Aruba DRNI and EVPN Configuration Guide

Contents

Example: Configuring DRNI and EVPN distributed gateways (IS-IS for

underlay routing) ···························································································· 1

Network configuration ········································································································································ 1

Traffic forwarding models ··································································································································· 5

Applicable product matrix ··································································································································· 6

Configuring HPE FlexFabric 5940 switches as leaf devices ·············································································· 7

Procedure summary ··································································································································· 7

Configuring the resource mode (only on HPE FlexFabric 5940 switches) ················································· 7

Creating VRRP groups ······························································································································· 8

Configuring IS-IS ········································································································································ 9

Configuring the links towards the spine tier ····························································································· 13

Configuring L2VPN ·································································································································· 15

Configuring DRNI ····································································································································· 16

Configuring the links towards the virtualization servers ··········································································· 20

Configuring the links towards the bare metal servers ·············································································· 21

Configuring spanning tree ························································································································ 22

Configuring a BGP instance ····················································································································· 23

Configuring the overlay network ··············································································································· 24

Configuring HPE FlexFabric 5945 switches as leaf devices ············································································ 28

Procedure summary ································································································································· 28

Configuring the resource mode ················································································································ 28

Creating VRRP groups ····························································································································· 29

Configuring IS-IS ······································································································································ 30

Configuring the links towards the spine tier ····························································································· 34

Configuring L2VPN ·································································································································· 36

Configuring DRNI ····································································································································· 37

Configuring the links towards the virtualization servers ··········································································· 41

Configuring the links towards the bare metal servers ·············································································· 42

Configuring spanning tree ························································································································ 42

Configuring a BGP instance ····················································································································· 43

Configuring the overlay network ··············································································································· 44

Configuring HPE FlexFabric 12900E (Type X) switches as border devices ···················································· 49

Procedure summary ································································································································· 49

Configuring basic settings ························································································································ 49

Configuring IS-IS ······································································································································ 49

Configuring STP ······································································································································· 53

Configuring the links towards the spine tier ····························································································· 53

Configuring L2VPN ·································································································································· 55

Configuring DRNI ····································································································································· 57

Configuring the DR interfaces connected to the external network ··························································· 61

Configuring the DR interfaces connected to the external network firewalls ············································· 62

Configuring a BGP instance ····················································································································· 63

Configuring the overlay network ··············································································································· 67

Configuring HPE FlexFabric 12900E (Type X) switches as spine devices ······················································ 77

Procedure summary ································································································································· 77

Configuring IS-IS ······································································································································ 78

Configuring the links between the spine and leaf tiers ············································································· 80

Configuring the links between the spine and border tiers ········································································ 81

Configuring BGP ······································································································································ 82

Overlay traffic forwarding models····················································································································· 84

Overlay traffic characteristics ··················································································································· 84

Forwarding models ··································································································································· 85

Testing network convergence upon single points of failure ············································································· 93

Verifying the configuration································································································································ 93

Verification commands ····························································································································· 93

Procedure ················································································································································· 94

Upgrading the devices ····································································································································· 96

Upgrading the leaf devices ······················································································································· 96

Upgrading the spine devices ···················································································································· 97

Upgrading the border devices ·················································································································· 98

Expanding the network····································································································································· 98

Adding a leaf device ································································································································· 99

Replacing hardware ········································································································································· 99

Replacing a service module ····················································································································· 99

Replacing a switching fabric module ······································································································ 100

1

Example: Configuring DRNI and EVPN

distributed gateways (IS-IS for underlay

routing)

Network configuration

As shown in Figure 1:

•

Deploy a DR system at the border tier, and deploy two DR systems at the leaf tier. Configure

the DR systems as follows:

 Configure direct physical links as IPLs.

 Set up one border DR system with two HPE FlexFabric 12900E (Type X) switches.

Configure SDN gateways on the border DR system to forward traffic between the data

center and external network, and between PODs.

 Set up one leaf DR system with two HPE FlexFabric 5940 switches. Configure them as

SDN ToR switches and distributed EVPN gateways for network overlay.

 Set up another leaf DR system with two HPE FlexFabric 5945 switches. Configure them as

SDN ToR switches and distributed EVPN gateways for network overlay.

•

Configure two HPE FlexFabric 12900E (Type X) switches as spine devices. Configure them as

route reflectors to reflect BGP EVPN routes among border and leaf devices.

•

Configure the firewalls as follows:

 Configure them to operate in primary/secondary mode.

 Attach the firewalls to the border DR system by using four aggregation links of DR groups.

 Assign the firewalls to the same VLAN as the border DR system.

•

Configure static routes on the border DR system to direct the following traffic to the firewall for

security policy-based filtering or NAT:

 South-to-north traffic sent from the bare metal servers and VMs to the external network.

