Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and Layer 3 connectivity between distant network sites across an IP network. EVPN uses MP-BGP in the control plane and VXLAN in the data plane. EVPN is typically used in data centers for multitenant services.

EVPN provides the following benefits:

· Configuration automation—MP-BGP automates VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment to ease deployment.

· Separation of the control plane and the data plane—EVPN uses MP-BGP to advertise host reachability information in the control plane and uses VXLAN to forward traffic in the data plane.

· Integrated routing and bridging (IRB)—MP-BGP advertises both Layer 2 and Layer 3 host reachability information to provide optimal forwarding paths and minimize flooding.

Restrictions: Hardware compatibility with EVPN

Hardware	EVPN compatibility
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK	Yes
MSR810-LMS, MSR810-LUS	No
MSR810-LMS-EA, MSR810-LME	No
MSR1004S-5G	Yes
MSR2600-6-X1, MSR2600-10-X1, MSR2600-15-X1	Yes
MSR 2630	No
MSR3600-28, MSR3600-51	No
MSR3600-28-SI, MSR3600-51-SI	No
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP	No
MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG	Yes
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1	Yes
MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660	Yes
MSR3610-G, MSR3620-G	Yes
MSR3640-X1-HI	Yes

Hardware	EVPN compatibility
MSR810-W-WiNet, MSR810-LM-WiNet	Yes
MSR830-4LM-WiNet	Yes
MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet	Yes
MSR830-6BHI-WiNet, MSR830-10BHI-WiNet	Yes
MSR2600-6-WiNet, MSR2600-10-X1-WiNet	Yes
MSR2630-WiNet	No
MSR3600-28-WiNet	No
MSR3610-X1-WiNet	Yes
MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet	Yes

Hardware	EVPN compatibility
MSR2630-XS	Yes
MSR3600-28-XS	No
MSR3610-XS	Yes
MSR3620-XS	Yes
MSR3610-I-XS	Yes
MSR3610-IE-XS	Yes
MSR3620-X1-XS	Yes
MSR3640-XS	Yes
MSR3660-XS	Yes

Hardware	EVPN compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR1004S-5G-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

‌

EVPN network model

As shown in Figure 1, EVPN uses the VXLAN technology for traffic forwarding in the data plane. The transport edge devices assign user terminals to different VXLANs, and then forward traffic between sites for user terminals by using VXLAN tunnels. The transport edge devices are VXLAN tunnel endpoints (VTEPs).

Supported user terminals include PCs, wireless terminals, and VMs on servers.

NOTE:

This document uses VMs as examples to describe the mechanisms of EVPN. The mechanisms do not differ between different kinds of user terminals.

A VTEP uses ESs, VSIs, and VXLAN tunnels to provide VXLAN services:

· Ethernet segment (ES)—An ES is a link that connects a site to a VTEP. Each ES is uniquely identified by an Ethernet segment identifier (ESI). A site can be connected to a VTEP through only one ES. The ES uses ESI 0.

· VSI—A virtual switch instance is a virtual Layer 2 switched domain. Each VSI provides switching services only for one VXLAN. VSIs learn MAC addresses and forward frames independently of one another. User terminals in different sites have Layer 2 connectivity if they are in the same VXLAN. A VXLAN is identified by a 24-bit VXLAN ID which is also called the virtual network identifier (VNI). A VXLAN corresponds to an EVPN instance.

· VXLAN tunnel—Logical point-to-point tunnels between VTEPs over the transport network. Each VXLAN tunnel can trunk multiple VXLANs.

All VXLAN processing is performed on VTEPs. The ingress VTEP encapsulates VXLAN traffic in the VXLAN, outer UDP, and outer IP headers, and forwards the traffic through VXLAN tunnels. The egress VTEP removes the VXLAN encapsulation and forwards the traffic to the destination. Transport network devices (for example, the P device in Figure 1) forward VXLAN traffic only based on the outer IP header of VXLAN packets.

Figure 1 EVPN network model

Layered transport network

As shown in Figure 2, typically the EVPN transport network uses a layered structure. On the transport network, leaf nodes act as VTEPs to provide VXLAN services, and spine nodes perform forwarding for VXLAN traffic based on the outer IP header. If all VTEPs and transport network devices of an EVPN network belong to the same AS, the spine nodes can act as route reflectors (RRs) to reflect routes between the VTEPs. In this scenario, the spine nodes advertise and receive BGP EVPN routes, but do not perform VXLAN encapsulation and de-encapsulation.

Figure 2 Layered transport network

MP-BGP extension for EVPN

To support EVPN, MP-BGP introduces the EVPN subsequent address family under the L2VPN address family and the following network layer reachability information (BGP EVPN routes):

· Ethernet auto-discovery route—Advertises ES information in multihomed sites.

· MAC/IP advertisement route—Advertises MAC reachability information and host route information (host ARP information).

· Inclusive multicast Ethernet tag (IMET) route—Advertises VTEP and VXLAN mappings for automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment.

· Ethernet segment route—Advertises ES and VTEP mappings.

· IP prefix advertisement route—Advertises BGP IPv4 unicast routes as IP prefixes.

The current software version does not support Ethernet auto-discovery routes and ES routes.

MP-BGP uses the route distinguisher (RD) field to differentiate BGP EVPN routes of different VXLANs and uses route targets to control the advertisement and acceptance of BGP EVPN routes. MP-BGP supports the following types of route targets:

· Export target—A VTEP sets the export targets for BGP EVPN routes learned from the local site before advertising them to remote VTEPs.

· Import target—A VTEP checks the export targets of BGP EVPN routes received from remote VTEPs. The VTEP imports the BGP EVPN routes only when their export targets match the local import targets.

Configuration automation

VTEPs use BGP EVPN routes to discover VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs.

· IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel to the VXLAN.

· MAC/IP advertisement route and IP prefix advertisement route—In the EVPN gateway deployment, VTEPs advertise MAC/IP advertisement routes or IP prefix advertisement routes with the export targets. When a VTEP receives a route, it compares the export targets of the route with the local import targets. If the route targets match, the VTEP establishes a VXLAN tunnel with the remote VTEP and associates the tunnel with the L3 VXLAN ID of the corresponding VPN instance. For more information about the L3 VXLAN ID, see "Distributed EVPN gateway deployment."

Assignment of traffic to VXLANs

Traffic from the local site to a remote site

The VTEP uses a site-facing Layer 3 interface to match customer traffic. The VTEP assigns customer traffic to a VXLAN by mapping the Layer 3 interface to a VSI.

A Layer 3 interface is identical to an attachment circuit (AC) in L2VPN.

As shown in Figure 3, Ethernet service instance 1 matches VLAN 2 and is mapped to VSI A (VXLAN 10). When a frame from VLAN 2 arrives, the VTEP assigns the frame to VXLAN 10, and looks up VSI A's MAC address table for the outgoing interface.

Figure 3 Identifying traffic from the local site

Traffic from a remote site to the local site

When a VXLAN packet arrives at a VXLAN tunnel interface, the VTEP uses the VXLAN ID in the packet to identify its VXLAN.

Layer 2 forwarding

MAC learning

The VTEP performs Layer 2 forwarding based on a VSI's MAC address table. The VTEP learns MAC addresses by using the following methods:

· Local MAC learning—The VTEP automatically learns the source MAC addresses of frames sent from the local site. The outgoing interfaces of local MAC address entries are site-facing interfaces on which the MAC addresses are learned.

· Remote MAC learning—The VTEP uses MP-BGP to advertise local MAC reachability information to remote sites and learn MAC reachability information from remote sites. The outgoing interfaces of MAC address entries advertised from a remote site are VXLAN tunnel interfaces.

Unicast

As shown in Figure 4, the VTEP performs typical Layer 2 forwarding for known unicast traffic within the local site.

Figure 4 Intra-site unicast

‌

As shown in Figure 5, the following process applies to a known unicast frame between sites:

1. The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.

In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP address. The destination IP address is the VXLAN tunnel destination IP address.

2. The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel interface found in the VSI's MAC address table.

3. The intermediate transport devices (P devices) forward the packet to the destination VTEP by using the outer IP header.

4. The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching outgoing interface.

Figure 5 Inter-site unicast

‌

Flood

As shown in Figure 6, a VTEP floods a broadcast, multicast, or unknown unicast frame to all site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. The source VTEP replicates the flood frame, and then sends one replica to the destination IP address of each VXLAN tunnel in the VXLAN. Each destination VTEP floods the inner Ethernet frame to all the site-facing interfaces in the VXLAN. To avoid loops, the destination VTEPs do not flood the frame to VXLAN tunnels.

Figure 6 Forwarding of flood traffic

Layer 3 forwarding

EVPN uses EVPN gateways to provide Layer 3 forwarding services for hosts in VXLANs. EVPN provides the following EVPN gateway placement designs:

· Centralized EVPN gateway deployment—Use one VTEP to provide Layer 3 forwarding for VXLANs. Typically, the gateway-collocated VTEP connects to other VTEPs and the external network. To use this design, make sure the gateway has sufficient bandwidth and processing capability.

· Distributed EVPN gateway deployment—Deploy one EVPN gateway on each VTEP to provide Layer 3 forwarding for VXLANs at their respective sites. This design distributes the Layer 3 traffic load across VTEPs. However, its configuration is more complex than the centralized EVPN gateway design.

In either design, the gateways use virtual Layer 3 VSI interfaces as gateway interfaces for VXLANs.

Centralized EVPN gateway deployment

As shown in Figure 7, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both terminates the VXLANs and performs Layer 3 forwarding for the VMs. The network uses the following process to forward Layer 3 traffic from a VM to the destination:

1. The VM sends an ARP request to obtain the MAC address of the VSI interface that acts as the gateway, and then sends the Layer 3 traffic to the centralized EVPN gateway.

2. The local VTEP looks up the matching VSI's MAC address table and forwards the traffic to the centralized EVPN gateway through a VXLAN tunnel.

3. The centralized EVPN gateway removes the VXLAN encapsulation and forwards the traffic at Layer 3.

4. The centralized EVPN gateway forwards the replies sent by the destination node to the VM based on the ARP entry for the VM.

Figure 7 Example of centralized EVPN gateway deployment

Distributed EVPN gateway deployment

About distributed EVPN gateways

As shown in Figure 8, each site's VTEP acts as a gateway to perform Layer 3 forwarding for the VXLANs of the local site. A VTEP acts as a border gateway to the Layer 3 network for the VXLANs.

Figure 8 Distributed EVPN gateway placement design

‌

Symmetric IRB

A distributed EVPN gateway uses symmetric IRB for Layer 3 forwarding, which means both the ingress and egress gateways perform Layer 2 and Layer 3 lookups. Symmetric IRB introduces the following concepts:

· L3 VXLAN ID—Also called L3 VNI. An L3 VXLAN ID identifies the traffic of a routing domain where devices have Layer 3 reachability. An L3 VXLAN ID is associated with one VPN instance. Distributed EVPN gateways use VPN instances to isolate traffic of different services on VXLAN tunnel interfaces.

· Router MAC address—Each distributed EVPN gateway has a unique router MAC address used for inter-gateway forwarding. The MAC addresses in the inner Ethernet header of VXLAN packets are router MAC addresses of distributed EVPN gateways.

VSI interfaces

As shown in Figure 9, each distributed EVPN gateway has the following types of VSI interfaces:

· VSI interface as a gateway interface of a VXLAN—The VSI interface acts as the gateway interface for VMs in a VXLAN. The VSI interface is associated with a VSI and a VPN instance. On different distributed EVPN gateways, the VSI interface of a VXLAN use the same IP address to provide services.

· VSI interface associated with an L3 VXLAN ID—The VSI interface is associated with a VPN instance and assigned an L3 VXLAN ID. VSI interfaces associated with the same VPN instance share an L3 VXLAN ID.

A border gateway only has VSI interfaces that are associated with an L3 VXLAN ID.

Figure 9 Example of distributed EVPN gateway deployment

‌

Layer 3 forwarding entry learning

A distributed EVPN gateway forwards Layer 3 traffic based on FIB entries generated from BGP EVPN routes and ARP information.

A VTEP advertises an external route imported in the EVPN address family through MP-BGP. A remote VTEP adds the route to the FIB table of a VPN instance based on the L3 VXLAN ID carried in the route. In the FIB entry, the outgoing interface is a VXLAN tunnel interface, and the next hop is the peer VTEP address in the NEXT_HOP attribute of the route.

A VTEP has the following types of ARP information:

· Local ARP information—ARP information of VMs in the local site. The VTEP snoops GARP packets, RARP packets, and ARP requests for the gateway MAC address to learn the ARP information of the senders and generates ARP entries and FIB entries. In an ARP or FIB entry, the outgoing interface is the site-facing interface where the packet is received, and the VPN instance is the instance associated with the corresponding VSI interface.

· Remote ARP information—ARP information of VMs in remote sites. Each VTEP uses MP-BGP to advertise its local ARP information with L3 VXLAN IDs in routes to remote sites. A VTEP generates only FIB entries for the remote ARP information. A FIB entry contains the following information:

¡ Outgoing interface: VSI interface associated with the L3 VXLAN ID.

¡ Next hop: Peer VTEP address in the NEXT_HOP attribute of the route.

¡ VPN instance: VPN instance associated with the L3 VXLAN ID.

The VTEP then creates an ARP entry for the next hop in the FIB entry.

Traffic forwarding

A distributed EVPN gateway can work in one of the following mode:

· Switching and routing mode—Forwards Layer 2 traffic based on the MAC address table and forwards Layer 3 traffic based on the FIB table. In this mode, you need to enable ARP flood suppression on the distributed EVPN gateway to reduce flooding.

· Routing mode— Forwards both Layer 2 and Layer 3 traffic based on the FIB table. In this mode, you need to enable local proxy ARP on the distributed EVPN gateway.

For more information about MAC address table-based Layer 2 forwarding, see "Unicast."

Figure 10 shows the intra-site Layer 3 forwarding process.

1. The source VM sends an ARP request to obtain the MAC address of the destination VM.

2. The gateway replies to the source VM with the MAC address of the VSI interface associated with the source VM's VSI.

3. The source VM sends a Layer 3 packet to the gateway.

4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI and finds the matching outgoing site-facing interface.

5. The gateway processes the Ethernet header of the Layer 3 packet as follows:

¡ Replaces the destination MAC address with the destination VM's MAC address.

¡ Replaces the source MAC address with the VSI interface's MAC address.

6. The gateway forwards the Layer 3 packet to the destination VM.

Figure 10 Intra-site Layer 3 forwarding

Figure 11 shows the inter-site Layer 3 forwarding process.

1. The source VM sends an ARP request to obtain the MAC address of the destination VM.

2. The gateway replies to the source VM with the MAC address of the VSI interface associated with the source VM's VSI.

3. The source VM sends a Layer 3 packet to the gateway.

4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI and finds the matching outgoing VSI interface.

5. The gateway processes the Ethernet header of the Layer 3 packet as follows:

¡ Replaces the destination MAC address with the destination gateway's router MAC address.

¡ Replaces the source MAC address with its own router MAC address.

6. The gateway adds VXLAN encapsulation to the Layer 3 packet and forwards the packet to the destination gateway. The encapsulated VXLAN ID is the L3 VXLAN ID of the corresponding VPN instance.

