inter-site Layer 3 forwarding GW IP GW IP GW MAC (VSI interface MAC) GW MAC (VSI interface MAC) GW MAC 1 (Router MAC of GW 1) GW MAC 2 (Router MAC of GW 2) VTEP IP 1 VTEP IP 2 L3VNI 100 L3VNI 100 IP 1...

  • Page 16: Arp Flood Suppression

    Item Views instance view. The device selects RDs and route targets for BGP EVPN routes by using the following rules: • IMET routes and MAC/IP advertisement routes that contain only MAC addresses—The device uses the RD and route targets configured in EVPN instance view when advertising and accepting the routes.

  • Page 17: Mac Mobility

    VM 1 sends an ARP request to obtain the MAC address of VM 7. VTEP 1 creates a suppression entry for VM 1 and floods the ARP request in the VXLAN. VTEP 2 and VTEP 3 de-encapsulate the ARP request. The VTEPs create a suppression entry for VM 1 and broadcast the request in the local site.

  • Page 18: Configuring Evpn

    Configuring EVPN Configuration restrictions and guidelines VXLAN tunnel configuration restrictions and guidelines Make sure the following VXLAN tunnels are not associated with the same VXLAN when they have the same tunnel destination IP address: • A VXLAN tunnel automatically created by EVPN. •...

  • Page 19: Setting The Vxlan Hardware Resource Allocation Mode

    Tasks at a glance Remarks • Configuring a distributed EVPN gateway (Optional.) Managing remote MAC address entries and remote ARP learning Perform this task to advertise private (Optional.) Enabling BGP EVPN route advertisement to the local site BGP EVPN routes to the local site. Perform this task to reduce flooding (Optional.) Confining floods to the local site...

  • Page 20: Configuring An Evpn Instance

    Step Command Remarks (Optional.) Configure a By default, a VSI does not have a description text VSI description. description. (Optional.) Set the The default broadcast restraint broadcast, multicast, or bandwidth, multicast restraint restrain { broadcast | multicast unknown unicast bandwidth, and unknown unicast | unknown-unicast } bandwidth restraint bandwidth for restraint bandwidth are 4294967295...

  • Page 21: Configuring Bgp To Advertise Bgp Evpn Routes

    Configuring BGP to advertise BGP EVPN routes For more information about the following BGP commands, see Layer 3—IP Routing Command Reference: • peer allow-as-loop • peer as-number • peer enable • peer reflect-client • reflect between-clients • reflector cluster-id • refresh bgp •...

  • Page 22: Mapping An Ethernet Service Instance To A Vsi

    Step Command Remarks to filter reflected BGP reflected BGP EVPN routes. EVPN routes. 13. (Optional.) Configure the device to not change the peer { group-name | By default, the device uses its next hop of routes ipv4-address [ mask-length ] } next-h address as the next hop of routes advertised to an EBGP op-invariable...

  • Page 23: Configuring A Centralized Evpn Gateway

    Before you configure a centralized EVPN gateway, you must perform the following tasks: • Except the HPE FlexFabric 5950 48SFP28 8QSFP28 Switch, when you use an HPE FlexFabric 5950 switch as a VXLAN IP gateway, you must configure a service loopback group of the VSI gateway type by performing the following tasks: a.

  • Page 24: Configuration Procedure

    • When you use an HPE FlexFabric 5950 48SFP28 8QSFP28 Switch as a VXLAN IP gateway, you do not need to configure a service loopback group. • When an IRF fabric that contains the HPE FlexFabric 5950 48SFP28 8QSFP28 Switch and other models is used as a VXLAN IP gateway, you must configure a service loopback group of the VSI gateway type.

  • Page 25: Configuring A Vsi Interface

    For more information about service loopback group configuration, see Layer 2—LAN Switching Configuration Guide. • When you use an HPE FlexFabric 5950 48SFP28 8QSFP28 Switch as a VXLAN IP gateway, you do not need to configure a service loopback group. •...

