This document provides configuration examples for using Distributed Resilient Network Interconnect (DRNI) on an Ethernet Virtual Private Network (EVPN) network.

DRNI virtualizes two physical devices into one system through multichassis link aggregation. You can use DRNI to virtualize two VTEPs or EVPN gateways into one distributed-relay (DR) system to avoid single points of failure.

Prerequisites

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of DRNI and EVPN.

General restrictions and guidelines

Link aggregation group membership is mutually exclusive with Ethernet service instance-to-VSI mappings on a Layer 2 interface. Do not associate a VSI with an Ethernet service instance on a Layer 2 interface if the interface is in an aggregation group. Do not assign a Layer 2 interface to an aggregation group if the interface is configured with Ethernet service instances of VSIs.

Ethernet service instance bindings of VSIs are mutually exclusive with QinQ and VLAN mapping on a Layer 2 Ethernet interface or Layer 2 aggregate interface. Do not configure these features simultaneously on the same interface. Otherwise, the features cannot take effect.

Do not configure VLAN mapping, QinQ, or MAC-based VLAN on a Layer 2 Ethernet interface or Layer 2 aggregate interface that acts as the traffic outgoing interface of a VXLAN tunnel. Otherwise, the features cannot take effect.

If a manually created VXLAN tunnel and an automatically created VXLAN tunnel have the same destination IP address, do not assign the tunnels to the same VXLAN. For more information about manual VXLAN tunnel setup, see VXLAN Configuration Guide.

The VTEPs or EVPN gateways to form a DR system must have the same configuration, including the following:

· ACs.

· VSI and VXLAN mappings.

· Router MAC address, which is the EVPN global MAC address configured by using the evpn global-mac command or the MAC address assigned to L3VNI-associated VSI interfaces by using the mac-address command.

Example: Configuring DRNI using an Ethernet aggregate link as the IPL on EVPN VTEPs

Network configuration

As shown in Figure 1, perform the following tasks to make sure the VMs can communicate with one another:

· Configure VXLAN 10 on Switch A, Switch B, and Switch D.

· Configure DRNI on Switch A and Switch B to virtualize them into one VTEP. Configure an Ethernet aggregate link as the IPL between the switches.

· Configure Switch C as a route reflector (RR).

Figure 1 Network diagram

Analysis

To make sure the overlay network has connectivity, configure a routing protocol on the switches to advertise routes for reaching their interfaces, including the loopback interfaces. In this example, OSPF is used.

To conserve resources, configure Switch C to reflect routes for Switch A, Switch B, and Switch D.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

Hardware	Software version
S6812 switch series S6813 switch series	Release 66xx
S6550XE-HI switch series	Not supported
S6525XE-HI switch series	Not supported
S5850 switch series	Not supported
S5570S-EI switch series	Not supported
S5560X-EI switch series	Release 66xx
S5560X-HI switch series	Release 66xx
S5500V2-EI switch series	Release 66xx
MS4520V2-30F switch	Release 66xx
MS4520V2-30C switch MS4520V2-54C switch	Release 66xx
MS4520V2-28S switch MS4520V2-24TP switch	Not supported
S6520X-HI switch series S6520X-EI switch series	Release 66xx
S6520X-SI switch series S6520-SI switch series	Release 66xx
S5000-EI switch series	Release 66xx
MS4600 switch series	Release 66xx
ES5500 switch series	Release 66xx
S5560S-EI switch series S5560S-SI switch series	Not supported
S5500V3-24P-SI switch S5500V3-48P-SI switch	Not supported
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Not supported
S5170-EI switch series	Not supported
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Not supported
S5120V2-SI switch series S5120V2-LI switch series	Not supported
S5120V3-EI switch series	Not supported
S5120V3-36F-SI switch S5120V3-28P-HPWR-SI switch S5120V3-54P-PWR-SI switch	Not supported
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Not supported
S5120V3-LI switch series	Not supported
S3600V3-EI switch series	Not supported
S3600V3-SI switch series	Not supported
S3100V3-EI switch series S3100V3-SI switch series	Not supported
S5110V2 switch series	Not supported
S5110V2-SI switch series	Not supported
S5000V3-EI switch series S5000V5-EI switch series	Not supported
S5000E-X switch series S5000X-EI switch series	Not supported
E128C switch E152C switch E500C switch series E500D switch series	Not supported
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Not supported
WS5850-WiNet switch series	Not supported
WS5820-WiNet switch series WS5810-WiNet switch series	Not supported
WAS6000 switch series	Not supported
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Not supported

Restrictions and guidelines

Make sure the following settings are consistent on the DR member devices:

· Ethernet service instances and their match criterion on the DR interfaces in the same DR group or single-homed site-facing interfaces.

· VXLAN IDs of VSIs.

In addition, the Ethernet service instances must be created manually.

As a best practice, do not redistribute external routes on the DR member devices.

Use the drni mad exclude interface command to exclude all interfaces used by EVPN from the shutdown action by DRNI MAD. The interfaces include VSI interfaces, interfaces that provide BGP peer addresses, interfaces used for setting up the keepalive link, and transport-facing outgoing interfaces of VXLAN tunnels.

For EVPN to run correctly on a DR system, you must execute the undo mac-address static source-check enable command to disable static source check on the following interfaces:

· Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces acting as the IPPs.

· Transport-facing physical interfaces.

As a best practice, use the IP address of a loopback interface as the virtual VTEP address.

You must disable spanning tree on the Layer 2 Ethernet interface that acts as the physical traffic outgoing interface of a VXLAN tunnel. If you enable spanning tree on that interface, the upstream device will falsely block the interfaces connected to the DR member devices.

Configure backup routes for directing traffic from one DR member device to the other DR member device upon uplink failure.

You can configure only the encapsulation s-vid vlan-id and encapsulation untagged frame match criteria and VLAN access mode for Ethernet service instances

Procedures

Configuring the system operating mode

# Set the system operating mode to VXLAN on Switch A, and reboot the switch for the mode change to take effect.

<SwitchA> system-view

[SwitchA] switch-mode 1

Reboot device to make the configuration take effect.

[SwitchA] quit

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

This command will reboot the device. Continue? [Y/N]:y

# Set the system operating mode of Switch B and Switch D to VXLAN. The method is the same as Switch A. (Details not shown.)

Configuring routed (Layer 3) interfaces

# Configure the Layer 3 interfaces on Switch A.

<SwitchA> system-view

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 32

[SwitchA-Loopback0] quit

[SwitchA] interface loopback 1

[SwitchA-Loopback1] ip address 1.2.3.4 32

[SwitchA-Loopback1] quit

[SwitchA] vlan 11

[SwitchA-vlan11] port gigabitethernet 1/0/5

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

[SwitchA-Vlan-interface11] ip address 11.1.1.1 24

[SwitchA-Vlan-interface11] quit

[SwitchA] interface gigabitethernet 1/0/4

[SwitchA-GigabitEthernet1/0/4] port link-mode route

[SwitchA-GigabitEthernet1/0/4] ip address 60.1.1.1 24

[SwitchA-GigabitEthernet1/0/4] quit

# Configure the Layer 3 interfaces on other switches. (Details not shown.)

Configuring OSPF

Configuring Switch A

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchA] ospf 1 router-id 1.1.1.1

[SwitchA-ospf-1] area 0

[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchA-ospf-1-area-0.0.0.0] quit

[SwitchA-ospf-1] quit

# Configure OSPF on VLAN-interface 100 for traffic to be redirected to an available DR member device when an uplink fails.

[SwitchA] vlan 100

[SwitchA-vlan100] quit

[SwitchA] interface Vlan-interface 100

[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0

[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0

[SwitchA-Vlan-interface100] quit

Configuring Switch B

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchB> system-view

[SwitchB] ospf 1 router-id 2.2.2.2

[SwitchB-ospf-1] area 0

[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchB-ospf-1-area-0.0.0.0] quit

[SwitchB-ospf-1] quit

# Configure OSPF on VLAN-interface 100 for traffic to be redirected to an available DR member device when an uplink fails.

[SwitchB] vlan 100

[SwitchB-vlan100] quit

[SwitchB] interface Vlan-interface 100

[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0

[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0

[SwitchB-Vlan-interface100] quit

Configuring Switch C

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchC> system-view

[SwitchC] ospf 1 router-id 3.3.3.3

[SwitchC-ospf-1] area 0

[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] quit

[SwitchC-ospf-1] quit

Configuring Switch D

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchD> system-view

[SwitchD] ospf 1 router-id 4.4.4.4

[SwitchD-ospf-1] area 0

[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchD-ospf-1-area-0.0.0.0] quit

[SwitchD-ospf-1] quit

Disabling spanning tree

Configuring Switch A

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/5.

[SwitchA] interface gigabitethernet 1/0/5

[SwitchA-GigabitEthernet1/0/5] undo stp enable

[SwitchA-GigabitEthernet1/0/5] quit

Configuring Switch B

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/5.