7. The destination gateway identifies the VPN instance of the packet based on the L3 VXLAN ID and removes the VXLAN encapsulation. Then the gateway forwards the packet based on the matching ARP entry.

Figure 11 Inter-site Layer 3 forwarding

Communication between private and public networks

A distributed EVPN gateway uses the public instance to perform Layer 3 forwarding for the public network and to enable communication between private and public networks. The public instance is similar to a VPN instance. A distributed EVPN gateway processes traffic of the public instance in the same way it does for a VPN instance. For the public instance to work correctly, you must configure an RD, an L3 VXLAN ID, and route targets for it. If a VSI interface is not associated with any VPN instance, the VSI interface belongs to the public instance.

RD and route target selection of BGP EVPN routes

As shown in Table 1, you can configure RDs and route targets for BGP EVPN routes in multiple views.

Table 1 Supported views for RD and route target configuration

Item	Views
RD	· VSI EVPN instance view · VPN instance view · Public instance view
Route targets	· VSI EVPN instance view · VPN instance view · VPN instance IPv4 address family view · VPN instance EVPN view · Public instance IPv4 address family view · Public instance EVPN view NOTE: Route targets configured in VPN instance view apply to IPv4 VPN and EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN. Route targets configured in VPN instance EVPN view apply only to EVPN. Route targets configured in IPv4 address family view or EVPN view of a VPN instance take precedence over those in VPN instance view.

Item

Views

· VSI EVPN instance view

· VPN instance view

· Public instance view

Route targets

· VSI EVPN instance view

· VPN instance view

· VPN instance IPv4 address family view

· VPN instance EVPN view

· Public instance IPv4 address family view

· Public instance EVPN view

NOTE:

Route targets configured in VPN instance view apply to IPv4 VPN and EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN. Route targets configured in VPN instance EVPN view apply only to EVPN. Route targets configured in IPv4 address family view or EVPN view of a VPN instance take precedence over those in VPN instance view.

The device selects RDs and route targets for BGP EVPN routes by using the following rules:

· IMET routes and MAC/IP advertisement routes that contain only MAC addresses—The device uses the RD and route targets configured in EVPN instance view when advertising and accepting the routes.

· MAC/IP advertisement routes that contain ARP information—The device uses the following settings when advertising the routes:

¡ RD and export route targets configured in EVPN instance view.

¡ Export route targets configured for EVPN on a VPN instance or the public instance (VPN instance view, and EVPN view of a VPN instance or the public instance).

The device uses the import route targets configured for EVPN on a VPN instance or the public instance when accepting the routes.

· IP prefix advertisement routes—The device uses the route targets configured for IPv4 on a VPN instance or the public instance when advertising and accepting the routes.

ARP flood suppression

ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.

As shown in Figure 12, this feature snoops ARP requests, ARP responses, and BGP EVPN routes to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

Figure 12 ARP flood suppression

ARP flood suppression uses the following workflow:

1. VM 1 sends an ARP request to obtain the MAC address of VM 7.

2. VTEP 1 creates a suppression entry for VM 1, floods the ARP request in the VXLAN, and sends the suppression entry to VTEP 2 and VTEP 3 through BGP EVPN.

3. VTEP 2 and VTEP 3 de-encapsulate the ARP request and broadcast the request in the local site.

4. VM 7 sends an ARP reply.

5. VTEP 2 creates a suppression entry for VM 7, forwards the ARP reply to VTEP 1, and sends the suppression entry to VTEP 1 and VTEP 3 through BGP EVPN.

6. VTEP 1 de-encapsulates the ARP reply and forwards the ARP reply to VM 1.

7. VM 4 sends an ARP request to obtain the MAC address of VM 1.

8. VTEP 1 creates a suppression entry for VM 4 and replies to the ARP request.

9. VM 10 sends an ARP request to obtain the MAC address of VM 1.

10. VTEP 3 creates a suppression entry for VM 10 and replies to the ARP request.

MAC mobility

MAC mobility refers to that a VM or host moves from one ES to another. The source VTEP is unaware of the MAC move event. To notify other VTEPs of the change, the destination VTEP advertises a MAC/IP advertisement route for the MAC address. The source VTEP withdraws the old route for the MAC address after receiving the new route. The MAC/IP advertisement route has a sequence number that increases when the MAC address moves. The sequence number identifies the most recent move if the MAC address moves multiple times.

Configuring EVPN

Restrictions and guidelines: EVPN configuration

Make sure the following VXLAN tunnels are not associated with the same VXLAN when they have the same tunnel destination IP address:

· A VXLAN tunnel automatically created by EVPN.

· A manually created VXLAN tunnel.

For more information about manual tunnel configuration, see VXLAN Configuration Guide.

As a best practice to ensure correct traffic forwarding, configure the same MAC address for all VSI interfaces on an EVPN gateway.

EVPN tasks at a glance

To configure EVPN, perform the following tasks:

1. Configuring a VXLAN on a VSI

a. Creating a VXLAN on a VSI

b. (Optional.) Configuring VSI parameters

2. Configuring an EVPN instance

3. Configuring BGP to advertise BGP EVPN routes

a. Enabling BGP to advertise BGP EVPN routes

b. (Optional.) Configuring route advertisement settings

c. (Optional.) Maintaining BGP sessions

4. Mapping ACs to a VSI

5. Configuring an EVPN gateway

Choose one of the following tasks:

¡ Configuring a centralized EVPN gateway

¡ Configuring a distributed EVPN gateway

6. (Optional.) Managing remote MAC address entries and remote ARP learning

¡ Disabling remote MAC address learning and remote ARP learning

¡ Disabling MAC address advertisement

¡ Disabling learning of MAC addresses from ARP information

7. (Optional.) Configuring BGP EVPN route redistribution and advertisement

¡ Redistributing MAC/IP advertisement routes into BGP unicast routing tables

¡ Enabling BGP EVPN route advertisement to the local site

8. (Optional.) Configuring flood suppression

¡ Confining unknown-unicast floods to the local site

¡ Enabling ARP flood suppression

Configuring a VXLAN on a VSI

Restrictions and guidelines for VXLAN configuration on a VSI

For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Creating a VXLAN on a VSI

1. Enter system view.

system-view

2. Enable L2VPN.

l2vpn enable

By default, L2VPN is disabled.

3. Create a VSI and enter VSI view.

vsi vsi-name

4. Enable the VSI.

undo shutdown

By default, a VSI is enabled.

5. Create a VXLAN and enter VXLAN view.

vxlan vxlan-id

You can create only one VXLAN on a VSI. The VXLAN ID must be unique for each VSI.

Configuring VSI parameters

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Configure a VSI description.

description text

By default, a VSI does not have a description.

4. Set the MTU for the VSI.

mtu mtu

The default MTU is 1500 bytes for a VSI.

5. Enable MAC address learning for the VSI.

mac-learning enable

By default, MAC address learning is enabled for a VSI.

Configuring an EVPN instance

About this task

You do not need to associate a VPN instance with a VXLAN that requires only Layer 2 connectivity. The BGP EVPN routes advertised by the device carry the RD and route targets configured for the EVPN instance associated with the VXLAN.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Create an EVPN instance and enter EVPN instance view.

evpn encapsulation vxlan

4. Configure an RD for the EVPN instance.

route-distinguisher { route-distinguisher | auto }

By default, no RD is configured for an EVPN instance.

5. Configure route targets for the EVPN instance.

vpn-target { vpn-target&<1-8> | auto } [ both | export-extcommunity | import-extcommunity ]

By default, an EVPN instance does not have route targets.

Make sure the following requirements are met:

¡ The import targets of the EVPN instance do not match the export targets of the VPN instance associated with the VXLAN or the public instance.

¡ The export targets of the EVPN instance do not match the import targets of the VPN instance associated with the VXLAN or the public instance.

For more information about VPN instance configuration and public instance configuration, see "Configuring an L3 VXLAN ID for a VSI interface."

Configuring BGP to advertise BGP EVPN routes

Restrictions and guidelines for BGP EVPN route advertisement

Before you uninstall a feature package that contains EVPN features, delete the BGP EVPN address family and all configuration made in BGP EVPN address family view. If you do not delete them, the peer connections set up for EVPN will stay in Established state after feature package uninstallation even though the device no longer supports EVPN.

For more information about BGP commands in this task, see Layer 3—IP Routing Command Reference.

Enabling BGP to advertise BGP EVPN routes

1. Enter system view.

system-view

2. Configure a global router ID.

router id router-id

By default, no global router ID is configured.

3. Enable a BGP instance and enter BGP instance view.

bgp as-number [ instance instance-name ]

By default, BGP is disabled and no BGP instances exist.

4. Specify remote VTEPs as BGP peers.

peer { group-name | ipv4-address [ mask-length ] } as-number as-number

5. Create the BGP EVPN address family and enter BGP EVPN address family view.

address-family l2vpn evpn

6. Enable BGP to exchange BGP EVPN routes with a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } enable

By default, BGP does not exchange BGP EVPN routes with peers.

Configuring route advertisement settings

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP EVPN address family view.

address-family l2vpn evpn

4. Permit the local AS number to appear in routes from a peer or peer group and set the number of appearances.

peer { group-name | ipv4-address [ mask-length ] } allow-as-loop [ number ]

By default, the local AS number is not allowed in routes from peers.

5. Enable route target filtering for BGP EVPN routes.

policy vpn-target

By default, route target filtering is enabled for BGP EVPN routes.

6. Configure BGP route reflection settings:

a. Configure the device as an RR and specify a peer or peer group as its client.

peer { group-name | ipv4-address [ mask-length ] } reflect-client

By default, no RR or client is configured.

b. (Optional.) Enable BGP EVPN route reflection between clients.

reflect between-clients

By default, BGP EVPN route reflection between clients is enabled.

c. (Optional.) Configure the cluster ID of the RR.

reflector cluster-id { cluster-id | ipv4-address }

By default, an RR uses its own router ID as the cluster ID.

d. (Optional.) Create a reflection policy for the RR to filter reflected BGP EVPN routes.

rr-filter ext-comm-list-number

By default, an RR does not filter reflected BGP EVPN routes.

7. Configure the device to not change the next hop of routes advertised to an EBGP peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } next-hop-invariable

By default, the device uses its address as the next hop of routes advertised to EBGP peers.

8. Apply a routing policy to routes received from or advertised to a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } route-policy route-policy-name { export | import }

By default, no routing policies are applied to routes received from or advertised to peers or peer groups.

9. Advertise the COMMUNITY attribute to a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } advertise-community

By default, the device does not advertise the COMMUNITY attribute to peers or peer groups.

Maintaining BGP sessions

Perform the following tasks in user view:

· Reset BGP sessions of the BGP EVPN address family.

reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | all | external | group group-name | internal } l2vpn evpn

· Soft-reset BGP sessions of the BGP EVPN address family.

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } l2vpn evpn

Mapping ACs to a VSI

Mapping a Layer 3 interface to a VSI

About this task

To assign the customer traffic on a Layer 3 interface to a VXLAN, map the interface to the VXLAN's VSI. The VSI uses its MAC address table to forward the customer traffic.

For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Procedure

1. Enter system view.

system-view

2. Enter Layer 3 interface view.

interface interface-type interface-number

3. Map the Layer 3 interface to a VSI.

xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track track-entry-number&<1-3> ]

By default, a Layer 3 interface is not mapped to any VSI.

If the AC is a Layer 3 subinterface, you can specify the access mode. The default access mode is VLAN. If the AC is a Layer 3 interface, you cannot specify the access mode.

Configuring a centralized EVPN gateway

Restrictions and guidelines

If an EVPN network contains a centralized EVPN gateway, you must enable ARP flood suppression on VTEPs. Typically remote ARP learning is disabled in an EVPN network. When ARP requests for the gateway MAC address are sent to the centralized EVPN gateway through VXLAN tunnels, the gateway does not respond to the requests. If ARP flood suppression is disabled on VTEPs, VMs cannot obtain the MAC address of the gateway.

Procedure

1. Enter system view.

system-view

2. Create a VSI interface and enter VSI interface view.

interface vsi-interface vsi-interface-id

For more information about this command, see VXLAN Command Reference.

3. Assign an IPv4 address to the VSI interface.

ip address ip-address { mask | mask-length } [ sub ]

By default, no IPv4 address is assigned to a VSI interface.

4. Return to system view.

quit

5. Enter VSI view.

vsi vsi-name

6. Specify the VSI interface as the gateway interface for the VSI.

gateway vsi-interface vsi-interface-id

By default, no gateway interface is specified for a VSI.

For more information about this command, see VXLAN Command Reference.

Configuring a distributed EVPN gateway

Restrictions and guidelines for distributed EVPN gateway configuration

Make sure a VSI interface uses the same MAC address to provide service on distributed EVPN gateways connected to IPv4 sites.

If both ARP flood suppression and local proxy ARP are enabled on a distributed EVPN gateway, only local proxy ARP takes effect. As a best practice, do not use these features together on distributed EVPN gateways.

On a distributed EVPN gateway, make sure the VSI interfaces configured with L3 VXLAN IDs use the same MAC address. To modify the MAC address of a VSI interface, use the mac-address command.

Prerequisites for distributed EVPN gateway configuration

For a VXLAN to access the external network, specify the VXLAN's VSI interface on the border gateway as the next hop on distributed EVPN gateways by using one of the following methods:

· Configure a static route.

· Configure a routing policy, and apply the policy by using the apply default-next-hop or apply next-hop command. For more information about configuring routing policies, see routing policy configuration in Layer 3—IP Routing Configuration Guide.

Configuring a VSI interface

About this task

To save Layer 3 interface resources on a distributed EVPN gateway, multiple VSIs can share one VSI interface. You can assign multiple IP addresses to the VSI interface for the VSIs to use as gateway addresses.

When VSIs share a VSI interface, you must specify the subnet of each VSI for the VSI interface to identify the VSI of a packet. The subnets must be unique.

Procedure

1. Enter system view.

system-view

2. Create a VSI interface and enter VSI interface view.

interface vsi-interface vsi-interface-id

For more information about this command, see VXLAN Command Reference.

3. Assign an IP address to the VSI interface.

ip address ip-address { mask | mask-length } [ sub ]

By default, no IP address is assigned to a VSI interface.

4. Assign a MAC address to the VSI interface.

mac-address mac-address

By default, the MAC address of a VSI interface is the bridge MAC address.

To ensure correct forwarding after VM migration, you must assign the same MAC address to the VSI interfaces of a VXLAN on all distributed gateways.

5. Specify the VSI interface as a distributed gateway.

distributed-gateway local

By default, a VSI interface is not a distributed gateway.

For more information about this command, see VXLAN Command Reference.

6. (Optional.) Enable local proxy ARP.

local-proxy-arp enable [ ip-range startIP to endIP ]

By default, local proxy ARP is disabled.

For more information about the command, see proxy ARP commands in Layer 3—IP Services Command Reference.

7. Return to system view.

quit

8. Enter VSI view.

vsi vsi-name

9. Specify the VSI interface as the gateway interface for the VSI.

gateway vsi-interface vsi-interface-id

By default, no gateway interface is specified for a VSI.

For more information about this command, see VXLAN Command Reference.

10. Assign a subnet to the VSI.

gateway subnet ipv4-address wildcard-mask

By default, no subnet exists on a VSI.

For more information about this command, see VXLAN Command Reference.

