H3C S10500 Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S10500 Series
  6. Configuration manual
H3C S10500 Series Configuration Manual

H3C S10500 Series Configuration Manual

Hide thumbs Also See for S10500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S10500 Switch Series
EVPN
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: S10500-CMW710-R7523P01
Document version: 6W100-20160830

Advertisement

Table of Contents
loading

Related Manuals for H3C S10500 Series

Summary of Contents for H3C S10500 Series

  • Page 1 H3C S10500 Switch Series EVPN Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S10500-CMW710-R7523P01 Document version: 6W100-20160830...
  • Page 2 , H3CS, H3CIE, H3CNE, Aolynk, Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 IP network. EVPN uses MP-BGP in the control plane and VXLAN in the data plane. This preface includes the following topics about the documentation: • Audience. • Conventions. • About the H3C S10500 documentation set. • Obtaining documentation. • Technical support.
  • Page 4 Convention Description Asterisk marked braces enclose a set of required syntax choices separated by vertical { x | y | ... } * bars, from which you select at least one. Asterisk marked square brackets enclose optional syntax choices separated by vertical [ x | y | ...
  • Page 5 Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG card. About the H3C S10500 documentation set The H3C S10500 documentation set includes the following categories of documents: Category Documents Purposes...
  • Page 6 System log messages Explains the system log messages. Obtaining documentation Access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the following links to obtain different categories of product documentation: [Technical Documents]—Provides hardware installation, software upgrading, and software feature...

  • Page 7: Table Of Contents

    Contents EVPN overview ······························································································· 1 EVPN network model ········································································································································· 1 MP-BGP extension for EVPN ···························································································································· 2 Configuration automation ··································································································································· 3 Assignment of traffic to VXLANs ························································································································ 3 Traffic from the local site to a remote site ·································································································· 3 Traffic from a remote site to the local site ·································································································· 4 Layer 2 forwarding ·············································································································································...

  • Page 8: Evpn Overview

    EVPN overview Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and Layer 3 connectivity between distant network sites across an IP network. EVPN uses MP-BGP in the control plane and VXLAN in the data plane. EVPN is typically used in data centers for multitenant services.

  • Page 9: Mp-Bgp Extension For Evpn

    Figure 1 EVPN network model VSI/VXLAN 10 VSI/VXLAN 10 VSI/VXLAN 20 VSI/VXLAN 20 VSI/VXLAN 30 VSI/VXLAN 30 VXLAN tunnel VTEP VTEP Server Server Transport network Site 1 Site 2 As shown in Figure 2, typically the EVPN transport network uses a layered structure. On the transport network, leaf nodes act as VTEPs to provide VXLAN services, and spine nodes perform forwarding for VXLAN traffic based on the outer IP header.

  • Page 10: Configuration Automation

    • IP prefix advertisement route—Advertises external routes as IP prefixes. MP-BGP uses the route distinguisher (RD) field to differentiate EVPN routes of different VXLANs and uses route target attributes to control the advertisement and acceptance of EVPN routes. MP-BGP supports the following types of route target attributes: •...

  • Page 11: Traffic From A Remote Site To The Local Site

    Traffic from a remote site to the local site When a VXLAN packet arrives at a VXLAN tunnel interface, the VTEP uses the VXLAN ID in the packet to identify its VXLAN. Layer 2 forwarding MAC learning The VTEP performs Layer 2 forwarding based on a VSI's MAC address table. The VTEP learns MAC addresses by using the following methods: •...

  • Page 12: Flood

    The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching outgoing interface. Figure 5 Inter-site unicast Flood As shown in Figure 6, a VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface.

  • Page 13: Layer 3 Forwarding

    Figure 6 Forwarding of flood traffic Layer 3 forwarding EVPN uses EVPN gateways to provide Layer 3 forwarding services for hosts in VXLANs. EVPN provides the following EVPN gateway placement designs: • Centralized EVPN gateway deployment—Use one VTEP to provide Layer 3 forwarding for VXLANs.