[SwitchB] interface gigabitethernet 1/0/5

[SwitchB-GigabitEthernet1/0/5] undo stp enable

[SwitchB-GigabitEthernet1/0/5] quit

Configuring EVPN

Configuring Switch A

# Enable L2VPN.

[SwitchA] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[SwitchA] undo vxlan ip-forwarding

# Disable remote MAC address learning and remote ARP learning.

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] arp suppression enable

[SwitchA-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

Configuring Switch B

# Enable L2VPN.

[SwitchB] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[SwitchB] undo vxlan ip-forwarding

# Disable remote MAC address learning and remote ARP learning.

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] arp suppression enable

[SwitchB-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

Configuring Switch D

# Enable L2VPN.

[SwitchD] l2vpn enable

# Enable Layer 2 forwarding for VXLANs.

[SwitchD] undo vxlan ip-forwarding

# Disable remote MAC address learning and remote ARP learning.

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] arp suppression enable

[SwitchD-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

Configuring DRNI

Configuring Switch A

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchA] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchA] drni system-mac 0001-0001-0001

[SwitchA] drni system-number 1

[SwitchA] drni system-priority 10

[SwitchA] drni restore-delay 180

[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation3] quit

# Assign GigabitEthernet 1/0/3 to aggregation group 3.

[SwitchA] interface gigabitethernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port link-aggregation group 3

[SwitchA-GigabitEthernet1/0/3] quit

# Specify Bridge-Aggregation 3 as the IPP.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1

[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable

[SwitchA-Bridge-Aggregation3] quit

# Disable the static source check feature on GigabitEthernet 1/0/5.

[SwitchA] interface gigabitethernet 1/0/5

[SwitchA-GigabitEthernet1/0/5] undo mac-address static source-check enable

[SwitchA-GigabitEthernet1/0/5] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchA-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port drni group 4

[SwitchA-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchA-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port drni group 5

[SwitchA-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface loopback 0

[SwitchA] drni mad exclude interface gigabitethernet 1/0/4

[SwitchA] drni mad exclude interface gigabitethernet 1/0/5

[SwitchA] drni mad exclude interface vlan-interface 11

Configuring Switch B

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchB] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchB] drni system-mac 0001-0001-0001

[SwitchB] drni system-number 2

[SwitchB] drni system-priority 10

[SwitchB] drni restore-delay 180

[SwitchB] drni keepalive ip destination 60.1.1.1 source 60.1.1.2

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.

[SwitchB] interface bridge-aggregation 3

[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation3] quit

# Assign GigabitEthernet 1/0/3 to aggregation group 3.

[SwitchB] interface gigabitethernet 1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-aggregation group 3

[SwitchB-GigabitEthernet1/0/3] quit

# Specify Bridge-Aggregation 3 as the IPP.

[SwitchB] interface bridge-aggregation 3

[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1

[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable

[SwitchB-Bridge-Aggregation3] quit

# Disable the static source check feature on GigabitEthernet 1/0/5.

[SwitchB] interface gigabitethernet 1/0/5

[SwitchB-GigabitEthernet1/0/5] undo mac-address static source-check enable

[SwitchB-GigabitEthernet1/0/5] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchB-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port drni group 4

[SwitchB-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchB-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port drni group 5

[SwitchB-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface loopback 0

[SwitchB] drni mad exclude interface gigabitethernet 1/0/4

[SwitchB] drni mad exclude interface gigabitethernet 1/0/5

[SwitchA] drni mad exclude interface vlan-interface 12

Configuring BGP to advertise BGP EVPN routes

Configuring Switch A

# Configure BGP to advertise BGP EVPN routes.

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 3.3.3.3 as-number 200

[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

Configuring Switch B

# Configure BGP to advertise BGP EVPN routes.

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 3.3.3.3 as-number 200

[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

Configuring Switch C

# Configure BGP to advertise BGP EVPN routes and configure the switch as an RR.

[SwitchC] bgp 200

[SwitchC-bgp-default] group evpn

[SwitchC-bgp-default] peer 1.1.1.1 group evpn

[SwitchC-bgp-default] peer 2.2.2.2 group evpn

[SwitchC-bgp-default] peer 4.4.4.4 group evpn

[SwitchC-bgp-default] peer evpn as-number 200

[SwitchC-bgp-default] peer evpn connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer evpn enable

[SwitchC-bgp-default-evpn] undo policy vpn-target

[SwitchC-bgp-default-evpn] peer evpn reflect-client

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

Configuring Switch D

# Configure BGP to advertise BGP EVPN routes.

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 3.3.3.3 as-number 200

[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

Mapping Ethernet service instances to VSIs

Configuring Switch A

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port link-type trunk

[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchA-Bridge-Aggregation4] service-instance 1000

[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port link-type trunk

[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchA-Bridge-Aggregation5] service-instance 1000

[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation5-srv1000] quit

Configuring Switch B

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port link-type trunk

[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchB-Bridge-Aggregation4] service-instance 1000

[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port link-type trunk

[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchB-Bridge-Aggregation5] service-instance 1000

[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation5-srv1000] quit

Configuring Switch D

# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchD] interface gigabitethernet 1/0/1

[SwitchD-GigabitEthernet1/0/1] port link-type trunk

[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchD-GigabitEthernet1/0/1] service-instance 1000

[SwitchD-GigabitEthernet1/0/1] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchD-GigabitEthernet1/0/1] xconnect vsi vpna

[SwitchD-GigabitEthernet1/0/1] quit

Verifying the configuration

Verifying the configuration on a DR member device

The verification procedure uses Switch A as an example.

# Verify that Switch A has BGP EVPN routes.

[Switch A]display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 1

Route distinguisher: 1:10

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][4.4.4.4]/80

4.4.4.4 0 100 0 i

# Verify that the VXLAN tunnel to Switch D is up, and the source address of the tunnel is the virtual VTEP address.

[SwitchA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 4.4.4.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that ACs have been created on the IPP and mapped to VXLAN 10.

[SwitchA] display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

ACs:

AC Link ID State Type

BAGG4 srv1000 0 Up Manual

BAGG3 srv2 1 Up Dynamic (DRNI)

BAGG5 srv1000 2 Up Manual

BAGG3 srv3 3 Up Dynamic (DRNI)

Verifying the network connectivity of the VMs

# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are operating correctly. (Details not shown.)

# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the local site are disconnected. (Details not shown.)

Configuration files

· Switch A:

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 1.2.3.4 0.0.0.0

network 11.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 11

vlan 100

l2vpn enable

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation3

link-aggregation mode dynamic

port drni intra-portal-port 1

undo mac-address static source-check enable

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpna

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

interface LoopBack0

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.1 255.255.255.0

interface Vlan-interface100

ip address 100.1.1.2 255.255.255.0

ospf 1 area 0.0.0.0

interface GigabitEthernet1/0/4

port link-mode route

ip address 60.1.1.1 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

interface GigabitEthernet1/0/3

port link-mode bridge

port link-aggregation group 3

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 11

undo stp enable

undo mac-address static source-check enable

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni keepalive ip destination 60.1.1.2 source 60.1.1.1

drni restore-delay 180

drni system-mac 0001-0001-0001

drni system-number 1

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/4

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Vlan-interface11

return

· Switch B:

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 2.2.2.2

area 0.0.0.0

network 1.2.3.4 0.0.0.0

network 2.2.2.2 0.0.0.0

network 12.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 12

vlan 100

l2vpn enable

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation3

link-aggregation mode dynamic

port drni intra-portal-port 1

undo mac-address static source-check enable

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpna

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface12

ip address 12.1.1.2 255.255.255.0

interface Vlan-interface100

ip address 100.1.1.2 255.255.255.0

ospf 1 area 0.0.0.0

interface GigabitEthernet1/0/4

port link-mode route

ip address 60.1.1.2 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

interface GigabitEthernet1/0/3

port link-mode bridge

port link-aggregation group 3

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 12

undo stp enable

undo mac-address static source-check enable

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni keepalive ip destination 60.1.1.1 source 60.1.1.2

drni restore-delay 180

drni system-mac 0001-0001-0001

drni system-number 2

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/4

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Vlan-interface12

return

· Switch C:

ospf 1 router-id 3.3.3.3

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 11.1.1.0 0.0.0.255

network 12.1.1.0 0.0.0.255

network 13.1.1.0 0.0.0.255

vlan 11 to 13

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.3 255.255.255.0

interface Vlan-interface12

ip address 12.1.1.3 255.255.255.0

interface Vlan-interface13

ip address 13.1.1.3 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

bgp 200

group evpn internal

peer evpn connect-interface LoopBack0

peer 1.1.1.1 group evpn

peer 2.2.2.2 group evpn

peer 4.4.4.4 group evpn

address-family l2vpn evpn

undo policy vpn-target

peer evpn enable

peer evpn reflect-client

return

· Switch D:

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 4.4.4.4

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 13.1.1.0 0.0.0.255

vlan 2

vlan 13

l2vpn enable

vxlan tunnel arp-learning disable

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

interface Vlan-interface13

ip address 13.1.1.4 255.255.255.0

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 to 2

port link-mode bridge

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 13

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

Example: Configuring DRNI using a VXLAN tunnel as the IPL on EVPN VTEPs

Network configuration

As shown in Figure 2, perform the following tasks to make sure the VMs can communicate with one another:

· Configure VXLAN 10 on Switch A, Switch B, and Switch D.

· Configure DRNI on Switch A and Switch B to virtualize them into one VTEP. Manually set up a VXLAN tunnel as the IPL between the switches.

· Configure Switch C as an RR.

Figure 2 Network diagram

Analysis

To make sure the overlay network has connectivity,, configure a routing protocol on these switches to advertise routes for reaching their interfaces, including the loopback interfaces. In this example, OSPF is used.