Configuring an L3 VXLAN ID for a VSI interface

Configuring an L3 VXLAN ID for the VSI interface of a VPN instance

1. Enter system view.

system-view

2. Configure a VPN instance:

a. Create a VPN instance and enter VPN instance view.

ip vpn-instance vpn-instance-name

b. Configure an RD for the VPN instance.

route-distinguisher route-distinguisher

By default, no RD is configured for a VPN instance.

c. Configure route targets for the VPN instance.

vpn-target { vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, a VPN instance does not have route targets.

d. (Optional.) Apply an export routing policy to the VPN instance.

export route-policy route-policy

By default, no export routing policy is applied to a VPN instance.

e. (Optional.) Apply an import routing policy to the VPN instance.

import route-policy route-policy

By default, no import routing policy is applied to a VPN instance. The VPN instance accepts a route when the export route targets of the route match local import route targets.

3. Configure EVPN on the VPN instance:

a. Enter VPN instance EVPN view.

address-family evpn

b. Configure route targets for EVPN on the VPN instance.

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, EVPN does not have route targets on a VPN instance.

Make sure the following requirements are met:

- The import targets of EVPN do not match the export targets of the VPN instance.

- The export targets of EVPN do not match the import targets of the VPN instance.

c. (Optional.) Apply an export routing policy to EVPN on the VPN instance.

export route-policy route-policy

By default, no export routing policy is applied to EVPN on a VPN instance.

d. (Optional.) Apply an import routing policy to EVPN on the VPN instance.

import route-policy route-policy

By default, no import routing policy is applied to EVPN on a VPN instance. The VPN instance accepts a route when the route targets of the route match local import route targets.

4. Execute the following commands in sequence to return to system view.

a. quit

b. quit

5. Create a VSI interface and enter VSI interface view.

interface vsi-interface vsi-interface-id

6. Associate the VSI interface with the VPN instance.

ip binding vpn-instance vpn-instance-name

By default, a VSI interface is not associated with a VPN instance. The interface is on the public network.

7. Configure an L3 VXLAN ID for the VSI interface.

l3-vni vxlan-id

By default, no L3 VXLAN ID is configured for a VSI interface.

A VPN instance can have only one L3 VXLAN ID. If multiple L3 VXLAN IDs are configured for a VPN instance, the VPN instance uses the lowest one. To view the L3 VXLAN ID of a VPN instance, use the display evpn routing-table command.

Configuring an L3 VXLAN ID for the VSI interface of the public instance

1. Enter system view.

system-view

2. Create the public instance and enter its view.

ip public-instance

3. Configure an RD for the public instance.

route-distinguisher route-distinguisher

By default, no RD is configured for the public instance.

4. Configure an L3 VXLAN ID for the public instance.

l3-vni vxlan-id

By default, the public instance does not have an L3 VXLAN ID.

The public instance can have only one L3 VXLAN ID. To modify the L3 VXLAN ID for the public instance, you must first delete the original L3 VXLAN ID.

5. Enter IPv4 address family view or EVPN view.

¡ Enter IPv4 address family view.

address-family ipv4

¡ Enter EVPN view.

address-family evpn

6. Configure route targets for IPv4 VPN or EVPN.

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

By default, IPv4 VPN and EVPN do not have route targets on the public instance.

Make sure the following requirements are met:

¡ The import targets of an EVPN instance do not match the export targets of the public instance.

¡ The export targets of an EVPN instance do not match the import targets of the public instance.

7. Execute the following commands in sequence to return to system view.

a. quit

b. quit

8. Enter VSI interface view.

interface vsi-interface vsi-interface-id

9. Configure an L3 VXLAN ID for the VSI interface.

l3-vni vxlan-id

By default, no L3 VXLAN ID is configured for a VSI interface.

Of the VSI interfaces associated with the public instance, a minimum of one VSI interface must use the same L3 VXLAN ID as the public instance.

Configuring IP prefix route advertisement

About this task

If IGP routes are imported to the BGP-VPN IPv4 unicast address family and the corresponding VPN instance has an L3 VXLAN ID, the device advertises the imported routes as IP prefix advertisement routes.

If IGP routes are imported to the BGP IPv4 unicast address family and the public instance has an L3 VXLAN ID, the device advertises the imported routes as IP prefix advertisement routes.

A VTEP compares the export route targets of received IP prefix advertisement routes with the import route targets configured for IPv4 VPN on a VPN instance or the public instance. If the route targets match, the VTEP accepts the routes and adds the routes to the routing table of the VPN instance or public instance.

Restrictions and guidelines

This feature is supported only by distributed EVPN gateway deployment.

For more information about the BGP commands in this task, see Layer 3—IP Routing Command Reference.

Procedure

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP address family view.

¡ Enter BGP IPv4 unicast address family view.

address-family ipv4 [ unicast ]

¡ Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address family view.

ip vpn-instance vpn-instance-name

address-family ipv4 [ unicast ]

4. Enable BGP to redistribute routes from an IGP protocol.

import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ]

By default, BGP does not redistribute IGP routes.

5. (Optional.) Enable default route redistribution into the BGP routing table.

default-route imported

By default, default route redistribution into the BGP routing table is disabled.

6. (Optional.) Configure ECMP VPN route redistribution:

a. Return to BGP instance view.

quit

b. Enter BGP EVPN address family view.

address-family l2vpn evpn

c. Enable ECMP VPN route redistribution.

vpn-route cross multipath

By default, ECMP VPN route redistribution is disabled. If multiple routes have the same prefix and RD, BGP only imports the optimal route into the EVPN routing table.

ECMP VPN route redistribution enables BGP to import all routes that have the same prefix and RD into the EVPN routing table.

Managing remote MAC address entries and remote ARP learning

Disabling remote MAC address learning and remote ARP learning

About this task

By default, the device learns MAC information and ARP information of remote user terminals from packets received on VXLAN tunnel interfaces. The automatically learned remote MAC and ARP information might conflict with the remote MAC and ARP information advertised through BGP. As a best practice to avoid the conflicts, disable remote MAC address learning and remote ARP learning on the device.

For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Procedure

1. Enter system view.

system-view

2. Disable remote MAC address learning.

vxlan tunnel mac-learning disable

By default, remote MAC address learning is enabled.

3. Disable remote ARP learning.

vxlan tunnel arp-learning disable

By default, remote ARP learning is enabled.

Disabling MAC address advertisement

About this task

The MAC information and ARP information advertised by the VTEP overlap. To avoid duplication, disable MAC address advertisement and withdraw the MAC addresses advertised to remote VTEPs.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Enter EVPN instance view.

evpn encapsulation vxlan

4. Disable MAC address advertisement and withdraw advertised MAC addresses.

mac-advertising disable

By default, MAC address advertisement is enabled.

Disabling learning of MAC addresses from ARP information

About this task

The MAC information and ARP information advertised by a remote VTEP overlap. To avoid duplication, disable the learning of MAC addresses from ARP information. EVPN will learn remote MAC addresses only from the MAC information advertised from remote sites.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Enter EVPN instance view.

evpn encapsulation vxlan

4. Disable the EVPN instance from learning MAC addresses from ARP information.

arp mac-learning disable

By default, an EVPN instance learns MAC addresses from ARP information.

Configuring BGP EVPN route redistribution and advertisement

Redistributing MAC/IP advertisement routes into BGP unicast routing tables

About this task

This task enables the device to redistribute received MAC/IP advertisement routes that contain ARP information into a BGP unicast routing table.

· If you perform this task for the BGP IPv4 unicast address family, the device will redistribute the routes into the BGP IPv4 unicast routing table. In addition, the device will advertise the routes to the local site.

· If you perform this task for the BGP-VPN IPv4 unicast address family, the device will redistribute the routes into the BGP-VPN IPv4 unicast routing table of the corresponding VPN instance. To advertise the routes to the local site, you must configure the advertise l2vpn evpn command.

Procedure (BGP instance view)

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP IPv4 unicast address family view.

address-family ipv4

4. Redistribute MAC/IP advertisement routes that contain ARP information into the BGP IPv4 unicast routing table.

import evpn mac-ip

By default, MAC/IP advertisement routes that contain ARP information are not redistributed into the BGP IPv4 unicast routing table.

Procedure (BGP-VPN instance view)

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP-VPN instance view.

ip vpn-instance vpn-instance-name

4. Enter BGP-VPN IPv4 unicast address family view.

address-family ipv4

5. Redistribute MAC/IP advertisement routes that contain ARP information into the BGP-VPN IPv4 unicast routing table.

import evpn mac-ip

By default, MAC/IP advertisement routes that contain ARP information are not redistributed into the BGP-VPN IPv4 unicast routing table.

Enabling BGP EVPN route advertisement to the local site

About this task

This feature enables the device to advertise private BGP EVPN routes to the local site after the device adds the routes to the routing table of a VPN instance.

Procedure

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP-VPN instance view.

ip vpn-instance vpn-instance-name

4. Enter BGP-VPN IPv4 unicast address family view.

address-family ipv4 [ unicast ]

5. Enable BGP EVPN route advertisement to the local site.

advertise l2vpn evpn

By default, BGP EVPN route advertisement to the local site is enabled.

Confining unknown-unicast floods to the local site

About this task

By default, the VTEP floods unknown-unicast frames received from the local site to the following interfaces in the frame's VXLAN:

· All site-facing interfaces except for the incoming interface.

· All VXLAN tunnel interfaces.

Use this feature to exclude a remote unicast or multicast MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when floods are confined to the local site.

For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Disable the VSI from flooding unknown-unicast traffic to VXLAN tunnel interfaces.

flooding disable

By default, unknown-unicast traffic is flooded to all interfaces in the VXLAN, except for the incoming interface.

4. (Optional.) Enable selective flood for a MAC address.

selective-flooding mac-address mac-address

Enabling ARP flood suppression

About this task

Use ARP flood suppression to reduce ARP request broadcasts.

The aging timer is fixed at 25 minutes for ARP flood suppression entries. If the flooding disable command is configured, set the MAC aging timer to a higher value than the aging timer for ARP flood suppression entries on all VTEPs. This setting prevents the traffic blackhole that occurs when a MAC address entry ages out before its ARP flood suppression entry ages out. To set the MAC aging timer, use the mac-address timer command.

When remote ARP learning is disabled for VXLANs, the device does not use ARP flood suppression entries to respond to ARP requests received on VXLAN tunnels.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Enable ARP flood suppression.

arp suppression enable

By default, ARP flood suppression is disabled.

For more information about this command, see VXLAN Command Reference.

Display and maintenance commands for EVPN

Execute display commands in any view and reset commands in user view.

Task	Command
Display BGP peer group information.	display bgp [ instance instance-name ] group l2vpn evpn [ group-name group-name ]
Display BGP EVPN routes.	display bgp [ instance instance-name ] l2vpn evpn [ peer ipv4-address { advertised-routes \| received-routes } [ statistics ] \| route-distinguisher route-distinguisher [ route-type { auto-discovery \| es \| imet \| ip-prefix \| mac-ip } ] [ evpn-route route-length [ advertise-info ] ] \| route-type { auto-discovery \| es \| imet \| ip-prefix \| mac-ip } \| statistics ]
Display BGP peer or peer group information.	display bgp [ instance instance-name ] peer l2vpn evpn [ ipv4-address mask-length \| { ipv4-address \| group-name group-name } log-info \| [ ipv4-address ] verbose ]
Display information about BGP update groups.	display bgp [ instance instance-name ] update-group l2vpn evpn [ ipv4-address ]
Display information about peers that are automatically discovered through BGP.	display evpn auto-discovery { imet [ peer ip-address] [ vsi vsi-name ] \| macip-prefix [ nexthop next-hop ] [ count ] }
Display EVPN ARP entries.	display evpn route arp [ local \| remote ] [ public-instance \| vpn-instance vpn-instance-name ] [ count ]
Display ARP flood suppression entries.	display evpn route arp suppression [ local \| remote ] [ vsi vsi-name ] [ count ]
Display EVPN MAC address entries.	display evpn route mac [ local \| remote ] [ vsi vsi-name ] [ count ]
Display the routing table for a VPN instance.	display evpn routing-table { public-instance \| vpn-instance vpn-instance-name } [ count ]

NOTE:

For more information about the display bgp group, display bgp peer, and display bgp update-group commands, see BGP commands in Layer 3—IP Routing Command Reference.

EVPN configuration examples

Example: Configuring a centralized EVPN gateway

Network configuration

As shown in Figure 13:

· Configure VXLAN 10 and VXLAN 20 on Router A, Router B, and Router C to provide connectivity for the VMs in the VXLANs across the network sites.

· Configure Router C as a centralized EVPN gateway to provide gateway services and access to the connected Layer 3 network.

· Configure Router D as an RR to reflect BGP EVPN routes between Router A, Router B, and Router C.

Figure 13 Network diagram

‌

Procedure

1. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify 10.1.2.1 as the gateway address. (Details not shown.)

2. Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 13. (Details not shown.)

# Configure OSPF on all transport network routers (Routers A through D) for them to reach one another. (Details not shown.)

3. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterA] vxlan tunnel mac-learning disable

[RouterA] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA] vsi vpna

[RouterA-vsi-vpna] arp suppression enable

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

[RouterA-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA] vsi vpnb

[RouterA-vsi-vpnb] arp suppression enable

[RouterA-vsi-vpnb] evpn encapsulation vxlan

[RouterA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterA-vsi-vpnb] vxlan 20

[RouterA-vsi-vpnb-vxlan-20] quit

[RouterA-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 200

[RouterA-bgp-default] peer 4.4.4.4 as-number 200

[RouterA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 4.4.4.4 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

# Map site-facing interface GigabitEthernet 1/0/2 to VSI vpnb.

[RouterA] interface gigabitethernet 1/0/2

[RouterA-GigabitEthernet1/0/2] xconnect vsi vpnb

[RouterA-GigabitEthernet1/0/2] quit

4. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterB] vxlan tunnel mac-learning disable

[RouterB] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB] vsi vpna

[RouterB-vsi-vpna] arp suppression enable

[RouterB-vsi-vpna] evpn encapsulation vxlan

[RouterB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterB-vsi-vpna] vxlan 10

[RouterB-vsi-vpna-vxlan-10] quit

[RouterB-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] arp suppression enable

[RouterB-vsi-vpnb] evpn encapsulation vxlan

[RouterB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterB-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterB-vsi-vpnb] vxlan 20

[RouterB-vsi-vpnb-vxlan-20] quit

[RouterB-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterB] bgp 200

[RouterB-bgp-default] peer 4.4.4.4 as-number 200

[RouterB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 4.4.4.4 enable

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterB] interface gigabitethernet 1/0/1

[RouterB-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterB-GigabitEthernet1/0/1] quit

# Map site-facing interface GigabitEthernet 1/0/2 to VSI vpnb.

[RouterB] interface gigabitethernet 1/0/2

[RouterB-GigabitEthernet1/0/2] xconnect vsi vpnb

[RouterB-GigabitEthernet1/0/2] quit

5. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterC] vxlan tunnel mac-learning disable

[RouterC] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterC] vsi vpna

[RouterC-vsi-vpna] evpn encapsulation vxlan

[RouterC-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterC-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterC-vsi-vpna] vxlan 10

[RouterC-vsi-vpna-vxlan-10] quit

[RouterC-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterC] vsi vpnb

[RouterC-vsi-vpnb] evpn encapsulation vxlan

[RouterC-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterC-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterC-vsi-vpnb] vxlan 20

[RouterC-vsi-vpnb-vxlan-20] quit

[RouterC-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterC] bgp 200

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

# Create VSI-interface 1 and assign the interface an IP address. The IP address will be used as the gateway address for VXLAN 10.