  • Page 14: Distributed Evpn Gateway Deployment

    Figure 7 Example of centralized EVPN gateway deployment 10.1.1.11 10.1.1.12 VSI/VXLAN 10 VSI/VXLAN 10 20.1.1.11 20.1.1.12 VSI/VXLAN 20 VSI/VXLAN 20 30.1.1.11 30.1.1.12 VSI/VXLAN 30 VSI/VXLAN 30 Transport network VXLAN tunnel VTEP 1 VTEP 2 Server Server Site 1 Site 2 VTEP 3/Centralized EVPN gateway VSI-interface10 VSI/VXLAN 10...
  • Page 15 A distributed EVPN gateway uses symmetric IBR for Layer 3 forwarding, which means both the ingress and egress gateways perform Layer 2 and Layer 3 lookups. Symmetric IBR introduces the following concepts: • L3 VXLAN ID—Also called L3 VNI. An L3 VXLAN ID identifies the traffic of a routing domain where devices have Layer 3 reachability.
  • Page 16 the route. In the FIB entry, the outgoing interface is a VXLAN tunnel interface, and the next hop is the peer VTEP address in the NEXT_HOP attribute of the route. A VTEP has the following types of ARP information: • Local ARP information—ARP information of VMs in the local site.

  • Page 17: Arp Flood Suppression

    The source VM sends an ARP request to obtain the MAC address of the destination VM. The gateway replies to the source VM with the MAC address of the VSI interface associated with the source VM's VSI. The source VM sends a Layer 3 packet to the gateway. 10.

  • Page 18: Mac Mobility

    Figure 12 ARP flood suppression ARP flood suppression uses the following workflow: VM 1 sends an ARP request to obtain the MAC address of VM 7. VTEP 1 creates a suppression entry for VM 1, and floods the ARP request in the VXLAN. VTEP 2 and VTEP 3 de-encapsulate the ARP request.

  • Page 19: Configuring Evpn

    Configuring EVPN Hardware compatibility restrictions VXLAN transport-facing interfaces must be on the following SG interface modules: • LSUM2QGS12SG0. • LSUM2TGS32QSSG0. • LSUM2TGS48SG0. EVPN configuration task list Tasks at a glance Remarks (Required) Creating a VXLAN on a VSI (Required) Configuring an EVPN instance (Required) Configuring BGP to advertise EVPN routes Perform this task to assign customer...

  • Page 20: Configuring An Evpn Instance

    Step Command Remarks (Optional.) Set the MTU The default MTU is 1500 bytes for a mtu mtu for the VSI. VSI. (Optional.) Enable MAC By default, MAC address learning is address learning for the mac-learning enable enabled for a VSI. VSI.
  • Page 21 • refresh bgp • reset bgp To configure BGP to advertise EVPN routes: Step Command Remarks Enter system view. system-view Enable a BGP instance bgp as-number [ instance By default, BGP is disabled and and enter BGP instance instance-name ] no BGP instances exist.

  • Page 22: Mapping An Ethernet Service Instance To A Vsi

    Step Command Remarks EVPN address family. ipv4-address [ mask-length ] | all | external | group group-name | internal } l2vpn evpn Mapping an Ethernet service instance to a VSI An Ethernet service instance matches a list of VLANs on a site-facing interface by using a frame match criterion.

  • Page 23: Configuring A Centralized Evpn Gateway

    Configuring a centralized EVPN gateway Configuration restrictions and guidelines As a best practice, enable ARP flood suppression on VTEPs to reduce flooding. Configuration procedure Step Command Remarks Enter system view. system-view Create a VSI interface and enter interface vsi-interface vsi-interface-id By default, no VSI interfaces exist.

  • Page 24: Configuring A Vsi Interface As A Gateway Interface

    Configuring a VSI interface as a gateway interface Step Command Remarks Enter system view. system-view Create a VSI interface and enter interface vsi-interface vsi-interface-id By default, no VSI interfaces exist. VSI interface view. • Assign an IPv4 address: By default, no IPv4 or IPv6 address ip address ip-address { mask | is assigned to a VSI interface.

  • Page 25: Configuring Ip Prefix Route Advertisement

    Step Command Remarks Configure an RD for the VPN route-distinguisher By default, no RD is configured for instance. route-distinguisher a VPN instance. (Optional.) Configure route vpn-target { vpn-target&<1-8> By default, a VPN instance does target attributes for the VPN [ both | export-extcommunity | not have route target attributes.

  • Page 26: Managing Remote Mac Address Entries And Remote Arp Learning

    • This feature is supported only by distributed EVPN gateway deployment. • For a VPN instance, you must configure the same route target attributes in VPN instance view and in EVPN view. To configure IP prefix route advertisement: Step Command Remarks Enter system view.

