HPE FlexNetwork 5520 HI Switch Series

EVPN Configuration Guide

Part number: 5200-8314

Software version: Release 6525 and later
Document version: 6W100-20210810
© Copyright 2021 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
EVPN overview ······························································································ 1
EVPN VXLAN····················································································································································· 1
EVPN benefits ···················································································································································· 1
Layered transport network ································································································································· 2
MP-BGP extension for EVPN····························································································································· 2
RD and route target selection of BGP EVPN routes ·························································································· 3
Configuring EVPN VXLAN ············································································· 5
About EVPN VXLAN ·········································································································································· 5
Network model ··········································································································································· 5
Configuration automation ··························································································································· 6
Assignment of traffic to VXLANs ················································································································ 6
Layer 2 forwarding ····································································································································· 7
Centralized EVPN gateway deployment ···································································································· 9
Distributed EVPN gateway deployment ··································································································· 10
EVPN VXLAN multihoming ······················································································································ 14
EVPN VXLAN multicast ··························································································································· 17
ARP and ND flood suppression ··············································································································· 19
MAC mobility ············································································································································ 20
EVPN distributed relay ····························································································································· 20
Restrictions and guidelines: EVPN VXLAN configuration ················································································ 22
EVPN VXLAN tasks at a glance ······················································································································ 22
Setting the forwarding mode for VXLANs ········································································································ 23
Configuring a VXLAN on a VSI ························································································································ 24
Restrictions and guidelines for VXLAN configuration on a VSI ································································ 24
Creating a VXLAN on a VSI ····················································································································· 24
Configuring VSI parameters ····················································································································· 24
Configuring an EVPN instance ························································································································ 25
Configuring EVPN multihoming························································································································ 25
Restrictions and guidelines for EVPN multihoming ·················································································· 25
Assigning an ESI to an interface ·············································································································· 25
Setting the DF election delay ··················································································································· 26
Disabling advertisement of EVPN multihoming routes············································································· 26
Configuring BGP to advertise BGP EVPN routes ···························································································· 27
Restrictions and guidelines for BGP EVPN route advertisement ····························································· 27
Enabling BGP to advertise BGP EVPN routes························································································· 27
Configuring BGP EVPN route settings ····································································································· 27
Maintaining BGP sessions ······················································································································· 30
Mapping ACs to a VSI ······································································································································ 30
Mapping a static Ethernet service instance to a VSI ················································································ 30
Mapping dynamic Ethernet service instances to VSIs ············································································· 31
Configuring a centralized EVPN gateway ········································································································ 32
Configuring a distributed EVPN gateway ········································································································· 33
Restrictions and guidelines for distributed EVPN gateway configuration················································· 33
Prerequisites for distributed EVPN gateway configuration······································································· 33
Configuring a VSI interface ······················································································································ 33
Configuring an L3 VXLAN ID for a VSI interface······················································································ 34
Configuring IP prefix route advertisement ································································································ 37
Configuring the EVPN global MAC address····························································································· 38
Disabling generation of IP prefix advertisement routes for the subnets of a VSI interface ······················ 38
Enabling a distributed EVPN gateway to send RA messages over VXLAN tunnels ································ 39
Managing remote MAC address entries and remote ARP or ND learning ······················································· 40
Disabling remote MAC address learning and remote ARP or ND learning ·············································· 40
Disabling MAC address advertisement ···································································································· 40
Enabling MAC mobility event suppression ······························································································· 41
Disabling learning of MAC addresses from ARP or ND information ························································ 41
Disabling ARP information advertisement································································································ 42

i
 Enabling ARP mobility event suppression ······························································································· 42
Enabling ARP request proxy ···················································································································· 43
Enabling conversational learning for forwarding entries ·················································································· 44
About conversational learning for forwarding entries ··············································································· 44
Restrictions and guidelines for enabling conversational learning for forwarding entries·························· 44
Enabling conversational learning for host route FIB entries····································································· 44
Enabling conversational learning for IPv6 host route FIB entries ···························································· 44
Configuring BGP EVPN route redistribution and advertisement ······································································ 45
Redistributing MAC/IP advertisement routes into BGP unicast routing tables ········································· 45
Enabling BGP EVPN route advertisement to the local site ······································································ 46
Disabling flooding for a VSI ······························································································································ 47
Enabling ARP or ND flood suppression ··········································································································· 47
Configuring EVPN distributed relay ················································································································· 48
Display and maintenance commands for EVPN ······························································································ 50
EVPN VXLAN configuration examples ············································································································ 52
Example: Configuring a centralized EVPN gateway ················································································ 52
Example: Configuring distributed EVPN gateways (IPv4 underlay network) ··········································· 61
Example: Configuring distributed EVPN gateways (IPv6 underlay network) ··········································· 72
Example: Configuring communication between EVPN networks and the public network ························ 83
Example: Configuring IPv4 EVPN distributed relay using an Ethernet aggregate link as the IPL ··········· 94
Example: Configuring IPv4 EVPN distributed relay using a VXLAN tunnel as the IPL ·························· 106
Example: Configuring IPv4 EVPN multihoming ····················································································· 119
Example: Configuring EVPN multicast ··································································································· 133
Document conventions and icons ······························································ 142
Conventions ··················································································································································· 142
Network topology icons ·································································································································· 143
Support and other resources ····································································· 144
Accessing Hewlett Packard Enterprise Support····························································································· 144
Accessing updates ········································································································································· 144
Websites ················································································································································ 145
Customer self repair ······························································································································· 145
Remote support······································································································································ 145
Documentation feedback ······················································································································· 145
Index·········································································································· 147

ii
EVPN overview
Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and
Layer 3 connectivity between distant network sites across an IP network. EVPN uses MP-BGP in the
control plane and Virtual eXtensible LAN (VXLAN) in the data plane. EVPN is typically used in data
centers for multitenant services.

EVPN VXLAN
As shown in Figure 1, EVPN VXLAN uses the VXLAN technology for traffic forwarding in the data
plane. The transport edge devices assign VMs to different VXLANs, and then forward traffic at Layer
2 between sites for VMs by using VXLAN tunnels. The transport edge devices are VXLAN tunnel
endpoints (VTEPs). All EVPN VXLAN processing is performed on VTEPs
To provide Layer 3 connectivity between subnets of a tenant and between the EVPN VXLAN network
and external networks, you can deploy EVPN gateways.
For more information about EVPN VXLAN, see "Configuring EVPN VXLAN."
Figure 1 EVPN VXLAN network model

VM VSI/VXLAN 10 VSI/VXLAN 10 VM

VM VSI/VXLAN 20 VSI/VXLAN 20 VM

VM VSI/VXLAN 30 VSI/VXLAN 30 VM

VXLAN tunnel
ES ES

VTEP P VTEP
Server Transport Server
network
Site 1 Site 2

EVPN benefits
EVPN provides the following benefits:
• Configuration automation—MP-BGP automates VTEP discovery, VXLAN tunnel
establishment, and VXLAN tunnel assignment to ease deployment.
• Separation of the control plane and the data plane—EVPN uses MP-BGP to advertise host
reachability information in the control plane and uses VXLAN to forward traffic in the data plane.
• Integrated routing and bridging (IRB)—MP-BGP advertises both Layer 2 and Layer 3 host
reachability information to provide optimal forwarding paths and minimize flooding in an EVPN
VXLAN network.
• Point-to-point and point-to-multipoint connection—Layer 2 frames are transmitted
transparently across the IP transport network between sites after they are encapsulated into
VXLAN packets.

1
Layered transport network
As shown in Figure 2, typically the EVPN transport network uses a layered structure. On the
transport network, leaf nodes act as VTEPs to provide VXLAN services, and spine nodes perform
forwarding for VXLAN traffic based on the outer IP header. If all VTEPs and transport network
devices of an EVPN network belong to the same AS, the spine nodes can act as route reflectors
(RRs) to reflect routes between the VTEPs. In this scenario, the spine nodes advertise and receive
BGP EVPN routes, but do not perform VXLAN encapsulation and de-encapsulation.
Figure 2 Layered transport network
RR RR
Spine

Transport
network

Leaf

VTEP VTEP
Site 1 Site 2

Server Server

MP-BGP extension for EVPN

To support EVPN, MP-BGP introduces the EVPN subsequent address family under the L2VPN
address family and the following network layer reachability information (BGP EVPN routes):
• Ethernet auto-discovery route—Advertises ES information in multihomed sites.
• MAC/IP advertisement route—Advertises MAC reachability information and host route
information (host ARP or ND information).
• Inclusive multicast Ethernet tag (IMET) route—Advertises VTEP and VXLAN mappings for
automating VTEP discovery, VXLAN tunnel establishment, and VXLAN tunnel assignment in an
EVPN VXLAN network.
• Ethernet segment route—Advertises ES and VTEP mappings.
• IP prefix advertisement route—Advertises BGP IPv4 or IPv6 unicast routes as IP prefixes.
• Selective multicast Ethernet tag (SMET) route—Advertises IGMP multicast group
information among VTEPs in an EVPN network. A VTEP advertises an SMET route only when
receiving a membership report for an IGMP multicast group for the first time. The VTEP does
not advertise an SMET route if subsequent membership reports for the multicast group use the
same IGMP version as the first membership report.
• IGMP join synch route—Advertises IGMP membership reports among redundant VTEPs for
an ES.
• IGMP leave synch route—Advertises IGMP leave group messages for withdrawal of IGMP
join synch routes among redundant VTEPs for an ES.

2
 MP-BGP uses the route distinguisher (RD) field to differentiate BGP EVPN routes of different VSIs
and uses route targets to control the advertisement and acceptance of BGP EVPN routes. MP-BGP
supports the following types of route targets:
• Export target—A VTEP sets the export targets for BGP EVPN routes learned from the local
site before advertising them to remote VTEPs.
• Import target—A VTEP checks the export targets of BGP EVPN routes received from remote
VTEPs. The VTEP imports the BGP EVPN routes only when their export targets match the local
import targets.

RD and route target selection of BGP EVPN

routes
As shown in Table 1, you can configure RDs and route targets for BGP EVPN routes in multiple
views.
Table 1 Supported views for RD and route target configuration

Item Views
• VSI EVPN instance view
RD • VPN instance view
• Public instance view
• VSI EVPN instance view
• VPN instance view
• VPN instance IPv4 address family view
• VPN instance IPv6 address family view
• VPN instance EVPN view
• Public instance view
• Public instance IPv4 address family view
• Public instance IPv6 address family view
Route targets
• Public instance EVPN view
NOTE:
Route targets configured in VPN instance view apply to IPv4 VPN, IPv6 VPN, and
EVPN. Route targets configured in IPv4 address family view apply only to IPv4 VPN.
Route targets configured in IPv6 address family view apply only to IPv6 VPN. Route
targets configured in VPN instance EVPN view apply only to EVPN. Route targets
configured in IPv4 address family view, IPv6 address family view, or VPN instance
EVPN view take precedence over those in VPN instance view. The precedence order
for different views of a VPN instance also applies to the views of the public instance.