 Inter-VPC east-west traffic sent between the bare metal servers and VMs.

•

Configure the C-spine device to provide access to other data centers and forward Layer 3

traffic on the underlay network.

•

Configure the public device to provide access to the external network.

NOTE:

This example uses IS

-IS as the underlay routing protocol. Alternatively

, you can use OSPF or other

protocols for routing on the underlay network.

2

Figure 1 Network diagram

Device

Interface

IP address

Remarks

Leaf 1

XGE1/0/21 N/A Member port of an underlay DR interface.

Connected to a virtualization server.

XGE1/0/47 N/A Member port of a DR interface

, interface

with ACs configured.

Connected to a bare metal server.

FGE1/0/53 N/A Member port of the IPP.

Connected to FGE1/0/53 on Leaf 2.

FGE1/0/54 N/A Member port of the IPP.

Connected to FGE1/0/54 on Leaf 2.

FGE1/0/51 6.1.1.1/30 Connected to FGE3/0/16 on Spine 1.

Spine

Leaf

Virtualization

Server 1 Bare metal

Server 2

BAGG1024

BAGG101

FGE1/0/53~FGE1/0/54

Leaf 1

5.1.1.1 Leaf 2

5.1.1.2

XGE1/0/47

XGE1/0/21

Virtualization

Server 3Bare metal

Server 4

BAGG1024

BAGG101

HGE1/0/31~HGE1/0/32

Leaf 3

5.1.1.3 Leaf 4

5.1.1.4

Virtual VTEP

address:5.1.1.102

WGE1/0/55

Spine 1

5.1.1.6

HGE2/0/5

HGE2/0/9

HGE2/0/10

HGE2/0/7

XGE2/0/11

Virtual VTEP

address:5.1.1.101

FGE1/0/51

FGE1/0/49

HGE1/0/29

HGE1/0/25

Spine 2

5.1.1.8

FGE3/0/16

FGE3/0/4

FGE3/0/13

FGE3/0/1

HGE2/0/3

HGE2/0/1

HGE2/0/12

Border/ED 1

5.1.1.7 Border/DE 2

5.1.1.9

Border

HGE2/0/21 HGE2/0/7

HGE3/0/36 HGE3/0/36

Virtual VTEP

address:100.100.100.100 HGE1/0/1

HGE1/0/13

Firewall C-spine

2.1.1.20

IP network

HGE1/0/16

BAGG4

FGE8/0/4

FGE8/0/1

HGE2/0/5

HGE3/0/24

HGE1/0/12

HGE2/0/27

HGE2/0/11

HGE2/0/27

HGE2/0/29

BAGG10

BAGG20

WGE1/0/21

XGE1/0/21 XGE1/0/47 WGE1/0/21 WGE1/0/55

Public

Border/ED of other DC

IPL

Keepalive

3

Device

Interface

IP address

Remarks

FGE1/0/49 6.1.1.5/30 Connected to FGE3/0/4 on Spine 2.

Loopback0 5.1.1.1/32 VTEP IP address.

Loopback1 5.1.1.101/32 Virtual VTEP IP address.

Vlan-interface2 10.10.10.3/24

VRRP virtual IP:

10.10.10.254

The VRRP virtual IP address is the gateway

address for virtualization servers.

Vlan-interface10 10.1.1.1/24 IPL.

Leaf 2

XGE1/0/21 N/A Member port of an underlay DR interface.

Connected to a virtualization server.

XGE1/0/47 N/A Member port of a DR interface

, interface

with ACs configured.

Connected to a bare metal server.

FGE1/0/53 N/A Member port of the IPP.

Connected to FGE1/0/53 on Leaf 1.

FGE1/0/54 N/A Member port of the IPP.

Connected to FGE1/0/54 on Leaf 1.

FGE1/0/51 6.1.1.9/30 Connected to FGE3/0/13 on Spine 1.

FGE1/0/49 6.1.1.13/30 Connected to FGE3/0/1 on Spine 2.

LoopBack0 5.1.1.2/32 VTEP IP address.

LoopBack1 5.1.1.101/32 Virtual VTEP IP address.

Vlan-interface2 10.10.10.4/24

VRRP virtual IP:

10.10.10.254

The VRRP virtual IP address is the gateway

address for virtualization servers.

Vlan-interface10 10.1.1.2/24 IPL.

Leaf 3

WGE1/0/21 N/A Member port of an underlay DR interface.

Connected to a virtualization server.

WGE1/0/55 N/A Member port of a DR interface

, interface

with ACs configured.

Connected to a bare metal server.

HGE1/0/31 N/A Member port of the IPP.

Connected to HGE1/0/31 on Leaf 4.

HGE1/0/32 N/A Member port of the IPP.

Connected to HGE1/0/32 on Leaf 4.

HGE1/0/29 6.1.1.17/30 Connected to HGE2/0/3 on Spine 1.