To conserve resources, configure Switch C to reflect routes for Switch A, Switch B, and Switch D.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

Hardware	Software version
S6812 switch series S6813 switch series	Release 66xx
S6550XE-HI switch series	Not supported
S6525XE-HI switch series	Not supported
S5850 switch series	Not supported
S5570S-EI switch series	Not supported
S5560X-EI switch series	Release 66xx
S5560X-HI switch series	Release 66xx
S5500V2-EI switch series	Release 66xx
MS4520V2-30F switch	Release 66xx
MS4520V2-30C switch MS4520V2-54C switch	Release 66xx
MS4520V2-28S switch MS4520V2-24TP switch	Not supported
S6520X-HI switch series S6520X-EI switch series	Release 66xx
S6520X-SI switch series S6520-SI switch series	Release 66xx
S5000-EI switch series	Release 66xx
MS4600 switch series	Release 66xx
ES5500 switch series	Release 66xx
S5560S-EI switch series S5560S-SI switch series	Not supported
S5500V3-24P-SI switch S5500V3-48P-SI switch	Not supported
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Not supported
S5170-EI switch series	Not supported
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Not supported
S5120V2-SI switch series S5120V2-LI switch series	Not supported
S5120V3-EI switch series	Not supported
S5120V3-36F-SI switch S5120V3-28P-HPWR-SI switch S5120V3-54P-PWR-SI switch	Not supported
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Not supported
S5120V3-LI switch series	Not supported
S3600V3-EI switch series	Not supported
S3600V3-SI switch series	Not supported
S3100V3-EI switch series S3100V3-SI switch series	Not supported
S5110V2 switch series	Not supported
S5110V2-SI switch series	Not supported
S5000V3-EI switch series S5000V5-EI switch series	Not supported
S5000E-X switch series S5000X-EI switch series	Not supported
E128C switch E152C switch E500C switch series E500D switch series	Not supported
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Not supported
WS5850-WiNet switch series	Not supported
WS5820-WiNet switch series WS5810-WiNet switch series	Not supported
WAS6000 switch series	Not supported
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Not supported

Restrictions and guidelines

Make sure the following settings are consistent on the DR member devices:

· Ethernet service instances and their match criterion on the DR interfaces in the same DR group or single-homed site-facing interfaces.

· VXLAN IDs of VSIs.

In addition, the Ethernet service instances must be created manually.

As a best practice, do not redistribute external routes on the DR member devices.

Use the drni mad exclude interface command to exclude VXLAN tunnel interfaces and their traffic outgoing interfaces from the MAD shutdown action by DRNI before you configure them as IPPs. If you have configured the VXLAN tunnel interfaces as IPPs before excluding them and their traffic outgoing interfaces from the MAD shutdown action, you must first remove the IPP configuration. After the VXLAN tunnel interfaces and their traffic outgoing interfaces come up, exclude the interfaces from the MAD shutdown action by DRNI. Then, configure the VXLAN tunnel interfaces as IPPs.

As a best practice, use the IP address of a loopback interface as the virtual VTEP address.

For EVPN to run correctly on a DR system, you must execute the undo mac-address static source-check enable command to disable static source check on the following interfaces:

· Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces acting as the IPPs.

· Transport-facing physical interfaces.

Procedures

Configuring the system operating mode

# Set the system operating mode to VXLAN on Switch A, and reboot the switch for the mode change to take effect.

<SwitchA> system-view

[SwitchA] switch-mode 1

Reboot device to make the configuration take effect.

[SwitchA] quit

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

This command will reboot the device. Continue? [Y/N]:y

# Set the system operating mode of Switch B and Switch D to VXLAN. The method is the same as Switch A. (Details not shown.)

Configuring Layer 3 interfaces

# Configure the Layer 3 interfaces on Switch A.

<SwitchA> system-view

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 32

[SwitchA-Loopback0] quit

[SwitchA] interface loopback 1

[SwitchA-Loopback1] ip address 1.2.3.4 32

[SwitchA-Loopback1] quit

[SwitchA] vlan 11

[SwitchA-vlan11] port gigabitethernet 1/0/5

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

[SwitchA-Vlan-interface11] ip address 11.1.1.1 24

[SwitchA-Vlan-interface11] quit

# Configure the Layer 3 interfaces on other switches. (Details not shown.)

Configuring OSPF

Configuring Switch A

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchA] ospf 1 router-id 1.1.1.1

[SwitchA-ospf-1] area 0

[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchA-ospf-1-area-0.0.0.0] quit

[SwitchA-ospf-1] quit

Configuring Switch B

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchB> system-view

[SwitchB] ospf 1 router-id 2.2.2.2

[SwitchB-ospf-1] area 0

[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchB-ospf-1-area-0.0.0.0] quit

[SwitchB-ospf-1] quit

Configuring Switch C

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchC> system-view

[SwitchC] ospf 1 router-id 3.3.3.3

[SwitchC-ospf-1] area 0

[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] quit

[SwitchC-ospf-1] quit

Configuring Switch D

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchD> system-view

[SwitchD] ospf 1 router-id 4.4.4.4

[SwitchD-ospf-1] area 0

[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchD-ospf-1-area-0.0.0.0] quit

[SwitchD-ospf-1] quit

Configuring EVPN

Configuring Switch A

# Enable L2VPN.

[SwitchA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# Specify the reserved VXLAN as VXLAN 1234.

[SwitchA] reserved vxlan 1234

# Create an EVPN instance on VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] arp suppression enable

[SwitchA-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

Configuring Switch B

# Enable L2VPN.

[SwitchB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# Specify the reserved VXLAN as VXLAN 1234.

[SwitchB] reserved vxlan 1234

# Create an EVPN instance on VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] arp suppression enable

[SwitchB-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

Configuring Switch D

# Enable L2VPN.

[SwitchD] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] arp suppression enable

[SwitchD-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

Configuring DRNI

Configuring Switch A

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchA] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchA] drni system-mac 0001-0001-0001

[SwitchA] drni system-number 1

[SwitchA] drni system-priority 10

[SwitchA] drni restore-delay 180

# Create a tunnel to Switch B, and set the ToS of tunneled packets to 100.

[SwitchA] interface tunnel 1 mode vxlan

[SwitchA-Tunnel1] source 1.1.1.1

[SwitchA-Tunnel1] destination 2.2.2.2

[SwitchA-Tunnel1] tunnel tos 100

[SwitchA-Tunnel1] quit

# Exclude Tunnel 1 from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface tunnel 1

# Specify Tunnel 1 as the IPP

[SwitchA] interface tunnel 1

[SwitchA-Tunnel1] port drni intra-portal-port 1

[SwitchA-Tunnel1] quit

# Disable the static source check feature on GigabitEthernet 1/0/4.

[SwitchA] interface gigabitethernet 1/0/4

[SwitchA-GigabitEthernet1/0/4] undo mac-address static source-check enable

[SwitchA-GigabitEthernet1/0/4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchA-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port drni group 4

[SwitchA-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchA-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port drni group 5

[SwitchA-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface tunnel 1

[SwitchA] drni mad exclude interface loopback 0

[SwitchA] drni mad exclude interface gigabitethernet 1/0/4

[SwitchA] drni mad exclude interface vlan-interface 11

Configuring Switch B

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchB] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchB] drni system-mac 0001-0001-0001

[SwitchB] drni system-number 2

[SwitchB] drni system-priority 10

[SwitchB] drni restore-delay 180

# Create a tunnel to Switch A, and set the ToS of tunneled packets to 100.

[SwitchB] interface tunnel 1 mode vxlan

[SwitchB-Tunnel1] source 2.2.2.2

[SwitchB-Tunnel1] destination 1.1.1.1

[SwitchB-Tunnel1] tunnel tos 100

[SwitchB-Tunnel1] quit

# Exclude Tunnel 1 from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface tunnel 1

# Specify Tunnel 1 as the IPP

[SwitchB] interface tunnel 1

[SwitchB-Tunnel1] port drni intra-portal-port 1

[SwitchB-Tunnel1] quit

# Disable the static source check feature on GigabitEthernet 1/0/4.

[SwitchB] interface gigabitethernet 1/0/4

[SwitchB-GigabitEthernet1/0/4] undo mac-address static source-check enable

[SwitchB-GigabitEthernet1/0/4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchB-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port drni group 4

[SwitchB-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchB-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port drni group 5

[SwitchB-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface tunnel 1

[SwitchB] drni mad exclude interface loopback 0

[SwitchB] drni mad exclude interface gigabitethernet 1/0/4

[SwitchB] drni mad exclude interface vlan-interface 12

Configuring BGP to advertise BGP EVPN routes

Configuring Switch A

# Configure BGP to advertise BGP EVPN routes.

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 3.3.3.3 as-number 200

[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

Configuring Switch B

# Configure BGP to advertise BGP EVPN routes.

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 3.3.3.3 as-number 200

[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

Configuring Switch C

# Configure BGP to advertise BGP EVPN routes and configure the switch as an RR.

[SwitchC] bgp 200

[SwitchC-bgp-default] group evpn

[SwitchC-bgp-default] peer 1.1.1.1 group evpn

[SwitchC-bgp-default] peer 2.2.2.2 group evpn

[SwitchC-bgp-default] peer 4.4.4.4 group evpn

[SwitchC-bgp-default] peer evpn as-number 200

[SwitchC-bgp-default] peer evpn connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer evpn enable

[SwitchC-bgp-default-evpn] undo policy vpn-target

[SwitchC-bgp-default-evpn] peer evpn reflect-client

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

Configuring Switch D

# Configure BGP to advertise BGP EVPN routes.

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 3.3.3.3 as-number 200

[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

Mapping Ethernet service instances to VSIs

Configuring Switch A

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port link-type trunk

[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchA-Bridge-Aggregation4] service-instance 1000

[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port link-type trunk

[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchA-Bridge-Aggregation5] service-instance 1000

[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation5-srv1000] quit

Configuring Switch B

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port link-type trunk

[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchB-Bridge-Aggregation4] service-instance 1000

[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port link-type trunk

[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchB-Bridge-Aggregation5] service-instance 1000

[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation5-srv1000] quit

Configuring Switch D

# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchD] interface gigabitethernet 1/0/1

[SwitchD-GigabitEthernet1/0/1] service-instance 1000

[SwitchD-GigabitEthernet1/0/1] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchD-GigabitEthernet1/0/1] xconnect vsi vpna

[SwitchD-GigabitEthernet1/0/1] quit

Configuring Monitor Link

Configuring Switch A

# Create monitor link group 1 and assign the uplink and downlink interfaces to it.

[SwitchA] monitor-link group 1

[SwitchA-mtlk-group1] port gigabitethernet 1/0/1 downlink

[SwitchA-mtlk-group1] port gigabitethernet 1/0/2 downlink

[SwitchA-mtlk-group1] port gigabitethernet 1/0/4 uplink

[SwitchA-mtlk-group1] quit

Configuring Switch B

# Create monitor link group 1 and assign the uplink and downlink interfaces to it.

[SwitchB] monitor-link group 1

[SwitchB-mtlk-group1] port gigabitethernet 1/0/1 downlink

[SwitchB-mtlk-group1] port gigabitethernet 1/0/2 downlink

[SwitchB-mtlk-group1] port gigabitethernet 1/0/4 uplink

[SwitchB-mtlk-group1] quit

Verifying the configuration

Verifying the configuration on a DR member device

The verification procedure uses Switch A as an example.

