Example: Deploying M-LAG and centralized EVPN gateway

Device

Interface

IP address

Remarks

Leaf 1

XGE 1/0/7

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected to Server A (bare metal).

XGE 1/0/8

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected to Server C (bare metal).

HGE 1/0/49

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 2/0/49 on Leaf 2.

HGE 1/0/50

N/A

Member port of the peer-link interface.

Connected to HGE 2/0/50 on Leaf 2.

XGE 1/0/47

1.0.0.1/30

Keepalive link between M-LAG member devices.

Connected to XGE 2/0/47 on Leaf 2.

HGE 1/0/53

N/A

IP address borrowed from Loopback 0.

Connected to HGE 1/0/25 on Spine 1.

XGE 1/0/17

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/1 on Spine 2.

Loopback 0

10.182.224.111/32

VTEP IP address for establishing BGP EVPN peering.

Loopback 1

10.182.226.111/32

Virtual VTEP address for the M-LAG system to establish VXLAN tunnels to remote devices.

Vlan-interface 1999

192.168.220.1/30

IP address for establishing Layer 3 connectivity with the peer M-LAG member device.

Leaf 2

XGE 2/0/7

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected Server A (bare metal).

XGE 2/0/8

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected to Server C (bare metal).

HGE 2/0/49

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/49 on Leaf 1.

HGE 2/0/50

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/50 on Leaf 1.

XGE 2/0/47

1.0.0.2/30

Keepalive link between M-LAG member devices.

Connected to XGE 1/0/47 on Leaf 1.

HGE 2/0/54

N/A

IP address borrowed from Loopback 0.

Connected to HGE 1/0/28 on Spine 1.

XGE 2/0/17

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/2 on Spine 2.

Loopback 0

10.182.224.246/32

VTEP IP address for establishing BGP EVPN peering.

Loopback 1

10.182.226.111/32

Virtual VTEP address for the M-LAG system to establish VXLAN tunnels to remote devices.

Vlan-interface 1999

192.168.220.2/30

IP address for establishing Layer 3 connectivity with the peer M-LAG member device.

Leaf 3

XGE 1/0/7

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected Server B (bare metal).

XGE 1/0/21

N/A

Member port of the peer-link interface for peer link establishment between M-LAG member devices.

Connected to XGE 2/0/21 on Leaf 4.

XGE 1/0/22

N/A

Member port of the peer-link interface for peer link establishment between M-LAG member devices.

Connected to XGE 2/0/22 on Leaf 4.

XGE 1/0/17

1.1.0.1/30

Keepalive link.

Connected to XGE 2/0/17 on Leaf 4.

XGE 1/0/3

N/A

IP address borrowed from Loopback 0.

Connected to XGE 2/0/5 on Spine 1.

XGE 1/0/1

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/3 on Spine 2.

Loopback 0

10.182.224.121/32

VTEP IP address for establishing BGP EVPN peering.

Loopback 1

10.182.226.121/32

Virtual VTEP address for the M-LAG system to establish VXLAN tunnels to remote devices.

Vlan-interface 1999

192.168.220.9/30

IP address for establishing Layer 3 connectivity with the peer M-LAG member device.

Leaf 4

XGE 2/0/7

N/A

Member port of an M-LAG interface, on which Ethernet service instances are configured to act as attachment circuits (ACs).

Connected to a bare metal server.

XGE 2/0/21

N/A

Member port of the peer-link interface for peer link establishment between M-LAG member devices.

Connected to XGE 1/0/21 on Leaf 3.

XGE 2/0/22

N/A

Member port of the peer-link interface for peer link establishment between M-LAG member devices.

Connected to XGE 1/0/22 on Leaf 3.

XGE 2/0/17

1.1.0.2/30

Keepalive link between M-LAG member devices.

Connected to XGE 1/0/17 on Leaf 3.

XGE 2/0/3

N/A

IP address borrowed from Loopback 0.

Connected to XGE 2/0/7 on Spine 1.

XGE 2/0/1

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/4 on Spine 2.

Loopback 0

10.182.224.122/32

VTEP IP address for establishing BGP EVPN peering.

Loopback 1

10.182.226.121/32

Virtual VTEP address for the M-LAG system to establish VXLAN tunnels to remote devices.

Vlan-interface 1999

192.168.220.10/30

IP address for establishing Layer 3 connectivity with the peer M-LAG member device.

Spine 1

HGE 1/0/25

N/A

IP address borrowed from Loopback 0.

Connected to HGE 1/0/53 on Leaf 1.

HGE 1/0/28

N/A

IP address borrowed from Loopback 0.

Connected to HGE 2/0/54 on Leaf 2.

XGE 2/0/5

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/3 on Leaf 3.

XGE 2/0/7

N/A

IP address borrowed from Loopback 0.

Connected to XGE 2/0/3 on Leaf 4.

XGE 2/0/1

10.182.221.0/31

Connected to WGE 1/0/53 on Border 1.

XGE 2/0/2

10.182.221.10/31

Connected to WGE 1/0/53 on Border 2.

Loopback 0

10.182.224.90/32

IP address for underlay routing.

Loopback 1

10.182.226.90/32

IP address for overlay routing.

Spine 2

XGE 1/0/1

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/17 on Leaf 1.

XGE 1/0/2

N/A

IP address borrowed from Loopback 0.

Connected to XGE 2/0/17 on Leaf 2.

XGE 1/0/3

N/A

IP address borrowed from Loopback 0.

Connected to XGE 1/0/1 on Leaf 3.

XGE 1/0/4

N/A

IP address borrowed from Loopback 0.

Connected to XGE 2/0/1 on Leaf 4.

XGE 1/0/21

10.182.221.4/31

Connected to WGE 1/0/55 on Border 1.

XGE 1/0/22

10.182.221.14/31

Connected to WGE 1/0/55 on Border 2.

