Example: Configuring M-LAG and EVPN distributed gateways (IS-IS for underlay routing)

Leaf 1

XGE1/0/21

N/A

Member port of an underlay M-LAG interface.

Connected to a virtualization server.

XGE1/0/47

N/A

Member port of an M-LAG interface, interface with ACs configured.

Connected to a bare metal server.

FGE1/0/53

N/A

Member port of the peer-link interface.

Connected to FGE1/0/53 on Leaf 2.

FGE1/0/54

N/A

Member port of the peer-link interface.

Connected to FGE1/0/54 on Leaf 2.

FGE1/0/51

6.1.1.1/30

Connected to FGE3/0/16 on Spine 1.

FGE1/0/49

6.1.1.5/30

Connected to FGE3/0/4 on Spine 2.

Loopback0

5.1.1.1/32

VTEP IP address.

Loopback1

5.1.1.101/32

Virtual VTEP IP address.

Vlan-interface2

10.10.10.3/24

VRRP virtual IP: 10.10.10.254

The VRRP virtual IP address is the gateway address for virtualization servers.

Vlan-interface10

10.1.1.1/24

Peer link.

Leaf 2

XGE1/0/21

N/A

Member port of an underlay M-LAG interface.

Connected to a virtualization server.

XGE1/0/47

N/A

Member port of an M-LAG interface, interface with ACs configured.

Connected to a bare metal server.

FGE1/0/53

N/A

Member port of the peer-link interface.

Connected to FGE1/0/53 on Leaf 1.

FGE1/0/54

N/A

Member port of the peer-link interface.

Connected to FGE1/0/54 on Leaf 1.

FGE1/0/51

6.1.1.9/30

Connected to FGE3/0/13 on Spine 1.

FGE1/0/49

6.1.1.13/30

Connected to FGE3/0/1 on Spine 2.

LoopBack0

5.1.1.2/32

VTEP IP address.

LoopBack1

5.1.1.101/32

Virtual VTEP IP address.

Vlan-interface2

10.10.10.4/24

VRRP virtual IP: 10.10.10.254

The VRRP virtual IP address is the gateway address for virtualization servers.

Vlan-interface10

10.1.1.2/24

Peer link.

Leaf 3

WGE1/0/21

N/A

Member port of an underlay M-LAG interface.

Connected to a virtualization server.

WGE1/0/55

N/A

Member port of an M-LAG interface, interface with ACs configured.

Connected to a bare metal server.

HGE1/0/31

N/A

Member port of the peer-link interface.

Connected to HGE1/0/31 on Leaf 4.

HGE1/0/32

N/A

Member port of the peer-link interface.

Connected to HGE1/0/32 on Leaf 4.

HGE1/0/29

6.1.1.17/30

Connected to HGE2/0/3 on Spine 1.

HGE1/0/25

6.1.1.29/30

Connected to HGE2/0/12 on Spine 2.

LoopBack0

5.1.1.3/32

VTEP IP address.

LoopBack1

5.1.1.102/32

Virtual VTEP IP address.

Vlan-interface2

50.50.50.2/24

VRRP virtual IP: 50.50.50.254

The VRRP virtual IP address is the gateway address for virtualization servers.

Vlan-interface10

10.2.1.1/24

Peer link.

Leaf 4

WGE1/0/21

N/A

Member port of an underlay M-LAG interface.

Connected to a virtualization server.

WGE1/0/55

N/A

Member port of an M-LAG interface, interface with ACs configured.

Connected to a bare metal server.

HGE1/0/31

N/A

Member port of the peer-link interface.

Connected to HGE1/0/31 on Leaf 3.

HGE1/0/32

N/A

Member port of the peer-link interface.

Connected to HGE1/0/32 on Leaf 3.

HGE1/0/29

6.1.1.25/30

Connected to HGE2/0/1 on Spine 1.

HGE1/0/25

6.1.1.21/30

Connected to HGE2/0/11 on Spine 2.

LoopBack0

5.1.1.4/32

VTEP IP address.

LoopBack1

5.1.1.102/32

Virtual VTEP IP address.

Vlan-interface2

50.50.50.3/24

VRRP virtual IP: 50.50.50.254

The VRRP virtual IP address is the gateway address for virtualization servers.

Vlan-interface10

10.2.1.2/24

Peer link.

Spine 1

FGE3/0/16

6.1.1.2/30

Connected to FGE1/0/51 on Leaf 1.

FGE3/0/13

6.1.1.10/30

Connected to FGE1/0/51 on Leaf 2.

HGE2/0/3

6.1.1.18/30

Connected to HGE1/0/29 on Leaf 3.

HGE2/0/1

6.1.1.26/30

Connected to HGE1/0/29 on Leaf 4.

HGE2/0/5

6.1.1.33/30

Connected to HGE3/0/16 on Border 1.

HGE2/0/7

6.1.1.37/30

Connected to HGE2/0/13 on Border 2.

LoopBack0

5.1.1.6/32

N/A

Spine 2

FGE3/0/4

6.1.1.6/30

Connected to FGE1/0/49 on Leaf 1.

FGE3/0/1

6.1.1.14/30

Connected to FGE1/0/49 on Leaf 2.

HGE2/0/12

6.1.1.30/30

Connected to HGE1/0/25 on Leaf 3.

HGE2/0/11

6.1.1.22/30

Connected to HGE1/0/25 on Leaf 4.

HGE2/0/9

6.1.1.41/30

Connected to HGE2/0/12 on Border 1.