The device selects RDs and route targets for BGP EVPN routes by using the following rules:
• Ethernet auto-discovery routes—The device uses the RD and route targets configured in VSI
EVPN instance view when advertising the routes. The device uses the route targets configured
in VSI EVPN instance view when accepting the routes.
• IMET routes and MAC/IP advertisement routes that contain only MAC addresses—The
device uses the RD and route targets configured in VSI EVPN instance view when advertising.
The device uses the route targets configured in VSI EVPN instance view when accepting the
routes.
• MAC/IP advertisement routes that contain ARP or ND information—The device uses the
following settings when advertising the routes:
 RD and export route targets configured in VSI EVPN instance view.

3
  Export route targets configured for EVPN on a VPN instance or the public instance (VPN
instance view, EVPN view of a VPN instance or the public instance, and public instance
view).
The device uses the import route targets configured for EVPN on a VPN instance or the public
instance when accepting the routes.
• ES routes—The device uses the RD and export route targets configured in VSI EVPN instance
view when advertising the routes. The device uses the import route targets configured in VSI
EVPN instance view when accepting the routes.
• IP prefix advertisement routes—The device uses the route targets configured for the IPv4 or
IPv6 address family on a VPN instance or the public instance when advertising and accepting
the routes.

4
Configuring EVPN VXLAN
About EVPN VXLAN
EVPN VXLAN uses EVPN routes for VXLAN tunnel establishment and assignment and MAC
reachability information advertisement in the control plane and uses VXLAN for forwarding in the
data plane.

Network model
As shown in Figure 3, EVPN uses the VXLAN technology for traffic forwarding in the data plane. The
transport edge devices assign user terminals to different VXLANs, and then forward traffic between
sites for user terminals by using VXLAN tunnels. The transport edge devices are VXLAN tunnel
endpoints (VTEPs).
The EVPN network sites and transport network can be IPv4 or IPv6 networks. Supported user
terminals include PCs, wireless terminals, and VMs on servers.

NOTE:
This document uses VMs as examples to describe the mechanisms of EVPN. The mechanisms do
not differ between different kinds of user terminals.

A VTEP uses ESs, VSIs, and VXLAN tunnels to provide VXLAN services:
• Ethernet segment (ES)—An ES is a link that connects a site to a VTEP. Each ES is uniquely
identified by an Ethernet segment identifier (ESI).
• VSI—A virtual switch instance is a virtual Layer 2 switched domain. Each VSI provides
switching services only for one VXLAN. VSIs learn MAC addresses and forward frames
independently of one another. User terminals in different sites have Layer 2 connectivity if they
are in the same VXLAN. A VXLAN is identified by a 24-bit VXLAN ID which is also called the
virtual network identifier (VNI). A VXLAN corresponds to an EVPN instance.
• VXLAN tunnel—Logical point-to-point tunnels between VTEPs over the transport network.
Each VXLAN tunnel can trunk multiple VXLANs.
All VXLAN processing is performed on VTEPs. The ingress VTEP encapsulates VXLAN traffic in the
VXLAN, outer UDP, and outer IP headers, and forwards the traffic through VXLAN tunnels. The
egress VTEP removes the VXLAN encapsulation and forwards the traffic to the destination.
Transport network devices (for example, the P device in Figure 3) forward VXLAN traffic only based
on the outer IP header of VXLAN packets.

5
 Figure 3 EVPN network model

Terminal VSI/VXLAN 10 VSI/VXLAN 10 Terminal

Terminal VSI/VXLAN 20 VSI/VXLAN 20 Terminal

Terminal VSI/VXLAN 30 VSI/VXLAN 30 Terminal

VXLAN tunnel
ES ES
Site 1 Site 2

VTEP P VTEP
Transport
network

Configuration automation
If EVPN is used for Layer 2 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
• IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs
have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel
to the VXLAN.
• MAC/IP advertisement route—VTEPs advertise local MAC addresses and VXLAN IDs
through MAC/IP advertisement routes. If two VTEPs have the same VXLAN ID, they
automatically establish a VXLAN tunnel and assign the tunnel to the VXLAN.
If EVPN is used for Layer 3 forwarding, VTEPs use the following BGP EVPN routes to discover
VTEP neighbors, establish VXLAN tunnels, and assign the tunnels to VXLANs:
• IMET route—VTEPs advertise the VXLAN IDs they have through IMET routes. If two VTEPs
have the same VXLAN ID, they automatically establish a VXLAN tunnel and assign the tunnel
to the VXLAN.
• MAC/IP advertisement route and IP prefix advertisement route—In the EVPN gateway
deployment, VTEPs advertise MAC/IP advertisement routes or IP prefix advertisement routes
with the export targets. When a VTEP receives a route, it compares the export targets of the
route with the local import targets. If the route targets match, the VTEP establishes a VXLAN
tunnel with the remote VTEP and associates the tunnel with the L3 VXLAN ID of the
corresponding VPN instance. For more information about the L3 VXLAN ID, see "Distributed
EVPN gateway deployment."

Assignment of traffic to VXLANs

Traffic from the local site to a remote site
The VTEP uses an Ethernet service instance to match customer traffic on a site-facing interface. The
VTEP assigns customer traffic to a VXLAN by mapping the Ethernet service instance to a VSI.
An Ethernet service instance is identical to an attachment circuit (AC) in L2VPN. An Ethernet service
instance matches a list of VLANs on a Layer 2 Ethernet interface by using a frame match criterion.
The frame match criterion specifies the characteristics of traffic from the VLANs, such as tagging
status and VLAN IDs.
As shown in Figure 4, Ethernet service instance 1 matches VLAN 2 and is mapped to VSI A (VXLAN
10). When a frame from VLAN 2 arrives, the VTEP assigns the frame to VXLAN 10, and looks up VSI
A's MAC address table for the outgoing interface.

6
 Figure 4 Identifying traffic from the local site

VTEP
Service instance 1:
Server VLAN 2 VSI A
VXLAN 10
VLAN 2
VM 1
Service instance 2:
VLAN 3 VLAN 3 VSI B
VM 2
VXLAN 20
VLAN 4
VM 3 Service instance 3:
VLAN 4 VSI C
VXLAN 30

Traffic from a remote site to the local site

When a VXLAN packet arrives at a VXLAN tunnel interface, the VTEP uses the VXLAN ID in the
packet to identify its VXLAN.

Layer 2 forwarding
MAC learning
The VTEP performs Layer 2 forwarding based on a VSI's MAC address table. The VTEP learns MAC
addresses by using the following methods:
• Local MAC learning—The VTEP automatically learns the source MAC addresses of frames
sent from the local site. The outgoing interfaces of local MAC address entries are site-facing
interfaces on which the MAC addresses are learned.
• Remote MAC learning—The VTEP uses MP-BGP to advertise local MAC reachability
information to remote sites and learn MAC reachability information from remote sites. The
outgoing interfaces of MAC address entries advertised from a remote site are VXLAN tunnel
interfaces.
Unicast
As shown in Figure 5, the VTEP performs typical Layer 2 forwarding for known unicast traffic within
the local site.
Figure 5 Intra-site unicast

VM 1 MAC table on VTEP 1

VXLAN/VSI MAC Interface

VM 2
VXLAN 10/VSI A MAC 1 Interface A, VLAN 2
VM 3
VXLAN 10/VSI A MAC 4 Interface B, VLAN 3
Server 1 VM 7
P
Interface A
VM 8
Interface B
VTEP 1 VXLAN tunnel VTEP 2 VM 9
VM 4
Transport
Server 3
VM 5 network

VM 6

Server 2

7
 As shown in Figure 6, the following process applies to a known unicast frame between sites:
1. The source VTEP encapsulates the Ethernet frame in the VXLAN/UDP/IP header.
In the outer IP header, the source IP address is the source VTEP's VXLAN tunnel source IP
address. The destination IP address is the VXLAN tunnel destination IP address.
2. The source VTEP forwards the encapsulated packet out of the outgoing VXLAN tunnel
interface found in the VSI's MAC address table.
3. The intermediate transport devices (P devices) forward the packet to the destination VTEP by
using the outer IP header.
4. The destination VTEP removes the headers on top of the inner Ethernet frame. It then performs
MAC address table lookup in the VXLAN's VSI to forward the frame out of the matching
outgoing interface.
Figure 6 Inter-site unicast

VM 1 MAC table on VTEP 1

VXLAN/VSI MAC Interface

VM 2
VXLAN 10/VSI A MAC 1 Interface A, VLAN 2
VM 3
VXLAN 10/VSI A MAC 7 Tunnel 1
Server 1 VM 7
Interface A
VXLAN tunnel 1
VM 8
Interface B Interface A

VM 4 VTEP 1 P VTEP 2 VM 9
Transport
network Server 3
VM 5
MAC table on VTEP 2
VM 6
VXLAN/VSI MAC Interface
Server 2 VXLAN 10/VSI A MAC 1 Tunnel 1

VXLAN 10/VSI A MAC 7 Interface A, VLAN 3

Flood
As shown in Figure 7, a VTEP floods a broadcast, multicast, or unknown unicast frame to all
site-facing interfaces and VXLAN tunnels in the VXLAN, except for the incoming interface. The
source VTEP replicates the flood frame, and then sends one replica to the destination IP address of
each VXLAN tunnel in the VXLAN. Each destination VTEP floods the inner Ethernet frame to all the
site-facing interfaces in the VXLAN. To avoid loops, the destination VTEPs do not flood the frame to
VXLAN tunnels.

8
 Figure 7 Forwarding of flood traffic

VM 1

VM 2

VM 3
Transport network
Replicate and
Server 1 encapsulate VM 7

VXLAN tunnel VM 8
VX l
LA P ne
VTEP 1 Nt un VTEP 2 VM 9
Nt
VM 4
un A
ne XL
l V Server 3
VM 5

VM 6 VTEP 3

Server 2
VM 10

VM 11

VM 12

Server 4

Centralized EVPN gateway deployment

IMPORTANT:
This section uses IPv4 sites as examples to describe the Layer 3 forwarding process of EVPN
networks. The Layer 3 forwarding process does not differ between IPv4 and IPv6 sites.

Centralized EVPN gateway deployment uses one VTEP to provide Layer 3 forwarding for VXLANs.
The VTEP uses virtual Layer 3 VSI interfaces as gateway interfaces for VXLANs. Typically, the
gateway-collocated VTEP connects to other VTEPs and the external network. To use this design,
make sure the gateway has sufficient bandwidth and processing capability.
As shown in Figure 8, a VTEP acts as a gateway for VMs in the VXLANs. The VTEP both terminates
the VXLANs and performs Layer 3 forwarding for the VMs. The network uses the following process
to forward Layer 3 traffic from a VM to the destination:
1. The VM sends an ARP request to obtain the MAC address of the VSI interface that acts as the
gateway, and then sends the Layer 3 traffic to the centralized EVPN gateway.
2. The local VTEP looks up the matching VSI's MAC address table and forwards the traffic to the
centralized EVPN gateway through a VXLAN tunnel.
3. The centralized EVPN gateway removes the VXLAN encapsulation and forwards the traffic at
Layer 3.
4. The centralized EVPN gateway forwards the replies sent by the destination node to the VM
based on the ARP entry for the VM.