# Verify that Switch A has BGP EVPN routes.

[Switch A]display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 2

Route distinguisher: 1:10

Total number of routes: 4

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.1.1.1]/80

1.1.1.1 0 100 32768 i

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][2.2.2.2]/80

2.2.2.2 0 100 0 i

* >i [3][0][32][4.4.4.4]/80

4.4.4.4 0 100 0 i

# Verify that the IPL Tunnel 1 is up, and Tunnel 0 to Switch D uses the virtual VTEP address as the source address.

[SwitchA] display interface Tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 4.4.4.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec

Last 300 seconds output rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec

Input: 332 packets, 36377 bytes, 0 drops

Output: 583 packets, 59132 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to VXLAN 10.

[SwitchA] display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Manual Disabled

ACs:

AC Link ID State Type

BAGG4 srv1000 0 Up Manual

BAGG5 srv1000 2 Up Manual

Verifying the network connectivity of the VMs

# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are operating correctly. (Details not shown.)

# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the local site are disconnected. (Details not shown.)

Configuration files

· Switch A:

monitor-link group 1

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 1.2.3.4 0.0.0.0

network 11.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 11

l2vpn enable

reserved vxlan 1234

vxlan tunnel mac-learning disable

evpn drni group 1.2.3.4

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpna

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.1 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

port monitor-link group 1 downlink

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

port monitor-link group 1 downlink

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 11

undo stp enable

port monitor-link group 1 uplink

undo mac-address static source-check enable

interface Tunnel1 mode vxlan

port drni intra-portal-port 1

source 1.1.1.1

destination 2.2.2.2

tunnel tos 100

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni restore-delay 180

drni system-mac 0001-0001-0001

drni system-number 1

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Tunnel1

drni mad exclude interface Vlan-interface 11

return

· Switch B:

monitor-link group 1

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 2.2.2.2

area 0.0.0.0

network 1.2.3.4 0.0.0.0

network 2.2.2.2 0.0.0.0

network 12.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 12

l2vpn enable

reserved vxlan 1234

evpn drni group 1.2.3.4

vxlan tunnel arp-learning disable

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpna

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface12

ip address 12.1.1.2 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port monitor-link group 1 downlink

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port monitor-link group 1 downlink

port link-aggregation group 5

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 12

port monitor-link group 1 uplink

undo mac-address static source-check enable

interface Tunnel1 mode vxlan

port drni intra-portal-port 1

source 2.2.2.2

destination 1.1.1.1

tunnel tos 100

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni restore-delay 180

drni system-mac 0001-0001-0001

drni system-number 2

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Tunnel1

drni mad exclude interface Vlan-interface 12

return

· Switch C:

ospf 1 router-id 3.3.3.3

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 11.1.1.0 0.0.0.255

network 12.1.1.0 0.0.0.255

network 13.1.1.0 0.0.0.255

vlan 11 to 13

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.3 255.255.255.0

interface Vlan-interface12

ip address 12.1.1.3 255.255.255.0

interface Vlan-interface13

ip address 13.1.1.3 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

bgp 200

group evpn internal

peer evpn connect-interface LoopBack0

peer 1.1.1.1 group evpn

peer 2.2.2.2 group evpn

peer 4.4.4.4 group evpn

address-family l2vpn evpn

undo policy vpn-target

peer evpn enable

peer evpn reflect-client

return

· Switch D:

undo vxlan ip-forwarding

vxlan tunnel mac-learning disable

ospf 1 router-id 4.4.4.4

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 13.1.1.0 0.0.0.255

vlan 2

vlan 13

l2vpn enable

vxlan tunnel arp-learning disable

vsi vpna

arp suppression enable

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

interface Vlan-interface13

ip address 13.1.1.4 255.255.255.0

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 to 2

port link-mode bridge

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 13

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

return

Example: Configuring DRNI using an Ethernet aggregate link as the IPL on EVPN gateways

Network configuration

As shown in Figure 3, perform the following tasks to make sure the VMs can communicate with one another:

· Configure VXLAN 10 on Switch A, Switch B, and Switch D, and configure VXLAN 20 on Switch A and Switch B.

· Configure Switch A, Switch B, and Switch D as distributed EVPN gateways to provide Layer 3 forwarding service for the VMs.

· Configure DRNI on Switch A and Switch B to virtualize them into one VTEP. Configure an Ethernet aggregate link as the IPL between the switches.

· Configure Switch C as an RR.

Figure 3 Network diagram

Analysis

To conserve resources, configure Switch C to reflect routes for Switch A, Switch B, and Switch D.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

Hardware	Software version
S6812 switch series S6813 switch series	Release 66xx
S6550XE-HI switch series	Not supported
S6525XE-HI switch series	Not supported
S5850 switch series	Not supported
S5570S-EI switch series	Not supported
S5560X-EI switch series	Release 66xx
S5560X-HI switch series	Release 66xx
S5500V2-EI switch series	Release 66xx
MS4520V2-30F switch	Release 66xx
MS4520V2-30C switch MS4520V2-54C switch	Release 66xx
MS4520V2-28S switch MS4520V2-24TP switch	Not supported
S6520X-HI switch series S6520X-EI switch series	Release 66xx
S6520X-SI switch series S6520-SI switch series	Release 66xx
S5000-EI switch series	Release 66xx
MS4600 switch series	Release 66xx
ES5500 switch series	Release 66xx
S5560S-EI switch series S5560S-SI switch series	Not supported
S5500V3-24P-SI switch S5500V3-48P-SI switch	Not supported
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Not supported
S5170-EI switch series	Not supported
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Not supported
S5120V2-SI switch series S5120V2-LI switch series	Not supported
S5120V3-EI switch series	Not supported
S5120V3-36F-SI switch S5120V3-28P-HPWR-SI switch S5120V3-54P-PWR-SI switch	Not supported
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Not supported
S5120V3-LI switch series	Not supported
S3600V3-EI switch series	Not supported
S3600V3-SI switch series	Not supported
S3100V3-EI switch series S3100V3-SI switch series	Not supported
S5110V2 switch series	Not supported
S5110V2-SI switch series	Not supported
S5000V3-EI switch series S5000V5-EI switch series	Not supported
S5000E-X switch series S5000X-EI switch series	Not supported
E128C switch E152C switch E500C switch series E500D switch series	Not supported
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Not supported
WS5850-WiNet switch series	Not supported
WS5820-WiNet switch series WS5810-WiNet switch series	Not supported
WAS6000 switch series	Not supported
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Not supported

Restrictions and guidelines

Make sure the following settings are consistent on the DR member devices:

· Ethernet service instances and their match criterion on the DR interfaces in the same DR group or single-homed site-facing interfaces.

· VXLAN IDs of VSIs.

In addition, the Ethernet service instances must be created manually.

As a best practice, do not redistribute external routes on the DR member devices.

For EVPN to run correctly on a DR system, you must execute the undo mac-address static source-check enable command to disable static source check on the following interfaces:

· Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces acting as the IPPs.

· Transport-facing physical interfaces.

As a best practice, use the IP address of a loopback interface as the virtual VTEP address.

Configure backup routes for directing traffic from one DR member device to the other DR member device upon uplink failure.

You can configure only the encapsulation s-vid vlan-id and encapsulation untagged frame match criteria and VLAN access mode for Ethernet service instances

Procedures

Configuring the system operating mode

# Set the system operating mode to VXLAN on Switch A, and reboot the switch for the mode change to take effect.

<SwitchA> system-view

[SwitchA] switch-mode 1

Reboot device to make the configuration take effect.

[SwitchA] quit

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

This command will reboot the device. Continue? [Y/N]:y

# Set the system operating mode of Switch B and Switch D to VXLAN. The method is the same as Switch A. (Details not shown.)

Configuring Layer 3 interfaces

# Configure the Layer 3 interfaces on Switch A.

<SwitchA> system-view

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 32

[SwitchA-Loopback0] quit

[SwitchA] interface loopback 1

[SwitchA-Loopback1] ip address 1.2.3.4 32

[SwitchA-Loopback1] quit

[SwitchA] vlan 11

[SwitchA-vlan11] port gigabitethernet 1/0/5

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

[SwitchA-Vlan-interface11] ip address 11.1.1.1 24

[SwitchA-Vlan-interface11] quit

[SwitchA] interface gigabitethernet 1/0/4

[SwitchA-GigabitEthernet1/0/4] port link-mode route

[SwitchA-GigabitEthernet1/0/4] ip address 60.1.1.1 24

[SwitchA-GigabitEthernet1/0/4] quit

# Configure the Layer 3 interfaces on other switches. (Details not shown.)

# On VM 1, VM 3, and VM 5, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify 10.1.2.1 as the gateway address. (Details not shown.)

Configuring OSPF

Configuring Switch A

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchA] ospf 1 router-id 1.1.1.1

[SwitchA-ospf-1] area 0

[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchA-ospf-1-area-0.0.0.0] quit

[SwitchA-ospf-1] quit

# Configure OSPF on VLAN-interface 100 for traffic to be redirected to an available DR member device when an uplink fails.