  • Page 27: Disabling Mac Address Advertisement

    Disabling MAC address advertisement The MAC information and ARP information advertised by the VTEP overlap. To avoid duplication, disable MAC address advertisement. To disable MAC address advertisement: Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Enter EVPN instance view. evpn encapsulation vxlan Disable MAC address By default, MAC address...

  • Page 28: Confining Floods To The Local Site

    Step Command Remarks BGP-VPN instance view. Create the BGP-VPN IPv4 unicast address By default, the BGP-VPN IPv4 family and enter address-family ipv4 [ unicast ] unicast address family does not BGP-VPN IPv4 unicast exist. address family view. Enable BGP EVPN route By default, BGP EVPN route advertisement to the local advertise l2vpn evpn...

  • Page 29: Displaying And Maintaining Evpn

    Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Enable ARP flood By default, ARP flood arp suppression enable suppression. suppression is disabled. Displaying and maintaining EVPN Execute display commands in any view and reset commands in user view. Task Command display bgp [ instance instance-name ] group l2vpn evpn...
  • Page 30 • Configure VXLAN 10 and VXLAN 20 on Switch A, Switch B, and Switch C to provide connectivity for the VMs in the VXLANs across the network sites. • Configure Switch C as a centralized EVPN gateway to provide gateway services and access to the connected Layer 3 network.
  • Page 31 [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an RD and a route target for the EVPN instance. [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] arp suppression enable [SwitchA-vsi-vpnb] evpn encapsulation vxlan [SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpnb-evpn-vxlan] quit...
  • Page 32 [SwitchB] vsi vpna [SwitchB-vsi-vpna] arp suppression enable [SwitchB-vsi-vpna] evpn encapsulation vxlan [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpna-evpn-vxlan] quit # Create VXLAN 10. [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an RD and a route target for the EVPN instance.
  • Page 33 # Map Ethernet service instance 2000 to VSI vpnb. [SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb [SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit [SwitchB-Ten-GigabitEthernet1/0/2] quit Configure Switch C: # Enable L2VPN. <SwitchC> system-view [SwitchC] l2vpn enable # Disable remote MAC address learning. [SwitchC] vxlan tunnel mac-learning disable # Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an RD and a route target for the EVPN instance.
  • Page 34 [SwitchC-vsi-vpna] quit # Create VSI-interface 2 and assign the interface an IP address. The IP address will be used as the gateway address for VXLAN 20. [SwitchC] interface vsi-interface 2 [SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchC-Vsi-interface2] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchC] vsi vpnb [SwitchC-vsi-vpnb] gateway vsi-interface 2 [SwitchC-vsi-vpnb] quit...
  • Page 35 1.1.1.1 * >i [2][0][48][0000-1234-0002][0][0.0.0.0]/104 1.1.1.1 * > [2][0][48][0003-0003-0003][32][10.1.1.1]/136 0.0.0.0 32768 * >i [3][10][32][1.1.1.1]/80 1.1.1.1 * > [3][10][32][3.3.3.3]/80 0.0.0.0 32768 Route distinguisher: 1:20 Total number of routes: 4 Network NextHop LocPrf PrefVal Path/Ogn * >i [2][0][48][0000-1234-0003][0][0.0.0.0]/104 3.3.3.3 * >i [2][0][48][0000-1234-0004][0][0.0.0.0]/104 3.3.3.3 * >...
  • Page 36 Description: Tunnel1 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Tunnel source 3.3.3.3, destination 1.1.1.1 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec...
  • Page 37 # Verify that the VXLAN tunnels have been assigned to the VXLANs, and the VSI interfaces are the gateway interface of their respective VXLAN. [SwitchC] display l2vpn vsi verbose VSI Name: vpna VSI Index VSI State : Up : 1500 Bandwidth Broadcast Restrain Multicast Restrain...