Loopback 0

10.182.224.89/32

IP address for underlay routing.

Loopback 1

10.182.226.89/32

IP address for overlay routing.

Border 1

WGE 1/0/53

10.182.221.1/31

Connected to XGE 2/0/1 on Spine 1.

WGE 1/0/55

10.182.221.5/31

Connected to XGE 1/0/21 on Spine 2.

HGE 1/0/25

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/25 on Border 2.

HGE 1/0/26

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/26 on Border 2.

WGE 1/0/1

2.0.0.1/31

Keepalive link between M-LAG member devices.

Connected to WGE 1/0/1 on Border 2.

WGE 1/0/33

192.101.1.1/31

Connected to the L3 switch.

Loopback 0

10.182.234.1/32

IP address for the device to establish IGP and BGP peering as an edge device (ED).

Loopback 1

10.182.236.1/32

Virtual IP address for the M-LAG system to establish IGP and BGP peering as an ED.

Vlan-interface 1001

192.101.1.101/31

IP address for establishing Layer 3 connectivity with the peer M-LAG member device.

Border 2

WGE 1/0/53

10.182.221.11/31

Connected to XGE 2/0/2 on Spine 1.

WGE 1/0/55

10.182.221.15/31

Connected to XGE 1/0/22 on Spine 2.

HGE 1/0/25

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/25 on Border 1.

HGE 1/0/26

N/A

Peer-link interface for peer link establishment between M-LAG member devices.

Connected to HGE 1/0/26 on Border 1.

WGE 1/0/1

2.0.0.2/31

Keepalive link between M-LAG member devices.

Connected to WGE 1/0/1 on Border 2.

WGE 1/0/33

192.101.1.3/31

Connected to the L3 switch.

Loopback 0

10.182.234.2/32

IP address for the device to establish IGP and BGP peering as an ED.

Loopback 1

10.182.236.1/32

Virtual IP address for the M-LAG system  to establish IGP and BGP peering as an ED.

Vlan-interface 1001

192.101.1.100/31

IP address for establishing a peer link with the peer M-LAG member device.

Spine

S12500X-AF

This example uses S12500X-AF switches.

R2825

S12500G-AF

R7625

Leaf or border

S6800, S6860

This example uses S6800 switches as leaf nodes.

R6710

S6812, S6813 (only as leaf nodes)

F6628P22 and later versions

S6805, S6825, S6850, S9850

This example uses S6850 switches as border nodes.

R6710

S6890

Not recommended.

S9820-64H (EVPN gateway not supported).

S9820-8C (EVPN not supported).

Not supported.

SDN controller

Contact H3C Support for version compatibility.

hardware-resource routing-mode IPv6-128

hardware-resource routing-mode IPv6-128

Enable support for IPv6 routes with prefixes longer than 64 bits.

N/A

Reboot the device for this setting to take effect.

The S6812 and S6813 switches do not support this command.

hardware-resource vxlan l2gw

hardware-resource vxlan l2gw

Set the VXLAN hardware resource mode to Layer 2 gateway mode.

N/A

Reboot the device for this setting to take effect.

The S6812 and S6813 switches do not support this command.

ospf 1 router-id 10.182.224.111

ospf 1 router-id 10.182.224.246

Enable an OSPF process and enter its view.

N/A

N/A

spf-schedule-interval 1 10 10

spf-schedule-interval 1 10 10

Set the maximum OSPF SPF calculation interval to 1 second, the minimum OSPF SPF calculation interval to 10 milliseconds, and the incremental OSPF SPF calculation interval to 10 milliseconds.

Shorten the SPF calculation interval to accelerate route convergence.

N/A

lsa-generation-interval 1 10 10

lsa-generation-interval 1 10 10

Set the maximum interval for LSA generation to 1 second, the minimum interval to 10 milliseconds, and the incremental interval to 10 milliseconds.

Enable quicker LSA regeneration upon network topology change to accelerate route convergence.

N/A

area 0.0.0.0

area 0.0.0.0

Create OSPF area 0.

N/A

N/A

fast-reroute lfa

fast-reroute lfa

Enable OSPF FRR and use the LFA algorithm for calculation of the backup next hop.

This feature minimizes service interruption by fast rerouting traffic to the backup path when a link or node fails.

N/A

quit

quit

Return to system view.

N/A

N/A

interface LoopBack0

interface LoopBack0

Create interface Loopback 0 and enter its view.

N/A

N/A

ip address 10.182.224.111 255.255.255.255

ip address 10.182.224.246 255.255.255.255

Assign an IP address to the interface.

VTEP IP address for establishing BGP EVPN peering.

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable OSPF on the interface.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

interface LoopBack1

interface LoopBack1

Create interface Loopback 1 and enter its view.

N/A

N/A

ip address 10.182.226.111 255.255.255.255

ip address 10.182.226.111 255.255.255.255

Assign an IP address to the interface.

Virtual VTEP address for the M-LAG system to establish VXLAN tunnels to remote devices.

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable OSPF on the interface.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

vlan 1999

vlan 1999

Create the  VLAN for configuring the VLAN interface used for establishing L3 connectivity between the peer M-LAG member devices.

N/A

N/A

interface Vlan-interface1999

interface Vlan-interface1999

Create VLAN-interface 1999 and enter its view.

Specify the IP addresses for establishing L3 connectivity between the peer M-LAG member devices.

When the uplink on one M-LAG member device fails, the uplink traffic that arrives on that member device can traverse the established L3 connectivity to the other M-LAG member device and go outside.

ip address 192.168.220.1 255.255.255.252

ip address 192.168.220.2 255.255.255.252

Assign an IP address to the interface.

N/A

N/A

ospf network-type broadcast

ospf network-type broadcast

Set the OSPF network type of the interface to broadcast.