9
 Figure 8 Example of centralized EVPN gateway deployment
10.1.1.11 10.1.1.12
VM VSI/VXLAN 10 VSI/VXLAN 10 VM

20.1.1.11 20.1.1.12
VM VSI/VXLAN 20 VSI/VXLAN 20 VM

30.1.1.11 30.1.1.12
VM VSI/VXLAN 30 VSI/VXLAN 30 VM
Transport
network

VXLAN tunnel

VX P l
VTEP 1 LA ne VTEP 2
Nt un
Server un
ne A Nt Server
l L
Site 1 VX Site 2
VTEP 3/Centralized EVPN gateway
VSI-interface10
VSI/VXLAN 10 10.1.1.1/24

VSI-interface20
VSI/VXLAN 20
20.1.1.1/24

VSI/VXLAN 30 VSI-interface30
30.1.1.1/24
L3 network

Distributed EVPN gateway deployment

IMPORTANT:
This section uses IPv4 sites as examples to describe the Layer 3 forwarding process of EVPN
networks. The Layer 3 forwarding process does not differ between IPv4 and IPv6 sites.

About distributed EVPN gateway deployment

As shown in Figure 9, each site's VTEP acts as a gateway to perform Layer 3 forwarding for the
VXLANs of the local site. A VTEP acts as a border gateway to the Layer 3 network for the VXLANs.

10
 Figure 9 Distributed EVPN gateway placement design

L3 network

Border gateway

VX
nel LA
N
tun tun
N ne
LA l
VX VTEP/Distributed
EVPN gateway
VTEP/Distributed VTEP/Distributed
VXLAN tunnel VXLAN tunnel
EVPN gateway EVPN gateway

VTEP

Server Server Server Server Server Server

Site 1 Site 2 Site 3 Site 4 Site 5 Site 6

Symmetric IRB
A distributed EVPN gateway uses symmetric IRB for Layer 3 forwarding, which means both the
ingress and egress gateways perform Layer 2 and Layer 3 lookups. Symmetric IRB introduces the
following concepts:
• L3 VXLAN ID—Also called L3 VNI. An L3 VXLAN ID identifies the traffic of a routing domain
where devices have Layer 3 reachability. An L3 VXLAN ID is associated with one VPN instance.
Distributed EVPN gateways use VPN instances to isolate traffic of different services on VXLAN
tunnel interfaces.
• Router MAC address—Each distributed EVPN gateway has a unique router MAC address
used for inter-gateway forwarding. The MAC addresses in the inner Ethernet header of VXLAN
packets are router MAC addresses of distributed EVPN gateways.
VSI interfaces
As shown in Figure 10, each distributed EVPN gateway has the following types of VSI interfaces:
• VSI interface as a gateway interface of a VXLAN—The VSI interface acts as the gateway
interface for VMs in a VXLAN. The VSI interface is associated with a VSI and a VPN instance.
On different distributed EVPN gateways, the VSI interface of a VXLAN use the same IP address
to provide services.
• VSI interface associated with an L3 VXLAN ID—The VSI interface is associated with a VPN
instance and assigned an L3 VXLAN ID. VSI interfaces associated with the same VPN instance
share an L3 VXLAN ID.
A border gateway only has VSI interfaces that are associated with an L3 VXLAN ID.

11
 Figure 10 Example of distributed EVPN gateway deployment
VSI-interface1
VPN instance: vpna
L3VNI: 1000

10.1.1.11 VSI-interface10 10.1.1.12

VM 1 VSI/VXLAN 10 10.1.1.1/24 VSI/VXLAN 10 VM 4
VPN instance: vpna
20.1.1.11 VSI-interface20 20.1.1.12
VM 2 VSI/VXLAN 20 VSI/VXLAN 20 VM 5
20.1.1.1/24
VPN instance: vpna

VXLAN tunnel

VX P l
GW 1 LA ne GW 2
Nt un
Server un Nt Server
ne
l LA
Site 1 VX Site 2
Border
gateway
VSI-interface1
VPN instance: vpna
L3VNI: 1000

L3 network

Layer 3 forwarding entry learning

A distributed EVPN gateway forwards Layer 3 traffic based on FIB entries generated from BGP
EVPN routes and ARP information.
A VTEP advertises an external route imported in the EVPN address family through MP-BGP. A
remote VTEP adds the route to the FIB table of a VPN instance based on the L3 VXLAN ID carried in
the route. In the FIB entry, the outgoing interface is a VXLAN tunnel interface, and the next hop is the
peer VTEP address in the NEXT_HOP attribute of the route.
A VTEP has the following types of ARP information:
• Local ARP information—ARP information of VMs in the local site. The VTEP snoops GARP
packets, RARP packets, and ARP requests for the gateway MAC address to learn the ARP
information of the senders and generates ARP entries and FIB entries. In an ARP or FIB entry,
the outgoing interface is the site-facing interface where the packet is received, and the VPN
instance is the instance associated with the corresponding VSI interface.
• Remote ARP information—ARP information of VMs in remote sites. Each VTEP uses
MP-BGP to advertise its local ARP information with L3 VXLAN IDs in routes to remote sites. A
VTEP generates only FIB entries for the remote ARP information. A FIB entry contains the
following information:
 Outgoing interface: VSI interface associated with the L3 VXLAN ID.
 Next hop: Peer VTEP address in the NEXT_HOP attribute of the route.
 VPN instance: VPN instance associated with the L3 VXLAN ID.
The VTEP then creates an ARP entry for the next hop in the FIB entry.
Traffic forwarding
A distributed EVPN gateway can work in one of the following mode:

12
• Switching and routing mode—Forwards Layer 2 traffic based on the MAC address table and
forwards Layer 3 traffic based on the FIB table. In this mode, you need to enable ARP flood
suppression on the distributed EVPN gateway to reduce flooding.
• Routing mode— Forwards both Layer 2 and Layer 3 traffic based on the FIB table. In this
mode, you need to enable local proxy ARP on the distributed EVPN gateway.
For more information about MAC address table-based Layer 2 forwarding, see "Unicast."
Figure 11 shows the intra-site Layer 3 forwarding process.
1. The source VM sends an ARP request to obtain the MAC address of the destination VM.
2. The gateway replies to the source VM with the MAC address of the VSI interface associated
with the source VM's VSI.
3. The source VM sends a Layer 3 packet to the gateway.
4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI
and finds the matching outgoing site-facing interface.
5. The gateway processes the Ethernet header of the Layer 3 packet as follows:
 Replaces the destination MAC address with the destination VM's MAC address.
 Replaces the source MAC address with the VSI interface's MAC address.
6. The gateway forwards the Layer 3 packet to the destination VM.
Figure 11 Intra-site Layer 3 forwarding
GW IP
GW MAC (VSI interface MAC)
IP 1 IP 2
MAC 1 MAC 2
VM 1 VM 2

Server 1 GW 1 Server 2

DMAC: GW MAC DMAC: MAC 2

SMAC: MAC 1 SMAC: GW MAC
DIP: IP 2 DIP: IP 2
SIP: IP 1 SIP: IP 1
DATA DATA

Figure 12 shows the inter-site Layer 3 forwarding process.

1. The source VM sends an ARP request to obtain the MAC address of the destination VM.
2. The gateway replies to the source VM with the MAC address of the VSI interface associated
with the source VM's VSI.
3. The source VM sends a Layer 3 packet to the gateway.
4. The gateway looks up the FIB table of the VPN instance associated with the source VM's VSI
and finds the matching outgoing VSI interface.
5. The gateway processes the Ethernet header of the Layer 3 packet as follows:
 Replaces the destination MAC address with the destination gateway's router MAC address.
 Replaces the source MAC address with its own router MAC address.
6. The gateway adds VXLAN encapsulation to the Layer 3 packet and forwards the packet to the
destination gateway. The encapsulated VXLAN ID is the L3 VXLAN ID of the corresponding
VPN instance.
7. The destination gateway identifies the VPN instance of the packet based on the L3 VXLAN ID
and removes the VXLAN encapsulation. Then the gateway forwards the packet based on the
matching ARP entry.

13
 Figure 12 Inter-site Layer 3 forwarding
GW IP GW IP
GW MAC (VSI interface MAC) GW MAC (VSI interface MAC)
GW MAC 1 (Router MAC of GW 1) GW MAC 2 (Router MAC of GW 2)
VTEP IP 1 VTEP IP 2
L3VNI 100 L3VNI 100
IP 1 IP 2
MAC 1 MAC 2
VM 1 VM 2

Server 1 GW 1 P GW 2 Server 2
Transport
network
DIP: VTEP IP 2
SIP: VTEP IP 1
VNI: 100

DMAC: GW MAC DMAC: GW MAC 2 DMAC: MAC 2

SMAC: MAC 1 SMAC: GW MAC 1 SMAC: GW MAC
DIP: IP 2 DIP: IP 2 DIP: IP 2
SIP: IP 1 SIP: IP 1 SIP: IP 1
DATA DATA DATA

Communication between private and public networks

A distributed EVPN gateway uses the public instance to perform Layer 3 forwarding for the public
network and to enable communication between private and public networks. The public instance is
similar to a VPN instance. A distributed EVPN gateway processes traffic of the public instance in the
same way it does for a VPN instance. For the public instance to work correctly, you must configure
an RD, an L3 VXLAN ID, and route targets for it. If a VSI interface is not associated with any VPN
instance, the VSI interface belongs to the public instance.

EVPN VXLAN multihoming

IMPORTANT:
EVPN multihoming supports only IPv4 underlay networks.

About EVPN multihoming

As shown in Figure 13, EVPN supports deploying multiple VTEPs at a site for redundancy and high
availability. On the redundant VTEPs, Ethernet links connected to the site form an Ethernet segment
(ES) that is uniquely identified by an Ethernet segment identifier (ESI).