HGE1/0/25 6.1.1.29/30 Connected to HGE2/0/12 on Spine 2.

LoopBack0 5.1.1.3/32 VTEP IP address.

LoopBack1 5.1.1.102/32 Virtual VTEP IP address.

Vlan-interface2 50.50.50.2/24

VRRP virtual IP:

50.50.50.254

The VRRP virtual IP address is the gateway

address for virtualization servers.

Vlan-interface10 10.2.1.1/24 IPL.

4

Device

Interface

IP address

Remarks

Leaf 4

WGE1/0/21 N/A Member port of an underlay DR interface.

Connected to a virtualization server.

WGE1/0/55 N/A Member port of a DR interface

, interface

with ACs configured.

Connected to a bare metal server.

HGE1/0/31 N/A Member port of the IPP.

Connected to HGE1/0/31 on Leaf 3.

HGE1/0/32 N/A Member port of the IPP.

Connected to HGE1/0/32 on Leaf 3.

HGE1/0/29 6.1.1.25/30 Connected to HGE2/0/1 on Spine 1.

HGE1/0/25 6.1.1.21/30 Connected to HGE2/0/11 on Spine 2.

LoopBack0 5.1.1.4/32 VTEP IP address.

LoopBack1 5.1.1.102/32 Virtual VTEP IP address.

Vlan-interface2 50.50.50.3/24

VRRP virtual IP:

50.50.50.254

The VRRP virtual IP address is the gateway

address for virtualization servers.

Vlan-interface10 10.2.1.2/24 IPL.

Spine 1

FGE3/0/16 6.1.1.2/30 Connected to FGE1/0/51 on Leaf 1.

FGE3/0/13 6.1.1.10/30 Connected to FGE1/0/51 on Leaf 2.

HGE2/0/3 6.1.1.18/30 Connected to HGE1/0/29 on Leaf 3.

HGE2/0/1 6.1.1.26/30 Connected to HGE1/0/29 on Leaf 4.

HGE2/0/5 6.1.1.33/30 Connected to HGE3/0/16 on Border 1.

HGE2/0/7 6.1.1.37/30 Connected to HGE2/0/13 on Border 2.

LoopBack0 5.1.1.6/32 N/A

Spine 2

FGE3/0/4 6.1.1.6/30 Connected to FGE1/0/49 on Leaf 1.

FGE3/0/1 6.1.1.14/30 Connected to FGE1/0/49 on Leaf 2.

HGE2/0/12 6.1.1.30/30 Connected to HGE1/0/25 on Leaf 3.

HGE2/0/11 6.1.1.22/30 Connected to HGE1/0/25 on Leaf 4.

HGE2/0/9 6.1.1.41/30 Connected to HGE2/0/12 on Border 1.

HGE2/0/10 6.1.1.45/30 Connected to HGE2/0/1 on Border 2.

LoopBack0 5.1.1.8/32 N/A

Border 1

HGE1/0/16 6.1.1.34/30 Connected to HGE2/0/5 on Spine 1.

HGE1/0/12 6.1.1.42/30 Connected to HGE2/0/9 on Spine 2.

HGE2/0/21 N/A Member port of the IPP.

Connected to HGE2/0/7 on Border 2.

HGE3/0/36 N/A Member port of the IPP.

Connected to HGE3/0/36 on Border 2.

HGE2/0/5 5.58.1.1/30 Connected to the C-spine device.

FGE3/0/24 N/A Member port of a DR interface.

5

Device

Interface

IP address

Remarks

Connected to the public device.

HGE2/0/27 N/A Member port of a DR interface.

Upstream traffic forwarding to the firewalls.

HGE2/0/11 N/A Member port of a DR interface.

Downstream traffic forwarding to the

firewalls.

LoopBack0 5.1.1.7/32 ED IP address.

LoopBack100 100.100.100.100/32 Virtual ED IP address.

Vlan-interface10

00 100.1.1.1/24 IPL.

Border 2

HGE1/0/13 6.1.1.38/30 Connected to HGE2/0/7 on Spine 1.

HGE1/0/1 6.1.1.46/30 Connected to HGE2/0/10 on Spine 2.

HGE2/0/7 N/A Member port of the IPP.

Connected to HGE2/0/21 on Border 1.

HGE3/0/36 N/A Member port of the IPP.

Connected to HGE3/0/36 on Border 2.

HGE2/0/5 5.58.1.5/30 Connected to the C-spine device.

FGE3/0/24 N/A Member port of a DR interface.

Connected to the public device.

HGE2/0/27 N/A Member port of a DR interface.

Upstream traffic forwarding to the firewalls.

HGE2/0/29 N/A Member port of a DR interface.

Downstream traffic forwarding to the

firewalls.

LoopBack0 5.1.1.9/32 ED IP address.

