Aruba DRNI and EVPN Configuration Guide

Type
Configuration Guide

This manual is also suitable for

Contents
Example: Configuring DRNI and EVPN distributed gateways (BGP for
underlay routing) ···························································································· 1
Network configuration ········································································································································ 1
Traffic forwarding models ··································································································································· 5
Applicable product matrix ··································································································································· 5
Restrictions and guidelines ································································································································ 6
Configuring HPE FlexFabric 5940 switches as leaf devices ·············································································· 6
Procedure summary ··································································································································· 6
Configuring the resource mode ·················································································································· 7
Configuring an underlay BGP instance ······································································································ 7
Configuring the links towards the spine tier ······························································································· 9
Configuring L2VPN ·································································································································· 10
Configuring DRNI ····································································································································· 11
Configuring the links towards the bare metal servers ·············································································· 16
Configuring spanning tree ························································································································ 16
Configuring an EVPN BGP instance (controller-deployed) ······································································ 17
Configuring the overlay network ··············································································································· 18
Configuring HPE FlexFabric 5945 switches as leaf devices ············································································ 21
Procedure summary ································································································································· 21
Configuring the resource mode ················································································································ 21
Configuring the underlay BGP instance ··································································································· 21
Configuring the links towards the spine tier ····························································································· 24
Configuring L2VPN ·································································································································· 24
Configuring DRNI ····································································································································· 25
Configuring the links towards the bare metal servers ·············································································· 29
Configuring spanning tree ························································································································ 30
Configuring an EVPN BGP instance ········································································································ 31
Configuring the overlay network ··············································································································· 31
Configuring border devices ······························································································································ 34
Procedure summary ································································································································· 34
Configuring the resource mode ················································································································ 34
Configuring an underlay BGP instance ···································································································· 35
Configuring STP ······································································································································· 37
Configuring the links towards the spine tier ····························································································· 38
Configuring L2VPN ·································································································································· 39
Configuring DRNI ····································································································································· 39
Configuring the route interfaces connected to the external network ························································ 43
Configuring an EVPN BGP instance ········································································································ 43
Configuring the overlay network ··············································································································· 44
Configuring spine devices ································································································································ 47
Procedure summary ································································································································· 47
Configuring an underlay BGP instance ···································································································· 47
Configuring the links interconnecting spine and leaf devices··································································· 49
Configuring the links interconnecting spine and border devices ······························································ 49
Configuring an EVPN BGP instance ········································································································ 49
Traffic forwarding models ································································································································· 51
Overlay traffic forwarding models ············································································································· 51
Testing network convergence ·························································································································· 52
Verifying the configuration································································································································ 54
Verification commands ····························································································································· 54
Procedure ················································································································································· 54
Upgrading the devices ····································································································································· 56
Upgrading the leaf devices ······················································································································· 56
Upgrading the spine devices ···················································································································· 57
Upgrading the border devices ·················································································································· 58
Expanding the network····································································································································· 59
Adding a leaf device ································································································································· 59
Replacing hardware ········································································································································· 59
Replacing a service module ····················································································································· 59
Replacing a switching fabric module ········································································································ 60
1
Example: Configuring DRNI and EVPN
distributed gateways (BGP for underlay
routing)
Network configuration
As shown in Figure 1, deploy a DR system at the border tier, and deploy two DR systems at the leaf
tier. Configure the network as follows:
•
Configure Ethernet aggregate links as IPLs.
•
Set up one border DR system with two switches, and configure the DR system as the
distributed gateway.
•
Configure two switches as spine devices. Configure them as route reflectors to reflect BGP
EVPN routes among border and leaf devices.
•
Set up two leaf DR systems, each containing two switches. Configure the leaf DR systems as
the EVPN access devices of network overlay (such as bare metal servers).
•
Configure BGP as the underlay routing protocol.
2
Figure 1 Network diagram
Device
Interface
IP address
Remarks
Leaf 1
XGE1/0/7 N/A Member port of a DR interface,
interface with ACs configured.
Connected to bare metal server A.
XGE1/0/3 N/A Member port of a DR interface,
interface with ACs configured.
Connected to bare metal server B.
HGE1/0/49 N/A Member port of the IPP.
Connected to HGE2/0/49 on Leaf 2.
HGE1/0/50 N/A Member port of the IPP.
Connected to HGE2/0/50 on Leaf 2.