HGE2/0/10

6.1.1.45/30

Connected to HGE2/0/1 on Border 2.

LoopBack0

5.1.1.8/32

N/A

Border 1

HGE1/0/16

6.1.1.34/30

Connected to HGE2/0/5 on Spine 1.

HGE1/0/12

6.1.1.42/30

Connected to HGE2/0/9 on Spine 2.

HGE2/0/21

N/A

Member port of the peer-link interface.

Connected to HGE2/0/7 on Border 2.

HGE3/0/36

N/A

Member port of the peer-link interface.

Connected to HGE3/0/36 on Border 2.

HGE2/0/5

5.58.1.1/30

Connected to the C-spine device.

FGE3/0/24

N/A

Member port of an M-LAG interface.

Connected to the public device.

HGE2/0/27

N/A

Member port of an M-LAG interface.

Upstream traffic forwarding to the firewalls.

HGE2/0/11

N/A

Member port of an M-LAG interface.

Downstream traffic forwarding to the firewalls.

LoopBack0

5.1.1.7/32

ED IP address.

LoopBack100

100.100.100.100/32

Virtual ED IP address.

Vlan-interface1000

100.1.1.1/24

Peer link.

Border 2

HGE1/0/13

6.1.1.38/30

Connected to HGE2/0/7 on Spine 1.

HGE1/0/1

6.1.1.46/30

Connected to HGE2/0/10 on Spine 2.

HGE2/0/7

N/A

Member port of the peer-link interface.

Connected to HGE2/0/21 on Border 1.

HGE3/0/36

N/A

Member port of the peer-link interface.

Connected to HGE3/0/36 on Border 2.

HGE2/0/5

5.58.1.5/30

Connected to the C-spine device.

FGE3/0/24

N/A

Member port of an M-LAG interface.

Connected to the public device.

HGE2/0/27

N/A

Member port of an M-LAG interface.

Upstream traffic forwarding to the firewalls.

HGE2/0/29

N/A

Member port of an M-LAG interface.

Downstream traffic forwarding to the firewalls.

LoopBack0

5.1.1.9/32

ED IP address.

LoopBack100

100.100.100.100/32

Virtual ED IP address.

Vlan-interface1000

100.1.1.2/24

Peer link.

Role

Device

Software version

Border or spine

S12500X-AF

S12500X-AF switches are used in this example.

R2825

S12500G-AF

R7625

Leaf

S6800, S6860

S6800 switches are used in this configuration example.

R6710

S6812, S6813

S6812 switches are used in this configuration example.

F6628P22 and later

S6805, S6825, S6850, and S9850

S6850 switches are used in this configuration example.

R6710

S6890

R2825

S9820-64H (EVPN gateway not supported)

S9820-8C (EVPN not supported)

Not supported

SDN controller

N/A

SeerEngine-DC E3610 or higher versions

NOTE:

Before you use a higher version than E3610, contact H3C support to verify version compatibility.

hardware-resource switch-mode 4

hardware-resource switch-mode 4

Manual

Set the hardware resource mode for the MAC address table, ARP/ND table, and routing tables.

Adjust the capacities of the MAC address table, ARP/ND table, and routing tables.

Reboot the device for this setting to take effect.

hardware-resource routing-mode ipv6-128

hardware-resource routing-mode ipv6-128

Manual

Enable support for IPv6 routes with prefixes longer than 64 bits.

N/A

Reboot the device for this setting to take effect.

hardware-resource vxlan l3gw40k

hardware-resource vxlan l3gw40k

Manual

Set the VXLAN hardware resource mode to Layer 3 gateway mode that supports 40 K of overlay adjacency table

N/A

Reboot the device for this setting to take effect.

openflow flow-table ipv6-enhanced

openflow flow-table ipv6-enhanced

Manual

Enable support for bidirectional security groups.

N/A

N/A

openflow permit-flag ignore

openflow permit-flag ignore

Manual

Ignore the permit flag added by OpenFlow.

Enable support for bidirectional security groups and port rate limiting.

N/A

vlan 2

vlan 2

Manual

Configure the VLAN used to communicate with a virtualization server.

The switch is an underlay device to a virtualization server.

N/A

interface Vlan-interface 2

interface Vlan-interface 2

Manual

Create a VLAN interface.

N/A

N/A

ip address 10.10.10.3 255.255.255.0

ip address 10.10.10.4 255.255.255.0

Manual

Assign an IP address to the interface.

N/A

N/A

vrrp vrid 1 virtual-ip 10.10.10.254

vrrp vrid 1 virtual-ip 10.10.10.254

Manual

Configure the virtual IP address of a VRRP group.

N/A

N/A

vrrp vrid 1 priority 100

vrrp vrid 1 priority 101

Manual

Configure the priority of the device in the VRRP group.

VRRP determines the role (master or backup) of each router in a VRRP group by priority. A router with higher priority is more likely to become the master.

The larger the priority value, the higher the priority.

undo vrrp vrid 1 preempt-mode

undo vrrp vrid 1 preempt-mode

Manual

Configure the device to work in non-preemptive mode in the VRRP group.

Ensure consistency between the VRRP role and M-LAG role.

This command is optional. Inconsistency between the VRRP role and M-LAG role does not affect traffic forwarding.

quit

quit

Manual

N/A

N/A

N/A

ip prefix-list 1 index 10 permit 10.10.10.0 24

ip prefix-list 1 index 10 permit 10.10.10.0 24

Manual

Configure an IPv4 prefix list or an item for the list.

Create an IPv4 prefix list for the virtual IP address of the VRRP group.