N/A

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable OSPF on the interface.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

interface Ten-GigabitEthernet1/0/17

interface Ten-GigabitEthernet2/0/17

Configure the interface connected to Spine 2.

N/A

N/A

port link-mode route

port link-mode route

Configure the interface to operate in route mode as a Layer 3 interface.

N/A

N/A

ip address unnumbered interface LoopBack0

ip address unnumbered interface LoopBack0

Configure the interface to borrow the IP address of Loopback 0.

N/A

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable OSPF on the interface.

N/A

N/A

ospf network-type p2p

ospf network-type p2p

Set the OSPF network type of the interface to P2P.

N/A

interface HundredGigE1/0/53

interface HundredGigE1/0/53

Configure the interface connected to Spine 1.

N/A

N/A

port link-mode route

port link-mode route

Configure the interface to operate in route mode as a Layer 3 interface.

N/A

N/A

ip address unnumbered interface LoopBack0

ip address unnumbered interface LoopBack0

Configure the interface to borrow the IP address of Loopback 0.

N/A

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable the OSPF on the interface.

N/A

N/A

ospf network-type p2p

ospf network-type p2p

Set the OSPF network type of the interface to P2P.

N/A

N/A

l2vpn enable

l2vpn enable

Enable L2VPN.

N/A

N/A

vxlan tunnel mac-learning disable

vxlan tunnel mac-learning disable

Disable remote MAC address learning for VXLANs.

This setting avoids the conflict between automatically learned MAC address entries and MAC address entries advertised through BGP EVPN.

N/A

vxlan tunnel arp-learning disable

vxlan tunnel arp-learning disable

Disable remote ARP learning for VXLANs.

This setting avoids the conflict between automatically learned ARP entries and ARP entries advertised through BGP EVPN.

N/A

vxlan tunnel nd-learning disable

vxlan tunnel nd-learning disable

Disable remote ND learning for VXLANs.

This setting avoids the conflict between automatically learned ND entries and ND entries advertised through BGP EVPN.

N/A

mac-address timer aging 3600

mac-address timer aging 3600

Set the aging timer to 3600 seconds for dynamic MAC address entries.

If the M-LAG system has a large number of MAC address entries, increase the MAC aging timer value to ensure complete synchronization of MAC address entries when one of the M-LAG member devices restarts.

This setting must be consistent between the peer member devices in an M-LAG system.

mac-address mac-move fast-update

mac-address mac-move fast-update

Enable ARP fast update for MAC address moves.

This setting helps accelerate VM migration across the network.

N/A

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the Ethernet aggregate peer link.

N/A

N/A

evpn m-lag group 10.182.226.111

evpn m-lag group 10.182.226.111

Enable EVPN M-LAG and set the virtual VTEP address.

The M-LAG member devices (VTEPs) use the virtual VTEP address to establish tunnels with the remote VTEPs.

You must specify the same virtual VTEP address on both VTEPs in the same M-LAG system.

evpn m-lag local 10.182.224.111 remote 10.182.224.246

evpn m-lag local 10.182.224.246 remote 10.182.224.111

Specify the IP addresses of the local and peer VTEPs in the EVPN M-LAG system.

You must execute this command if an M-LAG system uses an Ethernet aggregate link as the peer link and has ACs (called single-armed ACs) attached to only one of the member devices. It enables the VTEPs in the M-LAG system to set the next hop of the routes for single-armed ACs to their local VTEP IP addresses when they advertise the routes. This mechanism ensures that the traffic destined for a single-armed AC is forwarded towards its attached VTEP instead of the other VTEP.

The specified local and remote VTEP addresses must each belong to an interface on the local or peer VTEP in the M-LAG system, respectively. Make sure the local VTEP address on one VTEP is the remote VTEP address on the other.

evpn global-mac 00e0-fc00-580a

evpn global-mac 00e0-fc00-580a

Configure an EVPN global MAC address.

N/A

You must specify the same EVPN global MAC address on the devices in the same M-LAG system.

Do not use a reserved MAC address as the EVPN global MAC address.

m-lag system-mac 00e0-fc00-5800

m-lag system-mac 00e0-fc00-5800

Set the MAC address of the M-LAG system.

Required.

You must assign the same M-LAG system MAC address to the member devices in an M-LAG system.

m-lag system-number 1

m-lag system-number 2

Set the M-LAG system number.

Required.

You must assign different M-LAG system numbers to the member devices in an M-LAG system.

m-lag system-priority 100

m-lag system-priority 100

(Optional.) Set the M-LAG system priority.

N/A

You must set the same M-LAG system priority on the member devices in an M-LAG system.

m-lag standalone enable

m-lag standalone enable

Enable M-LAG standalone mode.

N/A

N/A

interface Ten-GigabitEthernet 1/0/47

interface Ten-GigabitEthernet 2/0/47

Enter the interface view for the keepalive link.

Required.

N/A

port link-mode route

port link-mode route

Configure the interface for keepalive detection to operate in route mode as a Layer 3 interface.

Required.

N/A

ip address 1.0.0.1 24

ip address 1.0.0.2 24

Assign an IP address to the interface as planned.

Required.

N/A

quit

quit

Return to system view.

N/A

N/A

m-lag keepalive ip destination 1.0.0.2 source 1.0.0.1

m-lag keepalive ip destination 1.0.0.1 source 1.0.0.2

Configure the source and destination IP addresses of keepalive packets.

Required.

For correct keepalive detection, you must exclude the interfaces that own the IP addresses used for keepalive detection from the shutdown action.

m-lag mad default-action none

m-lag mad default-action none

Set the M-LAG MAD action to none. When the M-LAG system splits, M-LAG MAD will not shut down any network interfaces, except the interfaces configured manually or by the system to be shut down on the secondary device.

N/A

N/A

m-lag mad include interface HundredGigE1/0/53

m-lag mad include interface HundredGigE2/0/54

Configure M-LAG MAD to shut down the interface upon an M-LAG system split if the device is the secondary M-LAG member device.