XGE1/0/47
172.16.0.1/30
Keepalive link
Server A
IPL
Keepalive
XGE 1/0/7
Leaf 2
XGE2/0/7
XGE 1/0/47
HGE 1/0/49
HGE 1/0/50 HGE 2/0/49
HGE 2/0/50
XGE 2/0/47
HGE 1/0/53 HGE 1/0/25
XGE 1/0/17 XGE 1/0/1
Server B
IPL
Keepalive
WGE 1/0/4
WGE 1/0/4
XGE 1/0/1 XGE 1/0/1
Keepalive
HGE 1/0/25
HGE 1/0/26 HGE 1/0/25
HGE 1/0/26
WGE 1/0/1WGE 1/0/1
Border 2
HGE 1/0/25
HGE 1/0/26 HGE 1/0/25
HGE 1/0/26
IPL
Leaf 3Leaf 4
HGE 1/0/28 HGE 2/0/54
WGE 1/0/4
WGE 1/0/3
XGE 1/0/2
XGE 1/0/23
WGE 1/0/55
XGE 1/0/24
WGE 1/0/1
WGE 1/0/53
WGE 1/0/55
WGE 1/0/2
WGE 1/0/53
WGE 1/0/55
XGE 1/0/22
XGE 1/0/21
Border 1
L3 switch
Leaf 1
Spine 2
Loop0
10.254.0.1/32
Loop0
10.254.0.11/32
Loop1
10.254.0.12/32
Loop0
10.254.0.13/32
Loop1
10.254.0.12/32
Loop0
10.254.0.17/32
Loop1
10.254.0.16/32
Loop0
10.254.0.15/32
Loop1
10.254.0.16/32
Loop0
10.254.0.2/32
Spine 1
WGE 1/0/33
WGE 1/0/33
WGE 1/0/53
WGE 1/0/53
WGE 1/0/55
XGE 2/0/17
Loop0
10.201.49.30/32
Loop1
10.254.0.20/32
Loop0
10.201.49.31/32
Loop1
10.254.0.20/32
TOR
BAGG 105
Server C
XGE 1/0/3
XGE 2/0/3
BAGG 105
BAGG
3
Device
Interface
IP address
Remarks
Leaf 2: XGE2/0/47
HGE1/0/53 10.254.1.2/30 Spine 1: HGE1/0/25
XGE1/0/17 10.254.1.6/30 Spine 2: XGE1/0/1
Loopback0 10.254.0.11/32 VTEP IP address
Connected to a BGP EVPN peer
Loopback1 10.254.0.12/32 Virtual VTEP IP address.
Vlan-interface100 10.1.1.1/30 Interface for east-
west traffic
forwarding.
Leaf 2
XGE2/0/7 N/A Member port of a DR interface,
interface with ACs configured.
Connected to bare metal server A
XGE2/0/3 N/A Member port of a DR interface,
interface with ACs configured.
Connected to bare metal server B
HGE2/0/49 N/A Member port of the IPP.
Leaf 1: HGE1/0/49
HGE2/0/50 N/A Member port of the IPP.
Leaf 1: HGE1/0/50
XGE2/0/47 172.16.0.2/30 Keepalive link
Leaf 1: XGE1/0/47
HGE2/0/54 10.254.1.10/30 Spine 1: HGE1/0/28
XGE2/0/17 10.254.1.14/30 Spine 2: XGE1/0/2
Loopback0 10.254.0.13/32 VTEP IP address
Connected to a BGP EVPN peer.
Loopback1 10.254.0.12/32 Virtual VTEP IP address.
Vlan-interface100 10.1.1.2/30 Interface for east-
west traffic
forwarding.
Leaf 3
WGE1/0/4 N/A Member port of a DR interface,
interface with ACs configured.
Server C
HGE1/0/25 N/A Member port of the IPP.
Leaf 4: HGE1/0/25
HGE1/0/26 N/A Member port of the IPP.
Leaf 4: HGE1/0/26
WGE1/0/1 173.16.1.1/30 Keepalive link
Leaf 4: WGE1/0/1
WGE1/0/53 10.254.2.2/30 Spine 1: WGE1/0/3
WGE1/0/55 10.254.2.6/30 Spine 2: XGE1/0/23
Loopback0 10.254.0.15/32 VTEP IP address
Connected to a BGP EVPN peer
Loopback1 10.254.0.16/32 Virtual VTEP IP address
4
Device
Interface
IP address
Remarks
Vlan-interface100 10.1.2.1/30 Interface for east-
west traffic
forwarding.
Leaf 4
WGE1/0/4 N/A Member port of a DR interface,
interface with ACs configured.
Bare metal server C
HGE1/0/25 N/A Member port of the IPP.
Leaf 3: HGE1/0/25
HGE1/0/26 N/A Member port of the IPP.