[RouterC] interface vsi-interface 1

[RouterC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[RouterC-Vsi-interface1] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterC] vsi vpna

[RouterC-vsi-vpna] gateway vsi-interface 1

[RouterC-vsi-vpna] quit

# Create VSI-interface 2 and assign the interface an IP address. The IP address will be used as the gateway address for VXLAN 20.

[RouterC] interface vsi-interface 2

[RouterC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[RouterC-Vsi-interface2] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[RouterC] vsi vpnb

[RouterC-vsi-vpnb] gateway vsi-interface 2

[RouterC-vsi-vpnb] quit

6. Configure Router D:

# Establish BGP connections with other transport network routers.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] group evpn

[RouterD-bgp-default] peer 1.1.1.1 group evpn

[RouterD-bgp-default] peer 2.2.2.2 group evpn

[RouterD-bgp-default] peer 3.3.3.3 group evpn

[RouterD-bgp-default] peer evpn as-number 200

[RouterD-bgp-default] peer evpn connect-interface loopback 0

# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP EVPN routes.

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer evpn enable

[RouterD-bgp-default-evpn] undo policy vpn-target

# Configure Router D as an RR.

[RouterD-bgp-default-evpn] peer evpn reflect-client

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

Verifying the configuration

1. Verify the EVPN gateway settings on Router C:

# Verify that Router C has advertised MAC/IP advertisement routes and IMET routes for the gateways and received MAC/IP advertisement routes and IMET routes from Router A and Router B. (Details not shown.)

# Verify that the VXLAN tunnel interfaces are up on Router C.

[RouterC] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 3.3.3.3, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 3.3.3.3, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VSI interfaces are up on Router C.

[RouterC] display interface vsi-interface

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0003-0003-0003

IPv6 packet frame type: Ethernet II, hardware address: 0003-0003-0003

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 64 packets, 6272 bytes, 0 drops

Vsi-interface2

Current state: UP

Line protocol state: UP

Description: Vsi-interface2 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet address: 10.1.2.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0003-0003-0003

IPv6 packet frame type: Ethernet II, hardware address: 0003-0003-0003

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 41 bytes/sec, 328 bits/sec, 0 packets/sec

Last 300 seconds output rate: 52 bytes/sec, 416 bits/sec, 0 packets/sec

Input: 2016 packets, 190272 bytes, 0 drops

Output: 2144 packets, 197568 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to the VXLANs, and the VSI interfaces are the gateway interface of their respective VXLAN.

[RouterC] display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 1

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 2

VXLAN ID : 20

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Auto Disabled

# Verify that Router C has created EVPN ARP entries for the VMs.

[RouterC] display evpn route arp

Flags: D - Dynamic B - BGP G - Gateway L - Local active M - Mapping

Public instance Interface: Vsi-interface1

IP address MAC address Router MAC VSI index Flags

10.1.1.1 0003-0003-0003 - 0 GL

10.1.1.10 0000-1234-0001 - 0 B

10.1.1.20 0000-1234-0003 - 0 B

Public instance Interface: Vsi-interface2

IP address MAC address Router MAC VSI index Flags

10.1.2.1 0005-0005-0005 - 1 GL

10.1.2.10 0000-1234-0002 - 1 B

10.1.2.20 0000-1234-0004 - 1 B

# Verify that Router C has created FIB entries for the VMs.

[RouterC] display fib 10.1.1.10

Destination count: 1 FIB entry count: 1

Flag:

U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static

R:Relay F:FRR

Destination/Mask Nexthop Flag OutInterface/Token Label

10.1.1.10/32 10.1.1.10 UH Vsi1 Null

2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not shown.)

Example: Configuring distributed EVPN gateways

Network configuration

As shown in Figure 14:

· Configure VXLAN 10 and VXLAN 20 on Router A and Router B to provide connectivity for the VMs in the VXLANs across the network sites.

· Configure Router A and Router B as distributed EVPN gateways to provide gateway services. Configure Router C as a border gateway to provide access to the connected Layer 3 network.

· Configure Router D as an RR to reflect BGP EVPN routes between Router A, Router B, and Router C.

Figure 14 Network diagram

‌

Procedure

1. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify 10.1.2.1 as the gateway address. (Details not shown.)

2. Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 14. (Details not shown.)

# Configure OSPF on all transport network routers (Routers A through D) for them to reach one another. (Details not shown.)

3. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterA] vxlan tunnel mac-learning disable

[RouterA] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA] vsi vpna

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

[RouterA-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA] vsi vpnb

[RouterA-vsi-vpnb] evpn encapsulation vxlan

[RouterA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterA-vsi-vpnb] vxlan 20

[RouterA-vsi-vpnb-vxlan-20] quit

[RouterA-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 200

[RouterA-bgp-default] peer 4.4.4.4 as-number 200

[RouterA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 4.4.4.4 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

# Map site-facing interface GigabitEthernet 1/0/2 to VSI vpnb.

[RouterA] interface gigabitethernet 1/0/2

[RouterA-GigabitEthernet1/0/2] xconnect vsi vpnb

[RouterA-GigabitEthernet1/0/2] quit

# Configure RD and route target settings for VPN instance vpna.

[RouterA] ip vpn-instance vpna

[RouterA-vpn-instance-vpna] route-distinguisher 1:1

[RouterA-vpn-instance-vpna] address-family ipv4

[RouterA-vpn-ipv4-vpna] vpn-target 2:2

[RouterA-vpn-ipv4-vpna] quit

[RouterA-vpn-instance-vpna] address-family evpn

[RouterA-vpn-evpn-vpna] vpn-target 1:1

[RouterA-vpn-evpn-vpna] quit

[RouterA-vpn-instance-vpna] quit

# Configure VSI-interface 1.

[RouterA] interface vsi-interface 1

[RouterA-Vsi-interface1] ip binding vpn-instance vpna

[RouterA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[RouterA-Vsi-interface1] mac-address 1-1-1

[RouterA-Vsi-interface1] distributed-gateway local

[RouterA-Vsi-interface1] local-proxy-arp enable

[RouterA-Vsi-interface1] quit

# Configure VSI-interface 2.

[RouterA] interface vsi-interface 2

[RouterA-Vsi-interface2] ip binding vpn-instance vpna

[RouterA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[RouterA-Vsi-interface2] mac-address 2-2-2

[RouterA-Vsi-interface2] distributed-gateway local

[RouterA-Vsi-interface2] local-proxy-arp enable

[RouterA-Vsi-interface2] quit

# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterA] interface vsi-interface 3

[RouterA-Vsi-interface3] ip binding vpn-instance vpna

[RouterA-Vsi-interface3] l3-vni 1000

[RouterA-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] gateway vsi-interface 1

[RouterA-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[RouterA] vsi vpnb

[RouterA-vsi-vpnb] gateway vsi-interface 2

[RouterA-vsi-vpnb] quit

4. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterB] vxlan tunnel mac-learning disable

[RouterB] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB] vsi vpna

[RouterB-vsi-vpna] evpn encapsulation vxlan

[RouterB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterB-vsi-vpna] vxlan 10

[RouterB-vsi-vpna-vxlan-10] quit

[RouterB-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] evpn encapsulation vxlan

[RouterB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterB-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterB-vsi-vpnb] vxlan 20

[RouterB-vsi-vpnb-vxlan-20] quit

[RouterB-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterB] bgp 200

[RouterB-bgp-default] peer 4.4.4.4 as-number 200

[RouterB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 4.4.4.4 enable

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterB] interface gigabitethernet 1/0/1

[RouterB-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterB-GigabitEthernet1/0/1] quit

# Map site-facing interface GigabitEthernet 1/0/2 to VSI vpnb.

[RouterB] interface gigabitethernet 1/0/2

[RouterB-GigabitEthernet1/0/2] xconnect vsi vpnb

[RouterB-GigabitEthernet1/0/2] quit

# Configure RD and route target settings for VPN instance vpna.

[RouterB] ip vpn-instance vpna

[RouterB-vpn-instance-vpna] route-distinguisher 1:1

[RouterB-vpn-instance-vpna] address-family ipv4

[RouterB-vpn-ipv4-vpna] vpn-target 2:2

[RouterB-vpn-ipv4-vpna] quit

[RouterB-vpn-instance-vpna] address-family evpn

[RouterB-vpn-evpn-vpna] vpn-target 1:1

[RouterB-vpn-evpn-vpna] quit

[RouterB-vpn-instance-vpna] quit

# Configure VSI-interface 1.

[RouterB] interface vsi-interface 1

[RouterB-Vsi-interface1] ip binding vpn-instance vpna

[RouterB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[RouterB-Vsi-interface1] mac-address 1-1-1

[RouterB-Vsi-interface1] distributed-gateway local

[RouterB-Vsi-interface1] local-proxy-arp enable

[RouterB-Vsi-interface1] quit

# Configure VSI-interface 2.

[RouterB] interface vsi-interface 2

[RouterB-Vsi-interface2] ip binding vpn-instance vpna

[RouterB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[RouterB-Vsi-interface2] mac-address 2-2-2

[RouterB-Vsi-interface2] distributed-gateway local

[RouterB-Vsi-interface2] local-proxy-arp enable

[RouterB-Vsi-interface2] quit

# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterB] interface vsi-interface 3

[RouterB-Vsi-interface3] ip binding vpn-instance vpna

[RouterB-Vsi-interface3] l3-vni 1000

[RouterB-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterB] vsi vpna

[RouterB-vsi-vpna] gateway vsi-interface 1

[RouterB-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] gateway vsi-interface 2

[RouterB-vsi-vpnb] quit

5. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterC] vxlan tunnel mac-learning disable

[RouterC] vxlan tunnel arp-learning disable

# Configure BGP to advertise BGP EVPN routes.

[RouterC] bgp 200

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

# Configure RD and route target settings for VPN instance vpna.

[RouterC] ip vpn-instance vpna

[RouterC-vpn-instance-vpna] route-distinguisher 1:1

[RouterC-vpn-instance-vpna] address-family ipv4

[RouterC-vpn-ipv4-vpna] vpn-target 2:2

[RouterC-vpn-ipv4-vpna] quit

[RouterC-vpn-instance-vpna] address-family evpn

[RouterC-vpn-evpn-vpna] vpn-target 1:1

[RouterC-vpn-evpn-vpna] quit

[RouterC-vpn-instance-vpna] quit

# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterC] interface vsi-interface 3

[RouterC-Vsi-interface3] ip binding vpn-instance vpna

[RouterC-Vsi-interface3] l3-vni 1000

[RouterC-Vsi-interface3] quit

# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.

[RouterC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100

# Import the default route to the BGP IPv4 unicast routing table of VPN instance vpna.

[RouterC] bgp 200

[RouterC-bgp-default] ip vpn-instance vpna

[RouterC-bgp-default-vpna] address-family ipv4 unicast

[RouterC-bgp-default-ipv4-vpna] default-route imported

[RouterC-bgp-default-ipv4-vpna] import-route static

[RouterC-bgp-default-ipv4-vpna] quit

[RouterC-bgp-default-vpna] quit

[RouterC-bgp-default] quit

# Associate GigabitEthernet 1/0/2 with VPN instance vpna.

[RouterC] interface gigabitethernet 1/0/2

[RouterC-GigabitEthernet1/0/2] ip binding vpn-instance vpna

[RouterC-GigabitEthernet1/0/2] ip address 20.1.1.3 24

[RouterC-GigabitEthernet1/0/2] quit

6. Configure Router D:

# Establish BGP connections with other transport network routers.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] group evpn

[RouterD-bgp-default] peer 1.1.1.1 group evpn

[RouterD-bgp-default] peer 2.2.2.2 group evpn

[RouterD-bgp-default] peer 3.3.3.3 group evpn

[RouterD-bgp-default] peer evpn as-number 200

[RouterD-bgp-default] peer evpn connect-interface loopback 0

# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP EVPN routes.

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer evpn enable

[RouterD-bgp-default-evpn] undo policy vpn-target

# Configure Router D as an RR.

[RouterD-bgp-default-evpn] peer evpn reflect-client

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Router A:

# Verify that Router A has advertised the IP prefix advertisement routes for the gateways and the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Router A has received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement routes and IMET routes for each VSI from Router B. (Details not shown.)

# Verify that the VXLAN tunnel interfaces are up on Router A. (This example uses Tunnel 0.)

[RouterA] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VSI interfaces are up on Router A. (This example uses VSI-interface 1.)

[RouterA] display interface vsi-interface 1

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0001-0001-0001

IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 192 packets, 18816 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to the VXLANs, and the VSI interfaces are the gateway interface of their respective VXLAN.

[RouterA] display l2vpn vsi verbose

VSI Name: Auto_L3VNI1000_3

VSI Index : 1

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Disabled

Service Class : -

Gateway Interface : VSI-interface 3

VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Disabled

Service Class : -

Gateway Interface : VSI-interface 1

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000001 Up Auto Disabled

Tunnel1 0x5000002 Up Auto Disabled

ACs:

AC Link ID State

GE1/0/1 0 Up

VSI Name: vpnb

VSI Index : 2

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Disabled

Service Class : -

Gateway Interface : VSI-interface 2

VXLAN ID : 20

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000001 Up Auto Disabled

Tunnel1 0x5000002 Up Auto Disabled

ACs:

AC Link ID State

GE1/0/2 0 Up

# Verify that Router A has created ARP entries for the VMs.

[RouterA] display arp

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface/Link ID Aging Type

10.1.1.10 0000-1234-0001 vpna 0 20 D

10.1.2.10 0000-1234-0002 vpnb 0 19 D

2.2.2.2 a0ce-5e24-0100 Auto_L3VNI200 Tunnel0 -- R

# Verify that Router A has created EVPN ARP entries for the local VMs.

[RouterA] display evpn route arp

Flags: D - Dynamic B - BGP G - Gateway L - Local active M - Mapping

VPN instance:vpna Interface:Vsi-interface1

IP address MAC address Router MAC VSI Index Flags

10.1.1.1 0001-0001-0001 a0ce-7e40-0400 0 GL

10.1.1.10 0000-1234-0001 a0ce-7e40-0400 0 DL

10.1.2.10 0000-1234-0002 a0ce-7e40-0400 0 DL

10.1.1.20 0000-1234-0003 a0ce-7e40-0400 0 B

10.1.2.20 0000-1234-0004 a0ce-7e40-0400 0 B

2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not shown.)

Example: Configuring communication between IPv4 EVPN networks and the public network

Network configuration

As shown in Figure 15:

· Configure VXLAN 10, VXLAN 20, and VXLAN 30 on Router A, Router B, and Router C to meet the following requirements:

¡ VXLAN 10 and VXLAN 20 are on the private network, and VXLAN 30 is on the public network.

¡ VXLAN 10 can communicate with VXLAN 20 and VXLAN 30, and VXLAN 20 is isolated from VXLAN 30.

· Configure Router A, Router B, and Router C as distributed EVPN gateways to provide gateway services for the VXLANs.

· Configure Router D as an RR to reflect BGP EVPN routes between Router A, Router B, and Router C.