  • Page 26: Configuring An L3 Vxlan Id For A Vsi Interface

    Step Command Remarks Enter VSI view. vsi vsi-name By default, no gateway interface is specified for a VSI. Specify the VSI interface gateway as the gateway interface For more information about this vsi-interface vsi-interface-id for the VSI. command, see VXLAN Command Reference.
  • Page 27 Step Command Remarks instance. (Optional.) Apply an By default, no export routing export routing policy to export route-policy route-policy policy is applied to EVPN on a EVPN on the VPN VPN instance. instance. By default, no import routing policy is applied to EVPN on a (Optional.) Apply an VPN instance.

  • Page 28: Configuring Ip Prefix Route Advertisement

    Step Command Remarks • Enter IPv4 VPN view: address-family ipv4 Enter IPv4 VPN view or • EVPN view. Enter EVPN view: address-family evpn By default, IPv4 VPN and EVPN do not have route targets on the public instance. Make sure the following requirements are met: •...

  • Page 29: Managing Remote Mac Address Entries And Remote Arp Learning

    Step Command Remarks bgp as-number [ instance Enable a BGP instance and By default, BGP is disabled instance-name ] enter BGP instance view. and no BGP instances exist. [ multi-session-thread ] • Enter BGP IPv4 unicast address family view: address-family ipv4 [ unicast ] •...

  • Page 30: Disabling Learning Of Mac Addresses From Arp Information

    To disable MAC address advertisement: Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Enter EVPN instance view. evpn encapsulation vxlan Disable MAC address By default, MAC address advertisement and withdraw mac-advertising disable advertisement is enabled. advertised MAC addresses. Disabling learning of MAC addresses from ARP information The MAC information and ARP information advertised by a remote VTEP overlap.

  • Page 31: Confining Floods To The Local Site

    Confining floods to the local site By default, the VTEP floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN: • All site-facing interfaces except for the incoming interface. •...

  • Page 32: Displaying And Maintaining Evpn

    Step Command Remarks command, see VXLAN Command Reference. Displaying and maintaining EVPN Execute display commands in any view and reset commands in user view. Task Command display bgp [ instance instance-name ] group l2vpn evpn Display BGP peer group information. [ group-name group-name ] display bgp [ instance instance-name ] l2vpn evpn [ peer ipv4-address { advertised-routes | received-routes }...
  • Page 33 • Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and Switch C. Figure 13 Network diagram Loop0 4.4.4.4/32 Switch D Vlan-int11 Vlan-int13 11.1.1.4/24 13.1.1.4/24 Vlan-int12 Transport 12.1.1.4/24 VSI-int1 network 10.1.1.1/24 VSI-int2 Vlan-int13 10.1.2.1/24 13.1.1.3/24 Vlan-int11...
  • Page 34 # Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an RD and a route target for the EVPN instance. [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] arp suppression enable [SwitchA-vsi-vpnb] evpn encapsulation vxlan [SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpnb-evpn-vxlan] quit # Create VXLAN 20.
  • Page 35 # Create VXLAN 10. [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an RD and a route target for the EVPN instance. [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] arp suppression enable [SwitchB-vsi-vpnb] evpn encapsulation vxlan [SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto...
  • Page 36 [SwitchC] service-loopback group 1 type vsi-gateway [SwitchC] interface hundredgige 1/0/4 [SwitchC-HundredGigE1/0/4] port service-loopback group 1 All configurations on the interface will be lost. Continue?[Y/N]:y [SwitchC-HundredGigE1/0/4] quit # Disable remote MAC address learning. [SwitchC] vxlan tunnel mac-learning disable # Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an RD and a route target for the EVPN instance.
  • Page 37 [SwitchC] interface vsi-interface 2 [SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchC-Vsi-interface2] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchC] vsi vpnb [SwitchC-vsi-vpnb] gateway vsi-interface 2 [SwitchC-vsi-vpnb] quit Configure Switch D: # Establish BGP connections with other transport network switches. <SwitchD>...
  • Page 38 * > [2][0][48][0003-0003-0003][32][10.1.1.1]/136 0.0.0.0 32768 * >i [3][10][32][1.1.1.1]/80 1.1.1.1 * > [3][10][32][3.3.3.3]/80 0.0.0.0 32768 Route distinguisher: 1:20 Total number of routes: 4 Network NextHop LocPrf PrefVal Path/Ogn * >i [2][0][48][0000-1234-0003][0][0.0.0.0]/104 3.3.3.3 * >i [2][0][48][0000-1234-0004][0][0.0.0.0]/104 3.3.3.3 * > [2][0][48][0005-0005-0005][32][10.1.2.1]/136 0.0.0.0 32768 * >...
  • Page 39 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec Last 300 seconds output rate: 9 bytes/sec, 72 bits/sec, 0 packets/sec Input: 277 packets, 20306 bytes, 0 drops Output: 1099 packets, 85962 bytes, 0 drops # Verify that the VSI interfaces are up on Switch C. [SwitchC] display interface vsi-interface Vsi-interface1 Current state: UP...
  • Page 40 Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel1 0x5000001 Auto...