Leaf 3: HGE1/0/26
WGE1/0/1 173.16.1.2/30 Keepalive link
Leaf 3: WGE1/0/1
WGE1/0/53 10.254.2.10/30 Spine 1: WGE1/0/4
WGE1/0/55 10.254.2.14/30 Spine 2: XGE1/0/24
Loopback0 10.254.0.17/32 VTEP IP address
Connected to a BGP EVPN peer
Loopback1 10.254.0.16/32 Virtual VTEP IP address
Vlan-interface100 10.1.2.2/30 Interface for east-
west traffic
forwarding.
Spine 1
HGE1/0/25 10.254.1.1/30 Leaf 1: HGE1/0/53
HGE1/0/28 10.254.1.9/30 Leaf 2: HGE2/0/54
WGE1/0/3 10.254.2.1/30 Leaf 3: WGE1/0/53
WGE1/0/4 10.254.2.9/30 Leaf 4: WGE1/0/53
WGE1/0/1 10.254.7.1/30 Border 1: WGE1/0/53
WGE1/0/2 10.254.7.5/30 Border 2: WGE1/0/53
LoopBack0 10.254.0.1/32 VTEP IP address
Connected to a BGP EVPN peer
Spine 2
XGE1/0/1 10.254.1.5/30 Leaf 1: XGE1/0/17
XGE1/0/2 10.254.1.13/30 Leaf 2: XGE2/0/17
XGE1/0/23 10.254.2.5/30 Leaf 3: WGE1/0/55
XGE1/0/24 10.254.2.13/30 Leaf 4: WGE1/0/55
XGE1/0/21 10.254.7.21/30 Border 1: WGE1/0/55
XGE1/0/22 10.254.7.25/30 Border 2: WGE1/0/55
LoopBack0 10.254.0.2/32 VTEP IP address
Connected to a BGP EVPN peer
Border1
WGE1/0/53 10.254.7.2/30 Spine 1: WGE1/0/1
WGE1/0/55 10.254.7.22/30 Spine 2: XGE1/0/21
HGE1/0/25 N/A Member port of the IPP.
Border 2: HGE1/0/25
HGE1/0/26 N/A Member port of the IPP.
Border 2: HGE1/0/26
5
Device
Interface
IP address
Remarks
WGE1/0/1 174.16.2.1/30 Keepalive link
Border2: WGE1/0/1
WGE1/0/33 192.101.1.1/31 L3switch
LoopBack0 10.201.49.30/32 ED IP
LoopBack1 10.254.0.20/32 Virtual ED IP
Vlan-interface100 100.1.1.1/31 Interface for east-
west traffic
forwarding.
Border2
WGE1/0/53 10.254.7.6/30 Spine 1: WGE1/0/2
WGE1/0/55 10.254.7.26/30 Spine 2: XGE1/0/22
HGE1/0/25 N/A Member port of the IPP.
Border 2: HGE1/0/25
HGE1/0/26 N/A Member port of the IPP.
Border 2: HGE1/0/26
WGE1/0/1 174.16.2.2/30 Keepalive link
Border2: WGE1/0/1
WGE1/0/33 192.101.1.3/31 L3 switch
LoopBack0 10.201.49.31/32 ED IP
LoopBack1 10.254.0.20/32 Virtual ED IP
Vlan-interface100 100.1.1.2/31 Interface for east-
west traffic
forwarding.
Traffic forwarding models
A bare metal host is called a PM in network overlay. The following traffic forwarding models are
available:
•
PM-to-PM Layer 2 communication through the same DR system at the leaf tier.
•
PM-to-PM Layer 3 communication through the same DR system at the leaf tier.
•
PM-to-PM Layer 2 communication across DR systems at the leaf tier.
•
PM-to-PM Layer 3 communication across DR systems at the leaf tier.
•
Layer 3 communication between PMs and the external network.
Applicable product matrix
IMPORTANT:
In addition to running an applicable software version, you must also install the most recent patch, if
any.
Role
Device
Spine
HPE FlexFabric 12900E Switch Series
(Type K) R5210
HPE FlexFabric 12900E Switch Series
R7624P08
6
(Type X)
Leaf or border
HPE FlexFabric 5940 & 5710 Switch Series
5940 switches are used in this configuration
example. R6710
HPE FlexFabric 5944 & 5945 Switch Series
5945 switches are used in this configuration
example. R6710
SDN controller N/A Obtain the most recent version.
Restrictions and guidelines
•
By default, if a DR system uses an Ethernet aggregate link as the IPL, each DR member
device creates a dynamic AC on the IPL when an AC is configured on a site-facing interface.
The dynamic AC and the site-facing AC have the same frame match criteria and VSI mapping.