LoopBack100 100.100.100.100/32 Virtual ED IP address.

Vlan-interface10

00 100.1.1.2/24 IPL.

Traffic forwarding models

A VM is in a host overlay network, and a bare metal host is called a BM in network overlay. The

following traffic forwarding models are available:

•

Intra-VPC forwarding in the same POD (leaf > spine > leaf):

 VM-to-VM and VM-to-BM Layer 2 and Layer 3 communication through the same DR

system at the leaf tier.

 BM-to-VM and BM-to-BM Layer 2 and Layer 3 communication through the same DR

system at the leaf tier.

 VM-to-VM and VM-to-BM Layer 2 and Layer 3 communication across DR systems at the

leaf tier.

 BM-to-VM and BM-to-BM Layer 2 and Layer 3 communication across DR systems at the

leaf tier.

6

•

Inter-VPC forwarding in the same POD (leaf > spine > border > firewall > border > spine >

leaf):

 VM-to-VM and VM-to-BM Layer 3 communication through the same DR system at the leaf

tier.

 BM-to-VM and BM-to-BM Layer 3 communication through the same DR system at the leaf

tier.

 VM-to-VM and VM-to-BM Layer 3 communication across DR systems at the leaf tier.

 BM-to-VM and BM-to-BM Layer 3 communication across DR systems at the leaf tier.

•

Inter-POD forwarding (leaf > spine > border > C-spine > border > spine > leaf):

 VM-remote host and BM-remote host Layer 2 communication across PODs.

 VM-remote host and BM-remote host Layer 3 communication across PODs.

•

Forwarding between the data center and the external network (leaf > spine > border > firewall >

border > public device):

 Layer 3 communication between BMs and the external network.

 Layer 3 communication between VMs and the external network.

 SSH, FTP, and fping operations from the external network to the data center (leaf > spine >

border > LB > border > public device).

Applicable product matrix

IMPORTANT:

In addition to running an applicable software version, you must also install the most recent patch, if

any.

Role

Device

Software version

Border or spine

HPE FlexFabric 12900E Switch Series

(Type K) R5210

HPE FlexFabric 12900E Switch Series

(Type X) R7624P08

Leaf

HPE FlexFabric 5940 & 5710 Switch Series

5940 switches are used in this configuration

example. R6710

HPE FlexFabric 5944 & 5945 Switch Series

5945 switches are used in this configuration

example. R6710

SDN controller N/A

SeerEngine-DC E3610

or higher

versions

NOTE:

Before you use a higher version than

E3610, contact Hewlett Packard

Enterprise

support to verify version

compatibility.

7

Configuring HPE FlexFabric 5940 switches as

leaf devices

Procedure summary

•

Configuring the resource mode (only on HPE FlexFabric 5940 switches)

•

Creating VRRP groups

•

Configuring IS-IS

•

Configuring the links towards the spine tier

•

Configuring L2VPN

•

Configuring DRNI

•

Configuring the links towards the virtualization servers

•

Configuring the links towards the bare metal servers

•

Configuring spanning tree

•

Configuring a BGP instance

•

Configuring the overlay network

Configuring the resource mode (only on HPE FlexFabric

5940 switches)

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

hardware-res

ource

switch-mode

4

hardware-reso

urce

switch-mode 4 Manual

Set the hardware

resource mode for

the MAC address

table, ARP/ND

table, and routing

tables.

Adjust the

capacities of

the MAC

address table,

ARP/ND

table, and

routing tables.

Reboot the

device for this

setting to take

effect.

hardware-res

ource

routing-mode

ipv6-128

hardware-reso

urce

routing-mode

ipv6-128

Manual

Enable support for

IPv6 routes with

prefixes longer

than 64 bits.

N/A

Reboot the

device for this

setting to take

effect.

hardware-res

ource vxlan

l3gw40k

hardware-reso

urce vxlan

l3gw40k Manual

Set the VXLAN

hardware resource

mode to

Layer 3

gateway mode

that supports 40 K

of overlay

adjacency table

N/A

Reboot the

device for this

setting to take

effect.

openflow

flow-table

ipv6-enhance

d

openflow

flow-table

ipv6-enhance

d

Manual Enable support for

bidirectional

security groups. N/A N/A

openflow

permit-flag

ignore

openflow

permit-flag

ignore Manual I

gnore the permit

flag added by

OpenFlow.

Enable

support for

bidirectional

security

groups and

N/A

8

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

port rate

limiting.

Creating VRRP groups

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

vlan 2 vlan 2 Manual

Configure the

VLAN used to

communicate with

a virtualization

server.

The switch is

an underlay

device to a

virtualization

server.

N/A

interface

Vlan-interface

2

interface

Vlan-interface

2

Manual

Create a VLAN

interface. N/A N/A

ip address

10.10.10.3

255.255.255.0

ip address

10.10.10.4

255.255.255.0

Manual

Assign an IP

address to the

interface. N/A N/A

vrrp vrid 1

virtual-ip

10.10.10.25

4

vrrp vrid 1

virtual-ip

10.10.10.25

4

Manual

Configure the

virtual IP address

of a VRRP group. N/A N/A

vrrp vrid 1

priority 100

vrrp vrid 1

priority 101 Manual

Configure the

priority of the

device

in the

VRRP group.

VRRP

determines

the role

(master or

backup) of

each router in

a VRRP

group by

priority. A

router with

higher priority

is more likely

to become

the master.

The larger the

priority value,

the higher the

priority.

undo vrrp vrid

1

preempt-mod

e

undo vrrp vrid

1

preempt-mod

e

Manual

Configure the

device to work in

non-preemptive

mode in the VRRP

group.

Ensure

consistency

between the

VRRP role

and DR role.

This

co

mmand is

optional.

Inconsistency

between the

VRRP role

and DR role

does not

affect traffic

forwarding.

quit

Manual N/A N/A N/A

ip prefix-list

1

i

ndex 10

permit

10.10.10.0

24

ip prefix-list

1

index 10

permit

10.10.10.0

24

Manual

Configure an IPv4

prefix list or an

item for the list.

Create an

IPv4 prefix list

for the virtual

IP address of

the VRRP

group.

N/A

9

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

route-policy 1

permit node 0 route-policy 1

permit node 0 Manual

Configure a

routing policy.

Create the

routing policy

used in IS-IS

IPv4 unicast

address

family view.

N/A

if-

match ip

address

prefix-list

1

if-

match ip

address

prefix-list

1

Manual

Match IPv4 routes

with an IPv4 prefix

list. N/A N/A

quit quit Manual

Exit routing policy

view. N/A N/A

Configuring IS-IS

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

router id

5.1.1.1

router id

5.1.1.2 Manual

Configure the IP

address of

Loopback 0 as the

router ID.

Configure the

global router

ID. N/A

isis

1

isis

1

Manual Enter IS-IS view. N/A N/A

is-level

level-2 is-level

level-2 Manual

Specify the IS

level.

If the only

area is an IP

network,

configure all

the routers as

Level-

2 for

scalability.

N/A

cost-style

wide cost-style

wide Manual

Set the cost style

to wide.

Enable the

device to

receive wide

cost style

packets.

N/A

timer spf 1 10

10 timer spf 1 10

10 Manual

Set the maximum

SPF calculation

interval to 1

second, minimum

SPF calculation

interval to 10

milliseconds, and

incremental SPF

calculation interval

to 10 milliseconds.

Reduce the

interval

between two

SPF

calculations

and speed up

convergence.

N/A

timer

lsp-max-age

65535

timer

lsp-max-age

65535 Manual

Set the LSP

maximum age in

the LSDB to

65535 seconds.

A large LSP

maximum

age reduces

LSP floods.

Any LSP with

an age of 0 is

deleted from

the LSDB.

N/A

timer timer Manual

Set the LSP

A large

N/A

10

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

lsp-refresh

65000

lsp-refresh

65000

refresh interval to

65000 seconds.

refresh

interval

reduces LSP

refreshes and

saves

bandwidth.

timer

lsp-generation

1 10 10

timer

lsp-generation

1 10 10 Manual

Set the maximum

interval to 1

second, minimum

interval to 10

milliseconds, and

incremental

interval to 10

milliseconds for

LSP generation.

Speed up

LSP

generation

and routing

convergence

upon network

topology

changes.

N/A

set-overload

on-startup

360

set-overload

on-startup 360

Manual

Set the overload

bit for 360

seconds upon

system startup.

Delay VRRP

address

advertisemen

t after system

startup to

reduce traffic

loss during

fallback.

N/A

network-entity

51.0000.000

5.0001.00

network-entity

51.0000.000

5.0002.00

Manual Configure the NET

for an IS-IS

process. N/A N/A

address-famil

y ipv4 unicast address-family

ipv4 unicast Manual Enter IS-

IS IPv4

address family

view. N/A N/A

fast-reroute

lfa fast-reroute lfa

Manual Configure IS-IS

FRR.

Enable IS-IS

to calculate

backup next

hops for all

Level-2

routes to

reduce traffic

interruption

upon

link or

device failure.

N/A

import-route

direct

route-policy 1

import-route

direct

route-policy 1 Manual

Redistribute direct

VRRP routes.

U

se this

command

together with

the

set-overlo

ad command

to delay

VRRP route

advertisemen

t after system

startup to

optimize

route

convergence

upon fallback.

N/A

quit quit Manual Exit address family

view. N/A N/A

11

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

quit

Manual Exit IS-IS view. N/A N/A

interface

LoopBack0 interface

LoopBack0 Manual

Create Loopback

0 and enter its

view. N/A N/A

ip address

5.1.1.1

255.255.255.

255

ip address

5.1.1.2

255.255.255.2

55

Manual

Assign an IP

address to the

interface.

Configure the

VTEP IP

address. N/A

isis enable 1 isis enable 1 Manual Enable IS-

IS on

the interface. N/A N/A

isis

circuit-level

level-2

isis

circuit-level

level-2 Manual Set the circuit level

for the interface to

Level-2. N/A

For the

Level-2

device, the

circuit level

can only be

Level-2.

quit quit Manual

Exit the view of

Loopback 0. N/A N/A

interface

LoopBack1 interface

LoopBack1 Manual

Create Loopback

1

and enter its

view. N/A N/A

ip address

5.1.1.101

255.255.255.

255

ip address

5.1.1.101

255.255.255.2

55

Manual

Assign an IP

address to the

interface.

Configure the

virtual VTEP

IP address. N/A

isis enable 1 isis enable 1 Manual Enable IS-

IS on

the interface. N/A N/A

isis

circuit-level

level-2

isis

circuit-level

level-2 Manual Set the circuit level

for the interface to

Level-2. N/A

For the

Level-2

device, the

circuit level

can only be

Level-2.

quit quit Manual

Exit the view of

Loopback 1. N/A N/A

vlan 10 vlan 10 Manual Create a VLAN.

Create the

VLAN for

communicatin

g with the DR

peer.

N/A

interface

Vlan-interface

10

interface

Vlan-interface

10 Manual Create

VLAN-interface

10.

Create the

VLAN

interface for

the VLAN

used for

communicatin

g with the DR

peer

. When

the uplink

interface fails,

the device

forwards the

packets

N/A

12

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

received on

the DR

interface

s to

the DR peer

for Layer 3

forwarding.

ip address

10.1.1.1

255.255.255.

0

ip address

10.1.1.2

255.255.255.0 Manual

Assign an IP

address to the

interface. N/A N/A

isis enable 1 isis enable 1 Manual Enable IS-

IS on

the interface. N/A N/A

isis

circuit-level

level-2

isis

circuit-level

level-2 Manual Set the circuit level

for the interface to

Level-2. N/A

For the

Level-2

device, the

circuit level

can only be

Level-2.

isis

circuit-type

p2p

isis circuit-type

p2p Manual

Set the network

type of the

interface to P2P.

If only two

routers exist

on a

broadcast

network, set

the network

type of

attached

interfaces to

P2P to avoid

DIS election

and CSNP

flooding. This

saves

network

bandwidth

and speeds

up network

convergence.

N/A

isis peer

hold-max-cost

duration

20000

isis peer

hold-max-cost

duration

20000

Manual

Enable IS-

IS to

advertise the

maximum link cost

to neighbors within

20000

milliseconds.

N/A

Execute this

command at

both ends of a

link.

quit quit Manual

Exit the view of

VLAN-interface

10. N/A N/A

NOTE:

On an

IS-IS network, when a link recovers from failures or the state of an interface changes, IS-IS

will re

-establish neighbor relationships and perform route convergence. During the route

convergence process, routing loops and traffic loss might occur because t

he convergence speeds

of the nodes are different. To address this issue, enable IS

-

IS to advertise the maximum link cost to

neighbors within the specified period, so the traffic forwarding path remains unchanged. After the

specified period, IS

-IS advertises the original link cost to neighbors and performs optimal route

selection again.

13

Configuring the links towards the spine tier

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

interface

FortyGigE1/0

/49

interface

FortyGigE

1/0/49 Manual

Configure the

interface

connected to

Spine 2.

N/A N/A

port link-mode

route port link-mode

route Manual

Configure the

Ethernet interface

to work in Layer 3

mode.

N/A N/A

ip address

6.1.1.5

255.255.255

.252

ip address

6.1.1.13

255.255.255

.252

Manual Assign

an IP

address to the

interface. N/A N/A

isis enable 1 isis enable 1 Manual Enable IS-

IS on

the interface. N/A N/A

isis

circuit-level

level-2

isis

circuit-level

level-2 Manual Set the circuit level

for the interface to

Level-2. N/A

For the

Level-2

device, the

circuit level

can only be

Level-2.

isis

circuit-type

p2p

isis circuit-type

p2p Manual

Set the network

type of the

interface to P2P.

If only two

routers exist

on a

broadcast

network, set

the network

type of

attached

interfaces to

P2P to avoid

DIS election

and CSNP

flooding. This

saves

network

bandwidth

and speeds

up network

convergence.

N/A

isis peer

hold-max-cost

duration

20000

isis peer

hold-max-cost

duration

20000

Manual

Enable IS-

IS to

advertise the

maximum link cost

to neighbors within

20000

milliseconds.