14
 Figure 13 EVPN multihoming
VTEP 1

VXLA
N tun
nel

VXLAN tunnel
Transport
ES
network
P VTEP 3
Server 1 tun nel Server 2
VXLAN
Site 1 Site 2

VTEP 2

DF election
To prevent redundant VTEPs from sending duplicate flood traffic to a multihomed site, a designated
forwarder (DF) is elected from the VTEPs for each AC to forward flood traffic to the AC. VTEPs that
fail the election are assigned the backup designated forwarder (BDF) role. BDFs of an AC do not
forward flood traffic to the AC.
A remote VTEP takes part in the DF election of a multihomed site. Redundant VTEPs of the site send
Ethernet segment routes to the remote VTEP to advertise ES and VTEP IP mappings. Then, the
VTEPs select a DF for each AC based on the ES and VTEP IP mappings by using the following
procedure:
1. Arrange source IP addresses in Ethernet segment routes with the same ESI in ascending order
and assign a sequence number to each IP address, starting from 0.
2. Divide the lowest VLAN ID permitted on an AC by the number of the redundant VTEPs, and
match the reminder to the sequence numbers of IP addresses.
3. Assign the DF role to the VTEP that uses the IP address with the matching sequence number.
The following uses AC 1 in Figure 14 as an example to explain the DF election procedure:
4. VTEP 1 and VTEP 2 send Ethernet segment routes to VTEP 3.
5. Sequence numbers 0 and 1 are assigned to IP addresses 1.1.1.1 and 2.2.2.2 in the Ethernet
segment routes, respectively.
6. The VTEPs divide 4 (the lowest VLAN ID permitted by AC 1) by 2 (the number of redundant
VTEPs), and match the reminder 0 to the sequence numbers of the IP addresses.
7. The DF role is assigned to VTEP 1 at 1.1.1.1.

15
 Figure 14 DF election
Loop0
1.1.1.1/32
VTEP 1
DF of AC 1 AC 1 permits VLAN 4
AC 2 permits VLAN 7
VLAN 4
VLANs 4 and 7

Transport
ES
network
Flood traffic of
P VTEP 3 VLANs 4 and 7
Server 1 Server 2

VLAN 7 VLANs 4 and 7

Site 1 Site 2

VTEP 2
DF of AC 2
Loop0
2.2.2.2/32

Split horizon
In a multihomed site, a VTEP forwards multicast, broadcast, and unknown unicast frames received
from ACs out of all site-facing interfaces and VXLAN tunnels in the corresponding VXLAN, except for
the incoming interface. As a result, the other VTEPs at the site receive these flood frames and
forward them to site-facing interfaces, which causes duplicate floods and loops. EVPN introduces
split horizon to resolve this issue. Split horizon disables a VTEP from forwarding flood traffic received
from another local VTEP to site-facing interfaces if an ES on that local VTEP has the same ESI as
these interfaces. As shown in Figure 15, both VTEP 1 and VTEP 2 have ES 1. When receiving flood
traffic from VTEP 1, VTEP 2 does not forward the traffic to interfaces with ESI 1.

16
 Figure 15 Split horizon

Flood traffic of ES 2
ES2 VTEP 1
Server 4 Flood traffic of ES 1

Site 4 VXLA
N tun
nel

VXLAN tunnel
ES1 Transport
network
P VTEP 3
Server 1 nel Server 2
N tun
Site 1
VXLA
Site 2

VTEP 2

Server 3

Site 3

Redundancy mode
The device supports the all-active redundancy mode of EVPN multihoming. This mode allows all
redundant VTEPs at a multihomed site to forward broadcast, multicast, and unknown unicast traffic.
• For flood frames received from remotes sites, a VTEP forwards them to the ACs of which it is
the DF.
• For flood frames received from the local site, a VTEP forwards them out of all site-facing
interfaces and VXLAN tunnels in the corresponding VXLAN, except for the incoming interfaces.
For flood frames to be sent out of a VXLAN tunnel interface, a VTEP replicates each flood frame
and sends one replica to all the other VTEPs in the corresponding VXLAN.
IP aliasing
In all-active redundancy mode, all redundant VTEPs of an ES advertise the ES to remote VTEPs
through MP-BGP. IP aliasing allows a remote VTEP to add the IP addresses of all the redundant
VTEPs as the next hops for the MAC or ARP information received from one of these VTEPs. This
mechanism creates ECMP routes between the remote VTEP and the redundant VTEPs.

EVPN VXLAN multicast

IMPORTANT:
EVPN multicast supports only IPv4 underlay networks.

EVPN supports multicast forwarding. In an EVPN network, VTEPs create and maintain multicast
forwarding entries based on received IGMP membership reports and leave group messages to
reduce IGMP floods.

17
Multicast in single-homed sites
As shown in Figure 16, VTEPs at single-homed sites create multicast forwarding entries by using the
following procedure:
1. VTEP 1 receives the IGMP membership report sent by Server 1.
2. VTEP 1 creates a multicast forwarding entry and advertises information about the multicast
group to VTEP 2 and VTEP 3 through an SMET route.
3. VTEP 2 and VTEP 3 create multicast forwarding entries based on the SMET route. The next
hop in the entries is VTEP 1.
Figure 16 Multicast in single-homed sites

VTEP 1 IGMP membership reports

SMET routes

VXLA
N tun
Server 1 nel
VXLAN tunnel

Site 1
Transport
network
P VTEP 3
unn el Server 3
VXLAN t
Site 3

Server 2 VTEP 2

Site 2

Multicast in multihomed sites

The IGMP membership reports and leave group messages sent from a multihomed site are received
by multiple VTEPs. To ensure consistency of multicast forwarding entries, redundant VTEPs
advertise IGMP join synch and leave synch routes to synchronize multicast information for each ES.
As shown in Figure 17, if the DF receives the first membership report for an IGMP multicast group,
the following route advertisement and withdrawal process takes place:
1. VTEP 1 (DF) receives an IGMP membership report.
2. VTEP 1 sends an SMET route to VTEP 2 and VTEP 3, and sends an IGMP join synch route to
VTEP 2.
3. An IGMP leave group message is sent from Site 1, and one of the following processes occurs:
 If VTEP 1 (DF) receives the message, it sends an IGMP leave synch route to VTEP 2 and
withdraws the SMET route and IGMP join synch route that it has advertised.
 If VTEP 2 (BDF) receives the message, it sends an IGMP leave synch route to VTEP 1. Then
VTEP 1 withdraws the SMET route and IGMP join synch route that it has advertised.
As shown in Figure 17, if the BDF receives the first membership report for an IGMP multicast group,
the following route advertisement and withdrawal process takes place:
4. VTEP 2 (BDF) receives an IGMP membership report.
5. VTEP 2 sends an IGMP join synch route to VTEP 1 (DF).
6. VTEP 1 sends an SMET route to VTEP 2 and VTEP 3.
7. An IGMP leave group message is sent from Site 1, and one of the following processes occurs:
 If VTEP 1 (DF) receives the message, it sends an IGMP leave synch route to VTEP 2, and
VTEP 2 withdraws the IGMP join synch route that it has advertised. Then, VTEP 1 withdraws
the SMET route that it has advertised.

18
  If VTEP 2 (BDF) receives the message, it sends an IGMP leave synch route to VTEP 1 and
withdraws the IGMP join synch route that it has advertised. Then, VTEP 1 withdraws the
SMET route that it has advertised.
Figure 17 Multicast in multihomed sites

VTEP 1 IGMP membership reports

DF SMET routes
IGMP join synch routes

VXLA
N tun
nel

VXLAN tunnel
Transport
ES
network
P VTEP 3
Server 1 tun nel Server 2
V XLAN
Site 1 Site 2

VTEP 2

ARP and ND flood suppression

ARP or ND flood suppression reduces ARP request broadcasts or ND request multicasts by enabling
the VTEP to reply to ARP or ND requests on behalf of VMs.
As shown in Figure 18, this feature snoops ARP or ND requests, ARP or ND responses, and BGP
EVPN routes to populate the ARP or ND flood suppression table with local and remote MAC
addresses. If an ARP or ND request has a matching entry, the VTEP replies to the request on behalf
of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Figure 18 ARP and ND flood suppression

VM 1

VM 2
(1)
VM 3 (6)
Transport network

(2)
Server 1 VM 7
(3)
(5)
(4)
(2) VXLAN tunnel VM 8

(7) VX
LA P l
VTEP 1 N ne VTEP 2 VM 9
VM 4
(8) tun tun
(2) ne
l LAN
VM 5 VX Server 3

VM 6
VTEP 3
(3) (9) (10)

Server 2
VM 10

VM 11

VM 12

Server 4

The following uses ARP flood suppression as an example to explain the flood suppression workflow:

19
 1. VM 1 sends an ARP request to obtain the MAC address of VM 7.
2. VTEP 1 creates a suppression entry for VM 1, floods the ARP request in the VXLAN, and sends
the suppression entry to VTEP 2 and VTEP 3 through BGP EVPN.
3. VTEP 2 and VTEP 3 de-encapsulate the ARP request and broadcast the request in the local
site.
4. VM 7 sends an ARP reply.
5. VTEP 2 creates a suppression entry for VM 7, forwards the ARP reply to VTEP 1, and sends the
suppression entry to VTEP 1 and VTEP 3 through BGP EVPN.
6. VTEP 1 de-encapsulates the ARP reply and forwards the ARP reply to VM 1.
7. VM 4 sends an ARP request to obtain the MAC address of VM 1.
8. VTEP 1 creates a suppression entry for VM 4 and replies to the ARP request.
9. VM 10 sends an ARP request to obtain the MAC address of VM 1.
10. VTEP 3 creates a suppression entry for VM 10 and replies to the ARP request.

MAC mobility
MAC mobility refers to that a VM or host moves from one ES to another. The source VTEP is
unaware of the MAC move event. To notify other VTEPs of the change, the destination VTEP
advertises a MAC/IP advertisement route for the MAC address. The source VTEP withdraws the old
route for the MAC address after receiving the new route. The MAC/IP advertisement route has a
sequence number that increases when the MAC address moves. The sequence number identifies
the most recent move if the MAC address moves multiple times.

EVPN distributed relay

IMPORTANT:
EVPN distributed relay supports only IPv4 sites and IPv4 underlay networks.

About EVPN distributed relay

As shown in Figure 19, EVPN distributed relay virtualizes two VTEPs or EVPN gateways into one
distributed-relay (DR) system through Distributed Resilient Network Interconnect (DRNI) to avoid
single points of failure. The VTEPs or EVPN gateways are called DR member devices. For more
information about DRNI, see Layer 2—LAN Switching Configuration Guide.

20
 Figure 19 EVPN distributed relay

VTEP

Transport
network

IPL
VTEP VTEP
Agg2 Agg2
Agg1 Agg1

Site1 Site2

Server Server

VM reachability information synchronization

To ensure VM reachability information consistency in the DR system, the DR member devices
synchronize MAC address entries and ARP information with each other through an intra-portal link
(IPL). The IPL can be an Ethernet aggregate link or a VXLAN tunnel.

IMPORTANT:
The VXLAN tunnel that acts as the IPL is automatically associated with all VXLANs on each DR
member device.

Virtual VTEP address

The DR member devices use a virtual VTEP address to set up VXLAN tunnels with remote VTEPs or
EVPN gateways.
Independent BGP neighbor relationship establishment
The DR member devices use different BGP peer addresses to establish neighbor relationships with
remote devices. For load sharing and link redundancy, a neighbor sends traffic destined for the
virtual VTEP address to both of the DR member devices through ECMP routes of the underlay
network.
Site-facing link redundancy

IMPORTANT:
This mechanism ensures service continuity in case of site-facing AC failure.