N/A

N/A

m-lag mad include interface Ten-GigabitEthernet1/0/17

m-lag mad include interface Ten-GigabitEthernet2/0/17

Configure M-LAG MAD to shut down the interface upon an M-LAG system split if the device is the secondary M-LAG member device.

N/A

N/A

m-lag restore-delay 200

m-lag restore-delay 200

Set the data restoration interval.

This command specifies the maximum amount of time for the secondary M-LAG member device to synchronize data with the primary M-LAG member device during M-LAG system setup. Within the data restoration interval, the secondary M-LAG member device sets all network interfaces to M-LAG MAD DOWN state except those excluded from the MAD shutdown action.

To avoid packet loss and forwarding failure, increase the data restoration interval if the amount of data is large, for example, when the device has a large number of routes and interfaces.

N/A

interface Bridge-Aggregation11

interface Bridge-Aggregation11

Create the Layer 2 aggregate interface to be used as the peer-link interface and enter its interface view.

Configure the Layer 2 aggregation interfaces that act as the peer-link interfaces at the two ends of the peer link.

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the interface to permit all VLANs to pass through.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

interface HundredGigE 1/0/49

interface HundredGigE 1/0/49

Enter the interface view for the port to be used as a member port of the peer-link interface.

Configure the member ports of the Layer 2 aggregation interfaces that act as the peer-link interfaces at the two ends of the peer link.

N/A

port link-type trunk

port link-type trunk

Set the link type of the port to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the port to permit all VLANs to pass through.

N/A

N/A

port link-aggregation group 11

port link-aggregation group 11

Assign the port to the link aggregation group for the peer-link interface (aggregation group 11).

N/A

N/A

interface HundredGigE 1/0/50

interface HundredGigE 1/0/50

Enter the interface view for the port to be used as a member port of the peer-link interface.

Configure the member ports of the Layer 2 aggregation interfaces that act as the peer-link interfaces at the two ends of the peer link.

N/A

port link-type trunk

port link-type trunk

Set the link type of the port to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the port to permit all VLANs to pass through.

N/A

N/A

port link-aggregation group 11

port link-aggregation group 11

Assign the port to the link aggregation group for the peer-link interface (aggregation group 11).

N/A

N/A

interface Bridge-Aggregation11

interface Bridge-Aggregation11

Enter the interface view for the peer-link interface (Bridge-Aggregation 11).

Specify the aggregate interface (Bridge-Aggregation 11) as the peer-link interface.

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Configure the aggregate interface to operate in dynamic mode.

N/A

N/A

port m-lag peer-link 1

port m-lag peer-link 1

Specify the aggregate interface as the peer-link interface.

N/A

N/A

undo mac-address static source-check enable

undo mac-address static source-check enable

Disable the static source check feature on the interface.

This command ensures that the M-LAG member devices can correctly forward the Layer 3 traffic received from each other over the peer link.

You must disable static source check on the peer-link interfaces of all leaf nodes and their uplink ports connected to the spine tier.

quit

quit

N/A

N/A

N/A

interface Bridge-Aggregation1

interface Bridge-Aggregation1

Create an aggregate interface to be used as an M-LAG interface.

Configure the M-LAG interfaces connected to the bare metal servers.

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Configure the aggregate interface to operate in dynamic mode.

N/A

Configure the interface to permit all VLANs to pass through.

port m-lag group 1

port m-lag group 1

Assign the aggregate interface to an M-LAG group.

N/A

N/A

interface Ten-GigabitEthernet1/0/7

interface Ten-GigabitEthernet 2/0/7

Enter the view of a member physical interface of the M-LAG interface.

N/A

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

port link-aggregation group 1

port link-aggregation group 1

Add the physical interface to the link aggregation group for the M-LAG interface.

N/A

N/A

quit

quit

N/A

N/A

N/A

stp global enable

stp global enable

Enable the spanning tree feature globally.

N/A

interface Bridge-Aggregation 1

interface Bridge-Aggregation 1

Enter the view of the M-LAG interface connected to the bare metal servers.

N/A

stp edged-port

stp edged-port

N/A

Configure the M-LAG interface as an edge port to exclude the port from spanning tree calculation for rapid state transition.

bgp 65105

bgp 65105

Enable a BGP instance.

N/A

N/A

router-id 10.182.224.111

router-id 10.182.224.246

Specify a unique router ID for the BGP instance on each BGP device.

To run BGP, a BGP instance must have a router ID.

If you do not specify a router ID for the BGP instance on a device, it uses the global router ID. In this situation, you must make sure a global router ID is set on the device.

N/A

group spines internal

group spines internal

Create an IBGP peer group.

N/A

N/A

peer spines connect-interface LoopBack0

peer spines connect-interface LoopBack0

Specify a source interface for establishing TCP connections to the peer group.

N/A

N/A

peer spines route-update-interval 0

peer spines route-update-interval 0

Specify an interval for sending the same update to the peer group.

Enable the device to fast send updates to the peer group upon route changes to accelerate route convergence.

Execute this command only for IBGP peers.

peer 10.182.226.89 group spines

peer 10.182.226.89 group spines

Add the specified spine device to the peer group.

N/A

N/A

peer 10.182.226.90 group spines

peer 10.182.226.90 group spines

Add the specified spine device to the peer group.

N/A

N/A

address-family IPv4 unicast

address-family IPv4 unicast

Create the BGP IPv4 unicast address family and enter its view.

N/A

N/A

balance 8

balance 8

Enable load balancing and set the maximum number of BGP ECMP routes for load balancing.

import-route direct

import-route direct

Configure BGP to redistribute direct routes in the BGP instance.

N/A

N/A

peer spines enable

peer spines enable

Enable the device to exchange routes with the peer group.

N/A

N/A

quit

quit

Exit the BGP IPv4 unicast address family view.