N/A

Execute this

command at

both ends of a

link.

undo

mac-address

static

source-check

enable

undo

mac-address

static

source-check

enable

Manual

Disable static

source check.

To correctly

forward traffic

sourced from

the MAC

address of a

VLAN

interface, you

must disable

the static

N/A

14

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

source check

feature on the

Layer 2

interfaces in

the VLAN.

interface

FortyGigE1/0

/51

interface

FortyGigE

1/0/51 Manual

Configure the

interface

connected to

Spine 1.

N/A N/A

port link-mode

route port link-mode

route Manual

Configure the

Ethernet interface

to work in Layer 3

mode.

N/A N/A

ip address

6.1.1.1

255.255.255

.252

ip address

6.1.1.9

255.255.255

.252

Manual

Assign an IP

address to the

interface. N/A N/A

isis enable 1 isis enable 1 Manual Enable IS-

IS on

the interface. N/A N/A

isis

circuit-level

level-2

isis

circuit-level

level-2 Manual Set the circuit level

for the interface to

Level-2. N/A

For the

Level-2

device, the

circuit level

can only be

Level-2.

isis

circuit-type

p2p

isis circuit-type

p2p Manual

Set the network

type of the

interface to P2P.

If only two

routers exist

on a

broadcast

network, set

the network

type of

attached

interfaces to

P2P to avoid

DIS election

and CSNP

flooding. This

saves

network

bandwidth

and speeds

up network

convergence.

N/A

isis peer

hold-max-cost

duration

20000

isis peer

hold-max-cost

duration

20000

Manual

Enable IS-

IS to

advertise the

maximum link cost

to neighbors within

20000

milliseconds.

N/A N/A

undo

mac-address

static

source-check

enable

undo

mac-address

static

source-check

enable

Manual

Disable static

source check.

To correctly

forward traffic

sourced from

the MAC

address of a

VLAN

interface, you

N/A

15

Leaf 1 Leaf 2 Configuration

method

Description Purpose Remarks

must disable

the static

source check

feature on the

Layer 2

interfaces in

the VLAN.

Configuring L2VPN

Leaf 1 Leaf 2 Configuratio

n method

Description Purpose Remarks

l2vpn enable

Manual Enable L2VPN. N/A N/A

l2vpn

statistics

interval 30

l2vpn statistics

interval 30 Manual

Set the interval for

collecting L2VPN

statistics to 30

seconds.

Configure this

setting

according to

the gRPC

report

interval.

N/A

vxlan

default-decap

sulation

source

interface

LoopBack0

vxlan

default-decaps

ulation source

interface

LoopBack0

Manual

Enable default

VXLAN

decapsulation on

the packets

destined f

or the

VTEP IP address.

N/A

This

command

takes effect

only when the

specified

interface has

an IP address.

vxlan tunnel

mac-learning

disable

vxlan tunnel

mac-learning

disable Manual Disable

remote-MAC

address learning.

Execute this

command if a

controller

issues

forwarding

entries to the

device.

N/A

vxlan tunnel

arp-learning

disable

vxlan tunnel

arp-learning

disable Manual

Disable remote

ARP learning.

Execute this

command if a

controller

issues

forwarding

entries to the

device.

N/A

vxlan tunnel

nd-learning

disable

vxlan tunnel

nd-learning

disable Manual

Disable remote

ND learning.

Execute this

command if a

controller

issues

forwarding

entries to the

device.

N/A

mac-address

timer aging

3600

mac-address

timer aging

3600 Manual

Set the aging time

to 3600 seconds

for dynamic MAC

address entries.

Increase this

timer to

ensure

forwarding

entry

synchronizati

on is finished

This setting

must be

consistent on

the DR

member

devices in the

same DR

16

Leaf 1 Leaf 2 Configuratio

n method

Description Purpose Remarks

in time after

the DR peer

restarts.

system.

mac-address

mac-move

fast-update

mac-address

mac-move

fast-update Manual

Enable ARP fast

update for MAC

address moves.

Use this

command

together with

gRPC.

N/A

NOTE:

If you use two border devices to set up

a DR system and BM

s in bond1 mode need to communicate

with the external network, unidirectional tunnels exist between the ToR switches and SDN gateway.

Typically, unidirectional tunnels are set up when a ToR switch is disconnected from the controller or

new

BMs come online. In this scenario, an online ToR switch advertises routes that contain its real

IP address. The SDN will set up a tunnel to that real IP address, while the ToR switch uses the

virtual VTEP IP address for tunnel setup.

For the ToR switches to

decapsulate the packets sent by

the SDN gateway, enable default VXLAN decapsulation on the ToR switches.