As shown in Figure 19, a VM accesses the EVPN network through multiple Ethernet links that
connect to the VTEPs. On each VTEP, all site-facing Ethernet links are assigned to a Layer 2
aggregation group for high availability. On the corresponding Layer 2 aggregate interfaces, Ethernet
service instances are configured as ACs of VXLANs to match customer traffic.
• If the IPL is an Ethernet aggregate link, each VTEP in the DR system creates a dynamic AC on
the IPP when a site-facing AC is created. The automatically created AC uses the same traffic
match criterion as the site-facing AC and is mapped to the same VSI as the site-facing AC.

21
 When a site-facing AC is down, traffic that a remote device sends to the AC is forwarded to the
other DR member device through the IPL. The other DR member device identifies the VSI of the
traffic and forwards the traffic to the destination.
• If the IPL is a VXLAN tunnel, the site-facing link backup mechanism is as follows:
If a site-facing AC on a DR member device is down, traffic received from a VXLAN tunnel and
destined for the AC will be encapsulated into VXLAN packets. The VXLAN ID belongs to the
VXLAN that is associated with the VSI of the site-facing AC. The DR member device forwards
the VXLAN packets through the IPL VXLAN tunnel to the peer DR member device. The peer
DR member device assigns the traffic to the correct VSI based on the VXLAN ID in the received
packets.

Restrictions and guidelines: EVPN VXLAN

configuration
Before you can configure EVPN, you must perform the following tasks:
• Set the system operating mode to VXLAN by using the switch-mode 1 command. For more
information about setting the system operating mode, see device management in
Fundamentals Configuration Guide.
• Save the configuration.
• Reboot the device.
Make sure the following VXLAN tunnels are not associated with the same VXLAN when they have
the same tunnel destination IP address:
• A VXLAN tunnel automatically created by EVPN.
• A manually created VXLAN tunnel.
For more information about manual tunnel configuration, see VXLAN Configuration Guide.
As a best practice to ensure correct traffic forwarding, configure the same MAC address for all VSI
interfaces on an EVPN gateway.

EVPN VXLAN tasks at a glance

To configure EVPN VXLAN, perform the following tasks:
1. Setting the forwarding mode for VXLANs
2. Configuring a VXLAN on a VSI
a. Creating a VXLAN on a VSI
b. (Optional.) Configuring VSI parameters
3. Configuring an EVPN instance
4. (Optional.) Configuring EVPN multihoming
a. Assigning an ESI to an interface
b. (Optional.) Setting the DF election delay
c. Disabling advertisement of EVPN multihoming routes
5. Configuring BGP to advertise BGP EVPN routes
a. Enabling BGP to advertise BGP EVPN routes
b. (Optional.) Configuring BGP EVPN route settings
c. (Optional.) Maintaining BGP sessions
6. Mapping ACs to a VSI

22
 7. Configuring an EVPN gateway
Choose one of the following tasks:
 Configuring a centralized EVPN gateway
 Configuring a distributed EVPN gateway
8. (Optional.) Managing remote MAC address entries and remote ARP or ND learning
 Disabling remote MAC address learning and remote ARP or ND learning
 Disabling MAC address advertisement
 Enabling MAC mobility event suppression
 Disabling learning of MAC addresses from ARP or ND information
 Disabling ARP information advertisement
 Enabling ARP mobility event suppression
 Enabling ARP request proxy
9. (Optional.) Enabling conversational learning for forwarding entries
To save device hardware resources, host route FIB entries are issued to the hardware only
when the entries are required for packet forwarding.
 Enabling conversational learning for host route FIB entries
 Enabling conversational learning for IPv6 host route FIB entries
10. (Optional.) Configuring BGP EVPN route redistribution and advertisement
 Redistributing MAC/IP advertisement routes into BGP unicast routing tables
 Enabling BGP EVPN route advertisement to the local site
11. (Optional.) Maintaining and optimizing an EVPN network
 Disabling flooding for a VSI
 Enabling ARP or ND flood suppression
12. (Optional.) Configuring EVPN distributed relay
Perform this task to virtualize two VTEPs or EVPN gateways into one DR system to avoid single
points of failure.

Setting the forwarding mode for VXLANs

About this task
The device performs Layer 2 or Layer 3 forwarding for VXLANs depending on your configuration.
• In Layer 3 forwarding mode, the device uses the FIB table to forward traffic.
• In Layer 2 forwarding mode, the device uses the MAC address table to forward traffic.
Use Layer 2 forwarding mode if you use the device as a VTEP. Use Layer 3 forwarding mode if you
use the device as an EVPN gateway.
Restrictions and guidelines
You must delete all VSIs, VSI interfaces, and VXLAN tunnel interfaces before you can change the
forwarding mode. As a best practice, finish VXLAN network planning and determine the VXLAN
forwarding mode of each device before your configuration, and set the VXLAN forwarding mode
before other VXLAN settings.
Procedure
1. Enter system view.
system-view
2. Enable Layer 2 or Layer 3 forwarding for VXLANs.

23
  Enable Layer 2 forwarding.
undo vxlan ip-forwarding
 Enable Layer 3 forwarding.
vxlan ip-forwarding
By default, Layer 3 forwarding is enabled for VXLANs.
For more information about this command, see VXLAN Command Reference.

Configuring a VXLAN on a VSI

Restrictions and guidelines for VXLAN configuration on a VSI
For more information about the VXLAN commands in this task, see VXLAN Command Reference.

Creating a VXLAN on a VSI

1. Enter system view.
system-view
2. Enable L2VPN.
l2vpn enable
By default, L2VPN is disabled.
3. Create a VSI and enter VSI view.
vsi vsi-name
4. Enable the VSI.
undo shutdown
By default, a VSI is enabled.
5. Create a VXLAN and enter VXLAN view.
vxlan vxlan-id
You can create only one VXLAN on a VSI. The VXLAN ID must be unique for each VSI.

Configuring VSI parameters

1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Configure a VSI description.
description text
By default, a VSI does not have a description.
4. Set the MTU for the VSI.
mtu size
The default MTU is 1500 bytes for a VSI.
5. Enable MAC address learning for the VSI.
mac-learning enable
By default, MAC address learning is enabled for a VSI.

24
Configuring an EVPN instance
About this task
If a VXLAN requires only Layer 2 connectivity, you do not need to associate a VPN instance with it.
The BGP EVPN routes advertised by a VTEP carry the RD and route targets configured for the
EVPN instance associated with the VXLAN.
Restrictions and guidelines
You can bind a VSI only to one EVPN instance.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Create an EVPN instance and enter EVPN instance view.
evpn encapsulation vxlan
4. Configure an RD for the EVPN instance.
route-distinguisher { route-distinguisher | auto [ router-id ] }
By default, no RD is configured for an EVPN instance.
5. Configure route targets for the EVPN instance.
vpn-target { vpn-target&<1-8> | auto } * [ both | export-extcommunity |
import-extcommunity ]
By default, an EVPN instance does not have route targets.
Make sure the following requirements are met:
 The import targets of the EVPN instance do not match the export targets of the VPN instance
associated with the VXLAN or the public instance.
 The export targets of the EVPN instance do not match the import targets of the VPN instance
associated with the VXLAN or the public instance.
For more information about VPN instance configuration and public instance configuration, see
"Configuring an L3 VXLAN ID for a VSI interface."

Configuring EVPN multihoming

Restrictions and guidelines for EVPN multihoming
In a multihomed site, AC configuration and VXLAN IDs must be consistent on redundant VTEPs of
the same ES. For each VXLAN ID, you must configure unique RDs for the EVPN instance of VSIs on
the redundant VTEPs. You must configure different RDs for the VPN instances and the public
instance that use the same VXLAN IP gateway.

Assigning an ESI to an interface

About this task
An ESI uniquely identifies an ES. The links on interfaces with the same ESI belong to the same ES.
Traffic of the ES can be distributed among the links for load sharing.

25
Procedure
1. Enter system view.
system-view
2. Enter interface view.
 Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
 Enter Layer 3 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Assign an ESI to the interface.
esi esi-id
By default, no ESI is assigned to an interface.

Setting the DF election delay

About this task
The DF election can be triggered by site-facing interface status changes, redundant VTEP
membership changes, and interface ESI changes. To prevent frequent DF elections from degrading
network performance, set the DF election delay. The DF election delay defines the minimum interval
allowed between two DF elections.
Procedure
1. Enter system view.
system-view
2. Set the DF election delay.
evpn multihoming timer df-delay delay-value
By default, the DF election delay is 3 seconds.

Disabling advertisement of EVPN multihoming routes

About this task
EVPN multihoming routes include Ethernet auto-discovery routes and Ethernet segment routes.
In a multihomed EVPN network, perform this task on a redundant VTEP before you reboot it. This
operation allows other VTEPs to refresh their EVPN routing table to prevent traffic interruption
caused by the reboot.
Restrictions and guidelines
Do not perform this task on VTEPs at a multihomed EVPN VXLAN site if EVPN forwards multicast
traffic based on SMET, IGMP join sync, and IGMP leave sync routes. Violation of this restriction
might cause multicast forwarding errors.
Procedure
1. Enter system view.
system-view

26
 2. Disable advertisement of EVPN multihoming routes and withdraw the EVPN multihoming
routes that have been advertised to remote sites.
evpn multihoming advertise disable
By default, the device advertises EVPN multihoming routes.

Configuring BGP to advertise BGP EVPN routes

Restrictions and guidelines for BGP EVPN route
advertisement
For more information about BGP commands in this task, see Layer 3—IP Routing Command
Reference.

Enabling BGP to advertise BGP EVPN routes

1. Enter system view.
system-view
2. Configure a global router ID.
router id router-id
By default, no global router ID is configured.
3. Enable a BGP instance and enter BGP instance view.
bgp as-number [ instance instance-name ]
By default, BGP is disabled and no BGP instances exist.
4. Specify remote VTEPs as BGP peers.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } as-number as-number
5. Create the BGP EVPN address family and enter BGP EVPN address family view.
address-family l2vpn evpn
6. Enable BGP to exchange BGP EVPN routes with a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } enable
By default, BGP does not exchange BGP EVPN routes with peers.

Configuring BGP EVPN route settings

Configuring BGP EVPN to advertise default routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Advertise a default route to a peer or peer group.