N/A

route-policy 1 permit node 0

route-policy 1 permit node 0

Manual

Configure a routing policy.

Create the routing policy used in IS-IS IPv4 unicast address family view.

N/A

if-match ip address prefix-list 1

if-match ip address prefix-list 1

Manual

Match IPv4 routes with an IPv4 prefix list.

N/A

N/A

quit

quit

Manual

Exit routing policy view.

N/A

N/A

router id 5.1.1.1

router id 5.1.1.2

Manual

Configure the IP address of Loopback 0 as the router ID.

Configure the global router ID.

N/A

isis 1

isis 1

Manual

Enter IS-IS view.

N/A

N/A

is-level level-2

is-level level-2

Manual

Specify the IS level.

If the only area is an IP network, configure all the routers as Level-2 for scalability.

N/A

cost-style wide

cost-style wide

Manual

Set the cost style to wide.

Enable the device to receive wide cost style packets.

N/A

timer spf 1 10 10

timer spf 1 10 10

Manual

Set the maximum SPF calculation interval to 1 second, minimum SPF calculation interval to 10 milliseconds, and incremental SPF calculation interval to 10 milliseconds.

Reduce the interval between two SPF calculations and speed up convergence.

N/A

timer lsp-max-age 65535

timer lsp-max-age 65535

Manual

Set the LSP maximum age in the LSDB to 65535 seconds.

A large LSP maximum age reduces LSP floods. Any LSP with an age of 0 is deleted from the LSDB.

N/A

timer lsp-refresh 65000

timer lsp-refresh 65000

Manual

Set the LSP refresh interval to 65000 seconds.

A large refresh interval reduces LSP refreshes and saves bandwidth.

N/A

timer lsp-generation 1 10 10

timer lsp-generation 1 10 10

Manual

Set the maximum interval to 1 second, minimum interval to 10 milliseconds, and incremental interval to 10 milliseconds for LSP generation.

Speed up LSP generation and routing convergence upon network topology changes.

N/A

set-overload on-startup 360

set-overload on-startup 360

Manual

Set the overload bit for 360 seconds upon system startup.

Delay VRRP address advertisement after system startup to reduce traffic loss during fallback.

N/A

network-entity 51.0000.0005.0001.00

network-entity 51.0000.0005.0002.00

Manual

Configure the NET for an IS-IS process.

N/A

N/A

address-family ipv4 unicast

address-family ipv4 unicast

Manual

Enter IS-IS IPv4 address family view.

N/A

N/A

fast-reroute lfa

fast-reroute lfa

Manual

Configure IS-IS FRR.

Enable IS-IS to calculate backup next hops for all Level-2 routes to reduce traffic interruption upon link or device failure.

N/A

import-route direct route-policy 1

import-route direct route-policy 1

Manual

Redistribute direct VRRP routes.

Use this command together with the set-overload command to delay VRRP route advertisement after system startup to optimize route convergence upon fallback.

N/A

quit

quit

Manual

Exit address family view.

N/A

N/A

quit

quit

Manual

Exit IS-IS view.

N/A

N/A

interface LoopBack0

interface LoopBack0

Manual

Create Loopback 0 and enter its view.

N/A

N/A

ip address 5.1.1.1 255.255.255.255

ip address 5.1.1.2 255.255.255.255

Manual

Assign an IP address to the interface.

Configure the VTEP IP address.

N/A

isis enable 1

isis enable 1

Manual

Enable IS-IS on the interface.

N/A

N/A

isis circuit-level level-2

isis circuit-level level-2

Manual

Set the circuit level for the interface to Level-2.

N/A

For the Level-2 device, the circuit level can only be Level-2.

quit

quit

Manual

Exit the view of Loopback 0.

N/A

N/A

interface LoopBack1

interface LoopBack1

Manual

Create Loopback 1 and enter its view.

N/A

N/A

ip address 5.1.1.101 255.255.255.255

ip address 5.1.1.101 255.255.255.255

Manual

Assign an IP address to the interface.

Configure the virtual VTEP IP address.

N/A

isis enable 1

isis enable 1

Manual

Enable IS-IS on the interface.

N/A

N/A

isis circuit-level level-2

isis circuit-level level-2

Manual

Set the circuit level for the interface to Level-2.

N/A

For the Level-2 device, the circuit level can only be Level-2.

quit

quit

Manual

Exit the view of Loopback 1.

N/A

N/A

vlan 10

vlan 10

Manual

Create a VLAN.

Create the VLAN for communicating with the M-LAG peer.

N/A

interface Vlan-interface10

interface Vlan-interface10

Manual

Create VLAN-interface 10.

Create the VLAN interface for the VLAN used for communicating with the M-LAG peer. When the uplink interface fails, the device forwards the packets received on the M-LAG interfaces to the M-LAG peer for Layer 3 forwarding.

N/A

ip address 10.1.1.1 255.255.255.0

ip address 10.1.1.2 255.255.255.0

Manual

Assign an IP address to the interface.

N/A

N/A

isis enable 1

isis enable 1

Manual

Enable IS-IS on the interface.

N/A

N/A

isis circuit-level level-2

isis circuit-level level-2

Manual

Set the circuit level for the interface to Level-2.

N/A

For the Level-2 device, the circuit level can only be Level-2.

isis circuit-type p2p

isis circuit-type p2p

Manual

Set the network type of the interface to P2P.

If only two routers exist on a broadcast network, set the network type of attached interfaces to P2P to avoid DIS election and CSNP flooding. This saves network bandwidth and speeds up network convergence.