If two site-facing ACs on different interfaces have the same frame match criteria but different
VSI mappings, the dynamic ACs created for the site-facing ACs will conflict with each other. To
prevent this issue, execute the l2vpn drni peer-link ac-match-rule vxlan-mapping
command to enable the DR member devices to create frame match criteria based on VXLAN
IDs for the dynamic ACs on the IPL.
•
If you use a VXLAN tunnel as the IPL in an EVPN environment, you must retain a large
number of logical interfaces (for example, tunnel and loopback interfaces) in up state. To
reduce configuration steps, set the default DRNI MAD action to NONE and execute the drni
mad include interface command to specify interfaces that must be shut down by DRNI
MAD in addition to those already automatically specified by the system.
•
If you use two border devices to set up a DR system, unidirectional tunnels exist between the
ToR switches or between the ToR switch and SDN gateway. Typically, unidirectional tunnels
are set up when a ToR switch is disconnected from the controller or new BMs come online. In
this scenario, an online ToR switch advertises routes that contain its real IP address. The SDN
will set up a tunnel to that real IP address, while the ToR switch uses the virtual VTEP IP
address for tunnel setup. For the ToR switches to decapsulate the packets sent by the SDN
gateway or other ToR switches, execute the vxlan default-decapsulation source
interface command to enable default VXLAN decapsulation on the ToR switches.
Configuring HPE FlexFabric 5940 switches as
leaf devices
Procedure summary
•
Configuring the resource mode
•
Configuring an underlay BGP instance
•
Configuring the links towards the spine tier
•
Configuring L2VPN
•
Configuring DRNI
•
Configuring the links towards the bare metal servers
•
Configuring spanning tree
•
Configuring an EVPN BGP instance (controller-deployed)
•
Configuring the overlay network
7
Configuring the resource mode
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
hardware-res
ource
switch-mode
4
hardware-reso
urce
switch-mode 4 Manual
Set the hardware
resource mode for
the MAC address
table, ARP/ND
table, and routing
tables.
Adjust the
capacities of
the MAC
address table,
ARP/ND
table, and
routing tables.
Reboot the
device for this
setting to take
effect.
hardware-res
ource
routing-mode
ipv6-128
hardware-reso
urce
routing-mode
ipv6-128
Manual
Configure the
hardware resource
mode as IPv6-128
routing mode.
N/A
Reboot the
device for this
setting to take
effect.
hardware-res
ource vxlan
l3gw40k
hardware-reso
urce vxlan
l3gw40k Manual
Set the VXLAN
hardware resource
mode to
Layer 3
gateway mode
that supports 40 K
of overlay
adjacency table
N/A
Reboot the
device for this
setting to take
effect.
Configuring an underlay BGP instance
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
router id
10.254.0.11
router id
10.254.0.13 Manual
Configure the IP
address of
Loopback 0 as the
router ID.
Configure the
global router
ID.
N/A
bgp 65001 bgp 65002 Manual Enter BGP view. N/A N/A
bgp
update-delay
on-startup 100
bgp
update-delay
on-startup 100 Manual
Configure BGP to
delay sending
route updates on
reboot.
Avoid
forwarding
issues during
fallback after a
ToR switch
restarts.
N/A
router-id
10.254.0.11 router-id
10.254.0.13 Manual Configure a router
ID for the BGP
instance.
To run BGP in
a BGP
instance, you
must configure
a router ID for
the BGP
instance.
If you do not
configure a
router ID for
the BGP
instance, it
uses the global
router ID.
N/A
group spines
internal
group spines
internal Manual
Create an IBGP
peer group. N/A N/A
8
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
peer spines
route-update-i
nterval 0
peer spines
route-update-i
nterval 0 Manual
Specify an interval
for sending the
same update to
the peer group.
Enable the
device to
immediately
send update to
the peer group
upon route
changes to
speed up route
convergence
after
a DR
primary/secon
dary
switchover
occurs.
Execute this
command
only for
IBGP peers.
peer
10.254.1.1
group spines
peer
10.254.1.9
group spines Manual
Add a spine
device to the peer
group. N/A N/A
peer
10.254.1.5
group spines
peer
10.254.1.13
group spines Manual
Add a spine
device to the peer
group. N/A N/A
peer 10.1.1.2
as-number
65002
peer 10.1.1.1
as-number
65001 Manual
Configure an
EBGP peer.
N/A N/A
address-famil
y ipv4 unicast address-family
ipv4 unicast Manual Enter IPv4 unicast
address family
view.
N/A N/A
balance 8 balance 8 Manual
S
et the maximum
number of BGP
ECMP routes for
load balancing.
