Contents

Configuring VXLAN IP gateways· 1

About VXLAN IP gateways· 1

VXLAN IP gateways separated from VTEPs· 1

Centralized VXLAN IP gateway deployment 2

Distributed VXLAN IP gateway deployment 3

VXLAN IP gateway tasks at a glance· 6

Prerequisites for VXLAN IP gateway configuration· 7

Configuring a centralized VXLAN IP gateway· 7

Restrictions and guidelines· 7

Configuring a gateway interface on a centralized VXLAN IP gateway· 7

Assigning a subnet to a VSI 8

Configuring a distributed VXLAN IP gateway· 8

Restrictions and guidelines for distributed VXLAN IP gateway configuration· 8

Configuring a gateway interface on a distributed VXLAN IP gateway· 8

Enabling dynamic ARP entry synchronization for distributed VXLAN IP gateways· 9

Assigning a subnet to a VSI 9

Managing ARP entries· 10

Adding a static ARP entry· 10

Disabling remote ARP learning for VXLANs· 10

Configuring a VSI interface· 11

Configuring optional parameters for a VSI interface· 11

Restoring the default settings of the VSI interface· 11

Verifying and maintaining VXLAN IP gateways· 12

Displaying information about VSI interfaces· 12

Clearing statistics on VSI interfaces· 12

VXLAN IP gateway configuration examples· 12

Example: Configuring a centralized VXLAN IP gateway· 12

Example: Configuring distributed VXLAN IPv4 gateways· 17

Configuring VXLAN IP gateways

About VXLAN IP gateways

The following are available IP gateway placement designs for VXLANs:

·     VXLAN IP gateways separated from VTEPs—Use a VXLAN-unaware device as a gateway to the external network for VXLANs. On the gateway, you do not need to configure VXLAN settings.

·     VXLAN IP gateways collocated with VTEPs—Include the following placement designs:

¡     Centralized VXLAN IP gateway deployment—Use one VTEP to provide Layer 3 forwarding for VXLANs. Typically, the gateway-collocated VTEP connects to other VTEPs and the external network. To use this design, make sure the IP gateway has sufficient bandwidth and processing capability. Centralized VXLAN IP gateways provide services only for IPv4 networks.

¡     Centralized VXLAN gateway group deployment—Use one VTEP group that contains redundant centralized VXLAN IP gateways to provide reliable gateway services for VXLANs.

¡     Distributed VXLAN IP gateway deployment—Deploy one VXLAN IP gateway on each VTEP to provide Layer 3 forwarding for VXLANs at their respective sites. This design distributes the Layer 3 traffic load across VTEPs. However, its configuration is more complex than the centralized VXLAN IP gateway design. Distributed gateways can provide services only for IPv4 networks.

In a collocation design, the VTEPs use virtual Layer 3 VSI interfaces as gateway interfaces to provide services for VXLANs.

VXLAN IP gateways separated from VTEPs

As shown in Figure 1, an independent VXLAN IP gateway connects a Layer 3 network to a VTEP. VMs send Layer 3 traffic in Layer 2 frames to the gateway through VXLAN tunnels. When the tunneled VXLAN packets arrive, the VTEP terminates the VXLANs and forwards the inner frames to the gateway. In this gateway placement design, the VTEP does not perform Layer 3 forwarding for VXLANs.

Figure 1 VXLAN IP gateway separated from VTEPs

 

Centralized VXLAN IP gateway deployment

As shown in Figure 2, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both terminates the VXLANs and performs Layer 3 forwarding for the VMs.

Figure 2 Centralized VXLAN IP gateway placement design

 

As shown in Figure 3, the network uses the following process to forward Layer 3 traffic from VM 10.1.1.11 to the Layer 3 network:

1.     The VM sends an ARP request to obtain the MAC address of the gateway (VTEP 3) at 10.1.1.1.

2.     VTEP 1 floods the ARP request to all remote VTEPs.

3.     VTEP 3 de-encapsulates the ARP request, creates an ARP entry for the VM, and sends an ARP reply to the VM.

4.     VTEP 1 forwards the ARP reply to the VM.

5.     The VM learns the MAC address of the gateway, and sends the Layer 3 traffic to the gateway.

6.     VTEP 3 removes the VXLAN encapsulation and inner Ethernet header for the traffic, and forwards the traffic to the destination node.

Inter-VXLAN forwarding is the same as this process except for the last step. At the last step of inter-VLAN forwarding, the gateway replaces the source-VXLAN encapsulation with the destination-VXLAN encapsulation, and then forwards the traffic.

Figure 3 Example of centralized VXLAN IP gateway deployment

 

Distributed VXLAN IP gateway deployment

About distributed VXLAN IP gateway deployment

As shown in Figure 4, each site's VTEP acts as a gateway to perform Layer 3 forwarding for the VXLANs of the local site. A VTEP acts as a border gateway to the Layer 3 network for the VXLANs.

Figure 4 Distributed VXLAN IP gateway placement design

 

Figure 5 shows an example of distributed VXLAN IP gateway deployment. Create VSI interfaces on each distributed VXLAN IP gateway and the border gateway as gateway interfaces. Assign the same IP address to the same VSI interface on the distributed VXLAN IP gateways. Enable one of the following features on a distributed VXLAN IP gateway:

·     ARP flood suppression. The gateway performs Layer 2 forwarding based on MAC address entries and performs Layer 3 forwarding based on ARP entries.