[SwitchA] vlan 100

[SwitchA-vlan100] quit

[SwitchA] interface Vlan-interface 100

[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0

[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0

[SwitchA-Vlan-interface100] quit

Configuring Switch B

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchB> system-view

[SwitchB] ospf 1 router-id 2.2.2.2

[SwitchB-ospf-1] area 0

[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchB-ospf-1-area-0.0.0.0] quit

[SwitchB-ospf-1] quit

# Configure OSPF on VLAN-interface 100 for traffic to be redirected to an available DR member device when an uplink fails.

[SwitchB] vlan 100

[SwitchB-vlan100] quit

[SwitchB] interface Vlan-interface 100

[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0

[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0

[SwitchB-Vlan-interface100] quit

Configuring Switch C

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchC> system-view

[SwitchC] ospf 1 router-id 3.3.3.3

[SwitchC-ospf-1] area 0

[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] quit

[SwitchC-ospf-1] quit

Configuring Switch D

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

<SwitchD> system-view

[SwitchD] ospf 1 router-id 4.4.4.4

[SwitchD-ospf-1] area 0

[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchD-ospf-1-area-0.0.0.0] quit

[SwitchD-ospf-1] quit

Disabling spanning tree

Configuring Switch A

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/5.

[SwitchA] interface gigabitethernet 1/0/5

[SwitchA-GigabitEthernet1/0/5] undo stp enable

[SwitchA-GigabitEthernet1/0/5] quit

Configuring Switch B

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/5.

[SwitchB] interface gigabitethernet 1/0/5

[SwitchB-GigabitEthernet1/0/5] undo stp enable

[SwitchB-GigabitEthernet1/0/5] quit

Configuring EVPN

Configuring Switch A

# Enable L2VPN.

[SwitchA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# Configure the EVPN global MAC address as 0002-0003-0004.

[SwitchA] evpn global-mac 2-3-4

# Create an EVPN instance on VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

Configuring Switch B

# Enable L2VPN.

[SwitchB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# Configure the EVPN global MAC address as 0002-0003-0004.

[SwitchB] evpn global-mac 2-3-4

# Create an EVPN instance on VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

Configuring Switch D

# Enable L2VPN.

[SwitchD] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

Configuring distributed EVPN gateways

Configuring Switch A

# Configure RD and route target settings for VPN instance vpna.

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 2:2

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# Configure VSI-interface 2 as a distributed gateway.

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

Configuring Switch B

# Configure RD and route target settings for VPN instance vpna.

[SwitchB] ip vpn-instance vpna

[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

[SwitchB-vpn-instance-vpna] address-family ipv4

[SwitchB-vpn-ipv4-vpna] vpn-target 2:2

[SwitchB-vpn-ipv4-vpna] quit

[SwitchB-vpn-instance-vpna] address-family evpn

[SwitchB-vpn-evpn-vpna] vpn-target 1:1

[SwitchB-vpn-evpn-vpna] quit

[SwitchB-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpna

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# Configure VSI-interface 2 as a distributed gateway.

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpna

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip binding vpn-instance vpna

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

Configuring Switch D

# Configure RD and route target settings for VPN instance vpna.

[SwitchD] ip vpn-instance vpna

[SwitchD-vpn-instance-vpna] route-distinguisher 1:1

[SwitchD-vpn-instance-vpna] address-family ipv4

[SwitchD-vpn-ipv4-vpna] vpn-target 2:2

[SwitchD-vpn-ipv4-vpna] quit

[SwitchD-vpn-instance-vpna] address-family evpn

[SwitchD-vpn-evpn-vpna] vpn-target 1:1

[SwitchD-vpn-evpn-vpna] quit

[SwitchD-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpna

[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchD-Vsi-interface1] mac-address 1-1-1

[SwitchD-Vsi-interface1] distributed-gateway local

[SwitchD-Vsi-interface1] local-proxy-arp enable

[SwitchD-Vsi-interface1] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchD] interface vsi-interface 3

[SwitchD-Vsi-interface3] ip binding vpn-instance vpna

[SwitchD-Vsi-interface3] l3-vni 1000

[SwitchD-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] gateway vsi-interface 1

[SwitchD-vsi-vpna] quit

Configuring DRNI

Configuring Switch A

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchA] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchA] drni system-mac 0001-0002-0003

[SwitchA] drni system-number 1

[SwitchA] drni system-priority 10

[SwitchA] drni restore-delay 180

[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation3] quit

# Assign GigabitEthernet 1/0/3 to aggregation group 3.

[SwitchA] interface gigabitethernet 1/0/3

[SwitchA-GigabitEthernet1/0/3] port link-aggregation group 3

[SwitchA-GigabitEthernet1/0/3] quit

# Specify Bridge-Aggregation 3 as the IPP.

[SwitchA] interface bridge-aggregation 3

[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1

[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable

[SwitchA-Bridge-Aggregation3] quit

# Disable the static source check feature on GigabitEthernet 1/0/5.

[SwitchA] interface gigabitethernet 1/0/5

[SwitchA-GigabitEthernet1/0/5] undo mac-address static source-check enable

[SwitchA-GigabitEthernet1/0/5] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchA-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port drni group 4

[SwitchA-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchA-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port drni group 5

[SwitchA-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface loopback 0

[SwitchA] drni mad exclude interface loopback 1

[SwitchA] drni mad exclude interface gigabitethernet 1/0/4

[SwitchA] drni mad exclude interface gigabitethernet 1/0/5

[SwitchA] drni mad exclude interface vlan-interface 11

[SwitchA] drni mad exclude interface vsi-interface 1

[SwitchA] drni mad exclude interface vsi-interface 2

Configuring Switch B

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchB] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchB] drni system-mac 0001-0002-0003

[SwitchB] drni system-number 2

[SwitchB] drni system-priority 10

[SwitchB] drni restore-delay 180

[SwitchB] drni keepalive ip destination 60.1.1.1 source 60.1.1.2

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.

[SwitchB] interface bridge-aggregation 3

[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation3] quit

# Assign GigabitEthernet 1/0/3 to aggregation group 3.

[SwitchB] interface gigabitethernet 1/0/3

[SwitchB-GigabitEthernet1/0/3] port link-aggregation group 3

[SwitchB-GigabitEthernet1/0/3] quit

# Specify Bridge-Aggregation 3 as the IPP.

[SwitchB] interface bridge-aggregation 3

[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1

[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable

[SwitchB-Bridge-Aggregation3] quit

# Disable the static source check feature on GigabitEthernet 1/0/5.

[SwitchB] interface gigabitethernet 1/0/5

[SwitchB-GigabitEthernet1/0/5] undo mac-address static source-check enable

[SwitchB-GigabitEthernet1/0/5] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchB-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port drni group 4

[SwitchB-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchB-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port drni group 5

[SwitchB-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface loopback 0

[SwitchB] drni mad exclude interface loopback 1

[SwitchB] drni mad exclude interface gigabitethernet 1/0/4

[SwitchB] drni mad exclude interface gigabitethernet 1/0/5

[SwitchB] drni mad exclude interface vsi-interface 1

[SwitchB] drni mad exclude interface vsi-interface 2

[SwitchB] drni mad exclude interface vlan-interface 12

Configuring BGP to advertise BGP EVPN routes

Configuring Switch A

# Configure BGP to advertise BGP EVPN routes.

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 3.3.3.3 as-number 200

[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

Configuring Switch B

# Configure BGP to advertise BGP EVPN routes.

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 3.3.3.3 as-number 200

[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

Configuring Switch C

# Configure BGP to advertise BGP EVPN routes and configure the switch as an RR.

[SwitchC] bgp 200

[SwitchC-bgp-default] group evpn

[SwitchC-bgp-default] peer 1.1.1.1 group evpn

[SwitchC-bgp-default] peer 2.2.2.2 group evpn

[SwitchC-bgp-default] peer 4.4.4.4 group evpn

[SwitchC-bgp-default] peer evpn as-number 200

[SwitchC-bgp-default] peer evpn connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer evpn enable

[SwitchC-bgp-default-evpn] undo policy vpn-target

[SwitchC-bgp-default-evpn] peer evpn reflect-client

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

Configuring Switch D

# Configure BGP to advertise BGP EVPN routes.

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 3.3.3.3 as-number 200

[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

Mapping Ethernet service instances to VSIs

Configuring Switch A

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port link-type trunk

[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchA-Bridge-Aggregation4] service-instance 1000

[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port link-type trunk

[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchA-Bridge-Aggregation5] service-instance 1000

[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb

[SwitchA-Bridge-Aggregation5-srv1000] quit

Configuring Switch B

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port link-type trunk

[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchB-Bridge-Aggregation4] service-instance 1000

[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port link-type trunk

[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchB-Bridge-Aggregation5] service-instance 1000

[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb

[SwitchB-Bridge-Aggregation5-srv1000] quit

Configuring Switch D

# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchD] interface gigabitethernet 1/0/1

[SwitchD-GigabitEthernet1/0/1] port link-type trunk

[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchD-GigabitEthernet1/0/1] service-instance 1000

[SwitchD-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchD-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchD-GigabitEthernet1/0/1-srv1000] quit

Verifying the configuration

Verifying the configuration on a DR member device

The verification procedure uses Switch A as an example.

# Verify that Switch A has BGP EVPN routes.

[Switch A]display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 2

Route distinguisher: 1:1(vpna)

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [5][0][24][10.1.1.0]/80

1.2.3.4 0 100 32768 i

* > [5][0][24][10.1.2.0]/80

1.2.3.4 0 100 32768 i

Route distinguisher: 1:10

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][4.4.4.4]/80

4.4.4.4 0 100 0 i

Route distinguisher: 1:20

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][4.4.4.4]/80

4.4.4.4 0 100 0 i

# Verify that the VXLAN tunnel to Switch D is up, and the source address of the tunnel is the virtual VTEP address.

[SwitchA] display interface Tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 4.4.4.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that ACs have been created on the IPP and mapped to VXLAN 10 and VXLAN 20.