N/A N/A
import-route
direct import-route
direct Manual
Configure BGP to
redistribute direct
routes.
N/A N/A
peer spines
enable peer spines
enable Manual
Enable BGP to
exchange routing
information with a
peer or peer
group.
N/A N/A
peer 10.1.1.2
enable
peer 10.1.1.1
enable Manual
Enable BGP to
exchange routing
information with a
peer or peer
group.
N/A N/A
quit quit Manual Return to IPv4
address family
view
N/A N/A
quit quit Manual
Return to system
view. N/A N/A
interface
LoopBack0 interface
LoopBack0 Manual
Create Loopback
0
and enter its
view.
N/A N/A
ip address
10.254.0.11
ip address
10.254.0.13
Manual
Assign an IP
address to the
VTEP IP N/A
9
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
255.255.255.2
55
255.255.255.2
55
interface.
quit quit Manual
Return to system
view. N/A N/A
interface
LoopBack1 interface
LoopBack1 Manual
Create Loopback
0 and enter its
view.
N/A N/A
ip address
10.254.0.12
255.255.255.2
55
ip address
10.254.0.12
255.255.255.2
55
Manual
Assign an IP
address to the
interface.
Virtual VTEP
IP
N/A
quit quit Manual
Return to system
view. N/A N/A
vlan 10 vlan 10 Manual Create a VLAN.
Create the
VLAN for
communicatin
g with the DR
peer.
N/A
interface
Vlan-interface
10
interface
Vlan-interface
10 Manual Create
VLAN-interface
10.
Create the
VLAN
interface for
the VLAN used
for
communicatin
g with the DR
peer
. When
the uplink
interface fails,
the device
forwards the
packets
received on
the DR
interface
s to
the DR peer
for Layer 3
forwarding.
N/A
ip address
10.1.1.1
255.255.255.0
ip address
10.1.1.2
255.255.255.0 Manual
Assign an IP
address to the
interface.
N/A N/A
quit quit Manual
Return to system
view. N/A N/A
Configuring the links towards the spine tier
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
interface
HundredGigE
1/0/53
interface
HundredGigE
2/0/54 Manual
Configure the
interface
connected to
Spine 1.
N/A N/A
port link-mode port link-mode Manual
Configure the
N/A N/A
10
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
route
route
Ethernet interface
to work in Layer 3
mode.
ip address
10.254.1.2
255.255.255.
252
ip address
10.254.1.10
255.255.255.2
52
Manual
Assign an IP
address to the
interface. N/A N/A
undo
mac-address
static
source-check
enable
undo
mac-address
static
source-check
enable
Manual
Disable static
source check.
To correctly
forward traffic
sourced from
the MAC
address of a
VLAN
interface, you
must disable
the static
source check
feature on the
Layer 2
interfaces in
the VLAN.
N/A
interface
Ten-GigabitEt
hernet 1/0/17
interface
Ten-GigabitEt
hernet 2/0/17 Manual
Configure the
interface
connecting to
Spine 2.
N/A N/A
port link-mode
route port link-mode
route Manual
Configure the
interface as a
Layer 3 interface.
N/A N/A
ip address
10.254.1.6
255.255.255.
252
ip address
10.254.1.14
255.255.255.2
52
Manual
Assign an IP
address to the
interface.
N/A N/A
undo
mac-address
static
source-check
enable
undo
mac-address
static
source-check
enable
Manual
Disable static
source check.
To correctly
forward traffic
sourced from
the MAC
address of a
VLAN
interface, you
must disable
the static
source check
feature on the
Layer 2
interfaces in
the VLAN.
N/A
Configuring L2VPN
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
l2vpn enable
l2vpn enable
Manual Enable L2VPN. N/A N/A
vxlan
default-decap
vxlan
default-decaps
Manual
Enable default
VXLAN
Execute this
command in
This
command
11
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
sulation
source
interface
LoopBack0
ulation source
interface
LoopBack0
decapsulation on
the packets
destined for the
VTEP IP address.
unidirectional
tunnel
scenarios.
takes effect
only when the
specified
interface has
an IP address.
vxlan tunnel
mac-learning
disable
vxlan tunnel
mac-learning
disable Manual Disable
remote-MAC
address learning.
Execute this
command if a
controller
issues
forwarding
entries to the
device.
N/A
vxlan tunnel
arp-learning
disable
vxlan tunnel
arp-learning
disable Manual
Disable remote
ARP learning.
Execute this
command if a
controller
issues
forwarding
entries to the
device.
N/A
mac-address
timer aging
3600
mac-address
timer aging
3600 Manual
Set the aging time
to 3600 seconds
for dynamic MAC
address entries.