27
 peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } default-route-advertise { ipv4 | ipv6 }
vpn-instance vpn-instance-name
By default, no default route is advertised to any peers or peer groups.
Configuring attributes of BGP EVPN routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Permit the local AS number to appear in routes from a peer or peer group and set the number of
appearances.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed in routes from peers.
5. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise-community
By default, the device does not advertise the COMMUNITY attribute to peers or peer groups.
6. Remove the default-gateway extended community attribute from the EVPN gateway routes
advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } default-gateway no-advertise
By default, EVPN gateway routes advertised to peers and peer groups contain the
default-gateway extended community attribute.
Configuring optimal BGP EVPN route selection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure BGP to prefer routes with an IPv6 next hop during optimal route selection.
bestroute ipv6-nexthop
By default, BGP prefer routes with an IPv4 next hop during optimal route selection.
5. (Optional.) Set the optimal route selection delay timer.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route
selection is not delayed.
Configuring BGP route reflection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]

28
 3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the device as an RR and specify a peer or peer group as its client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } reflect-client
By default, no RR or client is configured.
5. (Optional.) Enable BGP EVPN route reflection between clients.
reflect between-clients
By default, BGP EVPN route reflection between clients is enabled.
6. (Optional.) Configure the cluster ID of the RR.
reflector cluster-id { cluster-id | ipv4-address }
By default, an RR uses its own router ID as the cluster ID.
7. (Optional.) Create a reflection policy for the RR to filter reflected BGP EVPN routes.
rr-filter ext-comm-list-number
By default, an RR does not filter reflected BGP EVPN routes.
8. (Optional.) Enable the RR to change the attributes of routes to be reflected.
reflect change-path-attribute
By default, an RR cannot change the attributes of routes to be reflected.
Filtering BGP EVPN routes
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Apply a routing policy to routes received from or advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } route-policy route-policy-name { export | import }
By default, no routing policies are applied to routes received from or advertised to peers or peer
groups.
5. Enable route target filtering for BGP EVPN routes.
policy vpn-target
By default, route target filtering is enabled for BGP EVPN routes.
Configuring the BGP Additional Paths feature
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Configure the BGP Additional Paths capabilities.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured.

29
 5. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer
group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address
[ prefix-length ] } advertise additional-paths best number
By default, a maximum of one Add-Path optimal route can be advertised to a peer or peer
group.
6. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.
additional-paths select-best best-number
By default, a maximum of one Add-Path optimal route can be advertised to all peers.

Maintaining BGP sessions

Perform the following tasks in user view:
• Reset BGP sessions of the BGP EVPN address family.
reset bgp [ instance instance-name ] { as-number | ipv4-address
[ mask-length ] | ipv6-address [ prefix-length ] | all | external | group
group-name | internal } l2vpn evpn
• Soft-reset BGP sessions of the BGP EVPN address family.
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ]
| ipv6-address [ prefix-length ] | all | external | group group-name |
internal } { export | import } l2vpn evpn

Mapping ACs to a VSI

Mapping a static Ethernet service instance to a VSI
About this task
A static Ethernet service instance matches a list of VLANs on a site-facing interface by using a frame
match criterion. The VTEP assigns traffic from the VLANs to a VXLAN by mapping the Ethernet
service instance to a VSI. The VSI performs Layer 2 forwarding for the VLANs based on its MAC
address table.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Restrictions and guidelines
Link aggregation group membership is mutually exclusive with Ethernet service instance-to-VSI
mappings on a Layer 2 interface. Do not associate a VSI with an Ethernet service instance on a
Layer 2 interface if the interface is in an aggregation group. Do not assign a Layer 2 interface to an
aggregation group if the interface is configured with Ethernet service instances of VSIs.
Ethernet service instance bindings of VSIs are mutually exclusive with QinQ and VLAN mapping on
a Layer 2 Ethernet interface or Layer 2 aggregate interface. Do not configure these features
simultaneously on the same interface. Otherwise, the features cannot take effect.
Do not configure VLAN mapping, QinQ, or MAC-based VLAN on a Layer 2 Ethernet interface or
Layer 2 aggregate interface that acts as the traffic outgoing interface of a VXLAN tunnel. Otherwise,
the features cannot take effect.
For information about the frame match criterion configuration restrictions and guidelines of Ethernet
service instances, see VXLAN Command Reference.
Procedure
1. Enter system view.

30
 system-view
2. Enter interface view.
 Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Create an Ethernet service instance and enter Ethernet service instance view.
service-instance instance-id
4. Choose one option to configure a frame match criterion.
 Match frames with the specified outer VLAN tag.
encapsulation s-vid vlan-id [ only-tagged ]
 Match any VLAN untagged frames.
encapsulation untagged
 Match frames that do not match any other service instance on the interface.
encapsulation default
An interface can contain only one Ethernet service instance that uses the
encapsulation default criterion.
An Ethernet service instance that uses the encapsulation default criterion matches
any frames if it is the only instance on the interface.
By default, an Ethernet service instance does not contain a frame match criterion.
5. Map the Ethernet service instance to a VSI.
xconnect vsi vsi-name [ access-mode vlan ] [ track
track-entry-number&<1-3> ]
By default, an Ethernet service instance is not mapped to any VSI.

Mapping dynamic Ethernet service instances to VSIs

About this task
The 802.1X or MAC authentication feature can use the authorization VSI, the guest VSI, the
Auth-Fail VSI, and the critical VSI to control the access of users to network resources. When
assigning a user to a VSI, 802.1X or MAC authentication sends the VXLAN feature the VSI
information and the user's access information, including access interface, VLAN, and MAC address.
Then the VXLAN feature creates a dynamic Ethernet service instance for the user and maps it to the
VSI. For more information about 802.1X authentication and MAC authentication, see Security
Configuration Guide.
A dynamic Ethernet service instance supports the MAC-based mode, which matches frames by
VLAN ID and source MAC address. To use MAC-based traffic match mode for dynamic Ethernet
service instances, you must enable MAC authentication or 802.1X authentication that uses
MAC-based access control.
Restrictions and guidelines for dynamic Ethernet service instance mappings
Dynamic Ethernet service instances cannot be created on member ports of a Layer 2 aggregation
group.
Configuring the MAC-based traffic match mode
1. Enter system view.
system-view
2. Enter interface view.

31
  Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
 Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Enable MAC-based traffic match mode for dynamic Ethernet service instances on the interface.
mac-based ac
By default, MAC-based traffic match mode is disabled for dynamic Ethernet service instances.
For more information about this command, see VXLAN Command Reference.
4. Enable MAC authentication or 802.1X authentication that uses MAC-based access control.
To use the MAC-based traffic match mode, configure MAC authentication or 802.1X
authentication that uses MAC-based access control and perform one of the following tasks:
 Configure the guest VSI, Auth-Fail VSI, or critical VSI on the 802.1X- or MAC
authentication-enabled interface.
 Issue an authorization VSI to an 802.1X or MAC authentication user from a remote AAA
server.
Then, the device will automatically create a dynamic Ethernet service instance for the 802.1X or
MAC authentication user and map the Ethernet service instance to a VSI.
For more information about configuring 802.1X authentication and MAC authentication, see
Security Configuration Guide.

Configuring a centralized EVPN gateway

Restrictions and guidelines
If an EVPN network contains a centralized EVPN gateway, you must enable ARP or ND flood
suppression on VTEPs. Typically remote ARP or ND learning is disabled in an EVPN network. When
ARP or ND requests for the gateway MAC address are sent to the centralized EVPN gateway
through VXLAN tunnels, the gateway does not respond to the requests. If ARP or ND flood
suppression is disabled on VTEPs, VMs cannot obtain the MAC address of the gateway.
Prerequisites
You must enable Layer 3 forwarding for VXLANs on a centralized EVPN gateway.
Procedure
1. Enter system view.
system-view
2. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id
For more information about this command, see VXLAN Command Reference.
3. Assign an IP address to the VSI interface.
IPv4:
ip address ip-address { mask | mask-length } [ sub ]
IPv6:
See IPv6 basics in Layer 3—IP Services Configuration Guide.
By default, no IP address is assigned to a VSI interface.
4. Return to system view.
quit
5. Enter VSI view.

32
 vsi vsi-name
6. Specify the VSI interface as the gateway interface for the VSI.
gateway vsi-interface vsi-interface-id
By default, no gateway interface is specified for a VSI.
For more information about this command, see VXLAN Command Reference.

Configuring a distributed EVPN gateway

Restrictions and guidelines for distributed EVPN gateway
configuration
Make sure a VSI interface uses the same MAC address to provide service on distributed EVPN
gateways connected to IPv4 sites. Make sure a VSI interface uses different link-local addresses to
provide service on distributed EVPN gateways connected to both IPv4 and IPv6 sites.
As a best practice, do not use ARP flood suppression and local proxy ARP or ND flood suppression
and local ND proxy together on distributed EVPN gateways. If both ARP flood suppression and local
proxy ARP are enabled on a distributed EVPN gateway, only local proxy ARP takes effect. If both ND
flood suppression and local ND proxy are enabled on a distributed EVPN gateway, only local ND
proxy takes effect.
On a distributed EVPN gateway, make sure the VSI interfaces configured with L3 VXLAN IDs use the
same MAC address. To modify the MAC address of a VSI interface, use the mac-address
command.

Prerequisites for distributed EVPN gateway configuration

You must enable Layer 3 forwarding for VXLANs on a distributed EVPN gateway.
For a VXLAN to access the external network, specify the VXLAN's VSI interface on the border
gateway as the next hop on distributed EVPN gateways by using one of the following methods:
• Configure a static route.
• Configure a routing policy, and apply the policy by using the apply default-next-hop or
apply next-hop command. For more information about configuring routing policies, see
routing policy configuration or IPv6 routing policy configuration in Layer 3—IP Routing
Configuration Guide.

Configuring a VSI interface

About this task
To save Layer 3 interface resources on a distributed EVPN gateway, multiple VSIs can share one
VSI interface. You can assign multiple IP addresses to the VSI interface for the VSIs to use as
gateway addresses.
When VSIs share a VSI interface, you must specify the subnet of each VSI for the VSI interface to
identify the VSI of a packet. The subnets must be unique.
Procedure
1. Enter system view.
system-view
2. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id

33
 For more information about this command, see VXLAN Command Reference.
3. Assign an IP address to the VSI interface.
IPv4:
ip address ip-address { mask | mask-length } [ sub ]
IPv6:
See IPv6 basics in Layer 3—IP Services Configuration Guide.
By default, no IP address is assigned to a VSI interface.
4. Assign a MAC address to the VSI interface.
mac-address mac-address
The default MAC address of VSI interfaces is the bridge MAC address + 26.
To ensure correct forwarding after VM migration, you must assign the same MAC address to
the VSI interfaces of a VXLAN on all distributed gateways.
5. Specify the VSI interface as a distributed gateway.
distributed-gateway local
By default, a VSI interface is not a distributed gateway.
For more information about this command, see VXLAN Command Reference.
6. (Optional.) Enable local proxy ARP or local ND proxy.
IPv4:
local-proxy-arp enable [ ip-range startIP to endIP ]
By default, local proxy ARP is disabled.
For more information about the command, see proxy ARP commands in Layer 3—IP Services
Command Reference.
IPv6:
local-proxy-nd enable
By default, local ND proxy is disabled.
For more information about the commands, see IPv6 basic commands Layer 3—IP Services
Command Reference.
7. Return to system view.
quit
8. Enter VSI view.
vsi vsi-name
9. Specify the VSI interface as the gateway interface for the VSI.
gateway vsi-interface vsi-interface-id
By default, no gateway interface is specified for a VSI.
For more information about this command, see VXLAN Command Reference.