Figure 15 Network diagram

‌

Procedure

1. On VM 1, VM 2, and VM 3, specify 10.1.1.1, 10.1.2.1, and 10.1.3.1 as the gateway address, respectively. (Details not shown.)

2. Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 15. (Details not shown.)

# Configure OSPF on all transport network routers (Routers A through D) for them to reach one another. (Details not shown.)

3. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterA] vxlan tunnel mac-learning disable

[RouterA] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA] vsi vpna

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

[RouterA-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 200

[RouterA-bgp-default] peer 4.4.4.4 as-number 200

[RouterA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 4.4.4.4 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpna.

[RouterA] ip vpn-instance vpna

[RouterA-vpn-instance-vpna] route-distinguisher 1:1

[RouterA-vpn-instance-vpna] address-family ipv4

[RouterA-vpn-ipv4-vpna] vpn-target 1:1

[RouterA-vpn-ipv4-vpna] vpn-target 2:2 import-extcommunity

[RouterA-vpn-ipv4-vpna] vpn-target 3:3 import-extcommunity

[RouterA-vpn-ipv4-vpna] quit

[RouterA-vpn-instance-vpna] address-family evpn

[RouterA-vpn-evpn-vpna] vpn-target 1:1

[RouterA-vpn-evpn-vpna] vpn-target 2:2 import-extcommunity

[RouterA-vpn-evpn-vpna] vpn-target 3:3 import-extcommunity

[RouterA-vpn-evpn-vpna] quit

[RouterA-vpn-instance-vpna] quit

# Configure VSI-interface 1.

[RouterA] interface vsi-interface 1

[RouterA-Vsi-interface1] ip binding vpn-instance vpna

[RouterA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[RouterA-Vsi-interface1] distributed-gateway local

[RouterA-Vsi-interface1] local-proxy-arp enable

[RouterA-Vsi-interface1] quit

# Associate VSI-interface 2 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterA] interface vsi-interface 2

[RouterA-Vsi-interface2] ip binding vpn-instance vpna

[RouterA-Vsi-interface2] l3-vni 1000

[RouterA-Vsi-interface2] quit

# Create VSI-interface 3 and configure its L3 VXLAN ID as 2000 for matching routes from Router B.

[RouterA] interface vsi-interface 3

[RouterA-Vsi-interface3] l3-vni 2000

[RouterA-Vsi-interface3] quit

# Create VSI-interface 4 and configure its L3 VXLAN ID as 3000 for matching routes from Router C.

[RouterA] interface vsi-interface 4

[RouterA-Vsi-interface4] l3-vni 3000

[RouterA-Vsi-interface4] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] gateway vsi-interface 1

[RouterA-vsi-vpna] quit

4. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterB] vxlan tunnel mac-learning disable

[RouterB] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpnb, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] evpn encapsulation vxlan

[RouterB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterB-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[RouterB-vsi-vpnb] vxlan 20

[RouterB-vsi-vpnb-vxlan-20] quit

[RouterB-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterB] bgp 200

[RouterB-bgp-default] peer 4.4.4.4 as-number 200

[RouterB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 4.4.4.4 enable

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpnb.

[RouterB] interface gigabitethernet 1/0/1

[RouterB-GigabitEthernet1/0/1] xconnect vsi vpnb

[RouterB-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpnb.

[RouterB] ip vpn-instance vpnb

[RouterB-vpn-instance-vpnb] route-distinguisher 2:2

[RouterB-vpn-instance-vpnb] address-family ipv4

[RouterB-vpn-ipv4-vpnb] vpn-target 2:2

[RouterB-vpn-ipv4-vpnb] vpn-target 1:1 import-extcommunity

[RouterB-vpn-ipv4-vpnb] quit

[RouterB-vpn-instance-vpnb] address-family evpn

[RouterB-vpn-evpn-vpnb] vpn-target 2:2

[RouterB-vpn-evpn-vpnb] vpn-target 1:1 import-extcommunity

[RouterB-vpn-evpn-vpnb] quit

[RouterB-vpn-instance-vpnb] quit

# Configure VSI-interface 1.

[RouterB] interface vsi-interface 1

[RouterB-Vsi-interface1] ip binding vpn-instance vpnb

[RouterB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0

[RouterB-Vsi-interface1] distributed-gateway local

[RouterB-Vsi-interface1] local-proxy-arp enable

[RouterB-Vsi-interface1] quit

# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from Router A.

[RouterB] interface vsi-interface 2

[RouterB-Vsi-interface2] l3-vni 1000

[RouterB-Vsi-interface2] qui

# Associate VSI-interface 3 with VPN instance vpnb, and configure the L3 VXLAN ID as 2000 for the VPN instance.

[RouterB] interface vsi-interface 3

[RouterB-Vsi-interface3] ip binding vpn-instance vpnb

[RouterB-Vsi-interface3] l3-vni 2000

[RouterB-Vsi-interface3] quit

# Create VSI-interface 4, and configure its L3 VXLAN ID as 3000 for matching routes from Router C.

[RouterB] interface vsi-interface 4

[RouterB-Vsi-interface4] l3-vni 3000

[RouterB-Vsi-interface4] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnb.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] gateway vsi-interface 1

[RouterB-vsi-vpnb] quit

5. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterC] vxlan tunnel mac-learning disable

[RouterC] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpnc, and configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterC] vsi vpnc

[RouterC-vsi-vpnc] evpn encapsulation vxlan

[RouterC-vsi-vpnc-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpnc-evpn-vxlan] vpn-target auto

[RouterC-vsi-vpnc-evpn-vxlan] quit

# Create VXLAN 30.

[RouterC-vsi-vpnc] vxlan 30

[RouterC-vsi-vpnc-vxlan-30] quit

[RouterC-vsi-vpnc] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterC] bgp 200

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family ipv4 unicast

[RouterC-bgp-default-ipv4] quit

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

# Configure RD, route target, and L3 VXLAN ID settings for the public instance.

[RouterC] ip public-instance

[RouterC-public-instance] route-distinguisher 3:3

[RouterC-public-instance] l3-vni 3000

[RouterC-public-instance] address-family ipv4

[RouterC-public-instance-ipv4] vpn-target 3:3

[RouterC-public-instance-ipv4] vpn-target 1:1 import-extcommunity

[RouterC-public-instance-ipv4] quit

[RouterC-public-instance] address-family evpn

[RouterC-public-instance-evpn]vpn-target 3:3

[RouterC-public-instance-evpn] vpn-target 1:1 import-extcommunity

[RouterC-public-instance-evpn] quit

[RouterC-public-instance] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpnc.

[RouterC] interface gigabitethernet 1/0/1

[RouterC-GigabitEthernet1/0/1] xconnect vsi vpnc

[RouterC-GigabitEthernet1/0/1] quit

# Configure VSI-interface 1.

[RouterC] interface vsi-interface 1

[RouterC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0

[RouterC-Vsi-interface1] distributed-gateway local

[RouterC-Vsi-interface1] local-proxy-arp enable

[RouterC-Vsi-interface1] quit

# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from Router A.

[RouterC] interface vsi-interface 2

[RouterC-Vsi-interface2] l3-vni 1000

[RouterC-Vsi-interface2] quit

# Create VSI-interface 3, and configure its L3 VXLAN ID as 2000 for matching routes from Router B.

[RouterC] interface vsi-interface 3

[RouterC-Vsi-interface3] l3-vni 2000

[RouterC-Vsi-interface3] quit

# Create VSI-interface 4 for the public instance, and configure the L3 VXLAN ID as 3000 for the VSI interface.

[RouterC] interface vsi-interface 4

[RouterC-Vsi-interface4] l3-vni 3000

[RouterC-Vsi-interface4] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnc.

[RouterC] vsi vpnc

[RouterC-vsi-vpnc] gateway vsi-interface 1

[RouterC-vsi-vpnc] quit

6. Configure Router D:

# Establish BGP connections with other transport network routers.

<RouterD> system-view

[RouterD] bgp 200

[RouterD-bgp-default] group evpn

[RouterD-bgp-default] peer 1.1.1.1 group evpn

[RouterD-bgp-default] peer 2.2.2.2 group evpn

[RouterD-bgp-default] peer 3.3.3.3 group evpn

[RouterD-bgp-default] peer evpn as-number 200

[RouterD-bgp-default] peer evpn connect-interface loopback 0

# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP EVPN routes.

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer evpn enable

[RouterD-bgp-default-evpn] undo policy vpn-target

# Configure Router D as an RR.

[RouterD-bgp-default-evpn] peer evpn reflect-client

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Router A:

# Verify that the VXLAN tunnel interfaces are up on Router A.

[RouterA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 22 packets, 2156 bytes, 0 drops

Output: 23 packets, 2254 bytes, 0 drops

# Verify that the VSI interfaces are up on Router A.

[RouterA] display interface vsi-interface

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600

IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 4 bytes/sec, 32 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 2656 packets, 138432 bytes, 0 drops

Vsi-interface2

Current state: UP

Line protocol state: UP

Description: Vsi-interface2 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet protocol processing: Disabled

IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600

IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Vsi-interface3

Current state: UP

Line protocol state: UP

Description: Vsi-interface3 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet protocol processing: Disabled

IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600

IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Vsi-interface4

Current state: UP

Line protocol state: UP

Description: Vsi-interface4 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Internet protocol processing: Disabled

IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600

IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces are the gateway interfaces of their respective VXLANs.

[RouterA] display l2vpn vsi verbose

VSI Name: Auto_L3VNI1000_2

VSI Index : 1

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 2

VXLAN ID : 1000

VSI Name: Auto_L3VNI2000_3

VSI Index : 2

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 3

VXLAN ID : 2000

VSI Name: Auto_L3VNI3000_4

VSI Index : 3

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 4

VXLAN ID : 3000

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

Gateway Interface : VSI-interface 1

VXLAN ID : 10

ACs:

AC Link ID State

GE1/0/1 0 Up

# Verify that Router A has created ARP entries for the VMs.

[RouterA] display arp

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface/Link ID Aging Type

10.1.1.10 582e-aaec-0806 vpna 0 10 D

11.1.1.4 582c-1385-0517 -- GE1/0/3 14 D

2.2.2.2 582e-8ba6-0700 Auto_L3VNI200 Tunnel0 -- R

0_3

3.3.3.3 9a51-95ba-1000 Auto_L3VNI300 Tunnel1 -- R

0_4

2. Verify that VM 1 can communicate with VM 2 and VM 3, and VM 2 cannot communicate with VM 3. (Details not shown.)

Configuring EVPN-DCI

About EVPN-DCI

EVPN data center interconnect (EVPN-DCI) uses VXLAN-DCI tunnels to provide connectivity for data centers over an IP transport network.

EVPN-DCI network model

As shown in Figure 16, the EVPN-DCI network contains VTEPs and edge devices (EDs) located at the edge of the transport network. A VXLAN tunnel is established between a VTEP and an ED, and a VXLAN-DCI tunnel is established between two EDs. VXLAN-DCI tunnels use VXLAN encapsulation. Each ED de-encapsulates incoming VXLAN packets and re-encapsulates them based on the destination before forwarding the packets through a VXLAN or VXLAN-DCI tunnel.

Figure 16 EVPN-DCI network model

Working mechanisms

In an EVPN-DCI network, BGP EVPN peer relationships are established between EDs and between EDs and VTEPs. When advertising routes to a VTEP or another ED, an ED replaces the routes' nexthop IP address and router MAC address with its IP address and router MAC address.

In an EVPN-DCI network, a VTEP and an ED use a VXLAN tunnel to send traffic, and two EDs use a VXLAN-DCI tunnel to send traffic. An ED de-encapsulates incoming VXLAN packets and re-encapsulates them before forwarding the packets through a VXLAN or VXLAN-DCI tunnel.

EVPN-DCI dual-homing

As shown in Figure 17, EVPN-DCI dual-homing allows you to deploy two EDs at a data center for high availability and load sharing. To virtualize the redundant EDs into one device, a virtual ED address is configured on them. The redundant EDs use the virtual ED address to establish tunnels with VTEPs and remote EDs.

Figure 17 EVPN-DCI dual-homing

The redundant EDs use their respective IP addresses as the BGP peer addresses to establish BGP EVPN neighbor relationships with VTEPs and remote EDs. The VTEPs and remote EDs send traffic destined for the virtual ED address to both of the redundant EDs through the ECMP routes provided by the underlay network.

The redundant EDs communicate with remote data centers through the transport network. Devices in the dual-homed data center are unaware of the transport network. When the transport-side link fails on one of the redundant EDs, traffic destined for remote data centers is still sent to that ED. To resolve this issue, Monitor Link is used together with EVPN-DCI dual-homing. On each redundant ED, the transport-facing physical interface is associated with the loopback interface that provides the IP address used for establishing BGP EVPN neighbor relationships. If the transport-side link fails on a redundant ED, the loopback interface is placed in down state, and all traffic is forwarded by the other redundant ED. For more information about Monitor Link, see High Availability Configuration Guide.

For link redundancy, deploy multiple RRs on the spine nodes in a data center, and connect each redundant ED to the transport network through multiple links.

Restrictions and guidelines: EVPN-DCI configuration

On an ED, make sure the VSI interfaces configured with L3 VXLAN IDs use the same MAC address. To modify the MAC address of a VSI interface, use the mac-address command.

EVPN-DCI tasks at a glance

To configure EVPN-DCI, perform the following tasks on EDs:

1. Enabling DCI

2. Enabling route nexthop replacement and route router MAC replacement

3. (Optional.) Configuring VXLAN mapping

Perform this task to provide Layer 2 connectivity for a tenant subnet that uses different VXLAN IDs in multiple data centers.

4. Configuring the BGP EVPN address family and the BGP VPNv4 address family to exchange routes

You must perform this task if data centers are interconnected through an MPLS L3VPN network.

5. (Optional.) Configuring EVPN-DCI dual-homing

Prerequisites for EVPN-DCI

Before you configure EVPN-DCI, complete basic EVPN configuration for each data center. For more information about basic EVPN configuration, see "Configuring EVPN."

Enabling DCI

About this task

For EDs to automatically establish VXLAN-DCI tunnels, you must enable DCI on the Layer 3 interfaces that interconnect the EDs.

An ED establishes VXLAN-DCI tunnels based on BGP EVPN routes. If DCI is disabled on the outgoing interfaces to remote sites, EDs cannot establish VXLAN-DCI tunnels.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Enable DCI.

dci enable

By default, DCI is disabled on an interface.

Enabling route nexthop replacement and route router MAC replacement

1. Enter system view.

system-view

2. Configure a global router ID.

router id router-id

By default, no global router ID is configured.

3. Enable a BGP instance and enter BGP instance view.

bgp as-number [ instance instance-name ]

By default, BGP is disabled, and no BGP instances exist.

4. Specify local VTEPs and remote EDs as BGP peers.

peer { group-name | ipv4-address [ mask-length ] } as-number as-number

5. Create the BGP EVPN address family and enter BGP EVPN address family view.

address-family l2vpn evpn

6. Enable BGP to exchange BGP EVPN routes with a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } enable

By default, BGP does not exchange BGP EVPN routes with peers.

7. Set the local router as the next hop for routes advertised to a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } next-hop-local

The default settings for this command are as follows:

¡ BGP sets the local router as the next hop for all routes advertised to an EBGP peer or peer group.

¡ BGP does not modify the next hop for EBGP routes advertised to an IBGP peer or peer group.

The peers specified in this task must be VTEPs in the local data center.

8. Enable route router MAC replacement for a peer or peer group.

peer { group-name | ipv4-address [ mask-length ] } router-mac-local

By default, the device does not modify the router MAC address of routes before advertising the routes.

This command enables the device to use its router MAC address to replace the router MAC address of routes received from and advertised to a peer or peer group.

The peers specified in this task must be remote EDs.

Configuring VXLAN mapping

About this task

The VXLAN mapping feature provides Layer 2 connectivity for a tenant subnet that uses different VXLAN IDs in multiple data centers.

If you map a local VXLAN to a remote VXLAN on an ED, the ED processes routes as follows:

· When the ED receives the local VXLAN's MAC/IP advertisement routes from local VTEPs, it performs the following operations:

¡ Adds the routes to the local VXLAN.

¡ Replaces the VXLAN ID of the routes with the remote VXLAN ID and advertises the routes to remote EDs.

· When the ED receives the remote VXLAN's MAC/IP advertisement routes from a remote data center, it adds the routes to the local VXLAN.

VXLAN mapping includes the following types:

· Non-intermediate VXLAN mapping—When two data centers use different VXLAN IDs for a subnet, map the local VXLAN to the remote VXLAN on the ED of one data center. For example, for VXLAN 10 of data center 1 to communicate with VXLAN 20 of data center 2, map VXLAN 10 to VXLAN 20 on the ED of data center 1.

· Intermediate VXLAN mapping—When multiple data centers use different VXLAN IDs for a subnet, map the VXLANs to an intermediate VXLAN on all EDs. For example, data center 1 uses VXLAN 10, data center 2 uses VXLAN 20, and data center 3 uses VXLAN 30. To provide connectivity for the VXLANs, map them to intermediate VXLAN 500 on EDs of the data centers. You must use intermediate VXLAN mapping if more than two data centers use different VXLAN IDs. The intermediate VXLAN can be used only for VXLAN mapping, and it cannot be used for common VXLAN services.

Restrictions and guidelines

You must create mapped remote VXLANs on the device, create an EVPN instance for each remote VXLAN, and configure RD and route target settings for the EVPN instances.

When you use VXLAN mapping, follow these route target restrictions:

· EVPN instances and EVPN address family of VPN instances do not have the same export targets.

· EVPN instances and EVPN address family of the public instance do not have the same export targets.

Procedure

1. Enter system view.

system-view

2. Enter VSI view.

vsi vsi-name

3. Enter EVPN instance view.

evpn encapsulation vxlan

4. Map the local VXLAN to a remote VXLAN.

mapping vni vxlan-id

By default, a local VXLAN is not mapped to any remote VXLAN.

The mapped remote VXLAN ID cannot be the reserved VXLAN ID specified by using the reserved vxlan command. For more information about the reserved vxlan command, see VXLAN Command Reference.

Configuring the BGP EVPN address family and the BGP VPNv4 address family to exchange routes

About route exchange

When data centers are interconnected through an MPLS L3VPN network, EVPN EDs also act as MPLS L3VPN PEs. To enable communication between the data centers, you must perform the following tasks on the EDs:

· Configure both MPLS L3VPN and EVPN.

· Configure the BGP EVPN address family and the BGP VPNv4 address family to exchange routes.

Figure 18 Data centers interconnected through an MPLS L3VPN network

Enabling BGP VPNv4 route advertisement for the BGP EVPN address family

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP EVPN address family view.

address-family l2vpn evpn

4. Enable BGP VPNv4 route advertisement for the BGP EVPN address family.

advertise l3vpn route [ replace-rt ][ advertise-policy policy-name ]

By default, BGP VPNv4 routes are not advertised through the BGP EVPN address family.

After you execute this command, the device advertises BGP VPNv4 routes as IP prefix advertisement routes through the BGP EVPN address family.

Enabling BGP EVPN route advertisement for the BGP VPNv4 address family

1. Enter system view.

system-view

2. Enter BGP instance view.

bgp as-number [ instance instance-name ]

3. Enter BGP VPNv4 address family view.

address-family vpnv4

4. Enable BGP EVPN route advertisement for the BGP VPNv4 address family.

advertise evpn route [ replace-rt ][ advertise-policy policy-name ]

By default, BGP EVPN routes are not advertised through the BGP VPNv4 address family.

After you execute this command, the device advertises IP prefix advertisement routes and MAC/IP advertisement routes that contain host route information through the BGP VPNv4 address family.

Configuring EVPN-DCI dual-homing

About this task

For high availability and load sharing, you can deploy two EDs at a data center. To virtualize the redundant EDs into one device, you must configure the same virtual ED address on them.

Restrictions and guidelines

Do not configure a virtual ED address on the only ED of a data center.

On a redundant ED, the virtual ED address must be the IP address of a loopback interface, and it cannot be the BGP peer IP address of the ED.

Redundant EDs cannot provide access service for local VMs. They can act only as EDs. For correct communication, do not redistribute external routes on only one of the redundant EDs. However, you can redistribute the same external routes on both EDs.

Procedure

1. Enter system view.

system-view

2. Configure a virtual ED address.

evpn edge group group-ip

By default, no virtual ED address is configured.

EVPN-DCI configuration examples

Example: Configuring a basic EVPN-DCI network

Network configuration

As shown in Figure 19:

· Configure VXLAN 10 on Router A through Router D to provide connectivity for the VMs in the data centers.

· Configure Router A and Router D as VTEPs, and configure Router B and Router C as EDs.

Figure 19 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing settings:

# Assign IP addresses to the interfaces, as shown in Figure 19. (Details not shown.)

# Configure OSPF on the transport network for the routers to reach one another. (Details not shown.)

2. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning.

[RouterA] vxlan tunnel mac-learning disable

# Create VXLAN 10 on VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target 123:456

[RouterA-vsi-vpna-evpn-vxlan] quit

[RouterA-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 100

[RouterA-bgp-default] peer 2.2.2.2 as-number 100

[RouterA-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 2.2.2.2 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

3. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning.

[RouterB] vxlan tunnel mac-learning disable

# Enable DCI on the Layer 3 interface that connects Router B to Router C for the routers to establish a VXLAN-DCI tunnel.

[RouterB] interface gigabitethernet 1/0/2

[RouterB-GigabitEthernet1/0/2] dci enable

[RouterB-GigabitEthernet1/0/2] quit

# Create VXLAN 10 on VSI vpna.

[RouterB] vsi vpna

[RouterB-vsi-vpna] vxlan 10

[RouterB-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterB-vsi-vpna] evpn encapsulation vxlan

[RouterB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpna-evpn-vxlan] vpn-target 123:456

[RouterB-vsi-vpna-evpn-vxlan] quit

[RouterB-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router A, and enable router MAC replacement for routes advertised to and received from Router C.

[RouterB] bgp 100

[RouterB-bgp-default] peer 3.3.3.3 as-number 200

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64

[RouterB-bgp-default] peer 1.1.1.1 as-number 100

[RouterB-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 3.3.3.3 enable

[RouterB-bgp-default-evpn] peer 3.3.3.3 router-mac-local

[RouterB-bgp-default-evpn] peer 1.1.1.1 enable

[RouterB-bgp-default-evpn] peer 1.1.1.1 next-hop-local

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

4. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning.

[RouterC] vxlan tunnel mac-learning disable

# Enable DCI on the Layer 3 interface that connects Router C to Router B for the routers to establish a VXLAN-DCI tunnel.

[RouterC] interface gigabitethernet 1/0/1

[RouterC-GigabitEthernet1/0/1] dci enable

[RouterC-GigabitEthernet1/0/1] quit

# Create VXLAN 10 on VSI vpna.

[RouterC] vsi vpna

[RouterC-vsi-vpna] vxlan 10

[RouterC-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterC-vsi-vpna] evpn encapsulation vxlan

[RouterC-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpna-evpn-vxlan] vpn-target 123:456

[RouterC-vsi-vpna-evpn-vxlan] quit

[RouterC-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router D, and enable router MAC replacement for routes advertised to and received from Router B.

[RouterC] bgp 200

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 2.2.2.2 enable

[RouterC-bgp-default-evpn] peer 2.2.2.2 router-mac-local

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

5. Configure Router D:

# Enable L2VPN.

<RouterD> system-view

[RouterD] l2vpn enable

# Disable remote MAC address learning.

[RouterD] vxlan tunnel mac-learning disable

# Create VXLAN 10 on VSI vpna.

[RouterD] vsi vpna

[RouterD-vsi-vpna] vxlan 10

[RouterD-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterD-vsi-vpna] evpn encapsulation vxlan

[RouterD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterD-vsi-vpna-evpn-vxlan] vpn-target 123:456

[RouterD-vsi-vpna-evpn-vxlan] quit

[RouterD-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterD] bgp 200

[RouterD-bgp-default] peer 3.3.3.3 as-number 200

[RouterD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer 3.3.3.3 enable

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterD] interface gigabitethernet 1/0/1

[RouterD-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterD-GigabitEthernet1/0/1] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Router B.)

# Verify that the ED has discovered Router A and Router C through IMET routes and has established VXLAN and VXLAN-DCI tunnels to the routers.

[RouterB] display evpn auto-discovery imet

Total number of automatically discovered peers: 3

VSI name: vpna

RD PE_address Tunnel_address Tunnel mode VXLAN ID

1:10 1.1.1.1 1.1.1.1 VXLAN 10

1:10 3.3.3.3 3.3.3.3 VXLAN-DCI 10

# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.

[RouterB] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN-DCI/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN and VXLAN-DCI tunnels have been assigned to the VXLAN.

[RouterB] display l2vpn vsi name vpna verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Auto Disabled

# Verify that the ED has generated EVPN MAC address entries for the VMs.

[RouterB] display evpn route mac

Flags: D - Dynamic B - BGP G - Gateway L - Local active M - Mapping

VSI name: vpna

MAC address Link ID/Name Flags Next hop

0001-0001-0011 Tunnel0 B 1.1.1.1

0001-0001-0033 Tunnel1 B 3.3.3.3

2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

Example: Configuring EVPN-DCI intermediate VXLAN mapping

Network configuration

As shown in Figure 20:

· Configure VXLAN 10 on VTEP Router A and ED Router B, and configure VXLAN 30 on VTEP Router D and ED Router C.

· Configure intermediate VXLAN mapping for VXLAN 10 and VXLAN 30 to have Layer 2 connectivity:

¡ Map VXLAN 10 to intermediate VXLAN 500 on Router B.

¡ Map VXLAN 30 to intermediate VXLAN 500 on Router C.

Figure 20 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing settings:

# Assign IP addresses to interfaces, as shown in Figure 20. (Details not shown.)

# Configure OSPF on the transport network for the routers to reach one another. (Details not shown.)

2. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning.

[RouterA] vxlan tunnel mac-learning disable

# Create VXLAN 10 on VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

[RouterA-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 100

[RouterA-bgp-default] peer 2.2.2.2 as-number 100

[RouterA-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 2.2.2.2 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

3. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning.

[RouterB] vxlan tunnel mac-learning disable

# Enable DCI on the Layer 3 interface that connects Router B to Router C for the routers to establish a VXLAN-DCI tunnel.

[RouterB] interface gigabitethernet 1/0/2

[RouterB-GigabitEthernet1/0/2] dci enable

[RouterB-GigabitEthernet1/0/2] quit

# Create VXLAN 10 on VSI vpna.

[RouterB] vsi vpna

[RouterB-vsi-vpna] vxlan 10

[RouterB-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterB-vsi-vpna] evpn encapsulation vxlan

[RouterB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpna-evpn-vxlan] vpn-target auto

# Map local VXLAN 10 to intermediate VXLAN 500.

[RouterB-vsi-vpna-evpn-vxlan] mapping vni 500

[RouterB-vsi-vpna-evpn-vxlan] quit

[RouterB-vsi-vpna] quit

# Create VXLAN 500 on VSI vpnb. The router will replace the VXLAN ID of VXLAN 10's traffic with VXLAN ID 500 when performing Layer 2 forwarding.

[RouterB] vsi vpnb

[RouterB-vsi-vpnb] vxlan 500

[RouterB-vsi-vpnb-vxlan-500] quit

# Create an EVPN instance on VSI vpnb. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterB-vsi-vpnb] evpn encapsulation vxlan

[RouterB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterB-vsi-vpnb-evpn-vxlan] vpn-target 123:456

[RouterB-vsi-vpnb-evpn-vxlan] quit

[RouterB-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router A, and enable router MAC replacement for routes advertised to and received from Router C.

[RouterB] bgp 100

[RouterB-bgp-default] peer 3.3.3.3 as-number 200

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64

[RouterB-bgp-default] peer 1.1.1.1 as-number 100

[RouterB-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 3.3.3.3 enable

[RouterB-bgp-default-evpn] peer 3.3.3.3 router-mac-local

[RouterB-bgp-default-evpn] peer 1.1.1.1 enable

[RouterB-bgp-default-evpn] peer 1.1.1.1 next-hop-local

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

4. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning.

[RouterC] vxlan tunnel mac-learning disable

# Enable DCI on the Layer 3 interface that connects Router C to Router B for the routers to establish a VXLAN-DCI tunnel.

[RouterC] interface gigabitethernet 1/0/1

[RouterC-GigabitEthernet1/0/1] dci enable

[RouterC-GigabitEthernet1/0/1] quit

# Create VXLAN 30 on VSI vpna.

[RouterC] vsi vpna

[RouterC-vsi-vpna] vxlan 30

[RouterC-vsi-vpna-vxlan-30] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterC-vsi-vpna] evpn encapsulation vxlan

[RouterC-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpna-evpn-vxlan] vpn-target auto

# Map local VXLAN 30 to intermediate VXLAN 500.

[RouterC-vsi-vpna-evpn-vxlan] mapping vni 500

[RouterC-vsi-vpna-evpn-vxlan] quit

[RouterC-vsi-vpna] quit

# Create VXLAN 500 on VSI vpnb. The router will replace the VXLAN ID of VXLAN 30's traffic with VXLAN ID 500 when performing Layer 2 forwarding.

[RouterC] vsi vpnb

[RouterC-vsi-vpnb] vxlan 500

[RouterC-vsi-vpnb-vxlan-500] quit

# Create an EVPN instance on VSI vpnb. Configure the router to automatically generate an RD, and manually configure a route target for the EVPN instance.

[RouterC-vsi-vpnb] evpn encapsulation vxlan

[RouterC-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterC-vsi-vpnb-evpn-vxlan] vpn-target 123:456

[RouterC-vsi-vpnb-evpn-vxlan] quit

[RouterC-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router D, and enable router MAC replacement for routes advertised to and received from Router B.

[RouterC] bgp 200

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 2.2.2.2 enable

[RouterC-bgp-default-evpn] peer 2.2.2.2 router-mac-local

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

5. Configure Router D:

# Enable L2VPN.

<RouterD> system-view

[RouterD] l2vpn enable

# Disable remote MAC address learning.

[RouterD] vxlan tunnel mac-learning disable

# Create VXLAN 30 on VSI vpna.

[RouterD] vsi vpna

[RouterD-vsi-vpna] vxlan 30

[RouterD-vsi-vpna-vxlan-30] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterD-vsi-vpna] evpn encapsulation vxlan

[RouterD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterD-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterD-vsi-vpna-evpn-vxlan] quit

[RouterD-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterD] bgp 200

[RouterD-bgp-default] peer 3.3.3.3 as-number 200

[RouterD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer 3.3.3.3 enable

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterD] interface gigabitethernet 1/0/1

[RouterD-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterD-GigabitEthernet1/0/1] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Router B.)

# Verify that the ED has discovered Router A and Router C through IMET routes and has established VXLAN and VXLAN-DCI tunnels to the routers.

[RouterB] display evpn auto-discovery imet

Total number of automatically discovered peers: 2

VSI name: vpna

RD PE_address Tunnel_address Tunnel mode VXLAN ID

1:10 1.1.1.1 1.1.1.1 VXLAN 10

1:500 3.3.3.3 3.3.3.3 VXLAN-DCI 500

# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.

[RouterB] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN-DCI/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the VXLAN and VXLAN-DCI tunnels have been assigned to VXLAN 10, and that no tunnels are assigned to intermediate VXLAN 500.

[RouterB] display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1

VSI State : Down

MTU : 1500

Bandwidth : Unlimited

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

Drop Unknown : Disabled

PW Redundancy : Slave

Flooding : Enabled

Service Class : -

VXLAN ID : 500

# Verify that the ED has generated EVPN MAC address entries for the VMs, and the remote MAC address entry has the M flag.

[RouterB] display evpn route mac

Flags: D - Dynamic B - BGP G - Gateway L - Local active M - Mapping

VSI name: vpna

MAC address Link ID/Name Flags Next hop

0001-0001-0011 Tunnel0 B 1.1.1.1

0001-0001-0033 Tunnel1 BM 3.3.3.3

2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

Example: Configuring EVPN-DCI Layer 3 communication

Network configuration

As shown in Figure 21:

· Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.

· Configure Router A and Router D as distributed EVPN gateways to perform Layer 3 forwarding between VXLAN 10 and VXLAN 20.

· Configure Router B and Router C as EDs.

Figure 21 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing settings:

# On VM 1, specify 10.1.1.1 as the gateway address. On VM 2, specify 10.1.2.1 as the gateway address. (Details not shown.)

# Assign IP addresses to interfaces, as shown in Figure 21. (Details not shown.)

# Configure OSPF on the transport network for the routers to reach one another. (Details not shown.)

2. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterA] vxlan tunnel mac-learning disable

[RouterA] vxlan tunnel arp-learning disable

# Create VXLAN 10 on VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

[RouterA-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 100

[RouterA-bgp-default] peer 2.2.2.2 as-number 100

[RouterA-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 2.2.2.2 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterA] ip vpn-instance vpn1

[RouterA-vpn-instance-vpn1] route-distinguisher 1:1

[RouterA-vpn-instance-vpn1] address-family ipv4

[RouterA-vpn-ipv4-vpn1] vpn-target 2:2

[RouterA-vpn-ipv4-vpn1] quit

[RouterA-vpn-instance-vpn1] address-family evpn

[RouterA-vpn-evpn-vpn1] vpn-target 1:1

[RouterA-vpn-evpn-vpn1] quit

[RouterA-vpn-instance-vpn1] quit

# Configure VSI-interface 1 as a distributed gateway.

[RouterA] interface vsi-interface 1

[RouterA-Vsi-interface1] ip binding vpn-instance vpn1

[RouterA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[RouterA-Vsi-interface1] mac-address 1-1-1

[RouterA-Vsi-interface1] distributed-gateway local

[RouterA-Vsi-interface1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterA] interface vsi-interface 2

[RouterA-Vsi-interface2] ip binding vpn-instance vpn1

[RouterA-Vsi-interface2] l3-vni 1000

[RouterA-Vsi-interface2] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] gateway vsi-interface 1

[RouterA-vsi-vpna] quit

3. Configure Router B:

# Enable L2VPN.

<RouterB> system-view

[RouterB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterB] vxlan tunnel mac-learning disable

[RouterB] vxlan tunnel arp-learning disable

# Enable DCI on the Layer 3 interface that connects Router B to Router C for the routers to establish a VXLAN-DCI tunnel.

[RouterB] interface gigabitethernet 1/0/2

[RouterB-GigabitEthernet1/0/2] dci enable

[RouterB-GigabitEthernet1/0/2] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router A, and enable router MAC replacement for routes advertised to and received from Router C.

[RouterB] bgp 100

[RouterB-bgp-default] peer 3.3.3.3 as-number 200

[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterB-bgp-default] peer 3.3.3.3 ebgp-max-hop 64

[RouterB-bgp-default] peer 1.1.1.1 as-number 100

[RouterB-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] peer 3.3.3.3 enable

[RouterB-bgp-default-evpn] peer 3.3.3.3 router-mac-local

[RouterB-bgp-default-evpn] peer 1.1.1.1 enable

[RouterB-bgp-default-evpn] peer 1.1.1.1 next-hop-local

[RouterB-bgp-default-evpn] quit

[RouterB-bgp-default] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterB] ip vpn-instance vpn1

[RouterB-vpn-instance-vpn1] route-distinguisher 1:2

[RouterB-vpn-instance-vpn1] address-family ipv4

[RouterB-vpn-ipv4-vpn1] vpn-target 2:2

[RouterB-vpn-ipv4-vpn1] quit

[RouterB-vpn-instance-vpn1] address-family evpn

[RouterB-vpn-evpn-vpn1] vpn-target 1:1

[RouterB-vpn-evpn-vpn1] quit

[RouterB-vpn-instance-vpn1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterB] interface vsi-interface 2

[RouterB-Vsi-interface2] ip binding vpn-instance vpn1

[RouterB-Vsi-interface2] l3-vni 1000

[RouterB-Vsi-interface2] quit

4. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterC] vxlan tunnel mac-learning disable

[RouterC] vxlan tunnel arp-learning disable

# Enable DCI on the Layer 3 interface that connects Router C to Router B For the routers to establish a VXLAN-DCI tunnel.

[RouterC] interface gigabitethernet 1/0/1

[RouterC-GigabitEthernet1/0/1] dci enable

[RouterC-GigabitEthernet1/0/1] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router D, and enable router MAC replacement for routes advertised to and received from Router B.

[RouterC] bgp 200

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] peer 2.2.2.2 ebgp-max-hop 64

[RouterC-bgp-default] peer 4.4.4.4 as-number 200

[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 2.2.2.2 enable

[RouterC-bgp-default-evpn] peer 2.2.2.2 router-mac-local

[RouterC-bgp-default-evpn] peer 4.4.4.4 enable

[RouterC-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterC] ip vpn-instance vpn1

[RouterC-vpn-instance-vpn1] route-distinguisher 1:3

[RouterC-vpn-instance-vpn1] address-family ipv4

[RouterC-vpn-ipv4-vpn1] vpn-target 2:2

[RouterC-vpn-ipv4-vpn1] quit

[RouterC-vpn-instance-vpn1] address-family evpn

[RouterC-vpn-evpn-vpn1] vpn-target 1:1

[RouterC-vpn-evpn-vpn1] quit

[RouterC-vpn-instance-vpn1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterC] interface vsi-interface 2

[RouterC-Vsi-interface2] ip binding vpn-instance vpn1

[RouterC-Vsi-interface2] l3-vni 1000

[RouterC-Vsi-interface2] quit

5. Configure Router D:

# Enable L2VPN.

<RouterD> system-view

[RouterD] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterD] vxlan tunnel mac-learning disable

[RouterD] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpnb. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterD] vsi vpnb

[RouterD-vsi-vpnb] evpn encapsulation vxlan

[RouterD-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterD-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterD-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20 on VSI vpnb.

[RouterD-vsi-vpnb] vxlan 20

[RouterD-vsi-vpnb-vxlan-20] quit

[RouterD-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterD] bgp 200

[RouterD-bgp-default] peer 3.3.3.3 as-number 200

[RouterD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer 3.3.3.3 enable

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

# Map site-facing interface GigabitEthernet 1/0/1 to VSI vpnb.

[RouterD] interface gigabitethernet 1/0/1

[RouterD-GigabitEthernet1/0/1] xconnect vsi vpnb

[RouterD-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterD] ip vpn-instance vpn1

[RouterD-vpn-instance-vpn1] route-distinguisher 1:4

[RouterD-vpn-instance-vpn1] address-family ipv4

[RouterD-vpn-ipv4-vpn1] vpn-target 2:2

[RouterD-vpn-ipv4-vpn1] quit

[RouterD-vpn-instance-vpn1] address-family evpn

[RouterD-vpn-evpn-vpn1] vpn-target 1:1

[RouterD-vpn-evpn-vpn1] quit

[RouterD-vpn-instance-vpn1] quit

# Configure VSI-interface 1 as a distributed gateway.

[RouterD] interface vsi-interface 1

[RouterD-Vsi-interface1] ip binding vpn-instance vpn1

[RouterD-Vsi-interface1] ip address 10.1.2.1 255.255.255.0

[RouterD-Vsi-interface1] mac-address 1-2-1

[RouterD-Vsi-interface1] distributed-gateway local

[RouterD-Vsi-interface1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterD] interface vsi-interface 2

[RouterD-Vsi-interface2] ip binding vpn-instance vpn1

[RouterD-Vsi-interface2] l3-vni 1000

[RouterD-Vsi-interface2] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnb.

[RouterD] vsi vpnb

[RouterD-vsi-vpnb] gateway vsi-interface 1

[RouterD-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Router B.)

# Verify that the ED has discovered Router A and Router C through MAC/IP advertisement routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI tunnels to the routers.

[RouterB] display evpn auto-discovery macip-prefix

Destination IP Source IP L3VNI Tunnel mode OutgoingInterface

1.1.1.1 2.2.2.2 1000 VXLAN Vsi-interface2

3.3.3.3 2.2.2.2 1000 VXLAN-DCI Vsi-interface2

# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.

[RouterB] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN-DCI/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the ED has EVPN ARP entries and EVPN routes for the VMs.

[RouterB] display arp vpn-instance vpn1

Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface/Link ID Aging Type

1.1.1.1 0031-1900-0000 Auto_L3VNI100 Tunnel0 -- R

0_2

3.3.3.3 0031-3900-0000 Auto_L3VNI100 Tunnel1 -- R

0_2

[RouterB] display ip routing-table vpn-instance vpn1

Destinations : 4 Routes : 4

Destination/Mask Proto Pre Cost NextHop Interface

10.1.1.0/24 BGP 255 0 1.1.1.1 Vsi2

10.1.1.11/32 BGP 255 0 1.1.1.1 Vsi2

10.1.2.0/24 BGP 255 0 3.3.3.3 Vsi2

10.1.2.22/32 BGP 255 0 3.3.3.3 Vsi2

2. Verify that VM 1 and VM 2 can communicate. (Details not shown.)

Example: Configuring EVPN-DCI dual-homing

Network configuration

As shown in Figure 22:

· Configure VXLAN 10 for data center 1, and configure VXLAN 20 for data center 2.

· Configure Router A and Router G as distributed EVPN gateways to perform Layer 3 forwarding between VXLAN 10 and VXLAN 20.

· Configure Router C and Router D as EDs of data center 1, and configure Router F as the ED of data center 2.

· Configure Router B as an RR.

Figure 22 Network diagram

‌

Procedure

1. Configure IP addresses and unicast routing settings:

# On VM 1, specify 100.1.1.1 as the gateway address. On VM 2, specify 100.1.2.1 as the gateway address. (Details not shown.)

# Assign IP addresses to the interfaces, as shown in Figure 22. (Details not shown.)

# Configure OSPF for the routers to reach one another. (Details not shown.)

2. Configure Router A:

# Enable L2VPN.

<RouterA> system-view

[RouterA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterA] vxlan tunnel mac-learning disable

[RouterA] vxlan tunnel arp-learning disable

# Create VXLAN 10 on VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] vxlan 10

[RouterA-vsi-vpna-vxlan-10] quit

# Create an EVPN instance on VSI vpna. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterA-vsi-vpna] evpn encapsulation vxlan

[RouterA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[RouterA-vsi-vpna-evpn-vxlan] vpn-target auto

[RouterA-vsi-vpna-evpn-vxlan] quit

[RouterA-vsi-vpna] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterA] bgp 100

[RouterA-bgp-default] peer 2.2.2.2 as-number 100

[RouterA-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterA-bgp-default] address-family l2vpn evpn

[RouterA-bgp-default-evpn] peer 2.2.2.2 enable

[RouterA-bgp-default-evpn] quit

[RouterA-bgp-default] quit

# Map GigabitEthernet 1/0/1 to VSI vpna.

[RouterA] interface gigabitethernet 1/0/1

[RouterA-GigabitEthernet1/0/1] xconnect vsi vpna

[RouterA-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterA] ip vpn-instance vpn1

[RouterA-vpn-instance-vpn1] route-distinguisher 1:1

[RouterA-vpn-instance-vpn1] address-family ipv4

[RouterA-vpn-ipv4-vpn1] vpn-target 2:2

[RouterA-vpn-ipv4-vpn1] quit

[RouterA-vpn-instance-vpn1] address-family evpn

[RouterA-vpn-evpn-vpn1] vpn-target 1:1

[RouterA-vpn-evpn-vpn1] quit

[RouterA-vpn-instance-vpn1] quit

# Configure VSI-interface 1 as a distributed gateway.

[RouterA] interface vsi-interface 1

[RouterA-Vsi-interface1] ip binding vpn-instance vpn1

[RouterA-Vsi-interface1] ip address 100.1.1.1 255.255.255.0

[RouterA-Vsi-interface1] mac-address 1-1-1

[RouterA-Vsi-interface1] distributed-gateway local

[RouterA-Vsi-interface1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterA] interface vsi-interface 2

[RouterA-Vsi-interface2] ip binding vpn-instance vpn1

[RouterA-Vsi-interface2] l3-vni 1000

[RouterA-Vsi-interface2] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[RouterA] vsi vpna

[RouterA-vsi-vpna] gateway vsi-interface 1

[RouterA-vsi-vpna] quit

3. Configure Router B as an RR.

<RouterB> system-view

[RouterB] bgp 100

[RouterB-bgp-default] group evpn internal

[RouterB-bgp-default] peer evpn connect-interface loopback 0

[RouterB-bgp-default] peer 1.1.1.1 group evpn

[RouterB-bgp-default] peer 3.3.3.3 group evpn

[RouterB-bgp-default] peer 4.4.4.4 group evpn

[RouterB-bgp-default] address-family l2vpn evpn

[RouterB-bgp-default-evpn] undo policy vpn-target

[RouterB-bgp-default-evpn] peer evpn enable

[RouterB-bgp-default-evpn] peer evpn reflect-client

[RouterB-bgp-default-evpn] quit

4. Configure Router C:

# Enable L2VPN.

<RouterC> system-view

[RouterC] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterC] vxlan tunnel mac-learning disable

[RouterC] vxlan tunnel arp-learning disable

# Enable DCI on the Layer 3 interface that connects Router C to Router E for automatic VXLAN-DCI tunnel establishment.

[RouterC] interface gigabitethernet 1/0/1

[RouterC-GigabitEthernet1/0/1] dci enable

[RouterC-GigabitEthernet1/0/1] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router B, and enable router MAC replacement for routes advertised to and received from Router F.

