Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-EVI configuration | 511.27 KB |
Layer 2 connectivity extension issues
Configuration restrictions and guidelines
Feature and hardware compatibility
Feature compatibility requirements
Configuring EVI basic features
Assigning a network ID to the EVI tunnel
Specifying extended VLANs on the EVI tunnel
Enabling EVI on transport-facing physical interfaces
EVI IS-IS configuration task list
Optimizing an EVI IS-IS network
Specifying a routing policy for an EVI IS-IS process
Enabling adjacency change logging
Configuring SNMP notifications and context for EVI IS-IS
Configuring Graceful Restart for an EVI IS-IS process
Increasing the maximum number of MAC entries in an LSP for an EVI IS-IS process
Enabling EVI ARP flood suppression
Enabling EVI flooding for all destination-unknown frames
Enabling selective flooding for a MAC address
Displaying and maintaining EVI
Single-homed EVI network configuration example
Multiple-EVI-networks configuration example
Configuring EVI
Overview
Ethernet Virtual Interconnect (EVI) is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency (see Figure 1).
EVI enables long-distance virtual machine workload mobility and data mobility, disaster recovery, and business continuity. For example, virtual machines can move between data center sites without changing their IP addresses, so their movements are transparent to users and do not disrupt traffic.
Figure 1 Virtual machine migration
Layer 2 connectivity extension issues
EVI resolves the following Layer 2 connectivity extension issues:
· Site independence—EVI keeps protocol failures, such as broadcast storms, from propagating across sites.
· Transport independence—EVI has no special requirements for site location or transport network type, except that the transport network can forward IP packets.
· Link efficiency—EVI optimizes the inter-site multicast and broadcast transmission mechanism and implements load-sharing on redundant links.
· Site and transport transparency—EVI is both site and transport network transparent. It has no special site or transport network topology requirements.
· Easy management and maintenance—EVI requires deployment only on edge devices and does not introduce any topology change or configuration within sites or the transport network.
Network topologies
As shown in Figure 2, an EVI network has one edge device at each site. These sites are connected through virtual links and run the EVI IS-IS protocol to advertise their MAC address entries to each other. EVI maintains MAC routing information on the edge devices without changing the forwarding or routing information within the sites or the transport network.
Figure 2 EVI network
EVI supports multiple EVI networks on an edge device for extending different VLANs across the Layer 3 network. One EVI network can convey multiple VLANs, but one VLAN can map to only one EVI network. Each EVI network has separate network parameters and independently forwards traffic.
As shown in Figure 3, EVI network 1 extends VLAN 100 and VLAN 101 to Site 2, Site 3, and Site 4 for Web access traffic. EVI network 2 extends VLAN 4000 (the management VLAN) to all sites, and EVI network 3 extends VLANs 50 to 80 between Site 1 and Site 4 for database traffic.
Figure 3 Multiple EVI networks
Terminology
Edge device
An edge device performs typical Layer 2 learning and forwarding on the site-facing interfaces (internal interfaces) and performs tunneling and routing on the transport-facing interfaces.
EVI network ID
An edge device can belong to multiple EVI networks. Each EVI network is uniquely identified by a network ID.
EVI link
An EVI link is a bidirectional virtual Ethernet channel between a pair of edge devices in an EVI network. EVI links are conveyed on EVI tunnels. Each EVI link is uniquely identified by a pair of source and destination EVI tunnel IP addresses.
EVI tunnel
An EVI tunnel is a point-to-many automatic GRE tunnel that conveys EVI links for an EVI network. One EVI tunnel can provide services only for one EVI network.
EVI neighbor
All edge devices in an EVI network are EVI neighbors to one other.
ENDP
EVI Neighbor Discovery Protocol uses the client/server model to dynamically discover sites and edge devices, establish and maintain EVI links, and exchange network membership information in an EVI network.
ENDS
An EVI neighbor discovery server maintains all neighbor information in an EVI network. An EVI network can have up to two ENDSs.
ENDC
An EVI neighbor discovery client works with an ENDS to learn neighbor information and triggers EVI link setup between neighbors.
EVI IS-IS
EVI IS-IS establishes adjacencies and advertises MAC reachability information among edge devices at different sites in an EVI network.
EVI IS-IS runs independently of the Layer 3 routing protocols on the transport network and sites.
DED
A DED is elected from between the edge devices on each EVI link to send CSNP packets for LSDB synchronization.
Internal interface
Internal interfaces are site-facing Layer 2 interfaces that connect an edge device to switches or routers in the site.
Working mechanism
An edge device uses the following process to set up an EVI network and forward traffic at Layer 2 to remote sites:
1. Runs ENDP to discover EVI neighbors and set up EVI links between neighbors.
2. Runs EVI IS-IS to advertise MAC reachability information over EVI links in the EVI network.
3. Forwards traffic based on MAC reachability information that has been received from other sites.
This section describes this process in detail.
Neighbor discovery
An EVI network runs ENDP to discover all its edge devices and establishes adjacencies among the edge devices in the following process:
1. ENDS is enabled on one edge device, and ENDC is enabled on all other edge devices.
2. The ENDCs register their IP addresses and other data with the ENDS.
3. The ENDS updates its ENDC database with received data and sends the updated database to each ENDC.
4. After receiving the register reply, the ENDCs establish an EVI link with each other.
For high availability, you can configure up to two ENDSs for an EVI network.
MAC address learning
MAC reachability information on an EVI edge device comes from the following sources:
· MAC entries configured or learned in the data plane—The edge devices use the typical source-MAC-based learning mechanism to learn unicast MAC addresses in their local sites (called local MAC addresses).
If the device learns the source MAC address when it sends out a packet at the egress, execute the mac-address mac-learning ingress command. This command enables MAC address learning at the ingress to reduce flood traffic and accelerate populating of the MAC address table. For more information about MAC address learning, see MAC address table configuration in Layer 2—LAN Switching Configuration Guide.
· MAC entries learned through EVI IS-IS—After completing neighbor discovery, the edge devices run EVI IS-IS in the control plane to establish adjacencies and advertise MAC reachability information that has been learned or configured in the data plane to each other over EVI links.
|
|
NOTE: The mac-address max-mac-count command and the mac-address mac-learning enable command take effect only on local MAC addresses, which are learned in the data plane. They do not take effect on remote MAC addresses, which are learned in the control plane. |
Unicast flow
For intra-site unicast flows, an edge device performs the typical MAC address table lookup, as shown in Figure 4.