  • Page 41: Distributed Evpn Gateway Configuration Example

    [SwitchC] display fib 10.1.1.10 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay F:FRR Destination/Mask Nexthop Flag OutInterface/Token Label 10.1.1.10/32 10.1.1.10 Vsi1 Null Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. Distributed EVPN gateway configuration example Network requirements As shown in...
  • Page 42 <SwitchA> system-view [SwitchA] l2vpn enable # Reserve the global VLAN interface resources of VLAN 3000 and VLAN 3001. [SwitchA] reserve-vlan-interface 3000 to 3001 global # Create VSI gateway service loopback group 1, and assign Layer 2 Ethernet interface HundredGigE 1/0/4 to the service loopback group. [SwitchA] service-loopback group 1 type vsi-gateway [SwitchA] interface hundredgige 1/0/4 [SwitchA-HundredGigE1/0/4] port service-loopback group 1...
  • Page 43 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-HundredGigE1/0/1-srv1000] xconnect vsi vpna [SwitchA-HundredGigE1/0/1-srv1000] quit # On HundredGigE 1/0/1, create Ethernet service instance 2000 to match VLAN 3. [SwitchA-HundredGigE1/0/1] service-instance 2000 [SwitchA-HundredGigE1/0/1-srv2000] encapsulation s-vid 3 # Map Ethernet service instance 2000 to VSI vpnb. [SwitchA-HundredGigE1/0/1-srv2000] xconnect vsi vpnb [SwitchA-HundredGigE1/0/1-srv2000] quit [SwitchA-HundredGigE1/0/1] quit...
  • Page 44 [SwitchA-vsi-vpnb] gateway vsi-interface 2 [SwitchA-vsi-vpnb] quit Configure Switch B: # Enable L2VPN. <SwitchB> system-view [SwitchB] l2vpn enable # Reserve the global VLAN interface resources of VLAN 3000 and VLAN 3001. [SwitchB] reserve-vlan-interface 3000 to 3001 global # Create VSI gateway service loopback group 1, and assign Layer 2 Ethernet interface HundredGigE 1/0/4 to the service loopback group.
  • Page 45 # On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2. [SwitchB] interface hundredgige 1/0/1 [SwitchB-HundredGigE1/0/1] service-instance 1000 [SwitchB-HundredGigE1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to VSI vpna. [SwitchB-HundredGigE1/0/1-srv1000] xconnect vsi vpna [SwitchB-HundredGigE1/0/1-srv1000] quit [SwitchB-HundredGigE1/0/1] quit # On HundredGigE 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
  • Page 46 # Specify VSI-interface 1 as the gateway interface for VSI vpna. [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 [SwitchB-vsi-vpna] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] gateway vsi-interface 2 [SwitchB-vsi-vpnb] quit Configure Switch C: # Enable L2VPN.
  • Page 47 # Configure a default route. [SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 null0 # Import the default route to the BGP IPv4 unicast routing table of VPN instance vpna. [SwitchC] bgp 200 [SwitchC-bgp-default] ip vpn-instance vpna [SwitchC-bgp-default-vpna] address-family ipv4 unicast [SwitchC-bgp-default-ipv4-vpna] default-route imported [SwitchC-bgp-default-ipv4-vpna] import-route static [SwitchC-bgp-default-ipv4-vpna] quit...
  • Page 48 * > [5][0][24][10.1.1.0]/80 0.0.0.0 32768 * > [5][0][24][10.1.2.0]/80 0.0.0.0 32768 * >i [5][0][24][10.1.1.0]/80 2.2.2.2 * >i [5][0][24][10.1.2.0]/80 2.2.2.2 Route distinguisher: 1:10 Total number of routes: 5 Network NextHop LocPrf PrefVal Path/Ogn * > [2][0][48][0000-1234-0001][0][0.0.0.0]/104 0.0.0.0 32768 * > [2][0][48][0000-1234-0001][32][10.1.1.10]/136 0.0.0.0 32768 * >i [2][0][48][0000-1234-0003][32][10.1.1.20]/136 2.2.2.2...
  • Page 49 Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.1.1.1, destination 2.2.2.2 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 9 packets, 882 bytes, 0 drops Output: 9 packets, 882 bytes, 0 drops # Verify that the VSI interfaces are up on Switch A.
  • Page 50 VSI State : Up : 1500 Bandwidth Broadcast Restrain : 4294967295 kbps Multicast Restrain : 4294967295 kbps Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID...