N/A

isis peer hold-max-cost duration 20000

isis peer hold-max-cost duration 20000

Manual

Enable IS-IS to advertise the maximum link cost to neighbors within 20000 milliseconds.

N/A

Execute this command at both ends of a link.

quit

quit

Manual

Exit the view of VLAN-interface 10.

N/A

N/A

interface FortyGigE1/0/49

interface FortyGigE 1/0/49

Manual

Configure the interface connected to Spine 2.

N/A

N/A

port link-mode route

port link-mode route

Manual

Configure the Ethernet interface to work in Layer 3 mode.

N/A

N/A

ip address 6.1.1.5 255.255.255.252

ip address 6.1.1.13 255.255.255.252

Manual

Assign an IP address to the interface.

N/A

N/A

isis enable 1

isis enable 1

Manual

Enable IS-IS on the interface.

N/A

N/A

isis circuit-level level-2

isis circuit-level level-2

Manual

Set the circuit level for the interface to Level-2.

N/A

For the Level-2 device, the circuit level can only be Level-2.

isis circuit-type p2p

isis circuit-type p2p

Manual

Set the network type of the interface to P2P.

If only two routers exist on a broadcast network, set the network type of attached interfaces to P2P to avoid DIS election and CSNP flooding. This saves network bandwidth and speeds up network convergence.

N/A

isis peer hold-max-cost duration 20000

isis peer hold-max-cost duration 20000

Manual

Enable IS-IS to advertise the maximum link cost to neighbors within 20000 milliseconds.

N/A

Execute this command at both ends of a link.

undo mac-address static source-check enable

undo mac-address static source-check enable

Manual

Disable static source check.

To correctly forward traffic sourced from the MAC address of a VLAN interface, you must disable the static source check feature on the Layer 2 interfaces in the VLAN.

N/A

interface FortyGigE1/0/51

interface FortyGigE 1/0/51

Manual

Configure the interface connected to Spine 1.

N/A

N/A

port link-mode route

port link-mode route

Manual

Configure the Ethernet interface to work in Layer 3 mode.

N/A

N/A

ip address 6.1.1.1 255.255.255.252

ip address 6.1.1.9 255.255.255.252

Manual

Assign an IP address to the interface.

N/A

N/A

isis enable 1

isis enable 1

Manual

Enable IS-IS on the interface.

N/A

N/A

isis circuit-level level-2

isis circuit-level level-2

Manual

Set the circuit level for the interface to Level-2.

N/A

For the Level-2 device, the circuit level can only be Level-2.

isis circuit-type p2p

isis circuit-type p2p

Manual

Set the network type of the interface to P2P.

If only two routers exist on a broadcast network, set the network type of attached interfaces to P2P to avoid DIS election and CSNP flooding. This saves network bandwidth and speeds up network convergence.

N/A

isis peer hold-max-cost duration 20000

isis peer hold-max-cost duration 20000

Manual

Enable IS-IS to advertise the maximum link cost to neighbors within 20000 milliseconds.

N/A

N/A

undo mac-address static source-check enable

undo mac-address static source-check enable

Manual

Disable static source check.

To correctly forward traffic sourced from the MAC address of a VLAN interface, you must disable the static source check feature on the Layer 2 interfaces in the VLAN.

N/A

l2vpn enable

l2vpn enable

Manual

Enable L2VPN.

N/A

N/A

l2vpn statistics interval 30

l2vpn statistics interval 30

Manual

Set the interval for collecting L2VPN statistics to 30 seconds.

Configure this setting according to the gRPC report interval.

N/A

vxlan default-decapsulation source interface LoopBack0

vxlan default-decapsulation source interface LoopBack0

Manual

Enable default VXLAN decapsulation on the packets destined for the VTEP IP address.

N/A

This command takes effect only when the specified interface has an IP address.

vxlan tunnel mac-learning disable

vxlan tunnel mac-learning disable

Manual

Disable remote-MAC address learning.

Execute this command if a controller issues forwarding entries to the device.

N/A

vxlan tunnel arp-learning disable

vxlan tunnel arp-learning disable

Manual

Disable remote ARP learning.

Execute this command if a controller issues forwarding entries to the device.

N/A

vxlan tunnel nd-learning disable

vxlan tunnel nd-learning disable

Manual

Disable remote ND learning.

Execute this command if a controller issues forwarding entries to the device.

N/A

mac-address timer aging 3600

mac-address timer aging 3600

Manual

Set the aging time to 3600 seconds for dynamic MAC address entries.

Increase this timer to ensure forwarding entry synchronization is finished in time after the M-LAG peer restarts.

This setting must be consistent on the M-LAG member devices in the same M-LAG system.

mac-address mac-move fast-update

mac-address mac-move fast-update

Manual

Enable ARP fast update for MAC address moves.

Use this command together with gRPC.

N/A

ip vpn-instance management

ip vpn-instance management

Manual

Create a VPN for the management Ethernet interface.

N/A

This command is optional.

interface M-GigabitEthernet0/0/0

interface M-GigabitEthernet0/0/0

Manual

Enter the view of the management Ethernet interface.

N/A

N/A

ip binding vpn-instance management

ip binding vpn-instance management

Manual

Assign the management Ethernet interface to the VPN.

N/A

Assign the management Ethernet interface to a VPN as needed.

ip address 192.1.2.66 255.255.255.0

ip address 192.1.2.67 255.255.255.0

Manual

Configure a management IP address.