[RouterC] bgp 100

[RouterC-bgp-default] peer 6.6.6.6 as-number 200

[RouterC-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[RouterC-bgp-default] peer 6.6.6.6 ebgp-max-hop 64

[RouterC-bgp-default] peer 2.2.2.2 as-number 100

[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterC-bgp-default] address-family l2vpn evpn

[RouterC-bgp-default-evpn] peer 6.6.6.6 enable

[RouterC-bgp-default-evpn] peer 6.6.6.6 router-mac-local

[RouterC-bgp-default-evpn] peer 2.2.2.2 enable

[RouterC-bgp-default-evpn] peer 2.2.2.2 next-hop-local

[RouterC-bgp-default-evpn] quit

[RouterC-bgp-default] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterC] ip vpn-instance vpn1

[RouterC-vpn-instance-vpn1] route-distinguisher 1:2

[RouterC-vpn-instance-vpn1] address-family ipv4

[RouterC-vpn-ipv4-vpn1] vpn-target 2:2

[RouterC-vpn-ipv4-vpn1] quit

[RouterC-vpn-instance-vpn1] address-family evpn

[RouterC-vpn-evpn-vpn1] vpn-target 1:1

[RouterC-vpn-evpn-vpn1] quit

[RouterC-vpn-instance-vpn1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterC] interface vsi-interface 2

[RouterC-Vsi-interface2] ip binding vpn-instance vpn1

[RouterC-Vsi-interface2] l3-vni 1000

[RouterC-Vsi-interface2] mac-address 1-2-3

[RouterC-Vsi-interface2] quit

# Configure 1.2.3.4 as the virtual ED address, and assign the IP address to Loopback 2. Configure OSPF to advertise the virtual ED address.

[RouterC] evpn edge group 1.2.3.4

[RouterC] interface loopback 2

[RouterC-LoopBack2] ip address 1.2.3.4 32

[RouterC-LoopBack2] quit

[RouterC] ospf

[RouterC-ospf-1] area 0

[RouterC-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[RouterC-ospf-1-area-0.0.0.0] quit

[RouterC-ospf-1] quit

# Configure monitor link group 1 to associate GigabitEthernet 1/0/1 with Loopback 0. Set the switchover delay for the downlink interface to 90 seconds.

[RouterC] undo monitor-link disable

[RouterC] monitor-link group 1

[RouterC-mtlk-group1] port gigabitethernet 1/0/1 uplink

[RouterC-mtlk-group1] port loopback 0 downlink

[RouterC-mtlk-group1] downlink up-delay 90

[RouterC-mtlk-group1] quit

5. Configure Router D:

# Enable L2VPN.

<RouterD> system-view

[RouterD] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterD] vxlan tunnel mac-learning disable

[RouterD] vxlan tunnel arp-learning disable

# Enable DCI on the Layer 3 interface that connects Router D to Router E for automatic VXLAN-DCI tunnel establishment.

[RouterD] interface gigabitethernet 1/0/1

[RouterD-GigabitEthernet1/0/1] dci enable

[RouterD-GigabitEthernet1/0/1] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router B, and enable router MAC replacement for routes advertised to and received from Router F.

[RouterD] bgp 100

[RouterD-bgp-default] peer 6.6.6.6 as-number 200

[RouterD-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[RouterD-bgp-default] peer 6.6.6.6 ebgp-max-hop 64

[RouterD-bgp-default] peer 2.2.2.2 as-number 100

[RouterD-bgp-default] peer 2.2.2.2 connect-interface loopback 0

[RouterD-bgp-default] address-family l2vpn evpn

[RouterD-bgp-default-evpn] peer 6.6.6.6 enable

[RouterD-bgp-default-evpn] peer 6.6.6.6 router-mac-local

[RouterD-bgp-default-evpn] peer 2.2.2.2 enable

[RouterD-bgp-default-evpn] peer 2.2.2.2 next-hop-local

[RouterD-bgp-default-evpn] quit

[RouterD-bgp-default] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterD] ip vpn-instance vpn1

[RouterD-vpn-instance-vpn1] route-distinguisher 1:2

[RouterD-vpn-instance-vpn1] address-family ipv4

[RouterD-vpn-ipv4-vpn1] vpn-target 2:2

[RouterD-vpn-ipv4-vpn1] quit

[RouterD-vpn-instance-vpn1] address-family evpn

[RouterD-vpn-evpn-vpn1] vpn-target 1:1

[RouterD-vpn-evpn-vpn1] quit

[RouterD-vpn-instance-vpn1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterD] interface vsi-interface 2

[RouterD-Vsi-interface2] ip binding vpn-instance vpn1

[RouterD-Vsi-interface2] l3-vni 1000

[RouterD-Vsi-interface2] mac-address 1-2-3

[RouterD-Vsi-interface2] quit

# Configure 1.2.3.4 as the virtual ED address, and assign the IP address to Loopback 2. Configure OSPF to advertise the virtual ED address.

[RouterD] evpn edge group 1.2.3.4

[RouterD] interface loopback 2

[RouterD-LoopBack2] ip address 1.2.3.4 32

[RouterD-LoopBack2] quit

[RouterD] ospf

[RouterD-ospf-1] area 0

[RouterD-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[RouterD-ospf-1-area-0.0.0.0] quit

[RouterD-ospf-1] quit

# Configure monitor link group 1 to associate GigabitEthernet 1/0/1 with Loopback 0. Set the switchover delay for the downlink interface to 90 seconds.

[RouterD] undo monitor-link disable

[RouterD] monitor-link group 1

[RouterD-mtlk-group1] port gigabitethernet 1/0/1 uplink

[RouterD-mtlk-group1] port loopback 0 downlink

[RouterD-mtlk-group1] downlink up-delay 90

[RouterD-mtlk-group1] quit

6. Configure Router F:

# Enable L2VPN.

<RouterF> system-view

[RouterF] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterF] vxlan tunnel mac-learning disable

[RouterF] vxlan tunnel arp-learning disable

# Enable DCI on the Layer 3 interface that connects Router F to Router E for automatic VXLAN-DCI tunnel establishment.

[RouterF] interface gigabitethernet 1/0/1

[RouterF-GigabitEthernet1/0/1] dci enable

[RouterF-GigabitEthernet1/0/1] quit

# Configure BGP to advertise BGP EVPN routes. Enable nexthop replacement for routes advertised to Router G, and enable router MAC replacement for routes advertised to and received from Router C and Router D.

[RouterF] bgp 200

[RouterF-bgp-default] peer 3.3.3.3 as-number 100

[RouterF-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[RouterF-bgp-default] peer 3.3.3.3 ebgp-max-hop 64

[RouterF-bgp-default] peer 4.4.4.4 as-number 100

[RouterF-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[RouterF-bgp-default] peer 4.4.4.4 ebgp-max-hop 64

[RouterF-bgp-default] peer 7.7.7.7 as-number 200

[RouterF-bgp-default] peer 7.7.7.7 connect-interface loopback 0

[RouterF-bgp-default] address-family l2vpn evpn

[RouterF-bgp-default-evpn] peer 3.3.3.3 enable

[RouterF-bgp-default-evpn] peer 3.3.3.3 router-mac-local

[RouterF-bgp-default-evpn] peer 4.4.4.4 enable

[RouterF-bgp-default-evpn] peer 4.4.4.4 router-mac-local

[RouterF-bgp-default-evpn] peer 7.7.7.7 enable

[RouterF-bgp-default-evpn] peer 7.7.7.7 next-hop-local

[RouterF-bgp-default-evpn] quit

[RouterF-bgp-default] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterF] ip vpn-instance vpn1

[RouterF-vpn-instance-vpn1] route-distinguisher 1:4

[RouterF-vpn-instance-vpn1] address-family ipv4

[RouterF-vpn-ipv4-vpn1] vpn-target 2:2

[RouterF-vpn-ipv4-vpn1] quit

[RouterF-vpn-instance-vpn1] address-family evpn

[RouterF-vpn-evpn-vpn1] vpn-target 1:1

[RouterF-vpn-evpn-vpn1] quit

[RouterF-vpn-instance-vpn1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterF] interface vsi-interface 2

[RouterF-Vsi-interface2] ip binding vpn-instance vpn1

[RouterF-Vsi-interface2] l3-vni 1000

[RouterF-Vsi-interface2] quit

7. Configure Router G:

# Enable L2VPN.

<RouterG> system-view

[RouterG] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[RouterG] vxlan tunnel mac-learning disable

[RouterG] vxlan tunnel arp-learning disable

# Create VXLAN 20 on VSI vpnb.

[RouterG] vsi vpnb

[RouterG-vsi-vpnb] vxlan 20

[RouterG-vsi-vpnb-vxlan-20] quit

# Create an EVPN instance on VSI vpnb. Configure the router to automatically generate an RD and a route target for the EVPN instance.

[RouterG-vsi-vpnb] evpn encapsulation vxlan

[RouterG-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[RouterG-vsi-vpnb-evpn-vxlan] vpn-target auto

[RouterG-vsi-vpnb-evpn-vxlan] quit

[RouterG-vsi-vpnb] quit

# Configure BGP to advertise BGP EVPN routes.

[RouterG] bgp 200

[RouterG-bgp-default] peer 6.6.6.6 as-number 200

[RouterG-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[RouterG-bgp-default] address-family l2vpn evpn

[RouterG-bgp-default-evpn] peer 6.6.6.6 enable

[RouterG-bgp-default-evpn] quit

[RouterG-bgp-default] quit

# Map GigabitEthernet 1/0/1 to VSI vpnb.

[RouterG] interface gigabitethernet 1/0/1

[RouterG-GigabitEthernet1/0/1] xconnect vsi vpnb

[RouterG-GigabitEthernet1/0/1] quit

# Configure RD and route target settings for VPN instance vpn1.

[RouterG] ip vpn-instance vpn1

[RouterG-vpn-instance-vpn1] route-distinguisher 1:4

[RouterG-vpn-instance-vpn1] address-family ipv4

[RouterG-vpn-ipv4-vpn1] vpn-target 2:2

[RouterG-vpn-ipv4-vpn1] quit

[RouterG-vpn-instance-vpn1] address-family evpn

[RouterG-vpn-evpn-vpn1] vpn-target 1:1

[RouterG-vpn-evpn-vpn1] quit

[RouterG-vpn-instance-vpn1] quit

# Configure VSI-interface 1 as a distributed gateway.

[RouterG] interface vsi-interface 1

[RouterG-Vsi-interface1] ip binding vpn-instance vpn1

[RouterG-Vsi-interface1] ip address 100.1.2.1 255.255.255.0

[RouterG-Vsi-interface1] mac-address 2-2-2

[RouterG-Vsi-interface1] distributed-gateway local

[RouterG-Vsi-interface1] quit

# Create VSI-interface 2. Associate VSI-interface 2 with VPN instance vpn1, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[RouterG] interface vsi-interface 2

[RouterG-Vsi-interface2] ip binding vpn-instance vpn1

[RouterG-Vsi-interface2] l3-vni 1000

[RouterG-Vsi-interface2] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpnb.

[RouterG] vsi vpnb

[RouterG-vsi-vpnb] gateway vsi-interface 1

[RouterG-vsi-vpnb] quit

Verifying the configuration

1. Verify the configuration on EDs. (This example uses Router C.)

# Verify that the ED has discovered Router A and Router F through MAC/IP advertisement routes and IP prefix advertisement routes, and has established VXLAN and VXLAN-DCI tunnels to the routers.

[RouterC] display evpn auto-discovery macip-prefix

Destination IP Source IP L3VNI Tunnel mode OutInterface

1.1.1.1 1.2.3.4 1000 VXLAN Vsi-interface2

6.6.6.6 1.2.3.4 1000 VXLAN-DCI Vsi-interface2

# Verify that the VXLAN and VXLAN-DCI tunnels on the ED are up.

[RouterC] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 6.6.6.6

Tunnel protocol/transport UDP_VXLAN-DCI/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the ED has ARP entries and routes for the VMs.

[RouterC] display arp vpn-instance vpn1

Type: S Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface/Link ID Aging Type

1.1.1.1 0031-1900-0000 Auto_L3VNI100 Tunnel0 -- R

0_2

6.6.6.6 0031-3900-0000 Auto_L3VNI100 Tunnel1 -- R

0_2

[RouterC] display ip routing-table vpn-instance vpn1

Destinations : 4 Routes : 4

Destination/Mask Proto Pre Cost NextHop Interface

100.1.1.0/24 BGP 255 0 1.1.1.1 Vsi2

100.1.1.10/32 BGP 255 0 1.1.1.1 Vsi2

100.1.2.0/24 BGP 255 0 6.6.6.6 Vsi2

100.1.2.20/32 BGP 255 0 6.6.6.6 Vsi2

2. Verify the configuration on Router A:

# Verify that the router has discovered the virtual ED through MAC/IP advertisement routes and IP prefix advertisement routes, and has established a VXLAN tunnel to the virtual ED.

[RouterA] display evpn auto-discovery macip-prefix

Destination IP Source IP L3VNI Tunnel mode OutInterface

1.2.3.4 1.1.1.1 1000 VXLAN Vsi-interface2

# Verify that the VXLAN tunnel on the router is up.

[RouterA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 64000

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 1.2.3.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the router has ARP entries and routes for the VMs.

[RouterA] display arp vpn-instance vpn1

Type: S Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid

IP address MAC address VLAN/VSI name Interface/Link ID Aging Type

1.2.3.4 0031-1900-0001 Auto_L3VNI100 Tunnel0 -- R

0_2

[RouterA] display ip routing-table vpn-instance vpn1

Destinations : 4 Routes : 4

Destination/Mask Proto Pre Cost NextHop Interface

100.1.2.0/24 BGP 255 0 1.2.3.4 Vsi2

100.1.2.10/32 BGP 255 0 1.2.3.4 Vsi2

3. Verify that VM 1 and VM 2 can communicate when both Router C and Router D are working correctly and when Router C or Router D fails. (Details not shown.)

24-EVPN Configuration Guide

EVPN network model

Configuration automation

Assignment of traffic to VXLANs

Centralized EVPN gateway deployment

Distributed EVPN gateway deployment

Symmetric IRB

VSI interfaces

Layer 3 forwarding entry learning

Traffic forwarding

Communication between private and public networks

ARP flood suppression

Restrictions and guidelines: EVPN configuration

Configuring VSI parameters

About this task

Procedure

Configuring BGP to advertise BGP EVPN routes

Mapping ACs to a VSI

About this task

Procedure

Restrictions and guidelines

Procedure

Configuring a distributed EVPN gateway

About this task

Procedure

Configuring an L3 VXLAN ID for the VSI interface of a VPN instance

Configuring an L3 VXLAN ID for the VSI interface of the public instance

About this task

Restrictions and guidelines

Procedure

Managing remote MAC address entries and remote ARP learning

Disabling remote MAC address learning and remote ARP learning

About this task

Procedure

About this task

Procedure

About this task

Procedure

About this task

Procedure (BGP instance view)

Procedure (BGP-VPN instance view)

About this task

Procedure

About this task

Procedure

Enabling ARP flood suppression

About this task

Procedure

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Configuring EVPN-DCI

Enabling DCI

About this task

Procedure

About this task

Procedure

Enabling BGP VPNv4 route advertisement for the BGP EVPN address family

About this task

Restrictions and guidelines

Procedure

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Cloud & AI