  • Page 51: Private-Public Network Communication Example

    IP address MAC address Interface/Link ID Aging Type 10.1.1.10 0000-1234-0001 0 10.1.2.10 0000-1234-0002 0 2.2.2.2 a0ce-5e24-0100 1 Tunnel0 # Verify that Switch A has created EVPN ARP entries for the local VMs. [SwitchA] display evpn route arp Flags: D - Dynamic B - BGP G - Gateway L - Local active...
  • Page 52 Figure 15 Network diagram Loop0 4.4.4.4/32 Switch D Vlan-int11 Vlan-int13 11.1.1.4/24 13.1.1.4/24 IP核心网络 Transport Vlan-int12 12.1.1.4/24 network VSI-int1 VSI-int1 10.1.3.1/24 Vlan-int13 10.1.1.1/24 13.1.1.3/24 VSI-int1 Vlan-int11 10.1.2.1/24 Vlan-int12 Loop0 Loop0 11.1.1.1/24 Switch C 12.1.1.2/24 1.1.1.1/32 3.3.3.3/32 Loop0 Switch B HGE1/0/1 Switch A HGE1/0/1 2.2.2.2/32 HGE1/0/1...
  • Page 53 [SwitchA-bgp-default] peer 4.4.4.4 as-number 200 [SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 4.4.4.4 enable [SwitchA-bgp-default-evpn] quit [SwitchA-bgp-default] quit # On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 1. [SwitchA] interface hundredgige 1/0/1 [SwitchA-HundredGigE1/0/1] service-instance 1000 [SwitchA-HundredGigE1/0/1-srv1000] encapsulation s-vid 1 # Map Ethernet service instance 1000 to VSI vpna.
  • Page 54 [SwitchA-Vsi-interface4] l3-vni 3000 [SwitchA-Vsi-interface4] quit # Specify VSI-interface 1 as the gateway interface for VSI vpna. [SwitchA] vsi vpna [SwitchA-vsi-vpna] gateway vsi-interface 1 [SwitchA-vsi-vpna] quit Configure Switch B: # Enable L2VPN. <SwitchB> system-view [SwitchB] l2vpn enable # Disable remote MAC address learning and remote ARP learning. [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an...
  • Page 55 [SwitchB-vpn-evpn-vpnb] vpn-target 2:2 [SwitchB-vpn-evpn-vpnb] vpn-target 1:1 import-extcommunity [SwitchB-vpn-evpn-vpnb] quit [SwitchB-vpn-instance-vpnb] quit # Configure VSI-interface 1. [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip binding vpn-instance vpnb [SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0 [SwitchB-Vsi-interface1] distributed-gateway local [SwitchB-Vsi-interface1] local-proxy-arp enable [SwitchB-Vsi-interface1] quit # Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from Switch A.
  • Page 56 [SwitchC-vsi-vpnc] quit # Configure BGP to advertise BGP EVPN routes. [SwitchC] bgp 200 [SwitchC-bgp-default] peer 4.4.4.4 as-number 200 [SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchC-bgp-default] address-family ipv4 unicast [SwitchC-bgp-default-ipv4]quit [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer 4.4.4.4 enable [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit # Configure RD, route target, and L3 VXLAN ID settings for the public instance.