Figure 4 Layer 2 forwarding in a site
The following forwarding process (see Figure 5) takes place for unicast flows between sites:
1. The source edge device learns the source MAC address of the incoming Ethernet frame, and looks up the destination MAC address in its MAC table for the outgoing interface.
2. If the outgoing interface is an EVI-Link interface instead of a physical port, the source edge device encapsulates the frame in a GRE header, and then adds an IP header and a link layer protocol header.
In the outer IP header, the source IP address is the source edge device's tunnel source IP address, and the destination IP address is the destination edge device's tunnel source IP address.
3. The source edge device forwards the encapsulated packet out of the EVI link to the destination edge device across the IP transport network.
4. The destination edge device removes the headers of the original Ethernet frame, looks up the destination MAC address in the MAC address table, and sends the frame out of the matching outgoing interface.
Figure 5 Layer 2 forwarding between sites
Multicast flow
The EVI implementation of the device does not support multicast forwarding between sites based on the multicast forwarding table.
By default, the device does not forward multicast traffic to remote sites. To forward traffic destined for a multicast MAC address to remote sites, you must enable selective flooding for the address.
Flooding flow
An edge device handles flooding by frame type, as follows:
· Broadcast frame—Floods the frame to all interfaces in the VLAN where the frame has been received, including internal interfaces and EVI-Link interfaces. For ARP packets, you can use the ARP flood suppression feature (see "ARP flood suppression") to reduce ARP broadcasts.
· Destination-unknown unicast or multicast frame—Floods the frame to all internal interfaces in the VLAN where the frame has been received. The edge device typically does not forward destination-unknown frames to other sites. If a site-to-site flooding is desirable for a special MAC address, use the selective flooding feature (see "Selective flooding").
To flood a frame to remote sites, an EVI edge device must replicate the frame, encapsulate each replica in one unicast frame for each destination site, and send the unicast frames to the remote edge devices.
ARP flood suppression
ARP flood suppression reduces ARP request broadcasts on the EVI network by enabling edge devices to reply to ARP requests on behalf of remote-site hosts.
As shown in Figure 6, this feature snoops ARP packets on an EVI tunnel interface to populate the ARP flood suppression table with remote MAC addresses. If an ARP request has a matching entry, the local edge device replies to the request on behalf of the remote-site host. If no match is found, the edge device floods the request to the EVI network.
ARP flood suppression uses the following workflow:
1. Host IP1 in site A sends an ARP request to obtain the MAC address of IP2.
2. Site A's edge device floods the ARP requests out of all interfaces, including the EVI tunnel interfaces.
3. Site B's edge device de-encapsulates the ARP request and broadcasts the request.
4. IP2 sends an ARP reply back to site A's edge device over the EVI link.
5. Site A's edge device creates an ARP cache entry for the remote MAC address and forwards the reply to the requesting host.
6. Site A's edge device replies to all subsequent requests for the MAC address of IP2.
Figure 6 ARP flood suppression
Selective flooding
Selective flooding enables an edge device to send an unknown unicast or multicast frame out of an EVI tunnel interface.
This feature is designed for special multicast addresses that require flooding across sites but cannot be added to a multicast forwarding table by IGMP snooping.
For example, you must configure selective flooding for PIM hellos, IGMP general query packets, and Microsoft NLBS cluster traffic to be sent out of an EVI tunnel interface.
Path MTU
When encapsulating an Ethernet frame in EVI, the edge device does not modify the Ethernet frame, but it sets the DF bit in the IP header. For an Ethernet transport network, the total size of an EVI protocol packet increases by 46 bytes, and the total size of a data packet increases by 38 bytes. Because EVI does not support path MTU discovery, your EVI deployment must make sure the path MTU of the transport network is higher than the maximum size of EVI tunneled frames.
Configuration restrictions and guidelines
For EVI to operate correctly, follow the restrictions and guidelines in this section.
Licensing requirements
EVI requires a license to run on the device. For information about feature licensing, see Fundamentals Configuration Guide.
Feature and hardware compatibility
When you configure EVI, follow these hardware restrictions:
· You can enable EVI only on interfaces on the following modules:
? SC interface modules:
- LSQM2GT24PTSSC0.
- LSQM2GT24TSSC0.
? SG interface modules.
· The S7503E-M switch does not support EVI.
Feature compatibility requirements
When you use EVI in conjunction with other features, follow these restrictions and guidelines:
· MPLS and EVI cannot work together. Do not configure both features on the device. For more information about MPLS, see MPLS Configuration Guide.
· VXLAN and EVI cannot work together. Do not configure both features on the device. For more information about VXLAN, see VXLAN Configuration Guide.
· If the link type of a site-facing interface is access, it can receive only tagged packets from the VLAN to which the port has been assigned.
· Spanning tree protocols are not supported on site-facing interfaces that are assigned to extended VLANs. Make sure the interfaces do not form loops with other devices.
· QoS policies are not supported on site-facing interfaces that are assigned to extended VLANs.
· VLAN-interface 1 cannot be used as a transport-facing interface.
EVI configuration task list
Perform the following tasks on all edge devices of an EVI network:
|
Tasks at a glance |
Remarks |
|
Configuring EVI basic features: · (Optional.) Configuring a site ID · (Required.) Configuring an EVI tunnel: ? (Required.) Assigning a network ID to the EVI tunnel ? (Required.) Specifying extended VLANs on the EVI tunnel ? (Required.) Configuring ENDP ? (Required.) Enabling EVI on transport-facing physical interfaces |
An EVI tunnel can provide services for only one EVI network. An extended VLAN can be assigned to only one EVI network. |
|
(Optional.) Tuning EVI IS-IS parameters |
EVI IS-IS automatically runs on an EVI tunnel interface immediately after the interface is created. You can tune EVI IS-IS parameters for optimizing network performance. |
|
(Optional.) Enabling EVI ARP flood suppression |
Perform this task to reduce ARP request broadcasts on an EVI network. |
|
(Optional.) Enabling EVI flooding for all destination-unknown frames |
Perform this task to flood frames with unknown MAC addresses to the EVI tunnel interface. |
|
(Optional.) Enabling selective flooding for a MAC address |
Perform this task for special multicast MAC addresses that require Layer 2 inter-site forwarding but cannot be learned into the MAC address table. |
Configuring EVI basic features
All tasks in this section are required for setting up an EVI network.
Configuring a site ID
By default, all edge devices in an EVI network have a site ID of 0.