Configuring an L3 VXLAN ID for a VSI interface

Configuring an L3 VXLAN ID for the VSI interface of a VPN instance
1. Enter system view.
system-view
2. Configure a VPN instance:
a. Create a VPN instance and enter VPN instance view.
ip vpn-instance vpn-instance-name
b. Configure an RD for the VPN instance.

34
 route-distinguisher route-distinguisher
By default, no RD is configured for a VPN instance.
c. Configure route targets for the VPN instance.
vpn-target { vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, a VPN instance does not have route targets.
d. (Optional.) Apply an export routing policy to the VPN instance.
export route-policy route-policy
By default, no export routing policy is applied to a VPN instance.
e. (Optional.) Apply an import routing policy to the VPN instance.
import route-policy route-policy
By default, no import routing policy is applied to a VPN instance. The VPN instance accepts
a route when the export route targets of the route match local import route targets.
3. Configure EVPN on the VPN instance:
a. Enter VPN instance EVPN view.
address-family evpn
b. Configure route targets for EVPN on the VPN instance.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, EVPN does not have route targets on a VPN instance.
Make sure the following requirements are met:
− The import targets of EVPN do not match the export targets of the VPN instance.
− The export targets of EVPN do not match the import targets of the VPN instance.
c. (Optional.) Apply an export routing policy to EVPN on the VPN instance.
export route-policy route-policy
By default, no export routing policy is applied to EVPN on a VPN instance.
d. (Optional.) Apply an import routing policy to EVPN on the VPN instance.
import route-policy route-policy
By default, no import routing policy is applied to EVPN on a VPN instance. The VPN
instance accepts a route when the route targets of the route match local import route
targets.
4. Execute the following commands in sequence to return to system view.
a. quit
b. quit
5. Create a VSI interface and enter VSI interface view.
interface vsi-interface vsi-interface-id
6. Associate the VSI interface with the VPN instance.
ip binding vpn-instance vpn-instance-name
By default, a VSI interface is not associated with a VPN instance. The interface is on the public
network.
7. Configure an L3 VXLAN ID for the VSI interface.
l3-vni vxlan-id
By default, no L3 VXLAN ID is configured for a VSI interface.

35
 A VPN instance can have only one L3 VXLAN ID. If multiple L3 VXLAN IDs are configured for a
VPN instance, the VPN instance uses the lowest one. To view the L3 VXLAN ID of a VPN
instance, use the display evpn routing-table command.
Configuring an L3 VXLAN ID for the VSI interface of the public instance
1. Enter system view.
system-view
2. Create the public instance and enter its view.
ip public-instance
For more information about this command, see MPLS L3VPN commands in MPLS Command
Reference.
3. Configure an RD for the public instance.
route-distinguisher route-distinguisher
By default, no RD is configured for the public instance.
4. Configure an L3 VXLAN ID for the public instance.
l3-vni vxlan-id
By default, the public instance does not have an L3 VXLAN ID.
The public instance can have only one L3 VXLAN ID. To modify the L3 VXLAN ID for the public
instance, you must first delete the original L3 VXLAN ID.
5. (Optional.) Configure route targets for the public instance.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, the public instance does not have route targets.
6. Enter IPv4 address family view, IPv6 address family view, or EVPN view.
 Enter IPv4 address family view.
address-family ipv4
For more information about this command, see MPLS L3VPN commands in MPLS
Command Reference.
 Enter IPv6 address family view.
address-family ipv6
For more information about this command, see MPLS L3VPN commands in MPLS
Command Reference.
 Enter EVPN view.
address-family evpn
7. Configure route targets for the IPv4 address family, IPv6 address family, or EVPN.
vpn-target vpn-target&<1-8> [ both | export-extcommunity |
import-extcommunity ]
By default, the IPv4 address family, IPv6 address family, and EVPN do not have route targets
on the public instance.
Make sure the following requirements are met:
 The import targets of an EVPN instance do not match the export targets of the public
instance.
 The export targets of an EVPN instance do not match the import targets of the public
instance.
8. Execute the following commands in sequence to return to system view.
a. quit
b. quit

36
 9. Enter VSI interface view.
interface vsi-interface vsi-interface-id
10. Configure an L3 VXLAN ID for the VSI interface.
l3-vni vxlan-id
By default, no L3 VXLAN ID is configured for a VSI interface.
Of the VSI interfaces associated with the public instance, a minimum of one VSI interface must
use the same L3 VXLAN ID as the public instance.

Configuring IP prefix route advertisement

About this task
If IGP routes are imported to the BGP-VPN IPv4 or IPv6 unicast address family and the
corresponding VPN instance has an L3 VXLAN ID, the device advertises the imported routes as IP
prefix advertisement routes.
If IGP routes are imported to the BGP IPv4 or IPv6 unicast address family and the public instance
has an L3 VXLAN ID, the device advertises the imported routes as IP prefix advertisement routes.
A VTEP compares the export route targets of received IP prefix advertisement routes with the import
route targets configured for the IPv4 address family or IPv6 address family on a VPN instance or the
public instance. If the route targets match, the VTEP accepts the routes and adds the routes to the
routing table of the VPN instance or public instance.
Restrictions and guidelines
This feature is supported only by distributed EVPN gateway deployment.
For more information about the BGP commands in this task, see Layer 3—IP Routing Command
Reference.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP address family view.
 Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
 Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
 Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
 Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address
family view.
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
4. Enable BGP to redistribute routes from an IGP protocol.
import-route protocol [ { process-id | all-processes } [ allow-direct |
med med-value | route-policy route-policy-name ] * ]

37
 By default, BGP does not redistribute IGP routes.
5. (Optional.) Enable default route redistribution into the BGP routing table.
default-route imported
By default, default route redistribution into the BGP routing table is disabled.
6. (Optional.) Configure ECMP VPN route redistribution:
a. Return to BGP instance view.
quit
b. Enter BGP EVPN address family view.
address-family l2vpn evpn
c. Enable ECMP VPN route redistribution.
vpn-route cross multipath
By default, ECMP VPN route redistribution is disabled. If multiple routes have the same
prefix and RD, BGP only imports the optimal route into the EVPN routing table.
ECMP VPN route redistribution enables BGP to import all routes that have the same prefix
and RD into the EVPN routing table.

Configuring the EVPN global MAC address

About this task
The EVPN global MAC address is used only by VSI interfaces associated with an L3 VXLAN ID. For
such a VSI interface, the MAC address assigned to it by using the mac-address command takes
precedence over the EVPN global MAC address.
A distributed EVPN gateway selects the lowest-numbered VSI interface that is associated with an L3
VXLAN ID as its router MAC address. In a DR system, distributed EVPN gateways that act as DR
member devices might use different router MAC addresses, which causes forwarding errors. To
resolve this problem, you can configure the same EVPN global MAC address on the gateways.
Procedure
1. Enter system view.
system-view
2. Configure the EVPN global MAC address.
evpn global-mac mac-address
By default, no EVPN global MAC address is configured.

Disabling generation of IP prefix advertisement routes for the

subnets of a VSI interface
About this task
A distributed VXLAN IP gateway by default generates IP prefix advertisement routes for the subnets
of VSI interfaces and advertises these routes to remote VTEPs. The remote VTEPs advertise these
routes to their local sites. To disable advertisement of these routes to remote sites, you can disable
generation of IP prefix advertisement routes for the subnets of VSI interfaces.
Restrictions and guidelines
This feature takes effect only on a VSI interface that provides distributed VXLAN IP gateway service
(configured by using the distributed-gateway local command). It does not take effect on
VSI interfaces that provide centralized VXLAN IP gateway service. The device only generates
MAC/IP advertisement routes for VSI interfaces that provide centralized VXLAN IP gateway service.

38
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Disable generation of IP prefix advertisement routes for the subnets of the VSI interface.
ip-prefix-route generate disable
By default, the device generates IP prefix advertisement routes for the subnets of a VSI
interface that provides distributed VXLAN IP gateway service.

Enabling a distributed EVPN gateway to send RA messages

over VXLAN tunnels
About this task
By default, a distributed EVPN gateway drops the RS messages received from VXLAN tunnels and
periodically advertises RA messages only to the local site. As a result, a distributed EVPN gateway
does not send RA messages over VXLAN tunnels, and remote gateways cannot update information
about the gateway based on RA messages. To resolve the issue, perform this task to enable
distributed EVPN gateways to reply to remote RS messages with RA messages and periodically
advertise RA messages over VXLAN tunnels.
Restrictions and guidelines
You can configure RA message tunneling for VSI interfaces globally or on a per-VSI interface basis.
The global configuration takes effect on all VSI interfaces. The interface-specific configuration takes
precedence over the global configuration on a VSI interface.
Globally enabling VSI interfaces to send RA messages over VXLAN tunnels
1. Enter system view.
system-view
2. Globally enable VSI interfaces to send RA messages over VXLAN tunnels.
ipv6 nd ra tunnel-broadcast global enable
By default, VSI interfaces do not send RA messages over VXLAN tunnels.
Enabling a VSI interface to send RA messages over VXLAN tunnels
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Enable the VSI interface to send RA messages over VXLAN tunnels.
ipv6 nd ra tunnel-broadcast enable
By default, a VSI interface uses the global RA message tunneling configuration.

39
Managing remote MAC address entries and
remote ARP or ND learning
Disabling remote MAC address learning and remote ARP or
ND learning
About this task
By default, the device learns MAC information, ARP information, and ND information of remote user
terminals from packets received on VXLAN tunnel interfaces. The automatically learned remote
MAC, ARP, and ND information might conflict with the remote MAC, ARP, and ND information
advertised through BGP. As a best practice to avoid the conflicts, disable remote MAC address
learning and remote ARP or ND learning on the device.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Procedure
1. Enter system view.
system-view
2. Disable remote MAC address learning.
vxlan tunnel mac-learning disable
By default, remote MAC address learning is enabled.
3. Disable remote ARP learning.
vxlan tunnel arp-learning disable
By default, remote ARP learning is enabled.
4. Disable remote ND learning.
vxlan tunnel nd-learning disable
By default, remote ND learning is enabled.

Disabling MAC address advertisement

About this task
The MAC information and ARP or ND information advertised by the VTEP overlap. To avoid
duplication, disable MAC address advertisement and withdraw the MAC addresses advertised to
remote VTEPs.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable MAC address advertisement and withdraw advertised MAC addresses.
mac-advertising disable
By default, MAC address advertisement is enabled.