·     Local proxy ARP. The gateway performs Layer 3 forwarding based on ARP entries. The following sections use distributed VXLAN IP gateways enabled with the local proxy ARP feature to describe the forwarding processes for intra-VXLAN traffic, inter-VXLAN traffic, and traffic from a VXLAN to an external network.

A distributed VXLAN IP gateway can generate ARP entries by a variety of methods. The following sections use dynamically learned ARP entries to describe the forwarding processes.

Figure 5 Example of distributed VXLAN IP gateway deployment

 

Intra-VXLAN traffic forwarding between sites

As shown in Figure 5, the network uses the following process to forward traffic in a VXLAN between sites (for example, from VM 1 to VM 4 in VXLAN 10):

1.     VM 1 sends an ARP request to obtain the MAC address of VM 4.

2.     GW 1 performs the following operations:

a.     Creates an ARP entry for VM 1 and replies with the MAC address of VSI-interface 10 (the gateway interface for VXLAN 10).

b.     Replaces the sender MAC address of the ARP request with the MAC address of VSI-interface 10, and then floods the request to all remote VTEPs.

3.     VM 1 creates an ARP entry for VM 4. The MAC address in the entry is the MAC address of VSI-interface 10 on GW 1.

4.     GW 2 (the VTEP for VM 4) performs the following operations:

a.     De-encapsulates the ARP request and creates an ARP entry for VM 1. The entry contains VM 1's IP address (10.1.1.11), the MAC address of VSI-interface 10 on GW 1, and the incoming tunnel interface.

b.     Replaces the sender MAC address of the request with the MAC address of VSI-interface 10 on GW 2, and then floods the request to the local site in VXLAN 10.

5.     VM 4 creates an ARP entry for VM 1, and then sends a reply to GW 2. The MAC address in the ARP entry is the MAC address of VSI-interface 10 on GW 2.

6.     GW 2 performs the following operations:

a.     Creates an ARP entry for VM 4.

b.     Replaces the sender MAC address of the request with the MAC address of VSI-interface 10 on GW 2, and sends the reply to GW 1.

7.     GW 1 de-encapsulates the ARP request and creates an ARP entry for VM 4. The entry contains VM 4's IP address (10.1.1.12), the MAC address of VSI-interface 10 on GW 2, and the incoming tunnel interface.

8.     For subsequent traffic between VM 1 and VM 4, GW 1 and GW 2 use their respective ARP tables to make the forwarding decision.

Inter-VXLAN traffic forwarding between sites

As shown in Figure 5, the network uses the following process to forward traffic between VXLANs (for example, from VM 1 in VXLAN 10 to VM 5 in VXLAN 20):

1.     VM 1 sends an ARP request to obtain the MAC address of the gateway at 10.1.1.1.

2.     GW 1 creates an ARP entry for VM 1 and replies with the MAC address of VSI-interface 10 (the gateway interface for VXLAN 10).

3.     VM 1 sends the packet destined for VM 5 to GW 1.

4.     GW 1 sends an ARP request to the local site and remote sites to obtain the MAC address of VM 5. In the ARP request, the sender IP address is 20.1.1.1, and the sender MAC address is the MAC address of VSI-interface 20 on GW 1.

5.     GW 2 performs the following operations:

a.     De-encapsulates the ARP request and creates an ARP entry for GW 1. The entry contains IP address 20.1.1.1 and MAC address of VSI-interface 20 on GW 1, and the incoming tunnel interface.

b.     Replaces the sender MAC address of the request with the MAC address of VSI-interface 20 on GW 2, and then floods the request to the local site in VXLAN 20.

6.     VM 5 creates an ARP entry for GW 2, and then sends a reply to GW 2. The entry contains the IP address (20.1.1.1) and MAC address of VSI-interface 20 on GW 2).

7.     GW 2 performs the following operations:

a.     Creates an ARP entry for VM 5.

b.     Replaces the sender MAC address in the request with the MAC address of VSI-interface 20 on GW 2, and then sends the reply to GW 1.

8.     GW 1 de-encapsulates the ARP request and creates an ARP entry for VM 5. The entry contains VM 5's IP address 20.1.1.12, the MAC address of VSI-interface 20 on GW 2, and the incoming tunnel interface.

9.     For subsequent traffic between VM 1 and VM 5, GW 1 and GW 2 use their respective ARP tables to make the forwarding decision.

VXLAN-to-external network traffic forwarding

As shown in Figure 5, the network uses the following process to forward traffic from a VXLAN to the Layer 3 network (for example, from VM 1 to the host at 50.1.1.1):

1.     VM 1 sends an ARP request to obtain the MAC address of the gateway at 10.1.1.1.

2.     GW 1 creates an ARP entry for VM 1 and replies with the MAC address of VSI-interface 10 (the gateway interface for VXLAN 10).

3.     VM 1 sends a packet destined for the host to GW 1.

4.     GW 1 performs the following operations:

a.     Searches the IP routing policies or routing table for the next hop. In this example, the next hop for the packet is 10.1.1.2 (the border gateway).

b.     Floods an ARP request to the local and remote sites in VXLAN 10 to obtain the MAC address of 10.1.1.2.