To uniquely identify the sites in an EVI network, you can change their site IDs. To avoid site ID conflict, follow these guidelines when you configure site IDs:
· An edge device can use the default or manually assigned site ID. Site conflict does not occur if the edge devices at different sites all use the default site ID.
· Manually assigned site IDs must be unique among sites.
When the site IDs of two devices conflict, EVI IS-IS isolates the device with the lower MAC address. The isolated device can only receive EVI IS-IS hello packets. It cannot exchange EVI IS-IS packets with other neighbors. To identify isolated devices, use the display evi isis brief command or the display evi isis peer command.
To assign a site ID to the device:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Assign a site ID to the device. |
evi site-id site-id |
The default site ID is 0. |
Configuring an EVI tunnel
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create an EVI tunnel interface and enter tunnel interface view. |
interface tunnel number mode evi |
By default, no tunnel interface exists. The endpoints of a tunnel must use the same tunnel mode. For more information about this command, see tunneling commands in Layer 3—IP Services Command Reference. |
|
3. Specify a source IP address or interface for the tunnel. |
source { ipv4-address | interface-type interface-number } |
By default, no source IP address or source interface is specified for any tunnel. The source interface can be a Layer 3 Ethernet interface, Layer 3 aggregate interface, VLAN interface, or Layer 3 loopback interface. For more information about the source command, see tunneling commands in Layer 3—IP Services Command Reference. EVI uses the specified address or the primary IP address of the specified source interface as the source IP address of tunneled packets on the transport network. EVI networks can share a tunnel source IP address or interface. You must specify the same source IP address or interface for tunnels that use the same transport-facing physical interface.
To avoid forwarding failure, do not use a GRE tunnel interface or its IP address (configure with the ip address command in tunnel interface view) as the source interface or IP address of an EVI tunnel. For more information about GRE, see Layer 3—IP Services Configuration Guide. |
|
4. Configure the EVI link keepalive interval and the maximum number of keepalive transmissions. |
keepalive [ seconds [ times ] ] |
By default, a keepalive packet is sent every five seconds and the maximum number of transmissions is two. If no reply is received from the remote end on an EVI link after the maximum number of keepalive transmissions is reached, the local end considers the EVI link as having failed. |
|
5. (Optional.) Generate a GRE key for tunneled packets based on their VLAN IDs. |
gre key vlan-id |
By default, EVI tunneled packets do not contain a GRE key. The GRE key setting must be the same across an EVI network. Perform this step if any remote edge devices generate VLAN ID-based GRE keys for EVI tunneled packets. |
|
|
NOTE: In addition to the EVI-specific commands described in this section, you can configure generic tunnel interface commands on an EVI tunnel interface. These tunnel commands and tunneling basics are described in the tunneling configuration in Layer 3—IP Services Configuration Guide. |
Assigning a network ID to the EVI tunnel
Assign the same network ID to the EVI tunnels of all edge devices in an EVI network.
On an edge device, the network ID assigned to an EVI tunnel must be unique.
To assign a network ID to an EVI tunnel:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Specify a network ID. |
evi network-id number |
By default, no network ID is specified. |
Specifying extended VLANs on the EVI tunnel
When configuring extended VLANs, follow these guidelines:
· You can specify an extended VLAN on only one EVI tunnel.
· To avoid loops, do not assign transport-facing ports to extended VLANs.
· To avoid data breach, make sure all edge devices in an EVI network maintain the same list of extended VLANs.
To assign extended VLANs to an EVI tunnel:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Specify extended VLANs. |
evi extend-vlan vlan-list |
By default, no VLANs are specified as extended VLANs on any EVI tunnel. To specify more extended VLANs, repeat this step. |
Configuring ENDP
ENDP enables the edge devices in an EVI network to discovery each other.
Configure an edge device as an ENDS to provide registration services or as an ENDC to register with an ENDS.
Configuration guidelines
· For redundancy, you can configure up to two ENDSs on an EVI tunnel interface. These two ENDSs work independently. The failure of one ENDS does not affect the neighbor discovery and EVI link maintenance in the EVI network.
· When you enable ENDS on an EVI tunnel interface, an ENDC is automatically enabled. This ENDC uses the source address of the EVI tunnel as the ENDS address. As a result, you can use the evi neighbor-discovery client enable command to add only one ENDS address on an ENDS-enabled EVI tunnel interface.
· To guarantee that each edge device can obtain the addresses of all its EVI neighbors, make sure the ENDSs are the same across the EVI network.
· To improve security, enable ENDP authentication. Make sure all authentication-enabled ENDCs and ENDSs in an EVI network use the same authentication key.
Configuring the edge device as an ENDS on the EVI tunnel
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Enable ENDS. |
evi neighbor-discovery server enable |
By default, ENDS is disabled. On an ENDS-enabled tunnel interface, you can use the evi neighbor-discovery client enable command to add one more ENDS, and use the evi neighbor-discovery client register-interval command to modify the ENDC registration interval. |
|
4. (Optional.) Enable ENDP authentication. |
evi neighbor-discovery authentication { cipher | simple } string |
By default, ENDP authentication is disabled. |
Configuring the edge device as an ENDC on the EVI tunnel
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the edge device as the ENDC of an ENDS. |
evi neighbor-discovery client enable server-ip |
By default, ENDC is disabled. If ENDS is enabled on the EVI tunnel interface, you can use this command to specify only one more ENDS. If ENDS is disabled, you can repeat this command to specify up to two ENDSs. ENDS address is the tunnel source address configured on an ENDS-enabled EVI tunnel interface. |
|
4. (Optional.) Enable ENDP authentication. |
evi neighbor-discovery authentication { cipher | simple } string |
By default, ENDP authentication is disabled. All ENDSs and ENDCs in an EVI network must use the same authentication key. |
|
5. Configure the interval at which the ENDC updates its registration with ENDSs. |
evi neighbor-discovery client register-interval interval |
By default, an ENDC update its registration with an ENDS every 15 seconds. |
Enabling EVI on transport-facing physical interfaces
Enable EVI on all physical interfaces that provide transport network access for EVI tunnels.
To enable EVI on an interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 3 Ethernet interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable EVI on the interface. |
evi enable |
By default, EVI is disabled on all interfaces. |
Tuning EVI IS-IS parameters
EVI IS-IS automatically runs on an EVI link immediately after the link is set up. You can tune EVI IS-IS parameters to optimize the protocol performance.