N/A

N/A

bgp 65001 instance EVPN

bgp 65001 instance EVPN

Enable a BGP instance.

N/A

N/A

router-id 10.182.224.111

router-id 10.182.224.246

Specify a unique router ID for the BGP instance on each BGP device.

To run BGP, a BGP instance must have a router ID.

If you do not specify a router ID for the BGP instance on a device, it uses the global router ID. In this situation, you must make sure a global router ID is set on the device.

N/A

group evpn internal

group evpn internal

Create an IBGP peer group.

N/A

N/A

peer evpn connect-interface LoopBack0

peer evpn connect-interface LoopBack0

Specify a source interface for establishing TCP connections to the peer group.

N/A

N/A

peer evpn route-update-interval 0

peer evpn route-update-interval 0

Specify an interval for sending the same update to the peer group.

Enable the device to fast send updates to the peer group upon route changes to accelerate route convergence after an M-LAG primary/secondary switchover occurs.

Execute this command only for IBGP peers.

peer 10.182.226.89 group evpn

peer 10.182.226.89 group evpn

Add the specified spine device to the peer group.

N/A

N/A

peer 10.182.226.90 group evpn

peer 10.182.226.90 group evpn

Add the specified spine device to the peer group.

N/A

N/A

address-family l2vpn evpn

address-family l2vpn evpn

Create the BGP EVPN address family and enter its view.

N/A

N/A

peer evpn enable

peer evpn enable

Enable the device to exchange routes with the peer group.

N/A

N/A

undo policy vpn-target

undo policy vpn-target

Disable filtering incoming BGP EVPN routes based on route targets.

quit

quit

Exit the BGP EVPN address family view.

N/A

N/A

vsi vpn-trusted-7

vsi vpn-trusted-7

Create a VSI and enter its view.

N/A

arp suppression enable

arp suppression enable

Enable ARP flood suppression.

N/A

vxlan 7

vxlan 7

Create a VXLAN and enter its view.

N/A

evpn encapsulation vxlan

evpn encapsulation vxlan

Create a VXLAN EVPN instance on the VSI and enter its view.

N/A

route-distinguisher auto

route-distinguisher auto

Configure the device to automatically generate an RD for the EVPN instance.

N/A

vpn-target auto export-extcommunity

vpn-target auto export-extcommunity

Configure the device to automatically generate an export RT for the EVPN instance.

N/A

vpn-target auto import-extcommunity

vpn-target auto import-extcommunity

Configure the device to automatically generate an import RT for the EVPN instance.

N/A

quit

quit

Return to system view.

N/A

vsi vpn-trusted-522

vsi vpn-trusted-522

Create a VSI and enter its view.

N/A

arp suppression enable

arp suppression enable

Enable ARP flood suppression.

N/A

vxlan 522

vxlan 522

Create a VXLAN and enter its view.

N/A

evpn encapsulation vxlan

evpn encapsulation vxlan

Create a VXLAN EVPN instance on the VSI and enter its view.

N/A

route-distinguisher auto

route-distinguisher auto

Configure the device to automatically generate an RD for the EVPN instance.

N/A

vpn-target auto export-extcommunity

vpn-target auto export-extcommunity

Configure the device to automatically generate an export RT for the EVPN instance.

N/A

vpn-target auto import-extcommunity

vpn-target auto import-extcommunity

Configure the device to automatically generate an import RT for the EVPN instance.

N/A

quit

quit

Return to system view.

N/A

interface Bridge-Aggregation1

interface Bridge-Aggregation1

Enter the view of the site-facing interface on which Ethernet instances will be created.

N/A

undo port trunk permit vlan 1

undo port trunk permit vlan 1

Remove the interface from VLAN 1.

N/A

port trunk permit vlan 7 522

port trunk permit vlan 7 522

Assign the interface to VLANs 7 and 522.

N/A

service-instance 7

service-instance 7

Create an Ethernet service instance and enter its view.

N/A

encapsulation s-vid 7

encapsulation s-vid 7

Configure the Ethernet service instance to match traffic sent from the specified VLAN.

N/A

xconnect vsi vpn-trusted-7

xconnect vsi vpn-trusted-7

Map the Ethernet service instance to the specified VSI.

N/A

service-instance 522

service-instance 522

Create an Ethernet service instance and enter its view.

N/A

encapsulation s-vid 522

encapsulation s-vid 522

Configure the Ethernet service instance to match traffic sent from the specified VLAN.

N/A

xconnect vsi vpn-trusted-522

xconnect vsi vpn-trusted-522

Map the Ethernet service instance to the specified VSI.

N/A

quit

quit

N/A

N/A

interface LoopBack0

interface LoopBack0

Create interface Loopback 0 and enter its view.

N/A

N/A

ip address 10.182.234.1 255.255.255.255

ip address 10.182.234.2 255.255.255.255

Assign an IP address to the interface.

VTEP IP

N/A

quit

quit

N/A

N/A

N/A

interface LoopBack1

interface LoopBack1

Create interface Loopback 1 and enter its view.

N/A

N/A

ip address 10.182.236.1 255.255.255.255

ip address 10.182.236.1 255.255.255.255

Assign an IP address to the interface.

Configure the virtual VTEP IP address.

N/A

quit

quit

N/A

N/A

ip vpn-instance vpn-trusted

ip vpn-instance vpn-trusted

Create a VPN instance.

N/A

N/A

route-distinguisher 65001:10

route-distinguisher 65002:10

Configure the device to automatically generate an RD for the VPN instance.

N/A

N/A

address-family IPv4

address-family IPv4

Enter VPN instance IPv4 address family view.

N/A

N/A

vpn-target 65001:1 import-extcommunity

vpn-target 65001:1 import-extcommunity

Configure the IPv4 import target for the VPN instance.

N/A

N/A

vpn-target 65001:1 export-extcommunity

vpn-target 65001:1 export-extcommunity

Configure the IPv4 export target for the VPN instance.

N/A

N/A

address-family IPv6

address-family IPv6

Enter VPN instance IPv6 address family view.

N/A

N/A

vpn-target 65001:1 import-extcommunity

vpn-target 65001:1 import-extcommunity

Configure the IPv6 import target for the VPN instance.

N/A

N/A

vpn-target 65001:1 export-extcommunity

vpn-target 65001:1 export-extcommunity

Configure the IPv6 export target for the VPN instance.

N/A

N/A

address-family evpn

address-family evpn

Enter VPN instance EVPN address family view.

N/A

N/A

vpn-target 65001:1 import-extcommunity

vpn-target 65001:1 import-extcommunity

Configure the IPv6 import target for the VPN instance.

N/A

N/A

vpn-target 65001:1 export-extcommunity

vpn-target 65001:1 export-extcommunity

Configure the IPv6 export target for the VPN instance.

N/A

N/A

quit

quit

N/A

N/A

ospf 100 router-id 10.182.234.1 vpn-instance vpn-trusted

ospf 100 router-id 10.182.234.1 vpn-instance vpn-trusted

Create an OSPF process and enter its view.

N/A

N/A

import-route direct

import-route direct

Redistribute direct routes in the OSPF process.

N/A

N/A

spf-schedule-interval 1 10 10

spf-schedule-interval 1 10 10

Set the maximum SPF calculation interval to 1 second, the minimum SPF calculation interval to 10 milliseconds, and the incremental SPF calculation interval to 10 milliseconds for OSPF.

Shorten the SPF calculation interval to accelerate route convergence.

N/A

lsa-generation-interval 1 10 10

lsa-generation-interval 1 10 10

Set the maximum interval for LSA generation to 1 second, the minimum interval to 10 milliseconds, and the incremental interval to 10 milliseconds.

Enable quicker LSA regeneration upon network topology change to accelerate route convergence.

N/A

area 0.0.0.1

area 0.0.0.1

Create OSPF area 1.

N/A

N/A

fast-reroute lfa

fast-reroute lfa

Enable OSPF FRR and use the LFA algorithm for calculation of the backup next hop.

This feature minimizes service interruption by fast rerouting traffic to the precalculated backup next hop when a link or node fails.

N/A

quit

quit

N/A

N/A

N/A

vlan 1001

vlan 1001

Create the VLAN for configuring the VLAN interface used for establishing L3 connectivity between the border nodes.

N/A

N/A

interface Vlan-interface1001

interface Vlan-interface1001

Create VLAN-interface 1001 and enter its view.

Specify the IP addresses for establishing L3 connectivity between the peer M-LAG member devices. When the uplink on one M-LAG member device fails, the uplink traffic that arrives on that member device can traverse the established L3 connectivity to the other M-LAG member device and go outside.

N/A

ip binding vpn-instance vpn-trusted

ip binding vpn-instance vpn-trusted

N/A

N/A

N/A

ip address 192.101.1.101 255.255.255.252

ip address 192.101.1.100 255.255.255.252

Assign an IP address to the interface.

N/A

N/A

ospf network-type broadcast

ospf network-type broadcast

Set the OSPF network type of the interface to broadcast.

N/A

N/A

ospf 1 area 0.0.0.0

ospf 1 area 0.0.0.0

Enable OSPF on the interface.

N/A

quit

quit

Return to system view.

N/A

N/A

stp global enable

stp global enable

Enable the spanning tree feature globally.

N/A

N/A

interface Twenty-FiveGigE1/0/53

interface Twenty-FiveGigE1/0/53

Configure the interface connected to Spine 1.

N/A

N/A

port link-mode route

port link-mode route

Configure the interface to operate in route mode as a Layer 3 interface.

N/A

N/A

ip address 10.182.221.1 255.255.255.254

ip address 10.182.221.11 255.255.255.254

Assign an IP address to the interface.

N/A

N/A

link-delay up 60

link-delay up 60

Configure the interface to suppress link-up events for 60 seconds.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

interface Twenty-FiveGigE1/0/55

interface Twenty-FiveGigE1/0/55

Configure the interface connected to Spine 2.

N/A

N/A

port link-mode route

port link-mode route

Configure the interface to operate in route mode as a Layer 3 interface.

N/A

N/A

ip address 10.182.221.5 255.255.255.254

ip address 10.182.221.15 255.255.255.254

Assign an IP address to the interface.

N/A

N/A

link-delay up 60

link-delay up 60

Configure the interface to suppress link-up events for 60 seconds.

N/A

N/A

quit

quit

N/A

N/A

N/A

l2vpn enable

l2vpn enable

Enable L2VPN.

N/A

N/A

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the Ethernet aggregate peer link.

N/A

N/A

vxlan tunnel arp-learning disable

vxlan tunnel arp-learning disable

Disable remote ARP learning for VXLANs.

N/A

N/A

vxlan tunnel nd-learning disable

vxlan tunnel nd-learning disable

Disable remote ND learning for VXLANs.

N/A

N/A

vxlan tunnel mac-learning disable

vxlan tunnel mac-learning disable

Disable remote MAC address learning for VXLANs.

N/A

N/A

mac-address timer aging 900

mac-address timer aging 900

Set the aging timer for dynamic MAC address entries to 900 seconds .

If the M-LAG system has a large number of MAC entries, increase the aging timer value for dynamic MAC address entries to ensure complete synchronization of MAC address entries when one of the M-LAG member devices restarts.

This setting helps accelerate VM migration across the network.

This setting must be consistent between the peer member devices in an M-LAG system.

m-lag restore-delay 180

m-lag restore-delay 180

Set the data restoration interval. This parameter specifies the maximum amount of time for the secondary M-LAG member device to synchronize data with the primary M-LAG member device during M-LAG system setup.

This command specifies the maximum amount of time for the secondary M-LAG member device to synchronize data with the primary M-LAG member device during M-LAG system setup. Within the data restoration interval, the secondary M-LAG member device sets all network interfaces to M-LAG MAD DOWN state except those excluded from the MAD shutdown action.

To avoid packet loss and forwarding failure, increase the data restoration interval if the amount of data is large, for example, when the device has a large number of routes and interfaces.

N/A

m-lag role priority 10

m-lag role priority 20

Set the M-LAG role priority of the device.

N/A

An M-LAG member device is assigned the primary or secondary role based on its M-LAG role priority. The lower the priority value, the higher the priority.

m-lag system-mac 0002-0002-0001

m-lag system-mac 0002-0002-0001

Set the MAC address of the M-LAG system.

N/A

You must assign the same M-LAG system MAC address to the member devices in an M-LAG system.

m-lag system-number 1

m-lag system-number 2

Set the M-LAG system number.

N/A

You must assign different M-LAG system numbers to the member devices in an M-LAG system.

m-lag system-priority 10

m-lag system-priority 10

Set the M-LAG system priority.

N/A

You must set the same M-LAG system priority on the member devices in an M-LAG system.

m-lag standalone enable

m-lag standalone enable

Enable M-LAG standalone mode.

N/A

N/A

m-lag mad default-action none

m-lag mad default-action none

Set the M-LAG MAD action to none. When the M-LAG system splits, M-LAG MAD will not shut down any network interfaces, except the interfaces configured manually or by the system to be shut down on the secondary device.

Required.

N/A

m-lag mad include interface Twenty-FiveGigE1/0/33

m-lag mad include interface Twenty-FiveGigE1/0/33

Configure M-LAG MAD to shut down the uplink interface upon an M-LAG system split if the device is the secondary M-LAG member device.

N/A

N/A

m-lag mad include interface Twenty-FiveGigE1/0/53

m-lag mad include interface Twenty-FiveGigE1/0/53

Configure M-LAG MAD to shut down the downlink interface upon an M-LAG system split if the device is the secondary M-LAG member device.

N/A

N/A

m-lag mad include interface Twenty-FiveGigE1/0/55

m-lag mad include interface Twenty-FiveGigE1/0/55

Configure M-LAG MAD to shut down the downlink interface when the M-LAG system splits.

N/A

N/A

m-lag keepalive ip destination 2.0.0.2 source 2.0.0.1

m-lag keepalive ip destination 2.0.0.1 source 2.0.0.2

Configure the source and destination IP addresses of keepalive packets.

This example uses the IP addresses of management Ethernet interfaces to set up the keepalive link. By default, management Ethernet interfaces are excluded from the M-LAG MAD DOWN action.

If the interfaces belong to a VPN instance, specify that VPN instance when you specify source and destination IP addresses for keepalive packets.

If the interfaces that own the IP addresses are not excluded from the M-LAG MAD DOWN action by default, manually exclude them from that action.

evpn m-lag group 10.182.236.1

evpn m-lag group 10.182.236.1

Enable EVPN M-LAG and specify the virtual VTEP address.

N/A

N/A

evpn global-mac 00e0-fc00-0201

evpn global-mac 00e0-fc00-0201

Configure an EVPN global MAC address.

N/A

You must specify the same EVPN global MAC address on the devices in the same M-LAG system.

Do not use a reserved MAC address as the EVPN global MAC address.

interface Bridge-Aggregation1024

interface Bridge-Aggregation1024

Create the Layer 2 aggregate interface to be used as the peer-link interface, and enter interface view. This example uses interface Bridge-Aggregation 1024 as the peer-link interface on each member device.

N/A

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the interface to permit all VLANs to pass through.

N/A

N/A

link-aggregation mode dynamic

link-aggregation mode dynamic

Configure the aggregate interface to operate in dynamic mode.

N/A

N/A

interface HundredGigE1/0/25

interface HundredGigE1/0/25

Assign the physical port to the aggregation group for the peer-link interface.

N/A

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the interface to permit all VLANs to pass through.

N/A

N/A

port link-aggregation group 1024

port link-aggregation group 1024

Assign the port to the link aggregation group for the peer-link interface.

N/A

N/A

interface HundredGigE1/0/26

interface HundredGigE1/0/26

Assign the physical port to the aggregation group for the peer-link interface.

N/A

N/A

port link-type trunk

port link-type trunk

Set the link type of the interface to trunk.

N/A

N/A

port trunk permit vlan all

port trunk permit vlan all

Configure the interface to permit all VLANs to pass through.

N/A

N/A

port link-aggregation group 1024

port link-aggregation group 1024

Assign the port to the link aggregation group for the peer-link interface.

N/A

N/A

quit

quit

N/A

N/A

N/A

interface Bridge-Aggregation1024

interface Bridge-Aggregation1024

Enter the Layer 2 aggregate interface view for the peer-link interface.

N/A

N/A

port m-lag peer-link 1

port m-lag peer-link 1

Specify the aggregate interface as the peer-link interface.

N/A

N/A

quit

quit

N/A

N/A

N/A

interface Twenty-FiveGigE1/0/33

interface Twenty-FiveGigE1/0/33

N/A

N/A

port link-mode route

port link-mode route

Configure the interface to operate in route mode as a Layer 3 interface.

N/A

ip binding vpn-instance vpn-trusted

ip binding vpn-instance vpn-trusted

Associate the interface with the specified VPN instance.

N/A

ip address 192.101.1.1 255.255.255.254

ip address 192.101.1.3 255.255.255.254

Assign an IP address to the interface.

N/A

ospf 100 area 0.0.0.1

ospf 100 area 0.0.0.1

Enable OSPF on the interface.

N/A

ospf peer hold-max-cost duration 300000

ospf peer hold-max-cost duration 300000

On the interface, enable OSPF to advertise the maximum link cost to neighbors within 300000 milliseconds.