5.     The border gateway de-encapsulates the ARP request, creates an ARP entry for GW 1, and tunnels a reply to GW 1.

6.     GW 1 de-encapsulates the ARP reply and creates an ARP entry for 10.1.1.2.

7.     GW 1 sends the packet destined for the host to the border gateway.

8.     The border gateway de-encapsulates the packet and forwards it to the host.

VXLAN IP gateway tasks at a glance

To configure a VXLAN IP gateway, perform the following tasks:

1.     Configure a VXLAN IP gateway

Choose one of the following tasks:

¡     Configuring a centralized VXLAN IP gateway

¡     Configuring a distributed VXLAN IP gateway

2.     (Optional.) Managing ARP entries

3.     (Optional.) Configuring a VSI interface

Prerequisites for VXLAN IP gateway configuration

Before you configure a centralized or distributed VXLAN IP gateway, you must perform the following tasks on VTEPs:

·     Enable Layer 3 forwarding for VXLANs.

·     Create VSIs and VXLANs.

·     Configure VXLAN tunnels and assign them to VXLANs.

For more information about the VXLAN configuration, see "Configuring basic VXLAN features."

Configuring a centralized VXLAN IP gateway

Restrictions and guidelines

Do not execute the local-proxy-arp enable command on a centralized VXLAN IP gateway.

Configuring a gateway interface on a centralized VXLAN IP gateway

1.     Enter system view.

system-view

2.     Create a VSI interface and enter VSI interface view.

interface vsi-interface vsi-interface-id

3.     Assign an IPv4 address to the VSI interface.

ip address ip-address { mask | mask-length }

By default, no IPv4 address is assigned to a VSI interface.

4.     Return to system view.

quit

5.     Enter VSI view.

vsi vsi-name

6.     Specify a gateway interface for the VSI.

gateway vsi-interface vsi-interface-id

By default, no gateway interface is specified for a VSI.

Assigning a subnet to a VSI

About this task

Perform this task on VSIs that share a gateway interface. This task enables the VSI interface to identify the VSI of a packet.

You can assign a primary IPv4 subnets and multiple secondary IPv4 subnets to a VSI. Make sure these subnets are on the same network as one of the IP addresses on the gateway interface.

For VSIs that share a gateway interface, the subnets must be unique.

If you remove the gateway interface from the VSI, the VSI's subnet settings are automatically deleted.

Procedure

1.     Enter system view.

system-view

2.     Enter VSI view.

vsi vsi-name

3.     Assign a subnet to the VSI.

gateway subnet ipv4-address wildcard-mask

By default, no subnet exists on a VSI.

Configuring a distributed VXLAN IP gateway

Restrictions and guidelines for distributed VXLAN IP gateway configuration

For a VXLAN that requires access to the external network, specify the VXLAN's VSI interface on the border gateway as the next hop by using one of the following methods:

·     Configure a static route.

·     Configure a routing policy, and apply the policy by using the apply default-next-hop command. For more information about configuring routing policies, see routing policy configuration in Layer 3—IP Routing Configuration Guide.

If both ARP flood suppression and local proxy ARP are enabled on a distributed VXLAN IP gateway, only local proxy ARP takes effect. As a best practice, do not use these features together on distributed VXLAN IP gateways. For more information about ARP flood suppression, see "VXLAN overview."

Make sure a VSI interface uses the same MAC address to provide service on distributed VXLAN IP gateways connected to IPv4 sites.

Configuring a gateway interface on a distributed VXLAN IP gateway

1.     Enter system view.

system-view

2.     Create a VSI interface and enter VSI interface view.

interface vsi-interface vsi-interface-id

3.     Assign an IP address to the VSI interface.

ip address ip-address { mask | mask-length } [ sub ]

By default, no IP address is assigned to a VSI interface.

4.     Specify the VSI interface as a distributed gateway.

distributed-gateway local

By default, a VSI interface is not a distributed gateway.

5.     Enable local proxy ARP.

local-proxy-arp enable [ ip-range startIP to endIP ]

By default, local proxy ARP is disabled.

For more information about this command, see proxy ARP commands in Layer 3—IP Services Command Reference.

6.     Bring up the VSI interface.

undo shutdown

By default, a VSI interface is up.

7.     Return to system view.

quit

8.     Enter VSI view.

vsi vsi-name

9.     Specify the VSI interface as the gateway interface for the VSI.

gateway vsi-interface vsi-interface-id

By default, no gateway interface is specified for a VSI.

Enabling dynamic ARP entry synchronization for distributed VXLAN IP gateways

About this task

When local proxy ARP is enabled on distributed VXLAN IP gateways, enable this feature for all gateways to have the same ARP entries.

Procedure

1.     Enter system view.

system-view

2.     Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.

arp distributed-gateway dynamic-entry synchronize

By default, dynamic ARP entry synchronization is disabled for distributed VXLAN IP gateways.

Assigning a subnet to a VSI

About this task

Perform this task on VSIs that share a gateway interface. This task enables the VSI interface to identify the VSI of a packet.

You can assign a primary IPv4 subnets and multiple secondary IPv4 subnets to a VSI. Make sure these subnets are on the same network as one of the IP addresses on the gateway interface.

For VSIs that share a gateway interface, the subnets must be unique.

If you remove the gateway interface from the VSI, the VSI's subnet settings are automatically deleted.

Procedure

1.     Enter system view.

system-view

2.     Enter VSI view.

vsi vsi-name

3.     Assign a subnet to the VSI.

gateway subnet ipv4-address wildcard-mask

By default, no subnet exists on a VSI.

Managing ARP entries

Adding a static ARP entry

About this task

A VXLAN IP gateway can dynamically learn ARP entries and use manually configured static ARP entries.