  • Page 38: Distributed Evpn Gateway Configuration Example

    Interface: Vsi-interface1 VPN instance name: - IP address MAC address Router MAC VSI Index Flags 10.1.1.1 0003-0003-0003 10.1.1.10 0000-1234-0001 10.1.1.20 0000-1234-0003 # Verify that Switch C has created FIB entries for the VMs. [SwitchC] display fib 10.1.1.10 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway...
  • Page 39 Configuration procedure On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify 10.1.2.1 as the gateway address. (Details not shown.) Configure IP addresses and unicast routing settings: # Assign IP addresses to interfaces, as shown in Figure 14.
  • Page 40 # On Ten-GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2. [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to VSI vpna. [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit # On Ten-GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 3. [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000 [SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3 # Map Ethernet service instance 2000 to VSI vpnb.
  • Page 41 [SwitchA-vsi-vpna] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] gateway vsi-interface 2 [SwitchA-vsi-vpnb] quit Configure Switch B: # Enable L2VPN. <SwitchB> system-view [SwitchB] l2vpn enable # Disable remote MAC address learning and remote ARP learning. [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an...
  • Page 42 [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # Map Ethernet service instance 1000 to VSI vpna. [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit [SwitchB-Ten-GigabitEthernet1/0/1] quit # Assign Ten-GigabitEthernet 1/0/2 to VLAN 3. [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk [SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3 # On Ten-GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
  • Page 43 # Specify VSI-interface 1 as the gateway interface for VSI vpna. [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 [SwitchB-vsi-vpna] quit # Specify VSI-interface 2 as the gateway interface for VSI vpnb. [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] gateway vsi-interface 2 [SwitchB-vsi-vpnb] quit Configure Switch C: # Enable L2VPN.
  • Page 44 [SwitchC-bgp-default-vpna] quit [SwitchC-bgp-default] quit Configure Switch D: # Establish BGP connections with other transport network switches. <SwitchD> system-view [SwitchD] bgp 200 [SwitchD-bgp-default] group evpn [SwitchD-bgp-default] peer 1.1.1.1 group evpn [SwitchD-bgp-default] peer 2.2.2.2 group evpn [SwitchD-bgp-default] peer 3.3.3.3 group evpn [SwitchD-bgp-default] peer evpn as-number 200 [SwitchD-bgp-default] peer evpn connect-interface loopback 0 # Configure BGP to advertise EVPN routes, and disable route target filtering for BGP EVPN routes.
  • Page 45 Route distinguisher: 1:10 Total number of routes: 5 Network NextHop LocPrf PrefVal Path/Ogn * > [2][0][48][0000-1234-0001][0][0.0.0.0]/104 0.0.0.0 32768 * > [2][0][48][0000-1234-0001][32][10.1.1.10]/136 0.0.0.0 32768 * >i [2][0][48][0000-1234-0003][32][10.1.1.20]/136 2.2.2.2 * > [3][10][32][1.1.1.1]/80 0.0.0.0 32768 * >i [3][10][32][2.2.2.2]/80 2.2.2.2 32768 Route distinguisher: 1:20 Total number of routes: 5 Network NextHop...
  • Page 46 Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 9 packets, 882 bytes, 0 drops Output: 9 packets, 882 bytes, 0 drops # Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.) [SwitchA] display interface vsi-interface 1 Vsi-interface1 Current state: UP...
  • Page 47 MAC Table Limit Drop Unknown Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID : 10 ACs: Link ID State XGE1/0/1 srv1000 VSI Name: vpnb VSI Index VSI State : Up : 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain: - MAC Learning...

  • Page 48: Index

    Index Ethernet EVPN Ethernet service instance > VSI address mapping, 15 EVPN remote MAC address entry EVPN MP-BGP extension, 2 management, 19 EVPN network model, 1 advertisement EVPN overview, 1 BGP EVPN route advertisement to local Ethernet Virtual Private Network. Use EVPN site, 20 EVPN EVPN MAC advertisement, 20...
  • Page 49 EVPN Layer 2 traffic forwarding, 4 EVPN MAC learning from ARP information, 20, 20 EVPN Layer 3 traffic forwarding, 6 EVPN remote ARP learning, 19, 19 frame EVPN remote MAC learning, 19 EVPN local flood confine, 21, 21 MAC mobility, 11 MAC addressing gateway EVPN MAC address learning, 4...
  • Page 50 configuring EVPN instance, 13 configuring EVPN route advertisement, 13 unicast configuring IP prefix route advertisement, 18 EVPN traffic forwarding, 4 configuring L3 VXLAN ID, 17 EVPN traffic forwarding flood process, 5 confining EVPN local flood, 21 creating VXLAN on VSI, 12 disabling EVPN MAC advertisement, 20 EVPN Ethernet service instance >...

Table of Contents