Configuring DRNI

Leaf 1 Leaf 2 Configuratio

n method

Description Purpose Remarks

ip

vpn-instance

management

ip

vpn-instance

management

Manual Create

a VPN for

the management

Ethernet interface. N/A This command

is optional.

interface

M-GigabitEth

ernet

0/0/0

interface

M-GigabitEthe

rnet

0/0/0

Manual

Enter the view of

the management

Ethernet interface. N/A N/A

ip binding

vpn-instance

management

ip binding

vpn-instance

management Manual

Assign the

management

Ethernet interface

to the VPN.

N/A

Assign the

management

Ethernet

interface to a

VPN as

needed.

ip address

192.1.2.66

255.255.255.

0

ip address

192.1.2.67

255.255.255.0 Manual

Configure a

mana

gement IP

address. N/A N/A

quit quit Manual Exit the view of the

management

Ethernet interface. N/A N/A

l2vpn drni

peer-link

ac-match-rule

vxlan-mappin

g

l2vpn drni

peer-link

ac-match-rule

vxlan-mapping

Manual

Enable the device

to create frame

match criteria

based on VXLAN

IDs for the

dynamic ACs on

the IPL.

Perform this task

when the DR

system

uses a

direct physical link

as the IPL.

N/A N/A

17

Leaf 1 Leaf 2 Configuratio

n method

Description Purpose Remarks

evpn drni

group

5.1.1.101

evpn drni

group

5.1.1.101 Manual

Enable EVPN

distributed relay

and specify the

virtual VTEP

address.

N/A

You must

specify the

same virtual

VTEP address

on both

VTEPs in the

same DR

system.

evpn drni

local 5.1.1.1

remote

5.1.1.2

evpn drni local

5.1.1.2

remote

5.1.1.1

Manual

Specify the IP

addresses of the

VTEPs in

a DR

system.

After you

configure this

command,

each VTEP in

a DR system

changes the

next hop of

the routes for

single-armed

ACs to its

local VTEP IP

address when

advertising

the routes.

This ensures

that the traffic

of a

single-armed

AC is

forwarded to

its attached

VTEP.

When you

execute this

command,

make sure the

IP address of

the local VTEP

belongs to a

local interface.

Make sure the

local VTEP IP

address and

peer VTEP IP

address are

reversed on

the VTEPs in

a DR system.

evpn

global-mac

00e0-fc00-5

80a

evpn

global-mac

00e0-fc00-5

80a

Manual

Configure the

EVPN global MAC

address. N/A

You must

specify the

same EVPN

global MAC

address on the

devices in the

same DR

system.

Do not use a

reserved MAC

address as the

EVPN global

MAC address.

drni

system-mac

00e0-fc00-5

800

drni

system-mac

00e0-fc00-5

800

Manual Configure the DR

system MAC

address.

Configure the

settings

required for

establishing

the DR

system.

The DR

system MAC

address

uniquely

identifies the

DR system on

the network.

For the DR

member

devices to be

identified as

one DR

system

, you

must configure

the same DR

system MAC

18

Leaf 1 Leaf 2 Configuratio

n method

Description Purpose Remarks

address on

them.

drni

system-numb

er 1

drni

system-numbe

r 2 Manual Set the DR system

number.

Configure the

settings

required for

establishing

the DR

system.

You must

assign

different DR

system

numbers to

the DR

member

devices in a

DR system.

drni

system-priorit

y 123

drni

system-priority

123 Manual Set the DR system

priority. N/A

This command

is optional.

You must

configure the

same DR

system priority

for the DR

member

devices in a

DR system.

The default

DR system

priority is

32768. The

smaller the

priority value,

the higher the

priority.

drni keepalive

ip destination

192.1.2.67

source

192.1.2.66

vpn-instance

management

drni keepalive

ip destination

192.1.2.66

source

192.1.2.67

vpn-instance

management

Manual Configure DR

keepalive packet

parameters.

Use the

management

Ethernet

interface to

set up the

keepalive link.

This interface

is excluded

from the

DRNI MAD

DOWN

action.

Yo

u do not

need to

specify a VPN

instance if the

interface does

not belong to

any VPN

instance.

If the interface

that owns the

source IP

address is not

excluded from

the DRNI MAD

DOWN action,

exclude it from

that action.

drni mad

default-action

none

drni mad

default-action

none

Manual

Set the default

DRNI MAD action

to NONE. N/A N/A

drni mad

include

interface

FortyGigE1/0

/49

drni mad

include

interface

FortyGigE

1/0/49

Manual

Enable DRNI to

shut down an

interface when the

DR system splits.

Shut down

the interface

upon

a DR

system split

to reduce the

fallback

duration after

a device

Execute this

command on

the uplink

interface

attached to a

spine device.

Page is loading ...

Aruba DRNI and EVPN Configuration Guide

Aruba DRNI and EVPN Configuration Guide

Related papers

Other documents