Procedure

1.     Enter system view.

system-view

2.     Add a static local-ARP entry.

arp static ip-address mac-address vsi-interface vsi-interface-id interface-type interface-number service-instance instance-id vsi vsi-name [ vpn-instance vpn-instance-name ]

For more information about this command, see ARP commands in Layer 3—IP Services Command Reference.

3.     Add a static remote-ARP entry.

arp static ip-address mac-address vsi-interface vsi-interface-id tunnel number vsi vsi-name [ vpn-instance vpn-instance-name ]

For more information about this command, see ARP commands in Layer 3—IP Services Command Reference.

Disabling remote ARP learning for VXLANs

About this task

By default, the device learns ARP information of remote user terminals from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, enable remote ARP learning.

Restrictions and guidelines

As a best practice, disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.

Procedure

1.     Enter system view.

system-view

2.     Disable remote ARP learning.

vxlan tunnel arp-learning disable

By default, remote ARP learning is enabled for VXLANs.

Configuring a VSI interface

Configuring optional parameters for a VSI interface

Restrictions and guidelines

For more information about the bandwidth and description commands, see common interface commands in Interface Command Reference.

Procedure

1.     Enter system view.

system-view

2.     Enter VSI interface view.

interface vsi-interface vsi-interface-id

3.     Assign a MAC address to the VSI interface.

mac-address mac-address

By default, VSI interfaces use the MAC address of VLAN-interface 4094.

4.     Configure the description of the VSI interface.

description text

The default description of a VSI interface is interface-name plus Interface (for example, Vsi-interface100 Interface).

5.     Set the expected bandwidth for the VSI interface.

bandwidth bandwidth-value

The default expected bandwidth (in kbps) equals the interface baudrate divided by 1000.

The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.

Restoring the default settings of the VSI interface

Restrictions and guidelines

	CAUTION: This operation might interrupt ongoing network services. Make sure you are fully aware of the impact of this operation when you perform it on a live network.

 

This operation might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem. For more information about the default command, see common interface commands in Interface Command Reference.

Procedure

1.     Enter system view.

system-view

2.     Enter VSI interface view.

interface vsi-interface vsi-interface-id

3.     Restore the default settings of the VSI interface.

default

Verifying and maintaining VXLAN IP gateways

Displaying information about VSI interfaces

To display information about VSI interfaces, execute the following command in any view:

display interface [ vsi-interface [ vsi-interface-id ] ] [ brief [ description | down ] ]

Clearing statistics on VSI interfaces

To clear statistics on VSI interfaces, execute the following command in user view:

reset counters interface [ vsi-interface [ vsi-interface-id ] ]

For more information about this command, see common interface commands in Interface Command Reference.

VXLAN IP gateway configuration examples

Example: Configuring a centralized VXLAN IP gateway

Network configuration

As shown in Figure 6:

·     Configure VXLAN 10 as a unicast-mode VXLAN on Switch A, Switch B, and Switch C to provide connectivity for the VMs across the network sites.

·     Configure a centralized VXLAN IP gateway on Switch B to provide gateway services for VXLAN 10.

·     Manually establish VXLAN tunnels and assign the tunnels to VXLAN 10.

·     Enable remote-MAC address learning.

Figure 6 Network diagram

‌

Prerequisites

IMPORTANT: ·     By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. ·     By default, interfaces on the device are operating in Layer 3 mode. Before you configure Ethernet service instances on an interface, you must use the port link-mode command to configure the interface to operate in Layer 2 mode.

 

Procedure

 

1.     On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. (Details not shown.)

2.     Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 6. (Details not shown.)

# Configure OSPF on all transport network switches (Switches A through D). (Details not shown.)

# Configure OSPF to advertise routes to networks 10.1.1.0/24 and 20.1.1.0/24 on Switch B and Switch E. (Details not shown.)

3.     Configure Switch A:

# Enable L2VPN.

<SwitchA> system-view

[SwitchA] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[SwitchA] undo vxlan ip-forwarding

# Create VSI vpna and VXLAN 10.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch B and Switch C.

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255

[SwitchA-Loopback0] quit

# Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1.

[SwitchA] interface tunnel 1 mode vxlan

[SwitchA-Tunnel1] source 1.1.1.1

[SwitchA-Tunnel1] destination 2.2.2.2

[SwitchA-Tunnel1] quit

# Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2.

[SwitchA] interface tunnel 2 mode vxlan

[SwitchA-Tunnel2] source 1.1.1.1

[SwitchA-Tunnel2] destination 3.3.3.3

[SwitchA-Tunnel2] quit

# Assign Tunnel 1 and Tunnel 2 to VXLAN 10.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] tunnel 1

[SwitchA-vsi-vpna-vxlan-10] tunnel 2

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface hundredgige 1/0/1

[SwitchA-HundredGigE1/0/1] service-instance 1000

[SwitchA-HundredGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-HundredGigE1/0/1-srv1000] xconnect vsi vpna

[SwitchA-HundredGigE1/0/1-srv1000] quit

[SwitchA-HundredGigE1/0/1] quit

4.     Configure Switch B:

# Enable L2VPN.

<SwitchB> system-view

[SwitchB] l2vpn enable

# Create VSI vpna and VXLAN 10.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch C.

[SwitchB] interface loopback 0

[SwitchB-Loopback0] ip address 2.2.2.2 255.255.255.255

[SwitchB-Loopback0] quit

# Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 2.