Increase this
timer to
ensure
forwarding
entry
synchronizati
on is finished
in time after
the DR peer
restarts.
This setting
must be
consistent on
the DR
member
devices in the
same DR
system.
NOTE:
If you use two border devices to set up
a DR system and BM
s in bond1 mode need to communicate
with the external network, unidirectional tunnels exist between the ToR switches and SDN gateway.
Typically, unidirectional tunnels are set up when a ToR switch is disconnected from the controller or
new
BMs come online. In this scenario, an online ToR switch advertises routes that contain its real
IP address. The SDN will set up a tunnel to that real IP address, while the ToR switch uses the
virtual VTEP IP address for tunnel setup.
For the ToR switches to decapsulate t
he packets sent by
the SDN gateway, enable default VXLAN decapsulation on the ToR switches.
Configuring DRNI
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
ip
vpn-instance
mgmt
ip
vpn-instance
mgmt
Manual
Create a VPN for
the management
Ethernet interface. N/A This command
is optional.
interface
M-GigabitEth
ernet 0/0/0
interface
M-GigabitEthe
rnet 0/0/0
Manual
Enter the view of
the management
Ethernet interface. N/A N/A
ip binding
vpn-instance
mgmt
ip binding
vpn-instance
mgmt Manual
Assign the
management
Ethernet interface
to the VPN.
N/A
Assign the
management
Ethernet
interface to a
12
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
VPN as
needed.
ip address
101.0.186.91
255.255.255.
0
ip address
101.0.186.90
255.255.255.0 Manual
Configure a
management IP
address. N/A N/A
quit quit Manual
Return to system
view. N/A N/A
l2vpn drni
peer-link
ac-match-rule
vxlan-mappin
g
l2vpn drni
peer-link
ac-match-rule
vxlan-mapping
Manual
Enable the device
to create frame
match criteria
based on VXLAN
IDs for the
dynamic ACs on
the Ethernet
aggregate link
(IPL).
If two
site-facing
ACs on
different
interfaces
have the
same frame
match criteria
but different
VSI
mappings, the
dynamic ACs
created for
the site-facing
ACs will
conflict with
each other.
Execute this
command to
resolve this
issue.
N/A
evpn drni
group
10.254.0.12
evpn drni
group
10.254.0.12 Manual
Enable EVPN
distributed relay
and specify the
virtual VTEP
address.
N/A
You must
specify the
same virtual
VTEP address
on both
VTEPs in the
same DR
system.
evpn drni
local
10.254.0.11
remote
10.254.0.13
evpn drni local
10.254.0.13
remote
10.254.0.11
Manual
Specify the IP
addresses of the
VTEPs in
a DR
system.
After you
configure this
command,
each VTEP in
a DR system
changes the
next hop of
the routes for
single-armed
ACs to its
local VTEP IP
address when
advertising
the routes.
This ensures
that the traffic
of a
single-armed
AC is
forwarded to
its attached
When you
execute this
command,
make sure the
IP address of
the local VTEP
belongs to a
local interface.
Make sure the
local VTEP IP
address and
peer VTEP IP
address are
reversed on
the VTEPs in
a DR system.
13
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
VTEP.
evpn
global-mac
0000-0005-00
01
evpn
global-mac
0000-0005-00
01
Manual
Configure the
EVPN global MAC
address. N/A
You must
specify the
same EVPN
global MAC
address on the
devices in the
same DR
system.
Do not use a
reserved MAC
address as the
EVPN global
MAC address.
drni
system-mac
0001-0001-00
02
drni
system-mac
0001-0001-00
02
Manual Configure the DR
system MAC
address.
Configure the
settings
required for
establishing
the DR
system.
The DR
system MAC
address
uniquely
identifies the
DR system on
the network.
For the DR
member
devices to be
identified as
one DR
system
, you
must configure
the same DR
system MAC
address on
them.
drni
system-numb
er 1
drni
system-numbe
r 2 Manual Set the DR system
number.
Configure the
settings
required for
establishing
the DR
system.
You must
assign
different DR
system
numbers to
the DR
member
devices in a
DR system.
drni
system-priorit
y 123
drni
system-priority
123 Manual Set the DR system
priority. N/A
This command
is optional.
You must
configure the
same DR
system priority
for the DR
member
devices in a
DR system.
The default
DR system
priority is
32768. The
smaller the
priority value,
the higher the
14
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
priority.
drni keepalive
ip destination
172.16.0.2
source
172.16.0.1
drni keepalive
ip destination
172.16.0.1
source
172.16.0.2
Manual Configure DR
keepalive packet
parameters. N/A
You do not
need to
specify a VPN
instance if the
interface does
not belong to
any VPN
instance.