N/A

N/A

quit

quit

Manual

Exit the view of the management Ethernet interface.

N/A

N/A

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Manual

Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the peer link.

Perform this task when the M-LAG system uses a direct physical link as the peer link.

N/A

N/A

evpn m-lag group 5.1.1.101

evpn m-lag group 5.1.1.101

Manual

Enable EVPN M-LAG and specify the virtual VTEP address.

N/A

You must specify the same virtual VTEP address on both VTEPs in the same M-LAG system.

evpn m-lag local 5.1.1.1 remote 5.1.1.2

evpn m-lag local 5.1.1.2 remote 5.1.1.1

Manual

Specify the IP addresses of the VTEPs in an M-LAG system.

After you configure this command, each VTEP in an M-LAG system changes the next hop of the routes for single-armed ACs to its local VTEP IP address when advertising the routes. This ensures that the traffic of a single-armed AC is forwarded to its attached VTEP.

When you execute this command, make sure the IP address of the local VTEP belongs to a local interface. Make sure the local VTEP IP address and peer VTEP IP address are reversed on the VTEPs in an M-LAG system.

evpn global-mac 00e0-fc00-580a

evpn global-mac 00e0-fc00-580a

Manual

Configure the EVPN global MAC address.

N/A

You must specify the same EVPN global MAC address on the devices in the same M-LAG system.

Do not use a reserved MAC address as the EVPN global MAC address.

m-lag system-mac 00e0-fc00-5800

m-lag system-mac 00e0-fc00-5800

Manual

Configure the M-LAG system MAC address.

Configure the settings required for establishing the M-LAG system.

The M-LAG system MAC address uniquely identifies the M-LAG system on the network. For the M-LAG member devices to be identified as one M-LAG system, you must configure the same M-LAG system MAC address on them.

m-lag system-number 1

m-lag system-number 2

Manual

Set the M-LAG system number.

Configure the settings required for establishing the M-LAG system.

You must assign different M-LAG system numbers to the M-LAG member devices in an M-LAG system.

m-lag system-priority 123

m-lag system-priority 123

Manual

Set the M-LAG system priority.

N/A

This command is optional.

You must configure the same M-LAG system priority for the M-LAG member devices in an M-LAG system.

The default M-LAG system priority is 32768. The smaller the priority value, the higher the priority.

m-lag keepalive ip destination 192.1.2.67 source 192.1.2.66 vpn-instance management

m-lag keepalive ip destination 192.1.2.66 source 192.1.2.67 vpn-instance management

Manual

Configure M-LAG keepalive packet parameters.

Use the management Ethernet interface to set up the keepalive link. This interface is excluded from the M-LAG MAD DOWN action.

You do not need to specify a VPN instance if the interface does not belong to any VPN instance.

If the interface that owns the source IP address is not excluded from the M-LAG MAD DOWN action, exclude it from that action.

m-lag mad default-action none

m-lag mad default-action none

Manual

Set the default M-LAG MAD action to NONE.

N/A

N/A

m-lag mad include interface FortyGigE1/0/49

m-lag mad include interface FortyGigE 1/0/49

Manual

Enable M-LAG to shut down an interface when the M-LAG system splits.

Shut down the interface upon an M-LAG system split to reduce the fallback duration after a device restart.

Execute this command on the uplink interface attached to a spine device.

m-lag mad include interface FortyGigE1/0/51

m-lag mad include interface FortyGigE 1/0/51

Manual

Enable M-LAG to shut down an interface when the M-LAG system splits.

Shut down the interface upon an M-LAG system split to reduce the fallback duration after a device restart.

Execute this command on the uplink interface attached to a spine device.

m-lag restore-delay 300

m-lag restore-delay 300

Manual

Set the data restoration interval.

Ensure that entry synchronization is finished before interfaces are brought up.

N/A

interface Bridge-Aggregation1

interface Bridge-Aggregation1

Manual

Create Bridge-Aggregation 1 which will be the peer-link interface.

N/A

N/A

port link-type trunk

port link-type trunk

Manual

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Manual

Configure the trunk interface to permit all VLANs.

N/A

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Manual

Configure the aggregate interface to operate in dynamic mode and enable LACP.

N/A

N/A

port m-lag peer-link 1

port m-lag peer-link 1

Manual

Configure the interface as the peer-link interface.

N/A

N/A

undo mac-address static source-check enable

undo mac-address static source-check enable

Manual

Disable static source check.

To correctly forward traffic sourced from the MAC address of a VLAN interface, you must disable the static source check feature on the Layer 2 interfaces in the VLAN.

You do not need to execute this command on S12500X-AF switches.

Disable static source check on all peer-link interfaces and the uplink interfaces attached to spine devices.

interface FortyGigE1/0/53

interface  FortyGigE1/0/53

Manual

Configure the interface as a member port of the peer-link interface.

N/A

N/A

port link-type trunk

port link-type trunk

Manual

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Manual

Configure the trunk interface to permit all VLANs.

N/A

N/A

port link-aggregation group 1

port link-aggregation group 1

Manual

Assign the interface to link aggregation group 1.

N/A

N/A

interface FortyGigE1/0/54

interface FortyGigE1/0/54

Manual

Configure the interface as a member port of the peer-link interface.

N/A

N/A

port link-type trunk

port link-type trunk

Manual

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Manual

Configure the trunk interface to permit all VLANs.

N/A

N/A

port link-aggregation group 1

port link-aggregation group 1

Manual

Assign the interface to link aggregation group 1.