[SwitchB] interface tunnel 2 mode vxlan

[SwitchB-Tunnel2] source 2.2.2.2

[SwitchB-Tunnel2] destination 1.1.1.1

[SwitchB-Tunnel2] quit

# Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3.

[SwitchB] interface tunnel 3 mode vxlan

[SwitchB-Tunnel3] source 2.2.2.2

[SwitchB-Tunnel3] destination 3.3.3.3

[SwitchB-Tunnel3] quit

# Assign Tunnel 2 and Tunnel 3 to VXLAN 10.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] tunnel 2

[SwitchB-vsi-vpna-vxlan-10] tunnel 3

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Create VSI-interface 1 and assign the interface an IP address. The IP address will be used as the gateway address for VXLAN 10.

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

5.     Configure Switch C:

# Enable L2VPN.

<SwitchC> system-view

[SwitchC] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[SwitchC] undo vxlan ip-forwarding

# Create VSI vpna and VXLAN 10.

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch B.

[SwitchC] interface loopback 0

[SwitchC-Loopback0] ip address 3.3.3.3 255.255.255.255

[SwitchC-Loopback0] quit

# Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 1.

[SwitchC] interface tunnel 1 mode vxlan

[SwitchC-Tunnel1] source 3.3.3.3

[SwitchC-Tunnel1] destination 1.1.1.1

[SwitchC-Tunnel1] quit

# Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3.

[SwitchC] interface tunnel 3 mode vxlan

[SwitchC-Tunnel3] source 3.3.3.3

[SwitchC-Tunnel3] destination 2.2.2.2

[SwitchC-Tunnel3] quit

# Assign Tunnel 1 and Tunnel 3 to VXLAN 10.

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] tunnel 1

[SwitchC-vsi-vpna-vxlan-10] tunnel 3

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchC] interface hundredgige 1/0/1

[SwitchC-HundredGigE1/0/1] service-instance 1000

[SwitchC-HundredGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchC-HundredGigE1/0/1-srv1000] xconnect vsi vpna

[SwitchC-HundredGigE1/0/1-srv1000] quit

[SwitchC-HundredGigE1/0/1] quit

Verifying the configuration

1.     Verify the VXLAN IP gateway settings on Switch B:

# Verify that the VXLAN tunnel interfaces are up on Switch B.

[SwitchB] display interface tunnel 2

Tunnel2

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that VSI-interface 1 is up.

[SwitchB] display interface vsi-interface 1

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0011-2200-0102

IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to the VXLAN, and VSI-interface 1 is the gateway interface of VSI vpna.

[SwitchB] display l2vpn vsi verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : -

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : -

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway interface       : VSI-interface 1

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State  Type        Flood proxy

    Tunnel2              0x5000002  Up     Manual      Disabled

    Tunnel3              0x5000003  Up     Manual      Disabled

# Verify that Switch B has created ARP entries for the VMs.

[SwitchB] display arp

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

20.1.1.5        000c-29c1-5e46 --            Vlan20                   19    D

10.1.1.11       0000-1234-0001 vpna          Tunnel2                  20    D

10.1.1.12       0000-1234-0002 vpna          Tunnel3                  19    D

# Verify that Switch B has created FIB entries for the VMs.

[SwitchB] display fib 10.1.1.11

Destination count: 1 FIB entry count: 1

Flag:

  U:Usable    G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.1.1.11/32       10.1.1.11       UH       Vsi1                     Null

2.     Verify that the VMs can access the WAN:

# Verify that VM 1 and VM 2 can ping each other. (Details not shown.)

# Verify that VM 1, VM 2, and VLAN-interface 20 (20.1.1.5) on Switch E can ping each other. (Details not shown.)

Example: Configuring distributed VXLAN IPv4 gateways

Network configuration

As shown in Figure 7:

·     Configure VXLAN 10, VXLAN 20, and VXLAN 30 as unicast-mode VXLANs on Switch A, Switch B, and Switch C to provide connectivity for the VMs across the network sites.

·     Manually establish VXLAN tunnels and assign the tunnels to the VXLANs.

·     Configure distributed VXLAN IP gateways on Switch A and Switch C to forward traffic between the VXLANs.

·     Configure Switch B as a border gateway to forward traffic between the VXLANs and the WAN connected to Switch E.

Figure 7 Network diagram

‌

Prerequisites

IMPORTANT: ·     By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. ·     By default, interfaces on the device are operating in Layer 3 mode. Before you configure Ethernet service instances on an interface, you must use the port link-mode command to configure the interface to operate in Layer 2 mode.

 

Procedure

 

1.     On VM 1, VM 2, and VM 3, specify 10.1.1.1, 10.1.2.1, and 20.1.1.1 as the gateway address, respectively. (Details not shown.)

2.     Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 7. (Details not shown.)

# Configure OSPF on all transport network switches (Switches A through D). (Details not shown.)

# Configure OSPF to advertise routes to networks 10.1.1.0/24, 10.1.2.0/24, 20.1.1.0/24, and 25.1.1.0/24 on Switch B and Switch E. (Details not shown.)

3.     Configure Switch A:

# Enable L2VPN.

<SwitchA> system-view

[SwitchA] l2vpn enable

# Create VSI vpna and VXLAN 10.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# Create VSI vpnb and VXLAN 20.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# Create VSI vpnc and VXLAN 30.