If the interface
that owns the
source IP
address is not
excluded from
the DRNI MAD
DOWN action,
exclude it from
that action.
drni mad
default-action
none
drni mad
default-action
none
Manual
Set the default
DRNI MAD action
to NONE. N/A N/A
drni mad
include
interface
HundredGigE
1/0/53
drni mad
include
interface
HundredGigE2
/0/52
Manual
Enable DRNI to
shut down an
interface when the
DR system splits.
Shut down
the interface
upon
a DR
system split
to reduce the
fallback
duration after
a device
restart.
Execute this
command on
the uplink
interface
attached to a
spine device.
drni mad
include
interface
Ten-GigabitEt
hernet 1/0/17
drni mad
include
interface
Ten-GigabitEt
hernet 2/0/17
Manual
Enable DRNI to
shut down an
interface when the
DR system splits.
Shut down
the interface
upon
a DR
system split
to reduce the
fallback
duration after
a device
restart.
Execute this
command on
the uplink
interface
attached to a
spine device.
drni
restore-delay
200
drni
restore-delay
200 Manual
Set the data
restoration
interval.
Ensure that
entry
synchronizati
on is finished
before
interfaces are
brought up.
N/A
interface
Bridge-Aggre
gation1
interface
Bridge-Aggreg
ation1 Manual
Create
Bridge-Aggregatio
n 1
which will be
the IPP.
N/A N/A
port link-type
trunk port link-type
trunk Manual Set the link type of
the interface to
trunk. N/A N/A
port trunk
permit vlan all
port trunk
permit vlan all
Manual
Configure the
trunk interface to
permit all VLANs. N/A N/A
15
Leaf 1 Leaf 2 Configuratio
n method
Description Purpose Remarks
link-aggregati
on mode
dynamic
link-aggregatio
n mode
dynamic Manual
Configure the
aggregate
interface to
operate in
dynamic mode
and enable LACP.
N/A N/A
port drni
intra-portal-po
rt
1
port drni
intra-portal-por
t
1
Manual
Configure the
interface as the
IPP. N/A N/A
undo
mac-address
static
source-check
enable
undo
mac-address
static
source-check
enable
Manual
Disable static
source check.
To correctly
forward traffic
sourced from
the MAC
address of a
VLAN
interface, you
must disable
the static
source check
feature on the
Layer 2
interfaces in
the VLAN.
Disable static
source check
on the IPP and
the uplink
interfaces
attached to
spine devices.
interface
FortyGigE1/0/
49
interface
FortyGigE2/0/
49 Manual
Configure the
interface
as a
member port of
the IPP.
N/A N/A
port link-type
trunk port link-type
trunk Manual Set the link type of
the interface to
trunk. N/A N/A
port trunk
permit vlan all
port trunk
permit vlan all Manual
Configure the
trunk interface to
permit all VLANs. N/A N/A
port
link-aggregati
on group 1
port
link-aggregatio
n group 1 Manual
Assign the
interface to link
aggregation group
1.
N/A N/A
interface
FortyGigE1/0/
50
interface
FortyGigE2/0/
50 Manual
Configure the
interface as a
member port of
the IPP.
N/A N/A
port link-type
trunk port link-type
trunk Manual Set the link type of
the interface to
trunk. N/A N/A
port trunk
permit vlan all
port trunk
permit vlan all
Manual
Configure the
trunk interface to
permit all VLANs. N/A N/A
port
link-aggregati
on group 1
port
link-aggregatio
n group 1 Manual
Assign the
interface to link
aggregation group
1.
N/A N/A
quit quit Manual
Return to system
view. N/A N/A
16
Configuring the links towards the bare metal servers
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
interface
Bridge-Aggre
gation105
interface
Bridge-Aggreg
ation105 Manual
Create an
aggregate
interface to be
configured as a
DR interface.
Create the
aggregate
interface to
connect to the
bare metal
servers.
N/A
port link-type
trunk port link-type
trunk Manual Set the link type of
the interface to
trunk. N/A N/A
link-aggregati
on mode
dynamic
link-aggregatio
n mode
dynamic Manual
Configure the
aggregate
interface to
operate in
dynamic mode
and enable LACP.
N/A N/A
port drni
group 105 port drni group
105 Manual
Assign the
aggregate
interface to
a DR
group.
N/A N/A
interface
Ten-GigabitEt
hernet1/0/7
interface
Ten-GigabitEt
hernet 2/0/7 Manual
Enter the view of a
member port to be
assigned to the
DR interface.