N/A

N/A

quit

quit

Manual

N/A

N/A

N/A

interface Bridge-Aggregation101

interface Bridge-Aggregation101

Manual

Create an aggregate interface to be configured as an M-LAG interface.

Create the interface to connect to the host overlay servers.

N/A

port access vlan 2

port access vlan 2

Manual

Configure the interface as an access interface and assign it to VLAN 2.

Assign the interface to the VLAN of the VRRP group.

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Manual

Configure the aggregate interface to operate in dynamic mode and enable LACP.

N/A

N/A

port m-lag group 101

port m-lag group 101

Manual

Assign the interface to an M-LAG group.

N/A

N/A

interface Ten-GigabitEthernet1/0/21

interface Ten-GigabitEthernet 1/0/21

Manual

Enter the view of a member port to be assigned to the M-LAG interface.

N/A

N/A

port access vlan 2

port access vlan 2

Manual

Configure the interface as an access interface and assign it to VLAN 2.

Assign the interface to the VLAN of the VRRP group.

N/A

port link-aggregation group 101

port link-aggregation group 101

Manual

Assign the interface to the aggregation group of the M-LAG interface.

N/A

N/A

quit

quit

Manual

Exit the current view.

N/A

N/A

interface Bridge-Aggregation1024

interface Bridge-Aggregation1024

Manual

Create an aggregate interface to be configured as an M-LAG interface.

Create the aggregate interface to connect to the bare metal servers.

N/A

port link-type trunk

port link-type trunk

Manual

Set the link type of the interface to trunk.

N/A

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Manual

Configure the aggregate interface to operate in dynamic mode and enable LACP.

N/A

Configure the trunk interface to permit all VLANs.

port m-lag group 1024

port m-lag group 1024

Manual

Assign the aggregate interface to an M-LAG group.

N/A

N/A

interface Ten-GigabitEthernet1/0/47

interface Ten-GigabitEthernet 1/0/47

Manual

Enter the view of a member port to be assigned to the M-LAG interface.

N/A

N/A

port link-type trunk

port link-type trunk

Manual

Set the link type of the interface to trunk.

N/A

N/A

port link-aggregation group 1024

port link-aggregation group 1024

Manual

Assign the interface to the aggregation group of the M-LAG interface.

N/A

N/A

quit

quit

Manual

Exit the current view.

N/A

N/A

stp global enable

stp global enable

Manual

Enable spanning tree globally.

N/A

interface Bridge-Aggregation101

interface Bridge-Aggregation101

Manual

Enter the view of the M-LAG interface connected to the virtualization servers.

N/A

stp edged-port

stp edged-port

Manual

Configure the interface as an edge port.

Exclude the interface from spanning tree calculation.

interface Bridge-Aggregation 1024

interface Bridge-Aggregation 1024

Manual

Enter the view of the M-LAG interface connected to the bare metal servers.

N/A

stp edged-port

stp edged-port

Manual

Configure the interface as an edge port.

Exclude the interface from spanning tree calculation.

bgp 400

bgp 400

Manual

Enable a BGP instance.

N/A

N/A

bgp update-delay on-startup 40

bgp update-delay on-startup 40

Manual

Configure BGP to delay sending route updates on reboot.

Avoid forwarding issues during fallback after a ToR switch restarts.

N/A

router-id 5.1.1.1

router-id 5.1.1.2

Manual

Configure a router ID for the BGP instance.

To run BGP in a BGP instance, you must configure a router ID for the BGP instance.

If you do not configure a router ID for the BGP instance, it uses the global router ID.

N/A

group evpn internal

group evpn internal

Manual

Create an IBGP peer group.

N/A

N/A

peer evpn connect-interface LoopBack0

peer evpn connect-interface LoopBack0

Manual

Specify a source interface for establishing TCP links towards the peer group.

N/A

N/A

peer evpn route-update-interval 0

peer evpn route-update-interval 0

Manual

Specify an interval for sending the same update to the peer group.

Enable the device to fast send update to the peer group upon route changes to speed up route convergence after an M-LAG primary/secondary switchover occurs.

Execute this command only for IBGP peers.

peer 5.1.1.6 group evpn

peer 5.1.1.6 group evpn

Manual

Add a spine device to the peer group.

N/A

N/A

peer 5.1.1.8 group evpn

peer 5.1.1.8 group evpn

Manual

Add a spine device to the peer group.

N/A

N/A

address-family l2vpn evpn

address-family l2vpn evpn

Manual

Enter L2VPN EVPN address family view.

N/A

N/A

peer evpn enable

peer evpn enable

Manual

Enable the device to exchange routes with the peer group.

N/A

N/A

quit

quit

Manual

Exit L2VPN EVPN address family view.

N/A

N/A

Leaf 1

Leaf 2

Configuration method

Description

Remarks

ip vpn-instance admin_route1_50034

ip vpn-instance admin_route1_50034

Controller-based

Create a VPN instance on the private network.

N/A

route-distinguisher 1:50034

route-distinguisher 1:50034

Controller-based

Configure the RD of the VPN instance.

N/A

address-family ipv4

address-family ipv4

Controller-based

Enter IPv4 address family view of the VPN instance.

N/A

vpn-target 0:50034 1:50034 import-extcommunity

vpn-target 0:50034 1:50034 import-extcommunity

Controller-based

Configure import targets for the VPN instance.

N/A

vpn-target 1:50034 export-extcommunity

vpn-target 1:50034 export-extcommunity

Controller-based

Configure export targets for the VPN instance.

N/A

address-family ipv6

address-family ipv6

Controller-based

Enter IPv6 address family view of the VPN instance.

N/A

vpn-target 0:50034 1:50034 import-extcommunity

vpn-target 0:50034 1:50034 import-extcommunity

Controller-based

Configure import targets for the VPN instance.

N/A

vpn-target 1:50034 export-extcommunity

vpn-target 1:50034 export-extcommunity

Controller-based

Configure export targets for the VPN instance.

N/A

address-family evpn

address-family evpn

Controller-based

Enter EVPN view of the VPN instance.

N/A

vpn-target 0:50034 1:50034 import-extcommunity

vpn-target 0:50034 1:50034 import-extcommunity

Controller-based

Configure import targets for the VPN instance.

N/A

vpn-target 1:50034 export-extcommunity

vpn-target 1:50034 export-extcommunity

Controller-based

Configure export targets for the VPN instance.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

interface Vsi-interface22000

interface Vsi-interface22000

Controller-based

Create a VSI interface and enter its view.

N/A

mtu 1450

mtu 1450

Controller-based

Configure the MTU of the VSI interface.

N/A

ip binding vpn-instance admin_route1_50034

ip binding vpn-instance admin_route1_50034

Controller-based

Associate the VSI interface with the VPN instance.

N/A

ip address 121.1.0.1 255.255.0.0 sub

ip address 121.1.0.1 255.255.0.0 sub

Controller-based

Assign an IPv4 address as a gateway address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

mac-address 542b-de0c-02c9

mac-address 542b-de0c-02c9

Controller-based

Assign a MAC address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

ipv6 nd ra prefix 121:1::/64 no-advertise

ipv6 nd ra prefix 121:1::/64 no-advertise

Controller-based

Disable the device from advertising the prefix of the IPv6 gateway through RA messages.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

ipv6 address 121:1::1/64

ipv6 address 121:1::1/64

Controller-based

Assign an IPv6 address as a gateway address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

distributed-gateway local

distributed-gateway local

Controller-based

Specify the VSI interface as a distributed gateway to provide services for the local site.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

interface Vsi-interface 22001

interface Vsi-interface 22001

Controller-based

Create a VSI interface and enter its view.

N/A

mtu 1450

mtu 1450

Controller-based

Configure the MTU of the VSI interface.

N/A

ip binding vpn-instance admin_route1_50034

ip binding vpn-instance admin_route1_50034

Controller-based

Associate the VSI interface with a VPN instance.

N/A

ip address 121.2.0.1 255.255.0.0 sub

ip address 121.2.0.1 255.255.0.0 sub

Controller-based

Assign an IPv4 address as a gateway address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

mac-address 542b-de0c-02c9

mac-address 542b-de0c-02c9

Controller-based

Assign a MAC address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

ipv6 nd ra prefix 121:2::/64 no-advertise

ipv6 nd ra prefix 121:2::/64 no-advertise

Controller-based

Disable the device from advertising the prefix of the IPv6 gateway through RA messages.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

ipv6 address 121:2::1/64

ipv6 address 121:2::1/64

Controller-based

Assign an IPv6 address as a gateway address to the VSI interface.

Make sure the VSI interface has the same setting for this command on all distributed gateways.

distributed-gateway local

distributed-gateway local

Controller-based

Specify the VSI interface as a distributed gateway to provide services for the local site.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

interface Vsi-interface50034

interface Vsi-interface50034

Controller-based

Create a VSI interface and enter its view.

N/A

ip binding vpn-instance admin_route1_50034

ip binding vpn-instance admin_route1_50034

Controller-based

Associate the VSI interface with the VPN instance.

N/A

ipv6 address auto link-local

ipv6 address auto link-local

Controller-based

Automatically generate a link-local address for the VSI interface.

N/A

l3-vni 50034

l3-vni 50034

Controller-based

Assign an L3VNI to the VSI interface.

The L3VNI is shared among the VSI interfaces associated with the same VPN instance.

quit

quit

Controller-based

Exit the current view.

N/A

vsi SDN_VSI_22000

vsi SDN_VSI_22000

Controller-based

Create a VSI and enter its view.

N/A

gateway vsi-interface 22000

gateway vsi-interface 22000

Controller-based

Specify a gateway interface for the VSI.

N/A

arp suppression enable

arp suppression enable

Controller-based

Enable ARP flood suppression.

N/A

ipv6 nd suppression enable

ipv6 nd suppression enable

Controller-based

Enable ND flood suppression.

N/A

flooding disable all

flooding disable all

Controller-based

Disable flooding of local broadcast, unknown unicast, and unknown multicast traffic.

N/A

vxlan 22000

vxlan 22000

Controller-based

Create a VXLAN and enter its view.

N/A

evpn encapsulation vxlan

evpn encapsulation vxlan

Controller-based

Create an EVPN instance and enter its view.

N/A

route-distinguisher auto

route-distinguisher auto

Controller-based

Configure the RD of the EVPN instance.

N/A

vpn-target auto

vpn-target auto

Controller-based

Configure import and export targets for EVPN.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

vsi SDN_VSI_22001

vsi SDN_VSI_22001

Controller-based

Create a VSI and enter its view.

N/A

gateway vsi-interface 22001

gateway vsi-interface 22001

Controller-based

Specify a gateway interface for the VSI.

N/A

arp suppression enable

arp suppression enable

Controller-based

Enable ARP flood suppression.

N/A

ipv6 nd suppression enable

ipv6 nd suppression enable

Controller-based

Enable ND flood suppression.