[SwitchA] vsi vpnc

[SwitchA-vsi-vpnc] vxlan 30

[SwitchA-vsi-vpnc-vxlan-30] quit

[SwitchA-vsi-vpnc] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch B and Switch C.

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255

[SwitchA-Loopback0] quit

# Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1.

[SwitchA] interface tunnel 1 mode vxlan

[SwitchA-Tunnel1] source 1.1.1.1

[SwitchA-Tunnel1] destination 2.2.2.2

[SwitchA-Tunnel1] quit

# Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2.

[SwitchA] interface tunnel 2 mode vxlan

[SwitchA-Tunnel2] source 1.1.1.1

[SwitchA-Tunnel2] destination 3.3.3.3

[SwitchA-Tunnel2] quit

# Assign Tunnel 1 and Tunnel 2 to VXLAN 10.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] tunnel 1

[SwitchA-vsi-vpna-vxlan-10] tunnel 2

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# Assign Tunnel 1 and Tunnel 2 to VXLAN 20.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] tunnel 1

[SwitchA-vsi-vpnb-vxlan-20] tunnel 2

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# Assign Tunnel 2 to VXLAN 30.

[SwitchA] vsi vpnc

[SwitchA-vsi-vpnc] vxlan 30

[SwitchA-vsi-vpnc-vxlan-30] tunnel 2

[SwitchA-vsi-vpnc-vxlan-30] quit

[SwitchA-vsi-vpnc] quit

# On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface hundredgige 1/0/1

[SwitchA-HundredGigE1/0/1] service-instance 1000

[SwitchA-HundredGigE1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-HundredGigE1/0/1-srv1000] xconnect vsi vpna

[SwitchA-HundredGigE1/0/1-srv1000] quit

[SwitchA-HundredGigE1/0/1] quit

# On HundredGigE 1/0/3, create Ethernet service instance 1000 to match VLAN 3.

[SwitchA] interface hundredgige 1/0/3

[SwitchA-HundredGigE1/0/3] service-instance 1000

[SwitchA-HundredGigE1/0/3-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchA-HundredGigE1/0/3-srv1000] xconnect vsi vpnb

[SwitchA-HundredGigE1/0/3-srv1000] quit

[SwitchA-HundredGigE1/0/3] quit

# Create VSI-interface 1 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 10.

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] mac-address 1-1-1

# Specify VSI-interface 1 as a distributed gateway and enable local proxy ARP on the interface.

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# Create VSI-interface 2 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 20.

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] mac-address 2-2-2

# Specify VSI-interface 2 as a distributed gateway and enable local proxy ARP on the interface.

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.

[SwitchA] arp distributed-gateway dynamic-entry synchronize

# Specify VSI-interface 1 as the gateway interface for VSI vpna. Assign subnet 10.1.1.0/24 to the VSI.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] gateway subnet 10.1.1.0 0.0.0.255

[SwitchA-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

# Assign a secondary IP address to VSI-interface 1. The IP address will be used as the gateway address for VXLAN 30.

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip address 20.1.1.1 255.255.255.0 sub

[SwitchA-Vsi-interface1] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnc. Assign subnet 20.1.1.0/24 to the VSI.

[SwitchA] vsi vpnc

[SwitchA-vsi-vpnc] gateway vsi-interface 1

[SwitchA-vsi-vpnc] gateway subnet 20.1.1.0 0.0.0.255

[SwitchA-vsi-vpnc] quit

# Configure a PBR policy for VXLAN 10. Set the policy name to vxlan10, and set the default next hop to 10.1.1.2 (VSI-interface 1 on Switch B).

[SwitchA] acl advanced 3000

[SwitchA-acl-ipv4-adv-3000] rule 0 permit ip

[SwitchA-acl-ipv4-adv-3000] quit

[SwitchA] policy-based-route vxlan10 permit node 5

[SwitchA-pbr-vxlan10-5] if-match acl 3000

[SwitchA-pbr-vxlan10-5] apply default-next-hop 10.1.1.2

[SwitchA-pbr-vxlan10-5] quit

# Configure a PBR policy for VXLAN 20. Set the policy name to vxlan20, and set the default next hop to 10.1.2.2 (VSI-interface 2 on Switch B).

[SwitchA] policy-based-route vxlan20 permit node 5

[SwitchA-pbr-vxlan20-5] if-match acl 3000

[SwitchA-pbr-vxlan20-5] apply default-next-hop 10.1.2.2

[SwitchA-pbr-vxlan20-5] quit

# Apply policies vxlan10 and vxlan20 to VSI-interface 1 and VSI-interface 2, respectively.

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip policy-based-route vxlan10

[SwitchA-Vsi-interface1] quit

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip policy-based-route vxlan20

[SwitchA-Vsi-interface2] quit

4.     Configure Switch B:

# Enable L2VPN.

<SwitchB> system-view

[SwitchB] l2vpn enable

# Create VSI vpna and VXLAN 10.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Create VSI vpnb and VXLAN 20.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# Create VSI vpnc and VXLAN 30.

[SwitchB] vsi vpnc

[SwitchB-vsi-vpnc] vxlan 30

[SwitchB-vsi-vpnc-vxlan-30] quit

[SwitchB-vsi-vpnc] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch C.

[SwitchB] interface loopback 0

[SwitchB-Loopback0] ip address 2.2.2.2 255.255.255.255

[SwitchB-Loopback0] quit

# Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 2.

[SwitchB] interface tunnel 2 mode vxlan

[SwitchB-Tunnel2] source 2.2.2.2

[SwitchB-Tunnel2] destination 1.1.1.1

[SwitchB-Tunnel2] quit

# Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3.

[SwitchB] interface tunnel 3 mode vxlan

[SwitchB-Tunnel3] source 2.2.2.2

[SwitchB-Tunnel3] destination 3.3.3.3

[SwitchB-Tunnel3] quit

# Assign Tunnel 2 to VXLAN 10.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] tunnel 2

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Assign Tunnel 2 to VXLAN 20.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] tunnel 2

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# Assign Tunnel 3 to VXLAN 30.

[SwitchB] vsi vpnc

[SwitchB-vsi-vpnc] vxlan 30

[SwitchB-vsi-vpnc-vxlan-30] tunnel 3

[SwitchB-vsi-vpnc-vxlan-30] quit

[SwitchB-vsi-vpnc] quit

# Create VSI-interface 1 and assign the interface an IP address.

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip address 10.1.1.2 255.255.255.0

[SwitchB-Vsi-interface1] quit

# Create VSI-interface 2 and assign the interface an IP address.

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip address 10.1.2.2 255.255.255.0

[SwitchB-Vsi-interface2] quit

# Create VSI-interface 3 and assign the interface an IP address.

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip address 20.1.1.2 255.255.255.0

[SwitchB-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

# Specify VSI-interface 3 as the gateway interface for VSI vpnc.

[SwitchB] vsi vpnc

[SwitchB-vsi-vpnc] gateway vsi-interface 3

[SwitchB-vsi-vpnc] quit

5.     Configure Switch C:

# Enable L2VPN.

<SwitchC> system-view

[SwitchC] l2vpn enable

# Create VSI vpna and VXLAN 10.

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# Create VSI vpnb and VXLAN 20.

[SwitchC] vsi vpnb

[SwitchC-vsi-vpnb] vxlan 20

[SwitchC-vsi-vpnb-vxlan-20] quit

[SwitchC-vsi-vpnb] quit

# Create VSI vpnc and VXLAN 30.

[SwitchC] vsi vpnc

[SwitchC-vsi-vpnc] vxlan 30

[SwitchC-vsi-vpnc-vxlan-30] quit

[SwitchC-vsi-vpnc] quit

# Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch B.

[SwitchC] interface loopback 0

[SwitchC-Loopback0] ip address 3.3.3.3 255.255.255.255

[SwitchC-Loopback0] quit

# Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 1.

[SwitchC] interface tunnel 1 mode vxlan

[SwitchC-Tunnel1] source 3.3.3.3

[SwitchC-Tunnel1] destination 1.1.1.1

[SwitchC-Tunnel1] quit

# Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3.

[SwitchC] interface tunnel 3 mode vxlan

[SwitchC-Tunnel3] source 3.3.3.3

[SwitchC-Tunnel3] destination 2.2.2.2

[SwitchC-Tunnel3] quit

# Assign Tunnel 1 to VXLAN 10.

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] tunnel 1

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# Assign Tunnel 1 to VXLAN 20.

[SwitchC] vsi vpnb

[SwitchC-vsi-vpnb] vxlan 20

[SwitchC-vsi-vpnb-vxlan-20] tunnel 1

[SwitchC-vsi-vpnb-vxlan-20] quit

[SwitchC-vsi-vpnb] quit

# Assign Tunnel 1 and Tunnel 3 to VXLAN 30.

[SwitchC] vsi vpnc

[SwitchC-vsi-vpnc] vxlan 30

[SwitchC-vsi-vpnc-vxlan-30] tunnel 1

[SwitchC-vsi-vpnc-vxlan-30] tunnel 3

[SwitchC-vsi-vpnc-vxlan-30] quit

[SwitchC-vsi-vpnc] quit

# On HundredGigE 1/0/1, create Ethernet service instance 1000 to match VLAN 4.

[SwitchC] interface hundredgige 1/0/1

[SwitchC-HundredGigE1/0/1] service-instance 1000

[SwitchC-HundredGigE1/0/1-srv1000] encapsulation s-vid 4

# Map Ethernet service instance 1000 to VSI vpnc.

[SwitchC-HundredGigE1/0/1-srv1000] xconnect vsi vpnc

[SwitchC-HundredGigE1/0/1-srv1000] quit

[SwitchC-HundredGigE1/0/1] quit

# Create VSI-interface 1 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 10.

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchC-Vsi-interface1] mac-address 1-1-1

# Specify VSI-interface 1 as a distributed gateway and enable local proxy ARP on the interface.

[SwitchC-Vsi-interface1] distributed-gateway local

[SwitchC-Vsi-interface1] local-proxy-arp enable

[SwitchC-Vsi-interface1] quit

# Create VSI-interface 2 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 20.

[SwitchC] interface vsi-interface 2

[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchC-Vsi-interface2] mac-address 2-2-2

# Specify VSI-interface 2 as a distributed gateway and enable local proxy ARP on the interface.

[SwitchC-Vsi-interface2] distributed-gateway local

[SwitchC-Vsi-interface2] local-proxy-arp enable

[SwitchC-Vsi-interface2] quit

# Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.