N/A

bgp 65031

bgp 65031

Enable a BGP instance.

N/A

N/A

router-id 10.182.234.1

router-id 10.182.234.2

Specify a unique router ID for the BGP instance on each BGP device.

To run BGP, a BGP instance must have a router ID.

If you do not specify a router ID for the BGP instance on a device, it uses the global router ID. In this situation, you must make sure a global router ID is set on the device.

N/A

group spine external

group spine external

Create an EBGP peer group.

N/A

N/A

peer spine as-number 65105

peer spine as-number 65105

Specify an AS number for the EBGP peer group.

N/A

N/A

peer spine route-update-interval 0

peer spine route-update-interval 0

Specify an interval for sending the same update to the peer group.

Enable the device to fast send updates to the peer group upon route changes to accelerate route convergence after an M-LAG primary/secondary switchover occurs.

N/A

peer 10.182.221.0 group spines

peer 10.182.221.10 group spines

Add the specified spine device to the peer group.

N/A

N/A

peer 10.182.221.4 group spines

peer 10.182.221.14 group spines

Add the specified spine device to the peer group.

N/A

N/A

peer 100.5.1.2 as-number 65031

peer 100.5.1.1 as-number 65031

Configure EBGP peering for establishing Layer 3 connectivity between the M-LAG member devices.

N/A

peer 100.5.1.2 route-update-interval 0

peer 100.5.1.1 route-update-interval 0

Specify an interval for sending the same update to the peer group.

Enable the device to fast send updates to the peer group upon route changes to accelerate route convergence after an M-LAG primary/secondary switchover occurs.

N/A

address-family IPv4 unicast

address-family IPv4 unicast

Create the BGP IPv4 unicast address family and enter its view.

N/A

N/A

balance 8

balance 8

Enable load balancing and set the maximum number of BGP ECMP routes for load balancing.

N/A

N/A

import-route direct

import-route direct

Configure BGP to redistribute direct routes in the BGP instance.

N/A

N/A

network 10.182.234.1 255.255.255.255

network 10.182.234.2 255.255.255.255

Advertise the IP address of interface Loopback 0.

N/A

N/A

network 10.182.236.1 255.255.255.255

network 10.182.236.1 255.255.255.255

Advertise the IP address of interface Loopback 1.

N/A

N/A

peer spine enable

peer spine enable

Enable the device to exchange routes with the peer group.

N/A

N/A

peer 100.5.1.2 enable

peer 100.5.1.1 enable

Enable the device to exchange routes with the peer group.

N/A

N/A

quit

quit

Exit the BGP IPv4 unicast address family view.

N/A

N/A

bgp 65001 instance EVPN

bgp 65001 instance EVPN

Enable the specified BGP instance and enter its view.

N/A

N/A

router-id 10.182.234.1

router-id 10.182.234.2

Specify a unique router ID for the BGP instance on the device.

N/A

N/A

group evpn internal

group evpn internal

Create an IBGP peer group.

N/A

The IBGP peer group name must be evpn.

peer evpn connect-interface LoopBack0

peer evpn connect-interface LoopBack0

Specify a source interface for establishing TCP connections to the peer group.

N/A

N/A

peer evpn route-update-interval 0

peer evpn route-update-interval 0

Specify an interval for sending the same update to the peer group.

Enable the device to fast send updates to the peer group upon route changes to accelerate route convergence after an M-LAG primary/secondary switchover occurs.

Execute this command only for IBGP peers.

peer 10.182.226.89 group evpn

peer 10.182.226.89 group evpn

N/A

N/A

N/A

peer 10.182.226.90 group evpn

peer 10.182.226.90 group evpn

N/A

N/A

N/A

address-family l2vpn evpn

address-family l2vpn evpn

Create the BGP EVPN address family and enter its view.

N/A

N/A

peer evpn enable

peer evpn enable

Enable the device to exchange routes with the peer group.

N/A

N/A

nexthop evpn-m-lag group-address

nexthop evpn-m-lag group-address

Enable the M-LAG member devices to replace the next hop in advertised BGP EVPN routes with the virtual VTEP address.

This step is required on the EDs in an EVPN DCI environment if the EDs are M-LAG systems.

N/A

quit

quit

Exit the BGP IPv4 unicast address family view.

N/A

N/A

interface Vsi-interface7

interface Vsi-interface7

Create a VSI interface and enter its view.

N/A

N/A

ip binding vpn-instance vpn-trusted

ip binding vpn-instance vpn-trusted

Associate the VSI interface with the specified VPN instance.

N/A

N/A

ip address 10.182.7.254 255.255.252.0

ip address 10.182.7.254 255.255.252.0

Assign an IP address to the interface. This IP address will be the gateway IP address.

N/A

N/A

proxy-arp enable

proxy-arp enable

Enable common proxy ARP.

N/A

N/A

quit

quit

Return to system view.

N/A

N/A

interface Vsi-interface522

interface Vsi-interface522

Create a VSI interface and enter its view.

N/A

N/A

ip binding vpn-instance vpn-trusted

ip binding vpn-instance vpn-trusted

Associate the VSI interface with the specified VPN instance.

N/A

N/A

ip address 10.180.43.254 255.255.252.0

ip address 10.180.43.254 255.255.252.0

Assign an IP address to the interface. This IP address will be the gateway IP address.

N/A

N/A

proxy-arp enable

proxy-arp enable

Enable common proxy ARP.

N/A

 N/A

quit

quit

Return to system view.

N/A

N/A

interface Vsi-interface10001

interface Vsi-interface10001

Create a VSI interface and enter its view.

N/A

N/A

ip binding vpn-instance vpn-trusted

ip binding vpn-instance vpn-trusted

Bind the VSI interface to the specified VPN instance.

N/A

N/A

IPv6 address auto link-local