Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure EVPN VxLAN Tunnel

Configuration Condition

Before configuring the BGP EVPN mode to deploy the VxLAN service, first complete the following tasks:

  • Configure the link-layer protocol, ensuring the normal communication of the link layer
  • Configure the network-layer address of the interface, making the neighboring network node reachable at the network layer

Configure NVE to Enable the EVPN Protocol

After NVE activates EVPN, automatically negotiate and set up the VxLAN tunnel automatically between VTEPs via the BGP EVPN protocol.

Table 1-10 Configure the dynamic VxLAN tunnel

Step

Command

Description

Global configuration mode

configure terminal

-

NVE interface configuration mode

interface nve nve-number

Mandatory

Configure the specified VxLAN instance to associate NVE

vxlan vxlan-id

Mandatory

By default, do not associate.

Specify the VxLAN instance to use EVPN

vxlan vxlan-id ingress-replication

Optional

to set up the header copy list

protocol bgp

By default, do not specify.

Configure the EVPN Attributes of the VxLAN Instance

RD is used to identify EVPN routes generated by different VxLANs, so as to achieve isolation between different VxLANs; route-target is used to control the import and export of EVPN routes. When VTEP initiates EVPN routes, it carries the Export RT attribute. When VTEP decides to which VxLAN the EVPN route is imported, the Export RT attribute carried by the route is used to match the Import RT of the local VxLAN.

Table 1-11 Configure the VxLAN EVPN attributes

Step

Command

Description

Global configuration mode

configure terminal

-

VxLAN instance configuration mode

vxlan vxlan-id

Mandatory

In the VxLAN configuration mode, you can enter the EVPN configuration mode.

VxLAN EVPN

configuration mode

address-family evpn

Mandatory

After entering the VxLAN EVPN mode, you can configure the VxLAN EVPN attributes.

Configure VxLAN rd

rd route-distinguisher

Mandatory

By default, do not configure VxLAN RD.

Configure VxLAN route-target

route-target [both|export|import { ASN:nn|IP-address:nn}

Mandatory

By default, do not configure the Export, Import RT attributes of VxLAN.

Configure the EVPN Attributes of the VRF Instance (Optional)

Only when the distributed gateway is deployed, the EVPN attribute of VRF instance needs to be configured. This configuration is ignored in centralized gateway deployment.

Table 1-12 Configure the EVPN attributes of the VRF instance

Step

Command

Description

Global configuration mode

configure terminal

-

Enter the VRF configuration mode

ip vrf vrf-name

Mandatory

Configure L3VNID

l3vnid vnid-number

Mandatory

By default, it is not configured.L3VNID.

Enter the VRF EVPN address family configuration mode

address-family evpn

Mandatory

Configure the route-target of VRF EVPN

route-target [ both | export | import ] { ASN:nn|IP-address:nn}

Mandatory

By default, do not configure the Import and Export attribute.

Associate VRF EVPN with the egress route policy.

export map route-map-name

Optional

By default, VRF EVPN is not associated with the egress route policy.

Associate VRF EVPN with the ingress route policy.

import map route-map-name

Optional

By default, VRF EVPN is not associated with the ingress route policy.

Configure BGP to Enable EVPN

BGP enables the EVPN capability, making BGP learn the EVPN route, create dynamic VxLAN tunnel, form the VxLAN session and add to the forwarding table, and guide the VxLAN packet forwarding.

Table 1-13 Configure BGP EVPN to enable EVPN

Step

Command

Description

Global configuration mode

configure terminal

-

Enable the BGP protocol and enter the BGP configuration mode

router bgp autonomous-system

Mandatory

By default, it is not enabled.

Configure the BGP neighbor

neighbor { neighbor-address | peer-group-name } remote-as as-number

Mandatory

By default, do not create any BGP neighbor.

Configure the source address of the TCP session of the BGP neighbor

neighbor { neighbor-address | peer-group-name } update-source { interface-name | ip-address }

Optional

By default, TCP sessions automatically select the address of the route egress interface as the source address.

Enter the BGP EVPN configuration mode

address-family l2vpn evpn

Mandatory

Activate the EVPN capability

neighbor { neighbor-address | peer-group-name } activate

Mandatory

By default, it is not activated.

Configure the EVPN reflector

neighbor { neighbor-address | peer-group-name } route-reflector-client

Optional

By default, do not enable the reflector.

Enter the BGP IPV4 VRF configuration mode

address-family ipv4 vrf vrf-name

Optional

Configure VRF unicast route to leak to EVPN and form five types of routes

address-family l2vpn evpn

Optional

This configuration is required for the depaloyment of the distributed gateway.

When BGP is

configured to announce routes to neighbors or peer groups, do not change the as path, Med, and next hop attribute values of the route.

neighbor attribute-unchanged[ as-path | med | next-hop ]

Optional

This configuration is only required when deploying an end-to-end cross-data center VXLAN network.

Configure BGP Neighbor Policy (Optional)

By binding the route map on the BGP EVPN neighbors, you can filter the routes with the specified VNI received in the ingress direction effectively, or prevent advertising some routes with the specified VNI to the neighbors in the egress direction.

Table 1-14 Configure the EVPN policy of the BGP neigbor

Step

Command

Description

Global configuration mode

configure terminal

-

Enable the BGP protocol and enter the BGP configuration mode

router bgp autonomous-system

Mandatory

By default, do not enable BGP.

Enter the BGP EVPN configuration mode

address-family l2vpn evpn

Mandatory

Configure the neighbor to apply the route map in the ingress direction

neighbor { neighbor-address | peer-group-name } route-map rtmap-name in

Mandatory

By default, do not apply the route map in the ingress direction.

Configure the neighbor to apply the route map in the egress direction

neighbor { neighbor-address | peer-group-name } route-map rtmap-name out

Mandatory

By default, do not apply the route map in the egress direction.

Configure VxLAN Route Map (Optional)

When configuring the neighbor VxLAN policy, it is necessary to bind the route map, and use the route map to match the local VxLAN number, route next hop and other matching items to control the ingress and egress routes.

Table 1-15 Configure the VxLAN route map

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Create the route map

route-map map-name [ { permit | deny } [ seq-number ] ]

Mandatory

By default, do not create the route map.

Match vxlan-id

match vxlan vxlan-id

Optional

By default, do not match the local VxLAN No.