[SwitchA] display l2vpn vsi verbose

VSI Name: Auto_L3VNI1000_3

VSI Index : 1

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 3

VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 1

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

ACs:

AC Link ID State Type

BAGG4 srv1000 0 Up Manual

BAGG3 srv2 1 Up Dynamic (DRNI)

VSI Name: vpnb

VSI Index : 2

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 2

VXLAN ID : 20

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

ACs:

AC Link ID State Type

BAGG5 srv1000 0 Up Manual

BAGG3 srv3 1 Up Dynamic (DRNI)

Verifying the network connectivity of the VMs

# Verify that the VMs can communicate when both Switch A and Switch B are operating correctly. (Details not shown.)

# Verify that VM 1 and VM 5 can communicate when Switch A's or Switch B's links to the local site are disconnected. (Details not shown.)

Configuration files

· Switch A:

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 1.2.3.4 0.0.0.0

network 11.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 11

vlan 100

l2vpn enable

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

evpn global-mac 0002-0003-0004

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

vsi vpnb

gateway vsi-interface 2

vxlan 20

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation3

link-aggregation mode dynamic

port drni intra-portal-port 1

undo mac-address static source-check enable

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpnb

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.1 255.255.255.0

interface Vlan-interface100

ip address 100.1.1.1 255.255.255.0

ospf 1 area 0.0.0.0

interface GigabitEthernet1/0/4

port link-mode route

ip address 60.1.1.1 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

interface GigabitEthernet1/0/3

port link-mode bridge

port link-aggregation group 3

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 11

undo stp enable

undo mac-address static source-check enable

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface2

ip binding vpn-instance vpna

ip address 10.1.2.1 255.255.255.0

mac-address 0002-0002-0002

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni keepalive ip destination 60.1.1.2 source 60.1.1.1

drni restore-delay 180

drni system-mac 0001-0002-0003

drni system-number 1

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/4

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Vlan-interface 11

drni mad exclude interface Vsi-interface1

drni mad exclude interface Vsi-interface2

return

· Switch B:

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 2.2.2.2

area 0.0.0.0

network 1.2.3.4 0.0.0.0

network 2.2.2.2 0.0.0.0

network 12.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 12

vlan 100

l2vpn enable

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

evpn global-mac 0002-0003-0004

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

vsi vpnb

gateway vsi-interface 2

vxlan 20

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation3

link-aggregation mode dynamic

port drni intra-portal-port 1

undo mac-address static source-check enable

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpnb

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface12

ip address 12.1.1.2 255.255.255.0

interface Vlan-interface100

ip address 100.1.1.2 255.255.255.0

ospf 1 area 0.0.0.0

interface GigabitEthernet1/0/4

port link-mode route

ip address 60.1.1.2 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

interface GigabitEthernet1/0/3

port link-mode bridge

port link-aggregation group 3

interface GigabitEthernet1/0/5

port link-mode bridge

port access vlan 12

undo stp enable

undo mac-address static source-check enable

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface2

ip binding vpn-instance vpna

ip address 10.1.2.1 255.255.255.0

mac-address 0002-0002-0002

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni keepalive ip destination 60.1.1.1 source 60.1.1.2

drni restore-delay 180

drni system-mac 0001-0002-0003

drni system-number 2

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/4

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Vlan-interface 12

drni mad exclude interface Vsi-interface1

drni mad exclude interface Vsi-interface2

return

· Switch C:

ospf 1 router-id 3.3.3.3

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 11.1.1.0 0.0.0.255

network 12.1.1.0 0.0.0.255

network 13.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 11 to 13

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.3 255.255.255.0

interface Vlan-interface12

ip address 12.1.1.3 255.255.255.0

interface Vlan-interface13

ip address 13.1.1.3 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

bgp 200

group evpn internal

peer evpn connect-interface LoopBack0

peer 1.1.1.1 group evpn

peer 2.2.2.2 group evpn

peer 4.4.4.4 group evpn

address-family l2vpn evpn

undo policy vpn-target

peer evpn enable

peer evpn reflect-client

return

· Switch D:

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 4.4.4.4

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 13.1.1.0 0.0.0.255

vlan 2

vlan 13

l2vpn enable

vxlan tunnel arp-learning disable

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

interface Vlan-interface13

ip address 13.1.1.4 255.255.255.0

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 to 2

port link-mode bridge

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 13

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

return

Example: Configuring DRNI using a VXLAN tunnel as the IPL on EVPN gateways

Network configuration

As shown in Figure 4, perform the following tasks to make sure the VMs can communicate with one another:

· Configure VXLAN 10 on Switch A, Switch B, and Switch D, and configure VXLAN 20 on Switch A, and Switch B.

· Configure Switch A, Switch B, and Switch D as distributed EVPN gateways to provide Layer 3 forwarding service for VMs.

· Configure DRNI on Switch A and Switch B to virtualize them into one VTEP. Manually set up a VXLAN tunnel as the IPL between the switches.

· Create a monitor link group on Switch A and Switch B. Configure the transport-facing interfaces of Switch A and Switch B as uplink interfaces for the monitor link group, and member interfaces of DR interfaces as downlink interfaces.

· Configure Switch C as an RR.

Figure 4 Network diagram

Analysis

To conserve resources, configure Switch C to reflect routes for Switch A, Switch B, and Switch D.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

Hardware	Software version
S6812 switch series S6813 switch series	Release 66xx
S6550XE-HI switch series	Not supported
S6525XE-HI switch series	Not supported
S5850 switch series	Not supported
S5570S-EI switch series	Not supported
S5560X-EI switch series	Release 66xx
S5560X-HI switch series	Release 66xx
S5500V2-EI switch series	Release 66xx
MS4520V2-30F switch	Release 66xx
MS4520V2-30C switch MS4520V2-54C switch	Release 66xx
MS4520V2-28S switch MS4520V2-24TP switch	Not supported
S6520X-HI switch series S6520X-EI switch series	Release 66xx
S6520X-SI switch series S6520-SI switch series	Release 66xx
S5000-EI switch series	Release 66xx
MS4600 switch series	Release 66xx
ES5500 switch series	Release 66xx
S5560S-EI switch series S5560S-SI switch series	Not supported
S5500V3-24P-SI switch S5500V3-48P-SI switch	Not supported
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Not supported
S5170-EI switch series	Not supported
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Not supported
S5120V2-SI switch series S5120V2-LI switch series	Not supported
S5120V3-EI switch series	Not supported
S5120V3-36F-SI switch S5120V3-28P-HPWR-SI switch S5120V3-54P-PWR-SI switch	Not supported
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Not supported
S5120V3-LI switch series	Not supported
S3600V3-EI switch series	Not supported
S3600V3-SI switch series	Not supported
S3100V3-EI switch series S3100V3-SI switch series	Not supported
S5110V2 switch series	Not supported
S5110V2-SI switch series	Not supported
S5000V3-EI switch series S5000V5-EI switch series	Not supported
S5000E-X switch series S5000X-EI switch series	Not supported
E128C switch E152C switch E500C switch series E500D switch series	Not supported
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Not supported
WS5850-WiNet switch series	Not supported
WS5820-WiNet switch series WS5810-WiNet switch series	Not supported
WAS6000 switch series	Not supported
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Not supported

Restrictions and guidelines

Make sure the following settings are consistent on the DR member devices:

· Ethernet service instances and their match criterion on the DR interfaces in the same DR group or single-homed site-facing interfaces.

· VXLAN IDs of VSIs.

In addition, the Ethernet service instances must be created manually.

As a best practice, do not redistribute external routes on the DR member devices.

For EVPN to run correctly on a DR system, you must execute the undo mac-address static source-check enable command to disable static source check on the following interfaces:

· Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces acting as the IPPs.

· Transport-facing physical interfaces.

As a best practice, use the IP address of a loopback interface as the virtual VTEP address.

Procedures

Configuring the system operating mode

# Set the system operating mode to VXLAN on Switch A, and reboot the switch for the mode change to take effect.

<SwitchA> system-view

[SwitchA] switch-mode 1

Reboot device to make the configuration take effect.

[SwitchA] quit

<SwitchA> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

This command will reboot the device. Continue? [Y/N]:y

# Set the system operating mode of Switch B and Switch D to VXLAN. The method is the same as Switch A. (Details not shown.)

Configuring Layer 3 interfaces

# Configure the Layer 3 interfaces on Switch A.

[SwitchA] interface loopback 0

[SwitchA-Loopback0] ip address 1.1.1.1 32

[SwitchA-Loopback0] quit

[SwitchA] interface loopback 1

[SwitchA-Loopback1] ip address 1.2.3.4 32

[SwitchA-Loopback1] quit

[SwitchA] vlan 11

[SwitchA-vlan11] port gigabitethernet 1/0/5

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

[SwitchA-Vlan-interface11] ip address 11.1.1.1 24

[SwitchA-Vlan-interface11] quit

# Configure the Layer 3 interfaces on other switches. (Details not shown.)

# On VM 1, VM 3, and VM 5, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify 10.1.2.1 as the gateway address. (Details not shown.)