EVI IS-IS configuration task list
All EVI IS-IS configuration tasks are optional.
|
Tasks at a glance |
Remarks |
|
N/A |
|
|
Optimizing an EVI IS-IS network: · Configuring the EVI IS-IS hello interval · Configuring the hello multiplier for calculating the adjacency hold time · Configuring the DED priority · Configuring the CSNP transmit interval · Configuring the minimum LSP transmit interval and the maximum number of LSPs sent at each interval · Configuring the maximum LSP lifetime |
Perform the EVI IS-IS network optimization tasks to enable fast EVI link failure detection, set appropriate MAC reachability information update interval, and control the volume of LSP and CSNP traffic on an EVI network. |
|
Perform this task to advertise a subset of MAC addresses instead of all local MAC addresses to remote sites. |
|
|
N/A |
|
|
N/A |
|
|
Perform this task for providing nonstop services. |
|
|
Increasing the maximum number of MAC entries in an LSP for an EVI IS-IS process |
Perform this task depending on the MAC address table size on the edge device. |
Creating an EVI IS-IS process
Each EVI network has one EVI IS-IS process. Before you can configure settings in EVI IS-IS process view, you must create the process.
An EVI IS-IS process is created automatically when you perform any one of the following tasks on a tunnel interface:
· Specify extended VLANs.
· Perform network optimization tasks (see "Optimizing an EVI IS-IS network") except configuring the LSP refresh interval and the maximum LSP lifetime.
The ID of an automatically created process is the same as the EVI tunnel interface number.
Alternatively, you can use the evi-isis command to create an EVI IS-IS process manually.
To delete a manually created EVI IS-IS process, you must use the undo evi-isis command.
· If EVI IS-IS settings exist on the EVI tunnel interface, the undo evi-isis command only deletes settings configured in EVI IS-IS process view.
· If no EVI IS-IS settings exist on the EVI tunnel interface, the undo evi-isis command deletes both the EVI IS-IS process and all settings configured in EVI IS-IS process view.
An automatically created EVI IS-IS process is automatically deleted when you delete all EVI IS-IS settings from the EVI tunnel interface.
To create an EVI IS-IS process or enter its view:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create an EVI IS-IS process or enter EVI IS-IS process view. |
evi-isis process-id |
By default, no EVI IS-IS processes exist. The process ID you specify must be the same as the EVI tunnel interface number. The EVI IS-IS process takes effect after you configure extended VLANs on the tunnel interface. |
Optimizing an EVI IS-IS network
Perform the tasks in this section to optimize an EVI IS-IS network for bandwidth efficiency and high performance.
Configuring the EVI IS-IS hello interval
EVI edge devices send EVI IS-IS hellos over EVI links to establish and maintain adjacencies and elect a DED on each EVI link.
Set the hello interval depending on the network convergence requirement and system resources.
· To increase the speed of network convergence, decrease the hello interval.
· To conserve resources, increase the hello interval.
|
|
NOTE: The hello interval of a DED is one-third of the hello interval set with the evi isis timer hello command. |
To configure the EVI IS-IS hello interval on an EVI tunnel interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the EVI IS-IS hello interval. |
evi isis timer hello seconds |
The default hello interval is 10 seconds. If the edge device is a DED, its hello interval is one-third of the hello interval set with this command. |
Configuring the hello multiplier for calculating the adjacency hold time
Adjacency hold time is the amount of time that the remote edge devices can retain the adjacency with the local edge device before an adjacency update.
· If Graceful Restart is disabled, the adjacency hold time equals the EVI IS-IS hello interval multiplied by the hello multiplier.
· If Graceful Restart is enabled, the adjacency hold time equals the greater of the following values:
? The restart interval.
? The EVI IS-IS hello interval multiplied by the hello multiplier.
Edge devices send their adjacency hold time in hello packets to update the adjacencies with their neighbors. An edge device removes the adjacency with a neighbor if it does not receive a hello packet from the neighbor before the timer expires.
To configure the multiplier for calculating the adjacency hold time on an EVI tunnel interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the multiplier for calculating the adjacency hold time. |
evi isis timer holding-multiplier value |
The default multiplier is 3. The maximum adjacency hold time is 65535 seconds. If this value is exceeded, the actual adjacency hold time is set to 65535 seconds. |
Configuring the DED priority
The edge devices on an EVI link exchange their DED priority in EVI IS-IS hello packets to elect the inter-site DED for periodic LSDB synchronization. You can use the evi isis timer csnp command to change the synchronization interval.
The edge device with higher DED priority is more likely to be elected as a DED. If two edge devices have the same DED priority, the device with the highest MAC address is elected.
To configure the DED priority of the edge device on an EVI tunnel interface:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the DED priority. |
evi isis ded-priority priority |
The default DED priority is 64. |
Configuring the CSNP transmit interval
This configuration takes effect only on DEDs.
The DEDs in an EVI network regularly send CSNP packets to advertise LSP summaries for LSDB synchronization.
To configure the CSNP transmit interval on a DED:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the CSNP transmit interval. |
evi isis timer csnp seconds |
By default, a DED sends CSNP packets every 10 seconds. |
Configuring the minimum LSP transmit interval and the maximum number of LSPs sent at each interval
The edge device generates an LSP update when any LSDB content changes. For example, an LSP update is generated when a MAC address is removed or added.
To control EVI IS-IS LSP traffic on the EVI network:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Configure the minimum LSP transmit interval and the maximum number of LSP segments sent at each interval. |
evi isis timer lsp time [ count count ] |
By default, the minimum LSP transmit interval is 100 milliseconds, and a maximum of five LSP segments can be sent at each interval. Before the minimum transmit interval is reached, the EVI tunnel interface cannot send LSP segments. |
Configuring the maximum LSP lifetime
EVI edge devices add a lifetime in each LSP they have advertised, and update LSPs regularly or when MAC reachability information changes. If an edge device does not receive an update for an LSP before the lifetime expires, the edge device removes the LSP from the LSDB and removes the MAC addresses advertised through the LSP from the data plane.
To specify the maximum lifetime of the LSPs generated by an EVI IS-IS process:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Configure the maximum LSP lifetime. |
timer lsp-max-age seconds |
The default maximum LSP lifetime is 1200 seconds. |
Configuring the LSP refresh interval
The edge device sends LSP updates at the refresh interval to update MAC reachability information.
To change the LSP refresh interval:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Configure the LSP refresh interval. |
timer lsp-refresh seconds |
The default LSP refresh interval is 900 seconds. The minimum LSP transmit interval and the maximum number of LSPs sent at each interval can affect the actual LSP refresh interval. To avoid unnecessary age-outs, appropriately set the LSP refresh interval and the LSP lifetime. |
Associating an EVI tunnel interface with a track entry
EVI IS-IS uses a hello mechanism to monitor the connectivity of each EVI link on an EVI tunnel. To detect the connectivity of a particular EVI link more quickly, you can associate its tunnel interface with a track entry. The monitoring protocol used in this entry can only be BFD.
EVI IS-IS changes the state of an EVI-Link interface in response to the track entry state, as shown in Table 1.
Table 1 Action on the monitored EVI-Link in response to the track entry state change
|
Track entry state |
State of the monitored EVI link |
Action on the EVI-Link interface |
|
Positive |
The EVI link is operating correctly. |
Places the EVI-Link interface in up state. |
|
Negative |
The EVI link has failed. |
Places the EVI-Link interface in down state. |
|
NotReady |
The EVI link is not monitored. This situation occurs when the Track module or the monitoring module is not ready (for example, the Track module is restarting or the monitoring settings are incomplete). In this situation, EVI cannot obtain information about the EVI link from the Track module. |
N/A |
For more information about configuring a track entry, see Track configuration in High Availability Configuration Guide.
To associate an EVI tunnel interface with a track entry:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Associate a track entry with the tunnel interface. |
evi isis track track-entry-number |
By default, an EVI tunnel interface is not associated with any track entry. You can associate an EVI tunnel interface with only one track entry. |
Specifying a routing policy for an EVI IS-IS process
You can configure a routing policy to match MAC reachability information that can be advertised to the remote EVI sites. The routing policy is also called a reachability information filtering policy.
The routing policy for EVI IS-IS can only contain the following filters:
· MAC list.
· VLAN list.
For more information about configuring routing policies, see Layer 3—IP Routing Configuration Guide.
To specify a routing policy for an EVI IS-IS process:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Specify a routing policy for the EVI IS-IS process. |
filter-policy policy-name |
By default, an EVI IS-IS process is not associated with any routing policy. |
Enabling adjacency change logging
Adjacency change logging enables an EVI IS-IS process to send a log message to the information center when an adjacency change occurs. With the information center, you can set log message filtering and output rules, including output destinations. For more information about using the information center, see Network Management and Monitoring Configuration Guide.
To enable adjacency change logging:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Enable adjacency change logging. |
log-peer-change enable |
By default, adjacency change logging is enabled. |
Configuring SNMP notifications and context for EVI IS-IS
To report critical EVI IS-IS events to an NMS, enable SNMP notifications for EVI IS-IS. For EVI IS-IS SNMP notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
In addition to the private EVI IS-IS MIB, EVI IS-IS shares the standard IS-IS MIB with IS-IS and other protocols that use IS-IS in the control plane. For SNMP to correctly identify a protocol's management information in the standard IS-IS MIB, you must configure a unique context for each of these protocols. If a protocol supports multiple processes, you must assign a unique context to each process.
The context names must be unique among all the protocols and their processes.
Context is a method introduced to SNMPv3 for multiple-instance management. For SNMPv1/v2c, you must specify a context name as a community name for protocol identification.
To configure SNMP notifications and context for an EVI IS-IS process:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable EVI IS-IS notifications. |
snmp-agent trap enable evi-isis [ adjacency-state-change | area-mismatch | buffsize-mismatch | id-length-mismatch | link-disconnect | lsp-parse-error | lsp-size-exceeded | max-seq-exceeded | maxarea-mismatch | new-ded | own-lsp-purge | protocol-support | rejected-adjacency | skip-sequence-number | topology-change | version-skew ] * |
By default, all EVI IS-IS notifications are enabled. |
|
3. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
4. Configure an SNMP context name for the EVI IS-IS process. |
snmp context-name context-name |
By default, no SNMP context name is configured for an EVI IS-IS process. |
Configuring Graceful Restart for an EVI IS-IS process
Enable Graceful Restart for the peer EVI IS-IS processes at two ends of an EVI tunnel to guarantee nonstop forwarding while the peer EVI IS-IS processes are re-establishing their adjacency after a process restart or active/standby switchover occurs.
If Graceful Restart is enabled, the adjacency hold time equals the greater of the following values:
· The restart interval.
· The EVI IS-IS hello interval multiplied by the hello multiplier.
If the edge device is a DED, its hello interval is one-third of the hello interval set by using the evi isis timer hello command.
To configure Graceful Restart for an EVI IS-IS process:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Enable Graceful Restart. |
graceful-restart |
By default, EVI IS-IS Graceful Restart is disabled. |
|
4. Configure the restart interval. |
graceful-restart interval interval |
The default restart interval is 300 seconds. If the restarting EVI process fails to complete re-establishing the adjacency with the peer EVI process, the EVI link goes down. |
Increasing the maximum number of MAC entries in an LSP for an EVI IS-IS process
An EVI IS-IS process advertises all local MAC reachability information in one LSP. By default, an LSP can convey up to 55 x 210 MAC address entries.
To increase this number to accommodate all local MAC address entries, create virtual systems. Each virtual system represents an increase of 55 x 210 MAC address entries. If n virtual systems are created, the maximum number of MAC address entries in an LSP is (n+1) x 55 x 210.
To configure EVI IS-IS virtual system:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI IS-IS process view. |
evi-isis process-id |
N/A |
|
3. Create an EVI IS-IS virtual system. |
virtual-system systemid |
By default, no EVI IS-IS virtual systems exist.
The virtual system ID must be unique in the EVI network. |
IMPORTANT:
Enabling EVI ARP flood suppression
Use ARP flood suppression to reduce ARP request broadcasts.
Set the MAC aging timer to a higher value than the aging timer for dynamic ARP entries. This setting prevents the traffic blackhole that occurs when a MAC address entry ages out before its ARP flood suppression entry ages out.
To set the MAC aging timer, use the mac-address timer command. To display the aging timer of dynamic ARP entries, use the display arp timer aging command.
To enable EVI ARP flood suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Enable EVI ARP flood suppression. |
evi arp-suppression enable |
By default, EVI ARP flood suppression is disabled. |
|
4. (Optional.) Display EVI ARP flood suppression entries. |
· In standalone mode: · In IRF mode: |
The display commands are available in any view. |
Enabling EVI flooding for all destination-unknown frames
By default, the device floods unknown unicast and multicast frames only to internal interfaces. EVI flooding enables the device to flood all destination-unknown frames to an EVI tunnel interface.
To enable EVI flooding for all destination-unknown frames:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Enable EVI flooding. |
evi flooding enable |
By default, EVI flooding is disabled. |
Enabling selective flooding for a MAC address
|
|
CAUTION: Do not configure selective flooding for local unicast MAC addresses. The setting might cause remote devices to drop packets destined for the MAC address. |
By default, the device floods unknown unicast and multicast frames only to internal interfaces.
If an application uses a special multicast address that requires flooding across sites and cannot be added to a multicast forwarding table by IGMP snooping, enable selective flooding for the multicast address.
To enable selective flooding for a MAC address:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter EVI tunnel interface view. |
interface tunnel number [ mode evi ] |
N/A |
|
3. Enable selective flooding for the MAC address in a set of VLANs. |
evi selective-flooding mac-address mac-address vlan vlan-id-list |
By default, selective flooding is disabled for all MAC addresses. |
Displaying and maintaining EVI
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
On an ENDS, display IPv4 ENDS information. |
display evi neighbor-discovery server summary |
|
On an ENDS, display IPv4 neighbors that have registered with the ENDS. |
display evi neighbor-discovery server member [ interface tunnel interface-number | [ local local-ip | remote client-ip ] [ vpn-instance vpn-instance-name ] ] |
|
On an ENDS, display ENDS statistics. |
display evi neighbor-discovery server statistics interface tunnel interface-number |
|
Display IPv4 ENDC information. |
display evi neighbor-discovery client summary |
|
Display IPv4 neighbors that an ENDC has learned. |
display evi neighbor-discovery client member [ interface tunnel interface-number | [ local local-ip | remote client-ip | server server-ip ] [ vpn-instance vpn-instance-name ] ] |
|
Display ENDC statistics. |
display evi neighbor-discovery client statistics interface tunnel interface-number |
|
Display EVI-Link interface information for an EVI tunnel. |
display evi link interface tunnel interface-number |
|
Display information about EVI-Link interfaces. |
display interface [ evi-link [ interface-number ] ] [ brief [ description | down ] ] |
|
Display brief EVI IS-IS process information. |
display evi isis brief [ process-id ] |
|
Display local MAC addresses. |
display evi isis local-mac { dynamic | static } [ interface tunnel interface-number [ vlan vlan-id ] [ filtered | passed ] [ count ] ] display evi isis local-mac nonadvertised [ interface tunnel interface-number [ vlan vlan-id ] [ count ] ] |
|
Display remote MAC addresses. |
display evi isis remote-mac [ interface tunnel interface-number [ vlan vlan-id ] [ count ] ] |
|
Display EVI IS-IS link state database. |
display evi isis lsdb [ local | lsp-id lspid | verbose ] * [ process-id ] |
|
Display EVI IS-IS neighbors. |
display evi isis peer [ process-id ] |
|
Display EVI IS-IS information for a tunnel interface. |
display evi isis tunnel [ tunnel-number ] |
|
Display EVI IS-IS GR state. |
display evi isis graceful-restart status [ process-id ] |
|
(In standalone mode.) Display remote MAC addresses. |
display evi mac-address interface tunnel interface-number [ vlan vlan-id ] [ slot slot-number ] [ count ] display evi mac-address interface tunnel interface-number mac-address mac-address vlan vlan-id [ slot slot-number ] |
|
(In IRF mode.) Display remote MAC addresses. |
display evi mac-address interface tunnel interface-number [ vlan vlan-id ] [ chassis chassis-number slot slot-number ] [ count ] display evi mac-address interface tunnel interface-number mac-address mac-address vlan vlan-id [ chassis chassis-number slot slot-number ] |
|
(In standalone mode.) Display EVI ARP flood suppression entries. |
display evi arp-suppression interface tunnel interface-number [ vlan vlan-id ] [ slot slot-number ] [ count ] |
|
(In IRF mode.) Display EVI ARP flood suppression entries. |
display evi arp-suppression interface tunnel interface-number [ vlan vlan-id ] [ chassis chassis-number slot slot-number ] [ count ] |
|
Clear EVI ARP flood suppression entries. |
reset evi arp-suppression interface tunnel interface-number [ vlan vlan-id ] |
|
Clear data for EVI IS-IS processes. |
reset evi isis all [ process-id ] |
|
Clear ENDP packet statistics on an ENDC. |
reset evi neighbor-discovery client statistics interface tunnel interface-number |
|
Clear ENDP packet statistics on an ENDS. |
reset evi neighbor-discovery server statistics interface tunnel interface-number |
EVI configuration examples
Single-homed EVI network configuration example
Network requirements
As shown in Figure 7.
· Use EVI to extend VLANs 21 through 100 across site 1, site 2, and site 3 over an IPv4 network.
· Use network ID 1 to identify the EVI network.
· Use Switch A as an ENDS and all other edge switches as ENDCs for neighbor discovery.
· Configure a routing policy on Switch A to advertise MAC addresses in VLANs 21 to 90 to the remote sites.
Configuration procedure
1. Configure routes for the sites to reach each other. (Details not shown.)
2. Configure Switch A:
# Configure the site ID.
<SwitchA> system-view
[SwitchA] evi site-id 1
# Configure the EVI tunnel source interface (VLAN-interface 10 in this example), and assign transport-facing physical interface GigabitEthernet 1/0/1 to the VLAN.
[SwitchA] vlan 10
[SwitchA-vlan10] port gigabitethernet 1/0/1
[SwitchA-vlan10] quit
[SwitchA] interface vlan-interface 10
[SwitchA-Vlan-interface10] ip address 1.1.1.1 24
[SwitchA-Vlan-interface10] quit
# Create an IPv4 EVI tunnel interface.
[SwitchA] interface tunnel 1 mode evi
# Set the network ID to 1 for the EVI tunnel interface.
[SwitchA-Tunnel1] evi network-id 1
# Specify the IP address of VLAN-interface 10 as the source IP of the EVI tunnel.
[SwitchA-Tunnel1] source 1.1.1.1
# Set the tunnel keepalive interval to 20 seconds and the maximum number of transmissions to 2.
[SwitchA-Tunnel1] keepalive 20 2
# Specify extended VLANs on the EVI tunnel interface.
[SwitchA-Tunnel1] evi extend-vlan 21 to 100
# Configure Switch A as an ENDS on the EVI tunnel interface.
[SwitchA-Tunnel1] evi neighbor-discovery server enable
[SwitchA-Tunnel1] quit
# Configure routing policy EVI-Filter to match MAC addresses in VLANs 21 to 90.
[SwitchA] route-policy EVI-Filter permit node 10
[SwitchA-route-policy-EVI-Filter-10] if-match vlan 21 to 90
[SwitchA-route-policy-EVI-Filter-10] quit
# Assign the policy to EVI IS-IS process 0.
[SwitchA] evi-isis 0
[SwitchA-evi-isis-0] filter-policy EVI-Filter
[SwitchA-evi-isis-0] quit
# Enable EVI on GigabitEthernet 1/0/1.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] evi enable
[SwitchA-GigabitEthernet1/0/1] quit
3. Configure Switch B:
# Configure the site ID.
<SwitchB> system-view
[SwitchB] evi site-id 2
# Configure the EVI tunnel source interface (VLAN-interface 10 in this example), and assign transport-facing physical interface GigabitEthernet 1/0/1 to the VLAN.
[SwitchB] vlan 10
[SwitchB-vlan10] port gigabitethernet 1/0/1
[SwitchB-vlan10] quit
[SwitchB] interface vlan-interface 10
[SwitchB-Vlan-interface10] ip address 1.1.2.1 24
[SwitchB-Vlan-interface10] quit
# Create an IPv4 EVI tunnel interface.
[SwitchB] interface tunnel 1 mode evi
# Set the network ID to 1 for the EVI tunnel interface.
[SwitchB-Tunnel1] evi network-id 1
# Specify the IP address of VLAN-interface 10 as the source IP of the EVI tunnel.
[SwitchB-Tunnel1] source 1.1.2.1
# Set the tunnel keepalive interval to 20 seconds and the maximum number of transmissions to 2.
[SwitchB-Tunnel1] keepalive 20 2
# Specify extended VLANs on the EVI tunnel interface.
[SwitchB-Tunnel1] evi extend-vlan 21 to 100
# Configure Switch B as an ENDC of Switch A.
[SwitchB-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
[SwitchB-Tunnel1] quit
# Enable EVI on GigabitEthernet 1/0/1.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] evi enable
[SwitchB-GigabitEthernet1/0/1] quit
4. Configure Switch C:
# Configure the site ID.
<SwitchC> system-view
[SwitchC] evi site-id 3
# Configure the EVI tunnel source interface (VLAN-interface 10 in this example), and assign transport-facing physical interface GigabitEthernet 1/0/1 to the VLAN.
[SwitchC] vlan 10
[SwitchC-vlan10] port gigabitethernet 1/0/1
[SwitchC-vlan10] quit
[SwitchC] interface vlan-interface 10
[SwitchC-Vlan-interface10] ip address 1.1.3.1 24
[SwitchC-Vlan-interface10] quit
# Create an IPv4 EVI tunnel interface.
[SwitchC] interface tunnel 1 mode evi
# Set the network ID to 1 for the EVI tunnel interface.
[SwitchC-Tunnel1] evi network-id 1
# Specify the IP address of VLAN-interface 10 as the source IP of the EVI tunnel.
[SwitchC-Tunnel1] source 1.1.3.1
# Set the tunnel keepalive interval to 20 seconds and the maximum number of transmissions to 2.
[SwitchC-Tunnel1] keepalive 20 2
# Specify extended VLANs on the EVI tunnel interface.
[SwitchC-Tunnel1] evi extend-vlan 21 to 100
# Configure Switch C as an ENDC of Switch A.
[SwitchC-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
[SwitchC-Tunnel1] quit
# Enable EVI on GigabitEthernet 1/0/1.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] evi enable
[SwitchC-GigabitEthernet1/0/1] quit
Verifying the configuration
1. Verify the configuration on Switch A:
# Display information about the EVI tunnel interface.
[SwitchA] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmit unit: 64000
Internet protocol processing: Disabled
Tunnel source 1.1.1.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display information about EVI links.
[SwitchA] display evi link interface tunnel 1
Interface Status Source Destination
EVI-Link0 UP 1.1.1.1 1.1.2.1
EVI-Link1 UP 1.1.1.1 1.1.3.1
# Display ENDS information.
[SwitchA] display evi neighbor-discovery server summary
Interface Local Address Network ID Auth Members Vpn-instance
Tunnel1 1.1.1.1 1 disabled 3 [No Vrf]
# Display ENDC information.
[SwitchA] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status Vpn-instance
Tunnel1 1.1.1.1 1.1.1.1 1 15 disabled E [No Vrf]
# Display EVI neighbors registered with the ENDS.
[SwitchA] display evi neighbor-discovery server member
Interface: Tunnel1 Network ID: 1 Vpn-instance: [No Vrf]
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 000F-0001-0001 25 2013/01/01 00:00:43
1.1.2.1 000F-0001-0002 15 2013/01/01 01:00:46
1.1.3.1 000F-0001-0003 20 2013/01/01 01:02:13
# Display neighbor entries that Switch A has learned.
[SwitchA] display evi neighbor-discovery client member
Interface: Tunnel1 Network ID: 1 Vpn-instance: [No Vrf]
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.2.1 000F-0001-0002 2013/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2013/01/01 12:12:12 12 Up
# Verify that MAC addresses in VLAN 100 have been filtered by the routing policy on Switch A.
[SwitchA] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel1
VLAN ID: 100
MAC address: 0001-0100-0001 (Filtered)
MAC address: 0001-0100-0002 (Filtered)
MAC address: 0001-0100-0003 (Filtered)
# Verify that Switch A has remote MAC addresses in VLAN 100.
[SwitchA] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel1
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link0
Flags: 0x2
2. Verify the configuration on Switch B:
# Display information about the EVI tunnel interface.
[SwitchB] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmit unit: 64000
Internet protocol processing: Disabled
Tunnel source 1.1.2.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display information about EVI links.
[SwitchB] display evi link interface tunnel 1
Interface Status Source Destination
EVI-Link0 UP 1.1.2.1 1.1.1.1
EVI-Link1 UP 1.1.2.1 1.1.3.1
# Display ENDC information.
[SwitchB] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status Vpn-instance
Tunnel1 1.1.2.1 1.1.1.1 1 15 disabled E [No Vrf]
# Display neighbor entries that Switch B has learned.
[SwitchB] display evi neighbor-discovery client member
Interface: Tunnel1 Network ID: 1 Vpn-instance: [No Vrf]
Local Address: 1.1.3.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2013/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2013/01/01 12:12:12 13 Up
# Verify that MAC addresses in VLAN 100 are not filtered.
[SwitchB] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel1
VLAN ID: 100
MAC address: 0002-0100-0001
MAC address: 0002-0100-0002
MAC address: 0002-0100-0003
# Verify that Switch B does not have remote addresses in VLAN 100 from Switch A because VLAN 100 does not match the routing policy on Switch A. (Details not shown.)
