Configuration Condition
Before configuring the BGP EVPN mode to deploy the VxLAN service, first complete the following tasks:
- Configure the link-layer protocol, ensuring the normal communication of the link layer
- Configure the network-layer address of the interface, making the neighboring network node reachable at the network layer
Configure NVE to Enable the EVPN Protocol
After NVE activates EVPN, automatically negotiate and set up the VxLAN tunnel automatically between VTEPs via the BGP EVPN protocol.
Table 1-10 Configure the dynamic VxLAN tunnel
|
Step
|
Command
|
Description
|
|
Global configuration mode
|
configure terminal
|
-
|
|
NVE interface configuration mode
|
interface nve nve-number
|
Mandatory
|
|
Configure the specified VxLAN instance to associate NVE
|
vxlan vxlan-id
|
Mandatory
By default, do not associate.
|
|
Specify the VxLAN instance to use EVPN
|
vxlan vxlan-id ingress-replication
|
Optional
|
|
to set up the header copy list
|
protocol bgp
|
By default, do not specify.
|
Configure the EVPN Attributes of the VxLAN Instance
RD is used to identify EVPN routes generated by different VxLANs, so as to achieve isolation between different VxLANs; route-target is used to control the import and export of EVPN routes. When VTEP initiates EVPN routes, it carries the Export RT attribute. When VTEP decides to which VxLAN the EVPN route is imported, the Export RT attribute carried by the route is used to match the Import RT of the local VxLAN.
Table 1-11 Configure the VxLAN EVPN attributes
|
Step
|
Command
|
Description
|
|
Global configuration mode
|
configure terminal
|
-
|
|
VxLAN instance configuration mode
|
vxlan vxlan-id
|
Mandatory
In the VxLAN configuration mode, you can enter the EVPN configuration mode.
|
|
VxLAN EVPN
configuration mode
|
address-family evpn
|
Mandatory
After entering the VxLAN EVPN mode, you can configure the VxLAN EVPN attributes.
|
|
Configure VxLAN rd
|
rd route-distinguisher
|
Mandatory
By default, do not configure VxLAN RD.
|
|
Configure VxLAN route-target
|
route-target [both|export|import { ASN:nn|IP-address:nn}
|
Mandatory
By default, do not configure the Export, Import RT attributes of VxLAN.
|
Configure the EVPN Attributes of the VRF Instance (Optional)
Only when the distributed gateway is deployed, the EVPN attribute of VRF instance needs to be configured. This configuration is ignored in centralized gateway deployment.
Table 1-12 Configure the EVPN attributes of the VRF instance
|
Step
|
Command
|
Description
|
|
Global configuration mode
|
configure terminal
|
-
|
|
Enter the VRF configuration mode
|
ip vrf vrf-name
|
Mandatory
|
|
Configure L3VNID
|
l3vnid vnid-number
|
Mandatory
By default, it is not configured.L3VNID.
|
|
Enter the VRF EVPN address family configuration mode
|
address-family evpn
|
Mandatory
|
|
Configure the route-target of VRF EVPN
|
route-target [ both | export | import ] { ASN:nn|IP-address:nn}
|
Mandatory
By default, do not configure the Import and Export attribute.
|
|
Associate VRF EVPN with the egress route policy.
|
export map route-map-name
|
Optional
By default, VRF EVPN is not associated with the egress route policy.
|
|
Associate VRF EVPN with the ingress route policy.
|
import map route-map-name
|
Optional
By default, VRF EVPN is not associated with the ingress route policy.
|
Configure BGP to Enable EVPN
BGP enables the EVPN capability, making BGP learn the EVPN route, create dynamic VxLAN tunnel, form the VxLAN session and add to the forwarding table, and guide the VxLAN packet forwarding.
Table 1-13 Configure BGP EVPN to enable EVPN
|
Step
|
Command
|
Description
|
|
Global configuration mode
|
configure terminal
|
-
|
|
Enable the BGP protocol and enter the BGP configuration mode
|
router bgp autonomous-system
|
Mandatory
By default, it is not enabled.
|
|
Configure the BGP neighbor
|
neighbor { neighbor-address | peer-group-name } remote-as as-number
|
Mandatory
By default, do not create any BGP neighbor.
|
|
Configure the source address of the TCP session of the BGP neighbor
|
neighbor { neighbor-address | peer-group-name } update-source { interface-name | ip-address }
|
Optional
By default, TCP sessions automatically select the address of the route egress interface as the source address.
|
|
Enter the BGP EVPN configuration mode
|
address-family l2vpn evpn
|
Mandatory
|
|
Activate the EVPN capability
|
neighbor { neighbor-address | peer-group-name } activate
|
Mandatory
By default, it is not activated.
|
|
Configure the EVPN reflector
|
neighbor { neighbor-address | peer-group-name } route-reflector-client
|
Optional
By default, do not enable the reflector.
|
|
Enter the BGP IPV4 VRF configuration mode
|
address-family ipv4 vrf vrf-name
|
Optional
|
|
Configure VRF unicast route to leak to EVPN and form five types of routes
|
address-family l2vpn evpn
|
Optional
This configuration is required for the depaloyment of the distributed gateway.
|
|
When BGP is
configured to announce routes to neighbors or peer groups, do not change the as path, Med, and next hop attribute values of the route.
|
neighbor attribute-unchanged[ as-path | med | next-hop ]
|
Optional
This configuration is only required when deploying an end-to-end cross-data center VXLAN network.
|
Configure BGP Neighbor Policy (Optional)
By binding the route map on the BGP EVPN neighbors, you can filter the routes with the specified VNI received in the ingress direction effectively, or prevent advertising some routes with the specified VNI to the neighbors in the egress direction.
Table 1-14 Configure the EVPN policy of the BGP neigbor
|
Step
|
Command
|
Description
|
|
Global configuration mode
|
configure terminal
|
-
|
|
Enable the BGP protocol and enter the BGP configuration mode
|
router bgp autonomous-system
|
Mandatory
By default, do not enable BGP.
|
|
Enter the BGP EVPN configuration mode
|
address-family l2vpn evpn
|
Mandatory
|
|
Configure the neighbor to apply the route map in the ingress direction
|
neighbor { neighbor-address | peer-group-name } route-map rtmap-name in
|
Mandatory
By default, do not apply the route map in the ingress direction.
|
|
Configure the neighbor to apply the route map in the egress direction
|
neighbor { neighbor-address | peer-group-name } route-map rtmap-name out
|
Mandatory
By default, do not apply the route map in the egress direction.
|
Configure VxLAN Route Map (Optional)
When configuring the neighbor VxLAN policy, it is necessary to bind the route map, and use the route map to match the local VxLAN number, route next hop and other matching items to control the ingress and egress routes.
Table 1-15 Configure the VxLAN route map
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Create the route map
|
route-map map-name [ { permit | deny } [ seq-number ] ]
|
Mandatory
By default, do not create the route map.
|
|
Match vxlan-id
|
match vxlan vxlan-id
|
Optional
By default, do not match the local VxLAN No.
|
Switch
.png){kind=icon}
.png){kind=logo}