N/A

flooding disable all

flooding disable all

Controller-based

Disable flooding of local broadcast, unknown unicast, and unknown multicast traffic.

N/A

vxlan 22001

vxlan 22001

Controller-based

Create a VXLAN and enter its view.

N/A

evpn encapsulation vxlan

evpn encapsulation vxlan

Controller-based

Create an EVPN instance and enter its view.

N/A

route-distinguisher auto

route-distinguisher auto

Controller-based

Configure the RD of the EVPN instance.

N/A

vpn-target auto

vpn-target auto

Controller-based

Configure export targets for EVPN.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

vlan 21 to 22

vlan 21 to 22

Controller-based

Create VLANs.

N/A

interface Bridge-Aggregation1024

interface Bridge-Aggregation1024

Controller-based

Enter the view of the interface to be configured with ACs.

N/A

port link-type trunk

port link-type trunk

Controller-based

Set the link type of the interface to trunk.

N/A

undo port trunk permit vlan 1

undo port trunk permit vlan 1

Controller-based

Remove the trunk interface from VLAN 1.

N/A

port trunk permit vlan 21 to 22

port trunk permit vlan 21 to 22

Controller-based

Assign the trunk interface to VLAN 21 and VLAN 22.

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Controller-based

Configure the aggregate interface to operate in dynamic mode and enable LACP.

N/A

port m-lag group 1024

port m-lag group 1024

Controller-based

Assign the interface to an M-LAG group.

N/A

service-instance 21

service-instance 21

Controller-based

Create an Ethernet service instance and enter its view.

N/A

encapsulation s-vid 21

encapsulation s-vid 21

Controller-based

Configure the Ethernet service instance to match traffic by the outer VLAN ID.

N/A

xconnect vsi SDN_VSI_22000

xconnect vsi SDN_VSI_22000

Controller-based

Map the Ethernet service instance to the VSI created previously.

N/A

service-instance 22

service-instance 22

Controller-based

Create an Ethernet service instance and enter its view.

N/A

encapsulation s-vid 22

encapsulation s-vid 22

Controller-based

Configure the Ethernet service instance to match traffic by the outer VLAN ID.

N/A

xconnect vsi SDN_VSI_22001

xconnect vsi SDN_VSI_22001

Controller-based

Map the Ethernet service instance to the VSI created previously.

N/A

quit

quit

Controller-based

Exit the current view.

N/A

hardware-resource switch-mode DUAL-STACK

hardware-resource switch-mode DUAL-STACK

Manual

Set the hardware resource mode to DUAL-STACK for the MAC address table, ARP/ND table, and routing tables

Adjust the capacities of the MAC address table, ARP/ND table, and routing tables.

Reboot the device for this setting to take effect.

hardware-resource routing-mode ipv6-128

hardware-resource routing-mode ipv6-128

Manual

Enable support for IPv6 routes with prefixes longer than 64 bits.

N/A

Reboot the device for this setting to take effect.

hardware-resource vxlan l3gw

hardware-resource vxlan l3gw

Manual

Set the VXLAN hardware resource mode to Layer 3 gateway mode that supports 40 K of overlay adjacency table

N/A

Reboot the device for this setting to take effect.

openflow permit-flag ignore

openflow permit-flag ignore

Manual

Ignore the permit flag added by OpenFlow.

Enable support for bidirectional security groups and port rate limiting.

N/A

vlan 2

vlan 2

Manual

Configure the VLAN used to communicate with a virtualization server.

The switch is an underlay device to a virtualization server.

interface Vlan-interface 2

interface Vlan-interface 2

Manual

Create a VLAN interface.

N/A

ip address 50.50.50.2 255.255.255.0

ip address 50.50.50.3 255.255.255.0

Manual

Assign an IP address to the interface.

N/A

vrrp vrid 2 virtual-ip 50.50.50.254

vrrp vrid 2 virtual-ip 50.50.50.254

Manual

Configure the virtual IP address of a VRRP group.

N/A

vrrp vrid 2 priority 100

vrrp vrid 2 priority 101

Manual

Configure the priority of the device in the VRRP group.

VRRP determines the role (master or backup) of each router in a VRRP group by priority. A router with higher priority is more likely to become the master.

The larger the priority value, the higher the priority.

undo vrrp vrid 2 preempt-mode

undo vrrp vrid 2 preempt-mode

Manual

Configure the device to work in non-preemptive mode in the VRRP group.

Ensure consistency between the VRRP role and M-LAG role. This command is optional. Inconsistency between the VRRP role and M-LAG role does not affect traffic forwarding.

quit

quit

Manual

Exit the current view.

N/A

ip prefix-list 1 index 10 permit 50.50.50.0 24

ip prefix-list 1 index 10 permit 50.50.50.0 24

Manual

Configure an IPv4 prefix list or an item for the list.

Create an IPv4 prefix list for the virtual IP address of the VRRP group.

route-policy 1 permit node 0

route-policy 1 permit node 0

Manual

Configure a routing policy.

Create the routing policy used in IS-IS IPv4 unicast address family view.

if-match ip address prefix-list 1

if-match ip address prefix-list 1

Manual

Match IPv4 routes with an IPv4 prefix list.

N/A

quit

quit

Manual

Exit routing policy view.

N/A

router id 5.1.1.3

router id 5.1.1.4

Manual

Configure the IP address of Loopback 0 as the router ID.

Configure the global router ID.

N/A

isis 1

isis 1

Manual

Enter IS-IS view.

-

N/A

is-level level-2

is-level level-2