3. Verify the configuration on Switch C:
# Display information about the EVI tunnel interface.
[SwitchC] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmit unit: 64000
Internet protocol processing: Disabled
Tunnel source 1.1.3.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display information about EVI links on Switch C.
[SwitchC] display evi link interface tunnel 1
Interface Status Source Destination
EVI-Link0 UP 1.1.3.1 1.1.1.1
EVI-Link1 UP 1.1.3.1 1.1.2.1
# Display ENDC information.
[SwitchC] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status Vpn-instance
Tunnel1 1.1.3.1 1.1.1.1 1 15 disabled E [No Vrf]
# Display neighbor entries that Switch C has learned.
[SwitchC] display evi neighbor-discovery client member
Interface: Tunnel1 Network ID: 1 Vpn-instance: [No Vrf]
Local Address: 1.1.3.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2013/01/01 12:12:12 13 Up
1.1.2.1 000F-0000-0002 2013/01/01 12:12:12 13 Up
# Verify the routing policy on Switch A is working correctly.
[SwitchC] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel1
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link1
Flags: 0x2
The output shows that Switch C can receive MAC addresses in VLAN 100 from Switch B but not from Switch A, because only Switch A filters VLAN 100.
4. Verify that hosts in different sites can ping one another in the same extended VLAN. (Details not shown.)
Multiple-EVI-networks configuration example
Network requirements
Use EVI to connect the sites of the data center in Figure 8. To isolate different types of traffic and extend their VLANs to different sites, set up EVI networks as shown in Table 2.
|
Traffic type |
Network ID |
Extended VLANs |
Sites |
|
Database |
1 |
100, 101 |
2, 3, 4 |
|
Network management |
2 |
4000 |
All sites |
|
Web |
3 |
50, 80 |
1, 4 |
In each EVI network, use the edge device at site 4 as an ENDS and all other edge devices as its ENDCs.
Configuration procedure
1. Configure routes for the sites to reach each other. (Details not shown.)
2. Configure site 4:
# Configure the site ID.
<Site4> system-view
[Site4] evi site-id 4
# Configure the EVI tunnel source interface for all EVI tunnels (VLAN-interface 10 in this example), and assign transport-facing physical interface GigabitEthernet 1/0/1 to the VLAN.
[Site4] vlan 10
[Site4-vlan10] port gigabitethernet 1/0/1
[Site4-vlan10] quit
[Site4] interface vlan-interface 10
[Site4-Vlan-interface10] ip address 172.16.4.1 24
[Site4-Vlan-interface10] quit
# Configure the database EVI network.
[Site4] interface tunnel 101 mode evi
[Site4-Tunnel101] source 172.16.4.1
[Site4-Tunnel101] evi network-id 1
[Site4-Tunnel101] evi extend-vlan 100 101
[Site4-Tunnel101] evi neighbor-discovery server enable
[Site4-Tunnel101] quit
# Configure the network management EVI network.
[Site4] interface tunnel 102 mode evi
[Site4-Tunnel102] source 172.16.4.1
[Site4-Tunnel102] evi network-id 2
[Site4-Tunnel102] evi extend-vlan 4000
[Site4-Tunnel102] evi neighbor-discovery server enable
[Site4-Tunnel102] quit
# Configure the Web service EVI network.
[Site4] interface tunnel 103 mode evi
[Site4-Tunnel103] source 172.16.4.1
[Site4-Tunnel103] evi network-id 3
[Site4-Tunnel103] evi extend-vlan 50 to 80
[Site4-Tunnel103] evi neighbor-discovery server enable
[Site4-Tunnel103] quit
# Enable EVI on GigabitEthernet 1/0/1.
[Site4] interface gigabitethernet 1/0/1
[Site4-GigabitEthernet1/0/1] evi enable
[Site4-GigabitEthernet1/0/1] quit
3. Configure site 1:
# Configure the site ID.
<Site1> system-view
[Site1] evi site-id 1
# Configure the EVI tunnel source interface for all EVI tunnels (VLAN-interface 10 in this example), and assign transport-facing physical interface GigabitEthernet 1/0/1 to the VLAN.
[Site1] vlan 10
[Site1-vlan10] port gigabitethernet 1/0/1
[Site1-vlan10] quit
[Site1] interface vlan-interface 10
[Site1-Vlan-interface10] ip address 172.16.1.1 24
[Site1-Vlan-interface10] quit
# Configure the network management EVI network.
[Site1] interface tunnel 102 mode evi
[Site1-Tunnel102] source 172.16.1.1
[Site1-Tunnel102] evi network-id 2
[Site1-Tunnel102] evi extend-vlan 4000
[Site1-Tunnel102] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel102] quit
# Configure the Web service EVI network.
[Site1] interface tunnel 103 mode evi
[Site1-Tunnel103] source 172.16.1.1
[Site1-Tunnel103] evi network-id 3
[Site1-Tunnel103] evi extend-vlan 50 to 80
[Site1-Tunnel103] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel103] quit
# Enable EVI on GigabitEthernet 1/0/1.
[Site1] interface gigabitethernet 1/0/1
[Site1-GigabitEthernet1/0/1] evi enable
[Site1-GigabitEthernet1/0/1] quit
4. Configure all the other sites in the same way that site 1 is configured. Make sure extended VLANs are correctly configured at each site. (Details not shown.)
Verifying the configuration
# Display neighbors registered with the ENDS in each EVI network.
[Site4] display evi neighbor-discovery server member
Interface: Tunnel101 Network ID: 1 Vpn-instance: [No Vrf]
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.2.1 000F-0001-0002 25 2013/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2013/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2013/01/01 01:02:13
Interface: Tunnel102 Network ID: 2 Vpn-instance: [No Vrf]
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2013/01/01 00:19:31
172.16.2.1 000F-0001-0002 25 2013/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2013/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2013/01/01 01:02:13
172.16.5.1 000F-0001-0005 18 2013/01/01 01:04:32
Interface: Tunnel103 Network ID: 3 Vpn-instance: [No Vrf]
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2013/01/01 00:19:31
172.16.4.1 000F-0001-0004 20 2013/01/01 01:02:13