N/A N/A
port link-type
trunk port link-type
trunk Manual Set the link type of
the interface to
trunk. N/A N/A
port
link-aggregati
on group 105
port
link-aggregatio
n group 105 Manual
Assign the
interface to the
aggregation group
of the DR
interface.
N/A N/A
quit quit Manual
Return to system
view. N/A N/A
Configuring spanning tree
Leaf 1 Leaf 2 Configuration
method
Description Purpose
stp global
enable
stp global
enable
Manual
Enable spanning tree
globally. N/A
interface
Bridge-Aggre
gation 105
interface
Bridge-Aggreg
ation 105
Manual Enter the view of the DR
interface
connected to
the bare metal servers. N/A
stp
edged-port stp edged-port
Manual
Configure the interface
as an edge port.
Exclude the interface
from spanning tree
calculation.
17
NOTE:
Make sure the
DR member devices have the same spanning tree configuration, including:
•
Global spanning tree configuration.
•
Spanning tree configuration on the IPP.
•
Spanning tree configuration on DR interfaces.
Violation of this rule might cause network
flapping. IPPs in the DR system do not participate in
spanning tree calculation.
The
DR member devices still use the DR system MAC address after the DR system splits, which
will cause spanning tree calculation issues. To avoid the issues, enable
DRNI stan
dalone mode on
the DR member devices before the DR system splits.
Configuring an EVPN BGP instance (controller-deployed)
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
bgp 65010
instance
EVPN
bgp 65010
instance
EVPN
Manual
Enable a BGP
instance. N/A N/A
bgp
update-delay
on-startup
150
bgp
update-delay
on-startup 150
Manual
Configure BGP to
delay sending
route updates on
reboot.
Avoid
forwarding
issues during
fallback after a
ToR switch
restarts.
N/A
router-id
10.254.0.11 router-id
10.254.0.13 Manual Configure a router
ID for the BGP
instance.
To run BGP in
a BGP
instance, you
must
configure a
router ID for
the BGP
instance.
If you do not
configure a
router ID for
the BGP
instance, it
uses the
global router
ID.
N/A
group evpn
internal
group evpn
internal
Manual
Create an IBGP
peer group. N/A N/A
peer evpn
connect-interf
ace
LoopBack0
peer evpn
connect-interf
ace
LoopBack0
Manual
Specify a source
interface for
establishing TCP
links towards the
peer group.
N/A N/A
peer evpn
route-update-i
nterval 0
peer evpn
route-update-i
nterval 0 Manual
Specify an interval
for sending the
same update to
the peer group.
Enable the
device to fast
send update
to the peer
group upon
route changes
to speed up
Execute this
command
only for IBGP
peers.
18
Leaf 1 Leaf 2 Configuration
method
Description Purpose Remarks
route
convergence
after
a DR
primary/secon
dary
switchover
occurs.
peer
10.254.0.1
group evpn
peer
10.254.0.1
group evpn
Manual
Add a spine
device to the peer
group. N/A N/A
peer
10.254.0.2
group evpn
peer
10.254.0.2
group evpn
Manual
Add a spine
device to the peer
group. N/A N/A
address-famil
y l2vpn evpn address-family
l2vpn evpn Manual
Enter EVPN
address family
view. N/A N/A
peer evpn
enable peer evpn
enable Manual
Enable the device
to exchange
routes with the
peer group.
N/A N/A
quit quit Manual
Return to system
view. N/A N/A
Configuring the overlay network
Leaf 1 Leaf 2 Configuration
method
Description Remarks
ip
vpn-instance
Core_VRF
ip
vpn-instance
Core_VRF
Controller-based
Create a VPN instance
on the private network. N/A
route-distingui
sher
65131:10
route-distingui
sher 65132:10 Controller-based
Configure the RD of the
VPN instance. N/A
address-famil
y ipv4 address-family
ipv4 Controller-based
Enter IPv4 address
family view of the VPN
instance. N/A
vpn-target
65131:10
65040:10
import-extcom
munity
vpn-target
65132:10
65040:10
import-extcom
munity
Controller-based
Configure import targets
for the VPN instance. N/A
vpn-target
65131:10
export-extcom
munity
vpn-target
65132:10
export-extcom
munity
Controller-based Configure
export targets
for the VPN instance. N/A
address-famil
y evpn
address-family
evpn
Controller-based
Enter EVPN view of the
VPN instance. N/A
vpn-target
65131:10
65040:10
import-extcom
vpn-target
65132:10
65040:10
import-extcom
Controller-based
Configure import targets
for the VPN instance. N/A
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62

Aruba DRNI and EVPN Configuration Guide

Type
Configuration Guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI