JH951A

Aruba JH951A, JL844A, JL845A, R9F19A, R9F20A Configuration Guide

  • Hello! I have reviewed the HPE FlexFabric 12900E Switch Series EVPN Configuration Guide. This document provides comprehensive instructions on setting up and managing EVPN functionalities for the FlexFabric 12900E series, including VXLAN, VPWS, and VPLS configurations. The guide covers various aspects from basic Layer 2 forwarding to advanced multihoming and redundancy setups. I'm ready to assist you with any questions you may have regarding the configuration or features described in this document.
  • What EVPN solutions are covered in the guide?
    What is multihoming in the context of EVPN VXLAN?
    What does DRNI stand for in EVPN context?
    What modes of IRB are available for Distributed EVPN gateway deployment?
HPE FlexFabric 12900E Switch Series
EVPN Configuration Guide
Software
version: Release 5210
Document version: 6W100-20230424
© Copyright 2023 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
i
Contents
EVPN overview ······························································································ 1
EVPN solutions ·················································································································································· 1
EVPN VXLAN ············································································································································· 1
EVPN VPWS ·············································································································································· 1
EVPN VPLS ··············································································································································· 2
EVPN benefits ···················································································································································· 2
Layered transport network ································································································································· 3
MP-BGP extension for EVPN····························································································································· 3
RD and route target selection of BGP EVPN routes ·························································································· 4
EVPN VXLAN overview ················································································· 6
EVPN network model ········································································································································· 6
Configuration automation ··································································································································· 7
Assignment of traffic to VXLANs ························································································································ 7
Traffic from the local site to a remote site ·································································································· 7
Traffic from a remote site to the local site ·································································································· 8
Layer 2 forwarding ············································································································································· 8
MAC learning ············································································································································· 8
Unicast ······················································································································································· 8
Flood ·························································································································································· 9
Centralized EVPN gateway deployment ·········································································································· 10
Distributed EVPN gateway deployment ··········································································································· 11
About distributed EVPN gateway deployment ························································································· 11
Symmetric IRB ········································································································································· 12
Asymmetric IRB ······································································································································· 15
EVPN VXLAN multihoming ······························································································································ 16
About EVPN VXLAN multihoming ············································································································ 16
DF election ··············································································································································· 17
Split horizon ············································································································································· 19
Redundancy mode ··································································································································· 19
IP aliasing ················································································································································· 19
ARP and ND flood suppression ······················································································································· 20
MAC mobility ···················································································································································· 21
EVPN DRNI······················································································································································ 21
About EVPN DRNI ··································································································································· 21
VM reachability information synchronization ···························································································· 21
Virtual VTEP address ······························································································································· 22
Independent BGP neighbor relationship establishment ··········································································· 22
Site-facing link redundancy ······················································································································ 22
Configuring EVPN VXLAN ··········································································· 24
Restrictions and guidelines: EVPN VXLAN configuration ················································································ 24
EVPN VXLAN tasks at a glance ····················································································································· 24
Setting the forwarding mode for VXLANs ········································································································ 25
Configuring a VXLAN on a VSI ························································································································ 26
Configuring an EVPN instance ························································································································ 26
About EVPN instance configuration ········································································································· 26
Restrictions and guidelines for EVPN instance configuration ·································································· 27
Configuring an EVPN instance created in system view ··········································································· 27
Configuring an EVPN instance created in VSI view ················································································· 28
Configuring EVPN VXLAN multihoming ··········································································································· 28
Restrictions and guidelines for EVPN VXLAN multihoming ····································································· 28
Assigning an ESI to an interface ·············································································································· 29
Configuring the DF election algorithm ······································································································ 29
Setting the DF election delay ··················································································································· 30
Disabling advertisement of EVPN multihoming routes············································································· 31
ii
Enabling the device to ignore the Ethernet tag when advertising Ethernet auto-discovery routes and
MAC/IP advertisement routes ·················································································································· 31
Enabling the device to monitor the BGP peer status of another local edge device ································· 32
Configuring BGP to advertise BGP EVPN routes ···························································································· 33
Restrictions and guidelines for BGP EVPN route advertisement ····························································· 33
Enabling BGP to advertise BGP EVPN routes ························································································· 33
Configuring route advertisement settings································································································· 33
Preferring routes with an IPv6 next hop during optimal route selection ··················································· 35
Configuring routing policy-based recursive lookup ·················································································· 36
Maintaining BGP sessions ······················································································································· 37
Mapping ACs to a VSI ······································································································································ 37
Mapping a Layer 3 interface to a VSI ······································································································· 37
Mapping an Ethernet service instance to a VSI ······················································································· 38
Mapping dynamic Ethernet service instances to VSIs ············································································· 38
Configuring a centralized EVPN gateway ········································································································ 40
Configuring a centralized gateway interface ···························································································· 40
Setting the static flag for the MAC addresses of centralized gateway interfaces ····································· 40
Configuring a distributed EVPN gateway ········································································································· 41
Restrictions and guidelines for distributed EVPN gateway configuration ················································· 41
Prerequisites for distributed EVPN gateway configuration······································································· 41
Configuring the traffic forwarding mode for EVPN VXLAN ······································································ 41
Configuring a VSI interface ······················································································································ 42
Configuring an L3 VXLAN ID for a VSI interface······················································································ 43
Configuring IP prefix route advertisement ································································································ 45
Configuring BGP route exchange between the public instance and VPN instances ······························· 46
Configuring the EVPN global MAC address····························································································· 48
Enabling the device to advertise ARP information for the distributed EVPN gateway interfaces through
MAC/IP advertisement routes ·················································································································· 49
Managing remote MAC address entries and remote ARP learning ································································· 49
Disabling remote MAC address learning and remote ARP learning ························································ 49
Disabling MAC address advertisement ···································································································· 50
Enabling MAC mobility event suppression ······························································································· 50
Disabling learning of MAC addresses from ARP or ND information ························································ 51
Disabling ARP information advertisement ································································································ 52
Disabling the VSI interface on a centralized EVPN gateway from learning ARP or ND information across
subnets ····················································································································································· 52
Enabling ARP mobility event suppression ······························································································· 53
Enabling ARP request proxy ···················································································································· 54
Enabling conversational learning for host route FIB entries ············································································ 55
Configuring BGP EVPN route redistribution and advertisement ······································································ 55
Redistributing MAC/IP advertisement routes into BGP unicast routing tables ········································· 55
Setting the metric of BGP EVPN routes added to a VPN instance's routing table ··································· 56
Enabling BGP EVPN route advertisement to the local site ······································································ 57
Disabling flooding for a VSI ······························································································································ 57
Enabling ARP or ND flood suppression ··········································································································· 58
Testing the connectivity of a VXLAN tunnel ····································································································· 59
Enabling overlay OAM ····························································································································· 59
Pinging a VXLAN tunnel destination ········································································································ 59
Tracing the path to a VXLAN tunnel destination ······················································································ 60
Configuring EVPN DRNI ·································································································································· 61
About this task ·········································································································································· 61
Restrictions and guidelines ······················································································································ 62
Prerequisites ············································································································································ 63
Procedure (IPv4) ······································································································································ 64
Procedure (IPv6) ······································································································································ 64
Verifying and maintaining EVPN VXLAN ········································································································· 65
Displaying EVPN running status and statistics ························································································ 65
Verifying MAC address information and ARP and ND information ·························································· 66
Advertising suppressed MAC addresses and ARP/ND information for suppressed IP addresses ·········· 67
EVPN VXLAN configuration examples ············································································································ 67
Example: Configuring a centralized IPv4 EVPN gateway ········································································ 67
Example: Configuring distributed IPv4 EVPN gateways in symmetric IRB mode ···································· 75
iii
Example: Configuring distributed IPv4 EVPN gateways in asymmetric IRB mode ·································· 85
Example: Configuring communication between IPv4 EVPN networks and the public network ················ 94
Example: Configuring IPv4 EVPN VXLAN multihoming ········································································· 105
Example: Configuring IPv4 EVPN distributed relay using a VXLAN tunnel as the IPL ·························· 124
Configuring EVPN VPLS············································································ 137
About EVPN VPLS ········································································································································· 137
EVPN VPLS network model ··················································································································· 137
Neighbor auto-discovery and PW establishment ··················································································· 137
MAC address learning, aging, and withdrawal ······················································································· 138
Traffic forwarding and flooding ··············································································································· 138
Full mesh and split horizon ···················································································································· 139
EVPN VPLS multihoming ······················································································································· 139
ARP flood suppression ··························································································································· 142
Control word ··········································································································································· 143
MAC mobility ·········································································································································· 143
EVPN VPLS tasks at a glance ······················································································································· 143
Restrictions and guidelines: EVPN VPLS configuration················································································· 144
Configuring a VSI ··········································································································································· 144
Creating a VSI ········································································································································ 144
Configure VSI parameters ······················································································································ 145
Configuring an EVPN instance ······················································································································ 145
About EVPN instance configuration ······································································································· 145
Restrictions and guidelines for EVPN instance configuration ································································ 145
Configuring an EVPN instance created in system view ········································································· 145
Configuring an EVPN instance created in VSI view ··············································································· 147
Mapping ACs to a VSI ···································································································································· 147
Mapping a Layer 3 interface to a VSI ····································································································· 147
Mapping an Ethernet service instance to a VSI ····················································································· 148
Configuring BGP to advertise BGP EVPN routes ·························································································· 149
Restrictions and guidelines for BGP EVPN route advertisement ··························································· 149
Enabling BGP to advertise BGP EVPN routes ······················································································· 149
Enabling advertisement of MPLS-encapsulated BGP EVPN routes ······················································ 149
Configuring optimal route selection and route advertisement settings··················································· 150
Configuring routing policy-based recursive lookup ················································································ 151
Maintaining BGP sessions ····················································································································· 153
Configuring a PW class ·································································································································· 153
Configuring EVPN VPLS multihoming ··········································································································· 153
Restrictions and guidelines for EVPN VPLS multihoming ······································································ 153
Assigning an ESI to an interface ············································································································ 154
Configuring the DF election algorithm ···································································································· 154
Setting the DF election delay ················································································································· 155
Setting the advertisement delay timer for Ethernet auto-discovery routes············································· 156
Disabling advertisement of EVPN multihoming routes··········································································· 156
Configuring local FRR for EVPN VPLS ·································································································· 157
Generating MAC address entries for received MAC/IP advertisement routes ······································· 158
Enabling VSIs to ignore the state of ACs ······························································································· 158
Enabling the device to monitor the BGP peer status of another local edge device ······························· 159
Managing remote MAC address entries and remote ARP learning ······························································· 160
Disabling MAC address advertisement ·································································································· 160
Enabling MAC mobility event suppression ····························································································· 160
Disabling learning of MAC addresses from ARP or ND information ······················································ 161
Disabling ARP information advertisement ······························································································ 162
Confining floods to the local site ···················································································································· 162
Enabling ARP flood suppression···················································································································· 163
Enabling packet statistics for an AC··············································································································· 163
Testing the connectivity of an EVPN PW ······································································································· 164
Pinging a PW destination ······················································································································· 164
Tracing the path to a PW destination ····································································································· 165
Verifying and maintaining EVPN VPLS ·········································································································· 165
Displaying BGP EVPN running status and statistics information ··························································· 165
Displaying EVPN route information ········································································································ 166
iv
EVPN VPLS configuration examples ············································································································· 167
Example: Configuring EVPN VPLS between singlehomed sites ··························································· 167
Example: Configuring EVPN VPLS multihoming ··················································································· 171
Example: Configuring local FRR for EVPN VPLS ·················································································· 177
Configuring EVPN VPWS ·········································································· 185
About EVPN VPWS ······································································································································· 185
EVPN VPWS network model ················································································································· 185
Remote connection establishment ········································································································· 185
EVPN VPWS multihoming ····················································································································· 186
FRR for EVPN VPWS ···························································································································· 189
Control word ··········································································································································· 190
EVPN VPWS tasks at a glance ···················································································································· 190
Prerequisites for EVPN VPWS······················································································································· 191
Enabling L2VPN ············································································································································· 191
Configuring a Layer 3 interface with Ethernet or VLAN encapsulation ·························································· 191
Configuring an Ethernet service instance on an interface ············································································· 192
Configuring EVPN route advertisement ········································································································· 193
Restrictions and guidelines for EVPN route advertisement configuration ·············································· 193
Enabling BGP to advertise BGP EVPN routes ······················································································· 193
Enabling the device to advertise MPLS-encapsulated BGP EVPN routes ············································ 193
Configuring optimal route selection and route advertisement settings··················································· 194
Configuring routing policy-based recursive lookup ················································································ 195
Maintaining BGP sessions ····················································································································· 197
Configuring a cross-connect ·························································································································· 197
Configuring a PW ··········································································································································· 197
Configuring a PW class ·························································································································· 197
Configuring an EVPN PW ······················································································································ 198
Mapping an AC to a cross-connect ················································································································ 199
About mapping an AC to a cross-connect······························································································ 199
Restrictions and guidelines for mapping an AC to a cross-connect ······················································· 199
Mapping a Layer 3 interface to a cross-connect ···················································································· 199
Mapping an Ethernet service instance to a cross-connect····································································· 200
Configuring EVPN VPWS multihoming ·········································································································· 200
Restrictions and guidelines for EVPN VPWS multihoming ···································································· 200
Assigning an ESI to an interface ············································································································ 201
Configuring the DF election algorithm ···································································································· 201
Setting the redundancy mode on an interface ······················································································· 202
Setting the DF election delay ················································································································· 203
Enabling fast DF/BDF switchover ·········································································································· 203
Disabling advertisement of EVPN multihoming routes··········································································· 205
Enabling cross-connects to ignore the state of ACs ·············································································· 205
Enabling the device to monitor the BGP peer status of another local edge device ······························· 206
Configuring FRR for EVPN VPWS ················································································································· 207
Configuring local FRR ···························································································································· 207
Configuring remote FRR ························································································································ 207
Testing the connectivity of an EVPN PW ······································································································· 208
Prerequisites for EVPN PW connectivity test ························································································· 208
Pinging a PW destination ······················································································································· 208
Tracing the path to a PW destination ····································································································· 208
Verifying and maintaining EVPN VPWS ········································································································ 209
Displaying EVPN running status and statistics ······················································································ 209
Displaying cross-connect group configuration and running status ························································· 210
Displaying AC configuration and running status ···················································································· 210
Displaying PW configuration and running status ···················································································· 211
EVPN VPWS configuration examples ············································································································ 211
Example: Configuring a remote connection between singlehomed sites ··············································· 211
Example: Configuring EVPN VPWS multihoming ·················································································· 216
Example: Configuring PW concatenation ······························································································· 223
Example: Configuring inter-AS option A ································································································· 227
Example: Configuring inter-AS option B ································································································· 233
Example: Configuring inter-AS option C ································································································ 240
v
Example: Configure FRR for EVPN VPWS ···························································································· 247
Configuring EVPN-DCI ·············································································· 258
About EVPN-DCI············································································································································ 258
EVPN-DCI network model ······················································································································ 258
Working mechanisms ····························································································································· 258
EVPN-DCI dual-homing ························································································································· 258
EVPN-DCI DRNI ···································································································································· 259
Restrictions and guidelines: EVPN-DCI configuration ··················································································· 260
EVPN-DCI tasks at a glance ·························································································································· 260
Prerequisites for EVPN-DCI ··························································································································· 261
Configuring route reorigination on EDs ·········································································································· 261
Enabling route nexthop replacement and route router MAC replacement ············································· 261
Enabling an ED to replace the L3 VXLAN ID, RD, route targets of BGP EVPN routes ························· 262
Suppressing BGP EVPN route advertisement ······························································································· 263
Configuring VXLAN mapping ························································································································· 264
Configuring the BGP EVPN address family and the BGP VPNv4 or VPNv6 address family to exchange routes
······································································································································································· 265
About route exchange ···························································································································· 265
Enabling BGP VPNv4 or VPNv6 route advertisement for the BGP EVPN address family ···················· 266
Enabling BGP EVPN route advertisement for the BGP VPNv4 or VPNv6 address family ···················· 266
Configuring EVPN-DCI dual-homing ·············································································································· 266
Configuring EVPN-DCI DRNI ························································································································· 267
EVPN-DCI configuration examples ················································································································ 268
Example: Configuring a basic EVPN-DCI network ················································································· 268
Example: Configuring EVPN-DCI intermediate VXLAN mapping ·························································· 273
Example: Configuring EVPN-DCI IPv4 Layer 3 communication ···························································· 279
Example: Configuring EVPN-DCI dual-homing ······················································································ 285
Example: Configuring EVPN-DCI DRNI ································································································· 294
Document conventions and icons ······························································ 304
Conventions ··················································································································································· 304
Network topology icons ·································································································································· 305
Support and other resources ····································································· 306
Accessing Hewlett Packard Enterprise Support····························································································· 306
Accessing updates ········································································································································· 306
Websites ················································································································································ 307
Customer self repair ······························································································································· 307
Remote support ······································································································································ 307
Documentation feedback ······················································································································· 307
Index ·········································································································· 309
1
EVPN overview
Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and
Layer 3 connectivity between distant network sites across an IP or MPLS network. EVPN uses
MP-BGP in the control plane and Virtual eXtensible LAN (VXLAN) or MPLS in the data plane. EVPN
is typically used in data centers for multitenant services.
EVPN supports advertising private routes of VPN instances in an MPLS L3VPN network. For more
information, see "Configuring EVPN L3VPN."
EVPN solutions
EVPN provides the EVPN VXLAN, EVPN Virtual Private Wire Service (VPWS), and EVPN Virtual
Private LAN Service (VPLS) solutions.
EVPN VXLAN
As shown in Figure 1, EVPN VXLAN uses the VXLAN technology for traffic forwarding in the data
plane. The transport edge devices assign VMs to different VXLANs, and then forward traffic at Layer
2 between sites for VMs by using VXLAN tunnels. The transport edge devices are VXLAN tunnel
endpoints (VTEPs). All EVPN VXLAN processing is performed on VTEPs
To provide Layer 3 connectivity between subnets of a tenant and between the EVPN VXLAN network
and external networks, you can deploy EVPN gateways.
For more information about EVPN VXLAN, see "Configuring EVPN VXLAN."
Figure 1 EVPN VXLAN network model
EVPN VPWS
As shown in Figure 2, EVPN VPWS is a Layer 2 VPN technology that uses EVPN for PW
establishment in the control plane and MPLS for forwarding in the data plane. EVPN VPWS provides
point-to-point forwarding services for users by using ACs and PWs associated with cross-connects
without MAC address table lookup.
For more information about EVPN VPWS, see "Configuring EVPN VPWS."
VXLAN tunnel
VTEP
Server Server
Site 1 Site 2
VM
VM
VM
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
VM
VM
VM
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
Transport
network
P
ES ES
VTEP
2
Figure 2 EVPN VPWS network model
EVPN VPLS
As shown in Figure 3, EVPN VPLS is a Layer 2 VPN technology that uses EVPN for PW
establishment in the control plane and MPLS for forwarding in the data plane. EVPN VPLS provides
point-to-multipoint forwarding services for users by using the MAC address table.
For more information about EVPN VPLS, see "Configuring EVPN VPLS."
Figure 3 EVPN VPLS network model
EVPN benefits
EVPN provides the following benefits:
•
Configuration automation—MP-BGP automates VTEP/PE discovery, VXLAN tunnel/PW
establishment, and VXLAN tunnel assignment to ease deployment.
•
Separation of the control plane and the data plane—EVPN uses MP-BGP to advertise host
reachability information in the control plane and uses VXLAN or MPLS to forward traffic in the
data plane.
•
Integrated routing and bridging (IRB)—MP-BGP advertises both Layer 2 and Layer 3 host
reachability information to provide optimal forwarding paths and minimize flooding in an EVPN
VXLAN network.
•
Point-to-point and point-to-multipoint connection—Layer 2 frames are transmitted
transparently across the IP or MPLS transport network between sites after they are
encapsulated into VXLAN packets or MPLS packets.
CE 1 CE 2
PE 1 PE 2
Tunnel
PW
AC
AC
MPLS or IP backbone
Customer
network Customer
network
CE 1 CE 2
PE 1 PE 2
Tunnel
PW
AC
AC
MPLS or IP backbone
Customer
network Customer
network
Customer
network
CE 3
AC
3
Layered transport network
As shown in Figure 4, typically the EVPN transport network uses a layered structure. On the
transport network, leaf nodes act as VTEPs or PEs to provide VXLAN or MPLS services, and spine
nodes perform forwarding for VXLAN or MPLS traffic based on the outer IP header. If all VTEPs or
PEs and transport network devices of an EVPN network belong to the same AS, the spine nodes can
act as route reflectors (RRs) to reflect routes between the VTEPs or PEs. In this scenario, the spine
nodes advertise and receive BGP EVPN routes, but do not perform VXLAN or MPLS encapsulation
and de-encapsulation.
Figure 4 Layered transport network
MP-BGP extension for EVPN
To support EVPN, MP-BGP introduces the EVPN subsequent address family under the L2VPN
address family and the following network layer reachability information (BGP EVPN routes):
•
Ethernet auto-discovery route—Advertises ES and service ID information in multihomed
sites and advertises service ID information in an EVPN VPWS network.
•
MAC/IP advertisement route—Advertises MAC reachability information and host route
information (host ARP or ND information).
•
Inclusive multicast Ethernet tag (IMET) route—Advertises VTEP and VXLAN mappings for
automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment in an
EVPN VXLAN network. Advertises PE information for automating PE discovery and PW
establishment in an EVPN VPLS network.
•
Ethernet segment (ES) route—Advertises ES and VTEP/PE mappings.
•
IP prefix advertisement route—Advertises BGP IPv4 or IPv6 unicast routes as IP prefixes.
MP-BGP uses the route distinguisher (RD) field to differentiate BGP EVPN routes of different VSIs or
cross-connect groups and uses route targets to control the advertisement and acceptance of BGP
EVPN routes.
MP-BGP supports the following types of route targets:
•
Export targets—A VTEP or PE sets the export targets for BGP EVPN routes learned from the
local site before advertising them to remote VTEPs or PEs.
•
Import targets—A VTEP or PE checks the export targets of BGP EVPN routes received from
remote VTEPs or PEs. The VTEP or PE imports the BGP EVPN routes only when their export
targets match the local import targets.
VTEP/PE
Transport
network
VTEP/PE
RR RR
Leaf
Spine
Site 1 Site 2
4
RD and route target selection of BGP EVPN
routes
As shown in Table 1, you can configure RDs and route targets for BGP EVPN routes in multiple
views.
Table 1 Supported views for RD and route target configuration
Item
Views
RD
• VSI EVPN instance view
• VPN instance view
• Public instance view
• Cross-connect group EVPN instance view
Route targets
• VSI EVPN instance view
• VPN instance view
• VPN instance IPv4 address family view
• VPN instance IPv6 address family view
• VPN instance EVPN view
• Public instance view
• Public instance IPv4 address family view
• Public instance IPv6 address family view
• Public instance EVPN view
• Cross-connect group EVPN instance view
NOTE:
Route targets configured in VPN instance view apply to IPv4 VPN, IPv6 VPN, and
EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN.
Route targets configured in IPv6 address family view apply only to IPv6 VPN. Route
targets configured in VPN instance EVPN view apply only to EVPN. Route targets
configured in IPv4 address family view, IPv6 address family view, or VPN instance
EVPN view take precedence over those in VPN instance view. The precedence order
for different views of a VPN instance also applies to the views of the public instance.
The device selects RDs and route targets for BGP EVPN routes by using the following rules:
•
Ethernet auto-discovery routes—The device uses the RD and route targets configured in
EVPN instance view of a VSI or cross-connect group when advertising the routes. The device
uses the route targets configured in EVPN instance view of a VSI or cross-connect group when
accepting the routes.
•
IMET routes and MAC/IP advertisement routes that contain only MAC addresses—The
device uses the RD and route targets configured in VSI EVPN instance view when advertising
and accepting the routes.
•
MAC/IP advertisement routes that contain ARP or ND information—The device uses the
following settings when advertising the routes:
ï‚¡ RD and export route targets configured in VSI EVPN instance view.
ï‚¡ Export route targets configured for EVPN on a VPN instance or the public instance (VPN
instance view, EVPN view of a VPN instance or the public instance, and public instance
view).
The device uses the import route targets configured for the EVPN instance on a VSI and EVPN
on a VPN instance or the public instance when accepting the routes.
•
ES routes—The device uses the RD and export route targets configured for an EVPN instance
on a VSI or cross-connect group when advertising the routes. The device uses the import route
targets configured for an EVPN instance on a VSI or cross-connect group when accepting the
routes.
5
•
IP prefix advertisement routes—The device uses the route targets configured for IPv4 or
IPv6 VPN on a VPN instance or the public instance when advertising and accepting the routes.
6
EVPN VXLAN overview
EVPN VXLAN uses EVPN routes for VXLAN tunnel establishment and assignment and MAC
reachability information advertisement in the control plane and uses VXLAN for forwarding in the
data plane.
EVPN network model
As shown in Figure 5, EVPN uses the VXLAN technology for traffic forwarding in the data plane. The
transport edge devices assign user terminals to different VXLANs, and then forward traffic between
sites for user terminals by using VXLAN tunnels. The transport edge devices are VXLAN tunnel
endpoints (VTEPs). They can be servers that host VMs or independent network devices.
Supported user terminals include PCs, wireless terminals, and VMs on servers.
NOTE:
This document uses VMs as examples to describe the mechanisms of EVPN. The mechanisms do
not differ between different kinds of user terminals.
A VTEP uses ESs, VSIs, and VXLAN tunnels to provide VXLAN services:
•
Ethernet segment (ES)—An ES is a link that connects a site to a VTEP. Each ES is uniquely
identified by an Ethernet segment identifier (ESI).
•
VSI—A virtual switch instance is a virtual Layer 2 switched domain. Each VSI provides
switching services only for one VXLAN. VSIs learn MAC addresses and forward frames
independently of one another. User terminals in different sites have Layer 2 connectivity if they
are in the same VXLAN. A VXLAN is identified by a 24-bit VXLAN ID which is also called the
virtual network identifier (VNI). A VXLAN corresponds to an EVPN instance.
•
VXLAN tunnel—Logical point-to-point tunnels between VTEPs over the transport network.
Each VXLAN tunnel can trunk multiple VXLANs.
All VXLAN processing is performed on VTEPs. The ingress VTEP encapsulates VXLAN traffic in the
VXLAN, outer UDP, and outer IP headers, and forwards the traffic through VXLAN tunnels. The
egress VTEP removes the VXLAN encapsulation and forwards the traffic to the destination.
Transport network devices (for example, the P device in Figure 5) forward VXLAN traffic only based
on the outer IP header of VXLAN packets.
Figure 5 EVPN network model
VXLAN tunnel
VTEP
Terminal
Terminal
Terminal
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
Terminal
Terminal
Terminal
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
Transport
network
P
ES ES
VTEP
Site 1 Site 2
7
Configuration automation
If EVPN is used for Layer 2 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
•
IMET route—VTEPs advertise their VXLAN IDs through IMET routes. If two VTEPs have the
same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel to the
VXLAN.
•
MAC/IP advertisement route—VTEPs advertise local MAC addresses and VXLAN IDs
through MAC/IP advertisement routes. If two VTEPs have the same VXLAN ID, they
automatically establish a VXLAN tunnel and assign the tunnel to the VXLAN.
If EVPN is used for Layer 3 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
•
IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs
have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel
to the VXLAN.
•
MAC/IP advertisement route and IP prefix advertisement route—In the EVPN gateway
deployment, VTEPs advertise MAC/IP advertisement routes or IP prefix advertisement routes
which carry the export targets. When a VTEP receives a route, it compares the export targets of
the route with the local import targets. If the route targets match, the VTEP establishes a
VXLAN tunnel with the remote VTEP and associates the tunnel with the L3 VXLAN ID of the
corresponding VPN instance. For more information about the L3 VXLAN ID, see "Distributed
EVPN gateway deployment."
Assignment of traffic to VXLANs
Traffic from the local site to a remote site
The VTEP uses an Ethernet service instance or Layer 3 interface to match customer traffic on a
site-facing interface. The VTEP assigns customer traffic to a VXLAN by mapping the Layer 3
interface or Ethernet service instance to a VSI.
An Ethernet service instance or Layer 3 interface is identical to an attachment circuit (AC) in L2VPN.
An Ethernet service instance matches a list of VLANs on a Layer 2 Ethernet interface by using a
frame match criterion. The frame match criterion specifies the characteristics of traffic from the
VLANs, such as tagging status and VLAN IDs.
As shown in Figure 6, Ethernet service instance 1 matches VLAN 2 and is mapped to VSI A (VXLAN
10). When a frame from VLAN 2 arrives, the VTEP assigns the frame to VXLAN 10, and looks up VSI
A's MAC address table for the outgoing interface.
Figure 6 Identifying traffic from the local site
Server
Service instance 1:
VLAN 2 VSI A
VXLAN 10
VLAN 2
VM 1
VM 2
VM 3
Service instance 2:
VLAN 3
Service instance 3:
VLAN 4
VLAN 3
VLAN 4
VSI B
VXLAN 20
VSI C
VXLAN 30
VTEP
8
Traffic from a remote site to the local site
When a VXLAN packet arrives at a VXLAN tunnel interface, the VTEP uses the VXLAN ID in the
packet to identify its VXLAN.
Layer 2 forwarding
MAC learning
The VTEP performs Layer 2 forwarding based on a VSI's MAC address table. The VTEP learns MAC
addresses by using the following methods:
•
Local MAC learning—The VTEP automatically learns the source MAC addresses of frames
sent from the local site. The outgoing interfaces of local MAC address entries are site-facing
interfaces on which the MAC addresses are learned.
•
Remote MAC learning—The VTEP uses MP-BGP to advertise local MAC reachability
information to remote sites and learn MAC reachability information from remote sites. The
outgoing interfaces of MAC address entries advertised from a remote site are VXLAN tunnel
interfaces.
Unicast
As shown in Figure 7, the VTEP performs typical Layer 2 forwarding for known unicast traffic within
the local site.
Figure 7 Intra-site unicast
As shown in Figure 8, the following process applies to a known unicast frame between sites:
1. The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.
In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP
address. The destination IP address is the VXLAN tunnel destination IP address.
2. The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel
interface found in the VSI's MAC address table.
3. The intermediate transport devices (P devices) forward the packet to the destination VTEP by
using the outer IP header.
VXLAN tunnel
VTEP 1 VTEP 2
Transport
network
P
Server 1
VM 1
VM 2
VM 3
Server 3
VM 7
VM 8
VM 9
MAC table on VTEP 1
VXLAN/VSI MAC Interface
VXLAN 10/VSI A MAC 1 Interface A, VLAN 2
VXLAN 10/VSI A MAC 4 Interface B, VLAN 3
Server 2
VM 4
VM 5
VM 6
Interface A
Interface B
9
4. The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs
MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching
outgoing interface.
Figure 8 Inter-site unicast
Flood
As shown in Figure 9, a VTEP floods a broadcast, multicast, or unknown unicast frame to all
site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. The
source VTEP replicates the flood frame, and then sends one replica to the destination IP address of
each VXLAN tunnel in the VXLAN. Each destination VTEP floods the inner Ethernet frame to all the
site-facing interfaces in the VXLAN. To avoid loops, the destination VTEPs do not flood the frame to
VXLAN tunnels.
VTEP 1 VTEP 2
Transport
network
P
Server 1
VM 1
VM 2
VM 3
Server 3
VM 7
VM 8
VM 9
MAC table on VTEP 1
VXLAN/VSI MAC Interface
VXLAN 10/VSI A MAC 1 Interface A, VLAN 2
VXLAN 10/VSI A MAC 7 Tunnel 1
Server 2
VM 4
VM 5
VM 6
Interface A
Interface B
MAC table on VTEP 2
VXLAN/VSI MAC Interface
VXLAN 10/VSI A MAC 1 Tunnel 1
VXLAN 10/VSI A MAC 7 Interface A, VLAN 3
Interface A
VXLAN tunnel 1
10
Figure 9 Forwarding of flood traffic
Centralized EVPN gateway deployment
Centralized EVPN gateway deployment uses one VTEP to provide Layer 3 forwarding for VXLANs.
The VTEP uses virtual Layer 3 VSI interfaces as gateway interfaces for VXLANs. Typically, the
gateway-collocated VTEP connects to other VTEPs and the external network. To use this design,
make sure the gateway has sufficient bandwidth and processing capability. A centralized EVPN
gateway can provide services only for IPv4 sites.
As shown in Figure 10, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both
terminates the VXLANs and performs Layer 3 forwarding for the VMs. The network uses the
following process to forward Layer 3 traffic from a VM to the destination:
1. The VM sends an ARP request to obtain the MAC address of the VSI interface that acts as the
gateway, and then sends the Layer 3 traffic to the centralized EVPN gateway.
2. The local VTEP looks up the matching VSI's MAC address table and forwards the traffic to the
centralized EVPN gateway through a VXLAN tunnel.
3. The centralized EVPN gateway removes the VXLAN encapsulation and forwards the traffic at
Layer 3.
4. The centralized EVPN gateway forwards the replies sent by the destination node to the VM
based on the ARP entry for the VM.
VTEP 1 VTEP 2
Transport network
P
Server 1
VM 1
VM 2
VM 3
Server 3
VM 7
VM 8
VM 9
Server 2
VM 4
VM 5
VM 6
VXLAN tunnel
VXLAN tunnel
VTEP 3
VXLAN tunnel
Server 4
VM 10
VM 11
VM 12
Replicate and
encapsulate
11
Figure 10 Example of centralized EVPN gateway deployment
Distributed EVPN gateway deployment
About distributed EVPN gateway deployment
As shown in Figure 11, each site's VTEP acts as a gateway to perform Layer 3 forwarding for the
VXLANs of the local site. A VTEP acts as a border gateway to the Layer 3 network for the VXLANs.
VXLAN tunnel
VTEP 1 VTEP 2
Server Server
Site 1 Site 2
VM
VM
VM
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
VM
VM
VM
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
Transport
network
P
10.1.1.11
20.1.1.11
30.1.1.11
10.1.1.12
20.1.1.12
30.1.1.12
VXLAN tunnel
VXLAN tunnel
VTEP 3/Centralized EVPN gateway
VSI/VXLAN 10
VSI/VXLAN 20
VSI/VXLAN 30
VSI-interface10
10.1.1.1/24
VSI-interface20
20.1.1.1/24
VSI-interface30
30.1.1.1/24
L3 network
12
Figure 11 Distributed EVPN gateway placement design
A distributed EVPN gateway supports the following traffic forwarding modes:
•
Asymmetric IRB—The ingress gateway performs Layer 2 and Layer 3 lookups and the egress
gateway performs only Layer 2 forwarding.
•
Symmetric IRB—Both the ingress and egress gateways perform Layer 2 and Layer 3 lookups.
Symmetric IRB
Basic concepts
Symmetric IRB introduces the following concepts:
•
L3 VXLAN ID—Also called L3 VNI. An L3 VXLAN ID identifies the traffic of a routing domain
where devices have Layer 3 reachability. An L3 VXLAN ID is associated with one VPN instance.
Distributed EVPN gateways use VPN instances to isolate traffic of different services on VXLAN
tunnel interfaces.
•
Router MAC address—Each distributed EVPN gateway has a unique router MAC address
used for inter-gateway forwarding. The MAC addresses in the inner Ethernet header of VXLAN
packets are router MAC addresses of distributed EVPN gateways.
VSI interfaces
As shown in Figure 12, each distributed EVPN gateway has the following types of VSI interfaces:
•
VSI interface as a gateway interface of a VXLAN—The VSI interface acts as the gateway
interface for VMs in a VXLAN. The VSI interface is associated with a VSI and a VPN instance.
On different distributed EVPN gateways, the VSI interface of a VXLAN use the same IP address
to provide services.
•
VSI interface associated with an L3 VXLAN ID—The VSI interface is associated with a VPN
instance and assigned an L3 VXLAN ID. VSI interfaces associated with the same VPN instance
share an L3 VXLAN ID.
A border gateway only has VSI interfaces that are associated with an L3 VXLAN ID.
VXLAN tunnel
VXLAN tunnel
VTEP
Server
Site 1
L3 network
VXLAN tunnel VXLAN tunnel
Server
Site 2
Server
Site 3
Server
Site 4
Server
Site 5
Server
Site 6
VTEP/Distributed
EVPN gateway
Border gateway
VTEP/Distributed
EVPN gateway
VTEP/Distributed
EVPN gateway
13
Figure 12 Example of distributed EVPN gateway deployment
Layer 3 forwarding entry learning
A distributed EVPN gateway forwards Layer 3 traffic based on FIB entries generated from BGP
EVPN routes and ARP information.
A VTEP advertises an external route imported in the EVPN address family through MP-BGP. A
remote VTEP adds the route to the FIB table of a VPN instance based on the L3 VXLAN ID carried in
the route. In the FIB entry, the outgoing interface is a VXLAN tunnel interface, and the next hop is the
peer VTEP address in the NEXT_HOP attribute of the route.
A VTEP has the following types of ARP information:
•
Local ARP information—ARP information of VMs in the local site. The VTEP snoops GARP
packets, RARP packets, and ARP requests for the gateway MAC address to learn the ARP
information of the senders and generates ARP entries and FIB entries. In an ARP or FIB entry,
the outgoing interface is the site-facing interface where the packet is received, and the VPN
instance is the instance associated with the corresponding VSI interface.
•
Remote ARP information—ARP information of VMs in remote sites. Each VTEP uses
MP-BGP to advertise its local ARP information with L3 VXLAN IDs in routes to remote sites. A
VTEP generates only FIB entries for the remote ARP information. A FIB entry contains the
following information:
ï‚¡ Outgoing interface: VSI interface associated with the L3 VXLAN ID.
ï‚¡ Next hop: Peer VTEP address in the NEXT_HOP attribute of the route.
ï‚¡ VPN instance: VPN instance associated with the L3 VXLAN ID.
The VTEP then creates an ARP entry for the next hop in the FIB entry.
Traffic forwarding
A distributed EVPN gateway can work in one of the following mode:
VXLAN tunnel
GW 1 GW 2
Server Server
Site 1 Site 2
VM 1
VM 2
VSI/VXLAN 10
VSI/VXLAN 20
VM 4
VM 5
VSI/VXLAN 10
VSI/VXLAN 20
P
10.1.1.11
20.1.1.11
10.1.1.12
20.1.1.12
VXLAN tunnel
VXLAN tunnel
Border
gateway
L3 network
VSI-interface10
10.1.1.1/24
VPN instance: vpna
VSI-interface20
20.1.1.1/24
VPN instance: vpna
VSI-interface1
VPN instance: vpna
L3VNI: 1000
VSI-interface1
VPN instance: vpna
L3VNI: 1000
/