  • Page 57 # Create VSI-interface 4 for the public instance, and configure the L3 VXLAN ID as 3000 for the VSI interface. [SwitchC] interface vsi-interface 4 [SwitchC-Vsi-interface4] l3-vni 3000 [SwitchC-Vsi-interface4] quit # Specify VSI-interface 1 as the gateway interface for VSI vpnc. [SwitchC] vsi vpnc [SwitchC-vsi-vpnc] gateway vsi-interface 1 [SwitchC-vsi-vpnc] quit...
  • Page 58 0.0.0.0 32768 Route distinguisher: 1:10 Total number of routes: 2 Network NextHop LocPrf PrefVal Path/Ogn * > [2][0][48][582e-aaec-0806][32][10.1.1.10]/136 0.0.0.0 32768 * > [3][0][32][1.1.1.1]/80 0.0.0.0 32768 Route distinguisher: 1:20 Total number of routes: 1 Network NextHop LocPrf PrefVal Path/Ogn * >i [2][0][48][582e-d6b2-0906][32][10.1.2.10]/136 2.2.2.2 Route distinguisher: 1:30 Total number of routes: 1...
  • Page 59 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Tunnel source 1.1.1.1, destination 3.3.3.3 Tunnel protocol/transport UDP_VXLAN/IP...
  • Page 60 Vsi-interface3 Current state: UP Line protocol state: UP Description: Vsi-interface3 Interface Bandwidth: 1000000 kbps Maximum transmission unit: 1500 Internet protocol processing: Disabled IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600 IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600 Physical: Unknown, baudrate: 1000000 kbps Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec...
  • Page 61 VSI Name: Auto_L3VNI2000_3 VSI Index VSI State : Down : 1500 Bandwidth Broadcast Restrain : 4294967295 kbps Multicast Restrain : 4294967295 kbps Unknown Unicast Restrain: 4294967295 kbps MAC Learning : Enabled MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled...
  • Page 62 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000001 Auto Disabled Tunnel1 0x5000002 Auto Disabled ACs: Link ID State Type HGE1/0/1 srv1000 Manual # Verify that Switch A has created ARP entries for the VMs. [SwitchA] display arp Type: S-Static D-Dynamic O-Openflow...

  • Page 63: Configuring Evpn-Dci

    Configuring EVPN-DCI Overview EVPN data center interconnect (EVPN-DCI) uses VXLAN-DCI tunnels to provide connectivity for data centers over an IP transport network. EVPN-DCI network model As shown in Figure 16, the EVPN-DCI network contains VTEPs and edge devices (EDs) located at the edge of the transport network.

  • Page 64: Configuration Prerequisites

    Tasks at a glance (Required.) Enabling DCI (Required.) Enabling route nexthop replacement and route router MAC replacement (Optional.) Configuring VXLAN mapping Configuration prerequisites Before you configure EVPN-DCI, complete basic EVPN configuration for each data center. For more information about basic EVPN configuration, see "Configuring EVPN."...

  • Page 65: Configuring Vxlan Mapping

    Step Command Remarks number as-number Create the BGP EVPN address family and enter By default, the BGP EVPN address-family l2vpn evpn BGP EVPN address family address family does not exist. view. Enable BGP to exchange peer { group-name | By default, BGP does not BGP EVPN routes with a ipv4-address [ mask-length ] } ena exchange BGP EVPN routes with...

  • Page 66: Configuration Restrictions And Guidelines

    • Non-intermediate VXLAN mapping—When two data centers use different VXLAN IDs for a subnet, map the local VXLAN to the remote VXLAN on the ED of one data center. For example, for VXLAN 10 of data center 1 to communicate with VXLAN 20 of data center 2, map VXLAN 10 to VXLAN 20 on the ED of data center 1.
  • Page 67 Figure 17 Network diagram Loop0 Loop0 3.3.3.3/32 Data center 1 2.2.2.2/32 Data center 2 Switch B Switch C Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int13 12.1.1.4/24 12.1.1.3/24 11.1.1.4/24 13.1.1.3/24 Vlan-int11 Vlan-int13 11.1.1.1/24 Loop0 13.1.1.4/24 Loop0 1.1.1.1/32 4.4.4.4/32 Switch A HGE1/0/1 HGE1/0/1 Switch D 10.1.1.22 10.1.1.11 Server 2...
  • Page 68 [SwitchA-bgp-default] quit # On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100. [SwitchA] interface hundredgige 1/0/1 [SwitchA-HundredGigE1/0/1] service-instance 1000 [SwitchA-HundredGigE1/0/1-srv1000] encapsulation s-vid 100 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-HundredGigE1/0/1-srv1000] xconnect vsi vpna [SwitchA-HundredGigE1/0/1-srv1000] quit Configure Switch B: # Enable L2VPN.
  • Page 69 [SwitchB-bgp-default] peer 1.1.1.1 as-number 100 [SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 3.3.3.3 enable [SwitchB-bgp-default-evpn] peer 3.3.3.3 router-mac-local [SwitchB-bgp-default-evpn] peer 1.1.1.1 enable [SwitchB-bgp-default-evpn] peer 1.1.1.1 next-hop-local [SwitchB-bgp-default-evpn] quit [SwitchB-bgp-default] quit Configure Switch C: # Enable L2VPN. <SwitchC>...
  • Page 70 [SwitchC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64 [SwitchC-bgp-default] peer 4.4.4.4 as-number 200 [SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer 2.2.2.2 enable [SwitchC-bgp-default-evpn] peer 2.2.2.2 router-mac-local [SwitchC-bgp-default-evpn] peer 4.4.4.4 enable [SwitchC-bgp-default-evpn] peer 4.4.4.4 next-hop-local [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit Configure Switch D: # Enable L2VPN.
  • Page 71 Total number of automatically discovered peers: 2 VSI name: vpna PE_address Tunnel_address Tunnel mode VXLAN ID 1:10 1.1.1.1 1.1.1.1 VXLAN 1:10 3.3.3.3 3.3.3.3 VXLAN-DCI # Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up. [SwitchB] display interface tunnel Tunnel0 Current state: UP Line protocol state: UP...

  • Page 72: Evpn-Dci Intermediate Vxlan Mapping Configuration Example

    MAC Table Limit MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 Auto Disabled Tunnel1 0x5000001 Auto Disabled # Verify that the ED has generated EVPN MAC address entries for the VMs. [SwitchB] display evpn route mac Flags: D - Dynamic B - BGP...
  • Page 73 Figure 18 Network diagram Loop0 Loop0 3.3.3.3/32 Data center 1 2.2.2.2/32 Data center 2 Switch B Switch C HGE1/0/1 HGE1/0/1 Vlan-int11 Vlan-int13 12.1.1.4/24 12.1.1.3/24 11.1.1.4/24 13.1.1.3/24 Vlan-int11 Vlan-int13 11.1.1.1/24 Loop0 13.1.1.4/24 Loop0 1.1.1.1/32 4.4.4.4/32 Switch A HGE1/0/1 HGE1/0/1 Switch D 10.1.1.22 10.1.1.11 Server 2...
  • Page 74 [SwitchA-bgp-default] quit # On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 100. [SwitchA] interface hundredgige 1/0/1 [SwitchA-HundredGigE1/0/1] service-instance 1000 [SwitchA-HundredGigE1/0/1-srv1000] encapsulation s-vid 100 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-HundredGigE1/0/1-srv1000] xconnect vsi vpna [SwitchA-HundredGigE1/0/1-srv1000] quit Configure Switch B: # Enable L2VPN.
  • Page 75 # Create an EVPN instance on VSI vpnb. Configure the switch to automatically generate an RD, and manually configure a route target for the EVPN instance. [SwitchB-vsi-vpnb] evpn encapsulation vxlan [SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpnb-evpn-vxlan] vpn-target 123:456 [SwitchB-vsi-vpnb-evpn-vxlan] quit [SwitchB-vsi-vpnb] quit # Configure BGP to advertise BGP EVPN routes.
  • Page 76 [SwitchC-vsi-vpna-vxlan-30] quit # Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD and a route target for the EVPN instance. [SwitchC-vsi-vpna] evpn encapsulation vxlan [SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto # Map local VXLAN 30 to intermediate VXLAN 500. [SwitchC-vsi-vpna-evpn-vxlan] mapping vni 500 [SwitchC-vsi-vpna-evpn-vxlan] quit [SwitchC-vsi-vpna] quit...
  • Page 77 # Create an EVPN instance on VSI vpna. Configure the switch to automatically generate an RD and a route target for the EVPN instance. [SwitchD-vsi-vpna] evpn encapsulation vxlan [SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchD-vsi-vpna-evpn-vxlan] quit [SwitchD-vsi-vpna] quit # Configure BGP to advertise BGP EVPN routes. [SwitchD] bgp 200 [SwitchD-bgp-default] peer 3.3.3.3 as-number 200 [SwitchD-bgp-default] peer 3.3.3.3 connect-interface Loopback 0...
  • Page 78 Output: 0 packets, 0 bytes, 0 drops Tunnel1 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64 kbps Maximum transmission unit: 64000 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 2.2.2.2, destination 3.3.3.3 Tunnel protocol/transport UDP_VXLAN-DCI/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops...

  • Page 79: Evpn-Dci Layer 3 Communication Configuration Example

    MAC Learning rate Drop Unknown Flooding : Enabled Statistics : Disabled VXLAN ID : 500 # Verify that the ED has generated EVPN MAC address entries for the VMs, and the remote MAC address entry has the M flag. [SwitchB] display evpn route mac Flags: D - Dynamic B - BGP G - Gateway...
  • Page 80 # Configure OSPF on the transport network for the switches to reach one another. (Details not shown.) Configure Switch A: # Enable L2VPN. <SwitchA> system-view [SwitchA] l2vpn enable # Reserve the global VLAN interface resources of VLAN 3000 and VLAN 3001. [SwitchA] reserve-vlan-interface 3000 to 3001 global # Create VSI gateway service loopback group 1, and assign Layer 2 Ethernet interface HundredGigE 1/0/4 to the service loopback group.
  • Page 81 [SwitchA-vpn-ipv4-vpn1] vpn-target 2:2 [SwitchA-vpn-ipv4-vpn1] quit [SwitchA-vpn-instance-vpn1] address-family evpn [SwitchA-vpn-evpn-vpn1] vpn-target 1:1 [SwitchA-vpn-evpn-vpn1] quit [SwitchA-vpn-instance-vpn1] quit # Configure VSI-interface 1 as a distributed gateway. [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip binding vpn-instance vpn1 [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vsi-interface1] mac-address 1-1-1 [SwitchA-Vsi-interface1] distributed-gateway local [SwitchA-Vsi-interface1] quit # Create VSI-interface 2.
  • Page 82 # Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Switch A, and enable router MAC replacement for routes advertised to and received from Switch C. [SwitchB] bgp 100 [SwitchB-bgp-default] peer 3.3.3.3 as-number 200 [SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64 [SwitchB-bgp-default] peer 1.1.1.1 as-number 100 [SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0...
  • Page 83 [SwitchC] vxlan tunnel mac-learning disable [SwitchC] vxlan tunnel arp-learning disable # Enable DCI on the Layer 3 interface that connects Switch C to Switch B For the switches to establish a VXLAN-DCI tunnel. [SwitchC] interface vlan-interface 12 [SwitchC-Vlan-interface12] dci enable [SwitchC-Vlan-interface12] quit # Configure BGP to advertise BGP EVPN routes.
  • Page 84 [SwitchD] interface hundredgige 1/0/4 [SwitchD-HundredGigE1/0/4] port service-loopback group 1 All configurations on the interface will be lost. Continue?[Y/N]:y [SwitchD-HundredGigE1/0/4] quit # Disable remote MAC address learning and remote ARP learning. [SwitchD] vxlan tunnel mac-learning disable [SwitchD] vxlan tunnel arp-learning disable # Create an EVPN instance on VSI vpnb.
  • Page 85 [SwitchD-Vsi-interface1] distributed-gateway local [SwitchD-Vsi-interface1] quit # Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance. [SwitchD] interface vsi-interface 2 [SwitchD-Vsi-interface2] ip binding vpn-instance vpn1 [SwitchD-Vsi-interface2] l3-vni 1000 [SwitchD-Vsi-interface2] quit # Specify VSI-interface 1 as the gateway interface for VSI vpnb.
  • Page 86 Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Verify that the ED has EVPN ARP entries and EVPN routes for the VMs. [SwitchB] display arp vpn-instance vpn1 Type: S Type: S-Static D-Dynamic...

  • Page 87: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 88: Network Topology Icons

    Convention Description An alert that provides helpful information. TIP: Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 89: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 90: Customer Self Repair

    Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 91: Index

    Index address disabling EVPN remote MAC address entry EVPN MAC advertisement, management, EVPN MAC learning from ARP information, advertisement EVPN remote MAC+ARP learning, BGP EVPN route advertisement to local displaying site, EVPN, EVPN MAC advertisement, EVPN route advertisement, IP prefix route advertisement, enabling route nexthop replacement and route router BGP EVPN route advertisement to local site,...
  • Page 92 EVPN route advertisement, EVPN tunnel restrictions, gateway gateway configuration (centralized), 19, 28 EVPN centralized gateway, gateway configuration (distributed), 20, 37 EVPN distributed gateway, gateway configuration (private-public), EVPN gateway configuration (centralized), 19, 28 how data center interconnect (DCI) works, EVPN gateway configuration (distributed), 20, 37 IP prefix route advertisement, EVPN gateway configuration (private-public),...
  • Page 93 EVPN-DCI configuration, EVPN gateway configuration (centralized), 19, 28 EVPN-DCI Layer 3 communication EVPN gateway configuration (distributed), 20, 37 configuration, EVPN gateway configuration (private-public), L3 VXLAN ID configuration, EVPN instance configuration, learning EVPN local flood confine, EVPN MAC address learning, EVPN model, EVPN MAC learning from ARP information, EVPN MP-BGP extension, EVPN remote ARP learning,...
  • Page 94 enabling EVPN ARP flood suppression, EVPN-DCI Layer 3 communication configuration, enabling EVPN-DCI, EVPN-DCI network model, maintaining EVPN, EVPN-DCI VXLAN mapping configuration, managing EVPN remote MAC address entries, mapping EVPN Ethernet service instance > unicast VSI, EVPN traffic forwarding, setting VXLAN hardware resource allocation EVPN traffic forwarding flood process, mode, restrictions...

Table of Contents