[SwitchC] arp distributed-gateway dynamic-entry synchronize

# Specify VSI-interface 1 as the gateway interface for VSI vpna. Assign subnet 10.1.1.0/24 to the VSI.

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] gateway vsi-interface 1

[SwitchC-vsi-vpna] gateway subnet 10.1.1.0 0.0.0.255

[SwitchC-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchC] vsi vpnb

[SwitchC-vsi-vpnb] gateway vsi-interface 2

[SwitchC-vsi-vpnb] quit

# Assign a secondary IP address to VSI-interface 1. The IP address will be used as the gateway address for VXLAN 30.

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip address 20.1.1.1 255.255.255.0 sub

[SwitchC-Vsi-interface1] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnc. Assign subnet 20.1.1.0/24 to the VSI.

[SwitchC] vsi vpnc

[SwitchC-vsi-vpnc] gateway vsi-interface 1

[SwitchC-vsi-vpnc] gateway subnet 20.1.1.0 0.0.0.255

[SwitchC-vsi-vpnc] quit

# Configure a PBR policy for the VXLANs. Set the policy name to vxlan, and set the default next hop to 20.1.1.2 (VSI-interface 1 on Switch B).

[SwitchC] acl advanced 3000

[SwitchC-acl-ipv4-adv-3000] rule 0 permit ip

[SwitchC-acl-ipv4-adv-3000] quit

[SwitchC] policy-based-route vxlan permit node 5

[SwitchC-pbr-vxlan-5] if-match acl 3000

[SwitchC-pbr-vxlan-5] apply default-next-hop 20.1.1.2

[SwitchC-pbr-vxlan-5] quit

# Apply policy vxlan to VSI-interface 1.

[SwitchC] interface vsi-interface1

[SwitchC-Vsi-interface1] ip policy-based-route vxlan

[SwitchC-Vsi-interface1] quit

Verifying the configuration

1.     Verify the VXLAN IP gateway settings on Switch A:

# Verify that the VXLAN tunnel interfaces are up on Switch A.

[SwitchA] display interface tunnel 2

Tunnel2

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that VSI-interface 1 is up.

[SwitchA] display interface vsi-interface 1

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0001-0001-0001

IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to VXLAN 10, and VSI-interface 1 is the gateway interface for VSI vpna.

[SwitchA] display l2vpn vsi name vpna verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : -

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : -

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway Interface       : VSI-interface 1

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State  Type        Flood proxy

    Tunnel1              0x5000001  Up     Manual      Disabled

    Tunnel2              0x5000002  Up     Manual      Disabled

  ACs:

     AC                               Link ID    State    Type

     HGE1/0/1 srv1000                 0          Up       Manual

# Verify that Switch A has created ARP entries for the VMs.

[SwitchA] display arp

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

11.1.1.4        000c-29c1-5e46 11            Vlan11                   19    D

10.1.1.2        3c8c-400d-867a vpna          Tunnel1                  20    D

10.1.1.11       0cda-41b5-cf09 vpna          HGE1/0/1                 20    D

10.1.2.2        3c8c-400d-867a vpnb          Tunnel1                  20    D

10.1.2.11       0cda-41b5-cf89 vpnb          HGE1/0/3                 20    D

20.1.1.12       0001-0001-0001 vpnc          Tunnel2                  19    D

2.     Verify the configuration on the border gateway Switch B:

# Verify that the VXLAN tunnel interfaces are up on Switch B.

[SwitchB] display interface tunnel 2

Tunnel2

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that VSI-interface 1 is up.

[SwitchB] display interface vsi-interface 1

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet address: 10.1.1.2/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0011-2200-0102

IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to VXLAN 10, and VSI-interface 1 is the gateway interface for VSI vpna.

[SwitchB] display l2vpn vsi name vpna verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : -

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : -

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway interface       : VSI-interface 1

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State  Type        Flood proxy

    Tunnel1              0x5000001  Up     Manual      Disabled

    Tunnel2              0x5000002  Up     Manual      Disabled

# Verify that Switch B has created ARP entries for the VMs.

[SwitchB] display arp

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   I-Invalid

IP address      MAC address    VLAN/VSI name Interface                Aging Type

12.1.1.4        0000-fc00-00ab 12            Vlan12                   14    D

25.1.1.5        4431-9234-24bb 20            Vlan20                   17    D

10.1.1.1        0001-0001-0001 vpna          Tunnel2                  17    D

10.1.1.11       0001-0001-0001 vpna          Tunnel2                  20    D

10.1.2.1        0002-0002-0002 vpnb          Tunnel2                  17    D

10.1.2.11       0002-0002-0002 vpnb          Tunnel2                  20    D

20.1.1.1        0001-0001-0001 vpnc          Tunnel3                  17    D

20.1.1.12       0001-0001-0001 vpnc          Tunnel3                  20    D

# Verify that Switch B has created FIB entries for the VMs.

[SwitchB] display fib 10.1.1.11

Destination count: 1 FIB entry count: 1

Flag:

  U:Usable    G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.1.1.11/32       10.1.1.11       UH       Vsi1                     Null

[SwitchB] display fib 20.1.1.12

Destination count: 1 FIB entry count: 1

Flag:

  U:Usable    G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

20.1.1.12/32       20.1.1.12       UH       Vsi3                     Null

3.     Verify that the network connectivity for VMs meets the requirements:

# Verify that VM 1, VM 2, and VM 3 can ping each other. (Details not shown.)

# Verify that VM 1, VM 2, and VM 3 can ping VLAN-interface 20 (25.1.1.5) on Switch E for WAN access. (Details not shown.)