Configuring OSPF

Configuring Switch A

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchA] ospf 1 router-id 1.1.1.1

[SwitchA-ospf-1] area 0

[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchA-ospf-1-area-0.0.0.0] quit

[SwitchA-ospf-1] quit

Configuring Switch B

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchB] ospf 1 router-id 2.2.2.2

[SwitchB-ospf-1] area 0

[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0

[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchB-ospf-1-area-0.0.0.0] quit

[SwitchB-ospf-1] quit

Configuring Switch C

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchC] ospf 1 router-id 3.3.3.3

[SwitchC-ospf-1] area 0

[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchC-ospf-1-area-0.0.0.0] quit

[SwitchC-ospf-1] quit

Configuring Switch D

# Configure OSPF to advertise the networks attached to the Layer 3 interfaces.

[SwitchD] ospf 1 router-id 4.4.4.4

[SwitchD-ospf-1] area 0

[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SwitchD-ospf-1-area-0.0.0.0] quit

[SwitchD-ospf-1] quit

Disabling spanning tree

Configuring Switch A

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/4.

[SwitchA] interface gigabitethernet 1/0/4

[SwitchA-GigabitEthernet1/0/4] undo stp enable

[SwitchA-GigabitEthernet1/0/4] quit

Configuring Switch B

# Disable spanning tree on transport-facing physical interface GigabitEthernet 1/0/4.

[SwitchB] interface gigabitethernet 1/0/4

[SwitchB-GigabitEthernet1/0/4] undo stp enable

[SwitchB-GigabitEthernet1/0/4] quit

Configuring EVPN

Configuring Switch A

# Enable L2VPN.

[SwitchA] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# Specify the reserved VXLAN as VXLAN 1234.

[SwitchA] reserved vxlan 1234

# Configure the EVPN global MAC address as 0002-0003-0004.

[SwitchA] evpn global-mac 2-3-4

# Create an EVPN instance on VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

Configuring Switch B

# Enable L2VPN.

[SwitchB] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# Specify the reserved VXLAN as VXLAN 1234.

[SwitchB] reserved vxlan 1234

# Configure the EVPN global MAC address as 0002-0003-0004.

[SwitchB] evpn global-mac 2-3-4

# Create an EVPN instance on VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# Create an EVPN instance on VSI vpnb.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# Create VXLAN 20.

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

Configuring Switch D

# Enable L2VPN.

[SwitchD] l2vpn enable

# Disable remote MAC address learning and remote ARP learning.

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# Create an EVPN instance on VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] evpn encapsulation vxlan

# Configure the switch to automatically generate an RD and a route target for the EVPN instance.

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# Create VXLAN 10.

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

Configuring distributed EVPN gateways

Configuring Switch A

# Configure RD and route target settings for VPN instance vpna.

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 2:2

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# Configure VSI-interface 2 as a distributed gateway.

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

Configuring Switch B

# Configure RD and route target settings for VPN instance vpna.

[SwitchB] ip vpn-instance vpna

[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

[SwitchB-vpn-instance-vpna] address-family ipv4

[SwitchB-vpn-ipv4-vpna] vpn-target 2:2

[SwitchB-vpn-ipv4-vpna] quit

[SwitchB-vpn-instance-vpna] address-family evpn

[SwitchB-vpn-evpn-vpna] vpn-target 1:1

[SwitchB-vpn-evpn-vpna] quit

[SwitchB-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpna

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# Configure VSI-interface 2 as a distributed gateway.

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpna

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip binding vpn-instance vpna

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# Specify VSI-interface 2 as the gateway interface for VSI vpnb.

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

Configuring Switch D

# Configure RD and route target settings for VPN instance vpna.

[SwitchD] ip vpn-instance vpna

[SwitchD-vpn-instance-vpna] route-distinguisher 1:1

[SwitchD-vpn-instance-vpna] address-family ipv4

[SwitchD-vpn-ipv4-vpna] vpn-target 2:2

[SwitchD-vpn-ipv4-vpna] quit

[SwitchD-vpn-instance-vpna] address-family evpn

[SwitchD-vpn-evpn-vpna] vpn-target 1:1

[SwitchD-vpn-evpn-vpna] quit

[SwitchD-vpn-instance-vpna] quit

# Configure VSI-interface 1 as a distributed gateway.

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpna

[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchD-Vsi-interface1] mac-address 1-1-1

[SwitchD-Vsi-interface1] distributed-gateway local

[SwitchD-Vsi-interface1] local-proxy-arp enable

[SwitchD-Vsi-interface1] quit

# Create VSI-interface 3. Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000 for the VPN instance.

[SwitchD] interface vsi-interface 3

[SwitchD-Vsi-interface3] ip binding vpn-instance vpna

[SwitchD-Vsi-interface3] l3-vni 1000

[SwitchD-Vsi-interface3] quit

# Specify VSI-interface 1 as the gateway interface for VSI vpna.

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] gateway vsi-interface 1

[SwitchD-vsi-vpna] quit

Configuring DRNI

Configuring Switch A

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchA] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchA] drni system-mac 0001-0002-0003

[SwitchA] drni system-number 1

[SwitchA] drni system-priority 10

[SwitchA] drni restore-delay 180

# Create a tunnel to Switch B, and set the ToS of tunneled packets to 100.

[SwitchA] interface tunnel 1 mode vxlan

[SwitchA-Tunnel1] source 1.1.1.1

[SwitchA-Tunnel1] destination 2.2.2.2

[SwitchA-Tunnel1] tunnel tos 100

[SwitchA-Tunnel1] quit

# Exclude Tunnel 1 from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface tunnel 1

# Specify Tunnel 1 as the IPP

[SwitchA] interface tunnel 1

[SwitchA-Tunnel1] port drni intra-portal-port 1

[SwitchA-Tunnel1] quit

# Disable the static source check feature on GigabitEthernet 1/0/4.

[SwitchA] interface gigabitethernet 1/0/4

[SwitchA-GigabitEthernet1/0/4] undo mac-address static source-check enable

[SwitchA-GigabitEthernet1/0/4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchA-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port drni group 4

[SwitchA-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchA-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port drni group 5

[SwitchA-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchA] drni mad exclude interface loopback0

[SwitchA] drni mad exclude interface gigabitethernet1/0/4

[SwitchA] drni mad exclude interface vsi-interface 1

[SwitchA] drni mad exclude interface vsi-interface 2

[SwitchA] drni mad exclude interface vlan-interface 11

Configuring Switch B

# Specify the virtual VTEP address as 1.2.3.4.

[SwitchB] evpn drni group 1.2.3.4

# Configure DR system parameters.

[SwitchB] drni system-mac 0001-0002-0003

[SwitchB] drni system-number 2

[SwitchB] drni system-priority 10

[SwitchB] drni restore-delay 180

# Create a tunnel to Switch A, and set the ToS of tunneled packets to 100.

[SwitchB] interface tunnel 1 mode vxlan

[SwitchB-Tunnel1] source 2.2.2.2

[SwitchB-Tunnel1] destination 1.1.1.1

[SwitchB-Tunnel1] tunnel tos 100

[SwitchB-Tunnel1] quit

# Exclude Tunnel 1 from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface tunnel 1

# Specify Tunnel 1 as the IPP

[SwitchB] interface tunnel 1

[SwitchB-Tunnel1] port drni intra-portal-port 1

[SwitchB-Tunnel1] quit

# Disable the static source check feature on GigabitEthernet 1/0/4.

[SwitchB] interface gigabitethernet 1/0/4

[SwitchB-GigabitEthernet1/0/4] undo mac-address static source-check enable

[SwitchB-GigabitEthernet1/0/4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation4] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 4.

[SwitchB] interface gigabitethernet 1/0/1

[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4

[SwitchB-GigabitEthernet1/0/1] quit

# Assign Bridge-Aggregation 4 to DR group 4.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port drni group 4

[SwitchB-Bridge-Aggregation4] quit

# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation5] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 5.

[SwitchB] interface gigabitethernet 1/0/2

[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5

[SwitchB-GigabitEthernet1/0/2] quit

# Assign Bridge-Aggregation 5 to DR group 5.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port drni group 5

[SwitchB-Bridge-Aggregation5] quit

# Exclude all interfaces used by EVPN from the shutdown action by DRNI MAD.

[SwitchB] drni mad exclude interface loopback0

[SwitchB] drni mad exclude interface gigabitethernet1/0/4

[SwitchB] drni mad exclude interface vsi-interface 1

[SwitchB] drni mad exclude interface vsi-interface 2

[SwitchB] drni mad exclude interface vlan-interface 12

Configuring BGP to advertise BGP EVPN routes

Configuring Switch A

# Configure BGP to advertise BGP EVPN routes.

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 3.3.3.3 as-number 200

[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

Configuring Switch B

# Configure BGP to advertise BGP EVPN routes.

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 3.3.3.3 as-number 200

[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

Configuring Switch C

# Configure BGP to advertise BGP EVPN routes and configure the switch as an RR.

[SwitchC] bgp 200

[SwitchC-bgp-default] group evpn

[SwitchC-bgp-default] peer 1.1.1.1 group evpn

[SwitchC-bgp-default] peer 2.2.2.2 group evpn

[SwitchC-bgp-default] peer 4.4.4.4 group evpn

[SwitchC-bgp-default] peer evpn as-number 200

[SwitchC-bgp-default] peer evpn connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer evpn enable

[SwitchC-bgp-default-evpn] undo policy vpn-target

[SwitchC-bgp-default-evpn] peer evpn reflect-client

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

Configuring Switch D

# Configure BGP to advertise BGP EVPN routes.

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 3.3.3.3 as-number 200

[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

Mapping Ethernet service instances to VSIs

Configuring Switch A

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchA] interface bridge-aggregation 4

[SwitchA-Bridge-Aggregation4] port link-type trunk

[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchA-Bridge-Aggregation4] service-instance 1000

[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchA-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchA] interface bridge-aggregation 5

[SwitchA-Bridge-Aggregation5] port link-type trunk

[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchA-Bridge-Aggregation5] service-instance 1000

[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb

[SwitchA-Bridge-Aggregation5-srv1000] quit

Configuring Switch B

# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.

[SwitchB] interface bridge-aggregation 4

[SwitchB-Bridge-Aggregation4] port link-type trunk

[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2

[SwitchB-Bridge-Aggregation4] service-instance 1000

[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna

[SwitchB-Bridge-Aggregation4-srv1000] quit

# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.

[SwitchB] interface bridge-aggregation 5

[SwitchB-Bridge-Aggregation5] port link-type trunk

[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3

[SwitchB-Bridge-Aggregation5] service-instance 1000

[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

# Map Ethernet service instance 1000 to VSI vpnb.

[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb

[SwitchB-Bridge-Aggregation5-srv1000] quit

Configuring Switch D

# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

[SwitchD] interface gigabitethernet 1/0/1

[SwitchD-GigabitEthernet1/0/1] port link-type trunk

[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 2

[SwitchD-GigabitEthernet1/0/1] service-instance 1000

[SwitchD-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# Map Ethernet service instance 1000 to VSI vpna.

[SwitchD-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchD-GigabitEthernet1/0/1-srv1000] quit

Configuring Monitor Link

Configuring Switch A

# Create monitor link group 1 and assign the uplink and downlink interfaces to it.

[SwitchA] monitor-link group 1

[SwitchA-mtlk-group1] port gigabitethernet 1/0/1 downlink

[SwitchA-mtlk-group1] port gigabitethernet 1/0/2 downlink

[SwitchA-mtlk-group1] port gigabitethernet 1/0/4 uplink

[SwitchA-mtlk-group1] quit

Configuring Switch B

# Create monitor link group 1 and assign the uplink and downlink interfaces to it.

[SwitchB] monitor-link group 1

[SwitchB-mtlk-group1] port gigabitethernet 1/0/1 downlink

[SwitchB-mtlk-group1] port gigabitethernet 1/0/2 downlink

[SwitchB-mtlk-group1] port gigabitethernet 1/0/4 uplink

[SwitchB-mtlk-group1] quit

Verifying the configuration

Verifying the configuration on a DR member device

The verification procedure uses Switch A as an example.

# Verify that Switch A has BGP EVPN routes.

[Switch A]display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 3

Route distinguisher: 1:1(vpna)

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [5][0][24][10.1.1.0]/80

1.1.1.1 0 100 32768 i

* > [5][0][24][10.1.2.0]/80

1.1.1.1 0 100 32768 i

Route distinguisher: 1:10

Total number of routes: 4

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.1.1.1]/80

1.1.1.1 0 100 32768 i

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][2.2.2.2]/80

2.2.2.2 0 100 0 i

* >i [3][0][32][4.4.4.4]/80

4.4.4.4 0 100 0 i

Route distinguisher: 1:20

Total number of routes: 3

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [3][0][32][1.1.1.1]/80

1.1.1.1 0 100 32768 i

* > [3][0][32][1.2.3.4]/80

1.2.3.4 0 100 32768 i

* >i [3][0][32][2.2.2.2]/80

2.2.2.2 0 100 0 i

# Verify that the IPL Tunnel 1 is up, and Tunnel 0 to Switch D uses the virtual VTEP address as the source address.

[SwitchA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 4.4.4.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 149 bytes/sec, 1192 bits/sec, 1 packets/sec

Last 300 seconds output rate: 379 bytes/sec, 3032 bits/sec, 3 packets/sec

Input: 398 packets, 46446 bytes, 0 drops

Output: 3597 packets, 363591 bytes, 0 drops

# Verify that the VXLAN tunnels have been assigned to VXLAN 10 and VXLAN 20.

[SwitchA] display l2vpn vsi verbose

VSI Name: Auto_L3VNI1000_3

VSI Index : 1

VSI State : Down

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 3

VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 1

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel0 0x5000000 UP Auto Disabled

Tunnel1 0x5000001 UP Manual Disabled

ACs:

AC Link ID State Type

BAGG4 srv1000 0 Up Manual

VSI Name: vpnb

VSI Index : 2

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Disabled

Gateway Interface : VSI-interface 2

VXLAN ID : 20

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel1 0x5000001 UP Manual Disabled

ACs:

AC Link ID State Type

BAGG5 srv1000 0 Up Manual

Verifying the network connectivity of the VMs

# Verify that the VMs can communicate when both Switch A and Switch B are operating correctly. (Details not shown.)

# Verify that VM 1 and VM 5 can communicate when Switch A's or Switch B's links to the local site are disconnected. (Details not shown.)

Configuration files

· Switch A:

monitor-link group 1

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 1.1.1.1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 1.2.3.4 0.0.0.0

network 11.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 11

l2vpn enable

reserved vxlan 1234

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

evpn global-mac 0002-0003-0004

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

vsi vpnb

gateway vsi-interface 2

vxlan 20

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpnb

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.1 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port link-aggregation group 4

port monitor-link group 1 downlink

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port link-aggregation group 5

port monitor-link group 1 downlink

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 11

undo stp enable

port monitor-link group 1 uplink

undo mac-address static source-check enable

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface2

ip binding vpn-instance vpna

ip address 10.1.2.1 255.255.255.0

mac-address 0002-0002-0002

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

interface Tunnel1 mode vxlan

port drni intra-portal-port 1

source 1.1.1.1

destination 2.2.2.2

tunnel tos 100

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni restore-delay 180

drni system-mac 0001-0001-0001

drni system-number 1

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Tunnel1

drni mad exclude interface Vlan-interface 11

drni mad exclude interface Vsi-interface1

drni mad exclude interface Vsi-interface2

return

· Switch B:

monitor-link group 1

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 2.2.2.2

area 0.0.0.0

network 1.2.3.4 0.0.0.0

network 2.2.2.2 0.0.0.0

network 12.1.1.0 0.0.0.255

vlan 2

vlan 3

vlan 12

l2vpn enable

reserved vxlan 1234

vxlan tunnel arp-learning disable

evpn drni group 1.2.3.4

evpn global-mac 0002-0003-0004

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

vsi vpnb

gateway vsi-interface 2

vxlan 20

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface Bridge-Aggregation4

port link-type trunk

port trunk permit vlan 1 to 2

link-aggregation mode dynamic

port drni group 4

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface Bridge-Aggregation5

port link-type trunk

port trunk permit vlan 1 3

link-aggregation mode dynamic

port drni group 5

service-instance 1000

encapsulation s-vid 3

xconnect vsi vpnb

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

interface LoopBack1

ip address 1.2.3.4 255.255.255.255

interface Vlan-interface12

ip address 12.1.1.2 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 to 2

port monitor-link group 1 downlink

port link-aggregation group 4

interface GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 3

port monitor-link group 1 downlink

port link-aggregation group 5

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 12

undo stp enable

port monitor-link group 1 uplink

undo mac-address static source-check enable

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface2

ip binding vpn-instance vpna

ip address 10.1.2.1 255.255.255.0

mac-address 0002-0002-0002

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

interface Tunnel1 mode vxlan

port drni intra-portal-port 1

source 2.2.2.2

destination 1.1.1.1

tunnel tos 100

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

drni restore-delay 180

drni system-mac 0001-0002-0003

drni system-number 2

drni system-priority 10

drni mad exclude interface LoopBack0

drni mad exclude interface GigabitEthernet1/0/5

drni mad exclude interface Tunnel1

drni mad exclude interface Vlan-interface 12

drni mad exclude interface Vsi-interface1

drni mad exclude interface Vsi-interface2

return

· Switch C:

ospf 1 router-id 3.3.3.3

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 11.1.1.0 0.0.0.255

network 12.1.1.0 0.0.0.255

network 13.1.1.0 0.0.0.255

vlan 11 to 13

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

interface Vlan-interface11

ip address 11.1.1.3 255.255.255.0

interface Vlan-interface12

ip address 12.1.1.3 255.255.255.0

interface Vlan-interface13

ip address 13.1.1.3 255.255.255.0

interface GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

bgp 200

group evpn internal

peer evpn connect-interface LoopBack0

peer 1.1.1.1 group evpn

peer 2.2.2.2 group evpn

peer 4.4.4.4 group evpn

address-family l2vpn evpn

undo policy vpn-target

peer evpn enable

peer evpn reflect-client

return

· Switch D:

ip vpn-instance vpna

route-distinguisher 1:1

address-family ipv4

vpn-target 2:2 import-extcommunity

vpn-target 2:2 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

vxlan tunnel mac-learning disable

ospf 1 router-id 4.4.4.4

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 13.1.1.0 0.0.0.255

vlan 2

vlan 13

l2vpn enable

vxlan tunnel arp-learning disable

vsi vpna

gateway vsi-interface 1

vxlan 10

evpn encapsulation vxlan

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

interface Vlan-interface13

ip address 13.1.1.4 255.255.255.0

interface GigabitEthernet1/0/1

port link-type trunk

port trunk permit vlan 1 to 2

port link-mode bridge

service-instance 1000

encapsulation s-vid 2

xconnect vsi vpna

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 13

interface Vsi-interface1

ip binding vpn-instance vpna

ip address 10.1.1.1 255.255.255.0

mac-address 0001-0001-0001

local-proxy-arp enable

distributed-gateway local

interface Vsi-interface3

ip binding vpn-instance vpna

l3-vni 1000

bgp 200

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack0

address-family l2vpn evpn

peer 3.3.3.3 enable

return

H3C Fixed Port Campus Switches Configuration Examples-6W103

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch D

Verifying the configuration

Example: Configuring DRNI using a VXLAN tunnel as the IPL on EVPN VTEPs

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring BGP to advertise BGP EVPN routes

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch D

Procedures

Configuring Switch A

Configuring Switch B

Configuring Switch C

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring distributed EVPN gateways

Configuring Switch A

Configuring Switch B

Configuring Switch D

Configuring Switch A

Configuring Switch B

Configuring Switch A

Configuring Switch B

Configuring Switch C