40
Enabling MAC mobility event suppression
About this task
On an EVPN VXLAN network, misconfiguration of MAC addresses might cause two sites to contain
the same MAC address. In this condition, VTEPs at the two sites constantly synchronize and update
EVPN MAC entries and determine that MAC mobility events occur. As a result, an inter-site loop
might occur, and the bandwidth is occupied by MAC entry synchronization traffic. To eliminate loops
and suppress those MAC mobility events, enable MAC mobility event suppression on the VTEPs.
This feature allows a MAC address to move at most four times from a site within 180 seconds. If a
MAC address moves more than four times within 180 seconds, the VTEP at the site will suppress the
excess MAC mobility events and will not advertise information about the MAC address.
Restrictions and guidelines
After you execute the undo evpn route mac-mobility suppression command, a VTEP
acts as follows:
• Advertises MAC address entries immediately for the suppressed MAC address entries that
have not aged out.
• Relearns the MAC addresses for the suppressed MAC address entries that have aged out and
advertises the MAC address entries.
If both MAC address entry conflicts and ARP entry conflicts exist for a MAC address, you must
enable both MAC mobility event suppression and ARP mobility event suppression. If you enable only
MAC mobility event suppression, the system cannot suppress MAC mobility events for the MAC
address.
Procedure
1. Enter system view.
system-view
2. Enable MAC mobility event suppression.
evpn route mac-mobility suppression
By default, MAC mobility event suppression is disabled.

Disabling learning of MAC addresses from ARP or ND

information
About this task
The MAC information and ARP or ND information advertised by a remote VTEP overlap. To avoid
duplication, disable the learning of MAC addresses from ARP or ND information. EVPN will learn
remote MAC addresses only from the MAC information advertised from remote sites.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable the EVPN instance from learning MAC addresses from ARP information.
arp mac-learning disable
By default, an EVPN instance learns MAC addresses from ARP information.

41
 5. Disable the EVPN instance from learning MAC addresses from ND information.
nd mac-learning disable
By default, an EVPN instance learns MAC addresses from ND information.

Disabling ARP information advertisement

About this task
In an EVPN network with distributed gateways, you can disable ARP information advertisement for a
VXLAN to save resources if all its user terminals use the same EVPN gateway device. The EVPN
instance of the VXLAN will stop advertising ARP information through MAC/IP advertisement routes
and withdraw advertised ARP information. When ARP information advertisement is disabled, user
terminals in other VXLANs still can communicate with that VXLAN through IP prefix advertisement
routes.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enter VSI EVPN instance view.
evpn encapsulation vxlan
4. Disable ARP information advertisement for the EVPN instance.
arp-advertising disable
By default, ARP information advertisement is enabled for an EVPN instance.

Enabling ARP mobility event suppression

About this task
On an EVPN VXLAN network, misconfiguration of IP addresses might cause two sites to contain the
same IP address. In this condition, VTEPs at the two sites constantly synchronize and update EVPN
ARP entries and determine that ARP mobility events occur. As a result, an inter-site loop might occur,
and the bandwidth is occupied by ARP entry synchronization traffic. To eliminate loops and suppress
those ARP mobility events, enable ARP mobility event suppression on the VTEPs. This feature
allows an IP address to move at most four times from a site within 180 seconds. If an IP address
moves more than four times within 180 seconds, the VTEP at the site will suppress the excess ARP
mobility events and will not advertise ARP information for the IP address.
Restrictions and guidelines
After you execute the undo evpn route arp-mobility suppression command, a VTEP
acts as follows:
• Advertises ARP information immediately for the suppressed ARP entries that have not aged
out.
• Relearns ARP information for the suppressed ARP entries that have aged out and advertises
the ARP information.
ARP mobility event suppression takes effect only on the following EVPN VXLAN networks:
• EVPN VXLAN network enabled with ARP flood suppression.
• EVPN VXLAN network configured with distributed VXLAN IP gateways.
If both MAC address entry conflicts and ARP entry conflicts exist for a MAC address, you must
enable both MAC mobility event suppression and ARP mobility event suppression. If you enable only

42
 MAC mobility event suppression, the system cannot suppress MAC mobility events for the MAC
address.
Procedure
1. Enter system view.
system-view
2. Enable ARP mobility event suppression.
evpn route arp-mobility suppression
By default, ARP mobility event suppression is disabled.

Enabling ARP request proxy

About this task
ARP request proxy allows a VSI interface to send an ARP request sourced from itself when the
VTEP forwards an ARP request. This feature helps resolve certain communication issues.
In an EVPN VXLAN network, VM 1 and VM 2 are attached to VTEP 1 and VTEP 2, respectively, and
the VMs are in the same subnet. The gateway interfaces of VM 1 and VM 2 are VSI-interface 1 on
VTEP 1 and VSI-interface 2 on VTEP 2, respectively. The following conditions exist on the VTEPs:
• The VTEPs have established BGP EVPN neighbor relationships.
• EVPN is disabled from learning MAC addresses from ARP information.
• MAC address advertisement is disabled, and advertised MAC addresses are withdrawn.
• Remote-MAC address learning is disabled.
• Local proxy ARP is enabled on the VSI interfaces.
• The VSI interfaces use different IP addresses and MAC addresses.
In this network, when VM 1 attempts to communicate with VM 2, the following procedure occurs:
1. VM 1 sends an ARP request.
2. VTEP 1 learns the MAC address of VM 1 from the ARP request, replies to VM 1 on behalf of VM
2, and sends an ARP request to obtain the MAC address of VM 2.
3. VTEP 2 forwards the ARP request, and VM 2 replies to VTEP 1.
4. VTEP 2 forwards the ARP reply sent by VM 2 without learning the MAC address of VM 2
because EVPN is disabled from learning MAC addresses from ARP information.
5. VTEP 1 does not learn the MAC address of VM 2 because remote-MAC address learning is
disabled.
As a result, VM 1 fails to communicate with VM 2.
For VM 1 to communicate with VM 2, enable ARP request proxy on VSI-interface 2 of VTEP 2. When
receiving the ARP request sent by VTEP 1, VTEP 2 forwards it and sends an ARP request sourced
from VSI-interface 2 simultaneously, and VM 2 replies to both ARP requests. Then, VTEP 2 learns
the MAC address of VM 2 from the ARP reply destined from VSI-interface 2 and advertises the MAC
address to VTEP 1 through BGP EVPN routes. In this way, VTEP 1 obtains the MAC address of VM
2, and VM 1 and VM 2 can communicate.
Procedure
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface vsi-interface-id
3. Enable ARP request proxy.
arp proxy-send enable

43
 By default, ARP request proxy is disabled on VSI interfaces.

Enabling conversational learning for forwarding

entries
About conversational learning for forwarding entries
Perform the tasks in this section to issue host route FIB entries to the hardware only when the entries
are required for packet forwarding. The on-demand mechanism saves the device hardware
resources.

Restrictions and guidelines for enabling conversational

learning for forwarding entries
Perform the tasks in this section only on an EVPN network.

Enabling conversational learning for host route FIB entries

About this task
By default, the device issues a host route FIB entry to the hardware after the entry is generated. This
feature enables the device to issue a host route FIB entry to the hardware only when the entry is
required for packet forwarding. This feature saves hardware resources on the device.
Restrictions and guidelines
Set an appropriate aging timer for host route FIB entries according to your network. A much longer or
shorter aging timer will degrade the device performance.
• If the aging timer is too long, the device will save many outdated host route FIB entries and fail
to accommodate the most recent network changes. These entries cannot be used for correct
packet forwarding and exhaust FIB resources.
• If the aging timer is too short, the device will delete the valid host route FIB entries that can still
be effective for packet forwarding. As a result, FIB entry flapping will occur, and the device
performance will be affected.
Procedure
1. Enter system view.
system-view
2. Enable conversational learning for host route FIB entries.
ip forwarding-conversational-learning [ aging aging-time ]
By default, conversational learning is disabled for host route FIB entries.

Enabling conversational learning for IPv6 host route FIB

entries
About this task
By default, the device issues an IPv6 host route FIB entry to the hardware after the entry is
generated. This feature enables the device to issue an IPv6 host route FIB entry to the hardware only
when the entry is required for packet forwarding. This feature saves hardware resources on the
device.

44
Restrictions and guidelines
Set an appropriate aging timer for IPv6 host route FIB entries according to your network. A much
longer or shorter aging timer will degrade the device performance.
• If the aging timer is too long, the device will save many outdated IPv6 host route FIB entries and
fail to accommodate the most recent network changes. These entries cannot be used for
correct packet forwarding and exhaust FIB resources.
• If the aging timer is too short, the device will delete the valid IPv6 host route FIB entries that can
still be effective for packet forwarding. As a result, FIB entry flapping will occur, and the device
performance will be affected.
Procedure
1. Enter system view.
system-view
2. Enable conversational learning for IPv6 host route FIB entries.
ipv6 forwarding-conversational-learning [ aging aging-time ]
By default, conversational learning is disabled for IPv6 host route FIB entries.

Configuring BGP EVPN route redistribution and

advertisement
Redistributing MAC/IP advertisement routes into BGP
unicast routing tables
About this task
This task enables the device to redistribute received MAC/IP advertisement routes that contain ARP
or ND information into a BGP unicast routing table.
• If you perform this task for the BGP IPv4 or IPv6 unicast address family, the device will
redistribute the routes into the BGP IPv4 or IPv6 unicast routing table. In addition, the device
will advertise the routes to the local site.
• If you perform this task for the BGP-VPN IPv4 or IPv6 unicast address family, the device will
redistribute the routes into the BGP-VPN IPv4 or IPv6 unicast routing table of the corresponding
VPN instance. To advertise the routes to the local site, you must configure the advertise
l2vpn evpn command.
Procedure (BGP instance view)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 or IPv6 unicast address family view.
address-family { ipv4 | ipv6 }
4. Redistribute MAC/IP advertisement routes that contain ARP or ND information into the BGP
IPv4 or IPv6 unicast routing table.
import evpn mac-ip
By default, MAC/IP advertisement routes that contain ARP or ND information are not
redistributed into the BGP IPv4 or IPv6 unicast routing table.

45
Procedure (BGP-VPN instance view)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 or IPv6 unicast address family view.
address-family { ipv4 | ipv6 }
5. Redistribute MAC/IP advertisement routes that contain ARP or ND information into the
BGP-VPN IPv4 or IPv6 unicast routing table.
import evpn mac-ip
By default, MAC/IP advertisement routes that contain ARP or ND information are not
redistributed into the BGP-VPN IPv4 or IPv6 unicast routing table.

Enabling BGP EVPN route advertisement to the local site

About this task
This feature enables the device to advertise BGP EVPN routes to the local site after the device adds
the routes to the routing table of a VPN instance. The BGP EVPN routes here are IP prefix
advertisement routes and MAC/IP advertisement routes that contain ARP or ND information.
Procedure (IPv4)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
5. Enable BGP EVPN route advertisement to the local site.
advertise l2vpn evpn
By default, BGP EVPN route advertisement to the local site is enabled.
Procedure (IPv6)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
4. Enter BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Enable BGP EVPN route advertisement to the local site.
advertise l2vpn evpn

46
 By default, BGP EVPN route advertisement to the local site is enabled.

Disabling flooding for a VSI

About this task
By default, the VTEP floods broadcast, unknown unicast, and unknown multicast frames received
from the local site to the following interfaces in the frame's VXLAN:
• All site-facing interfaces except for the incoming interface.
• All VXLAN tunnel interfaces.
When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel
interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.
To confine a kind of flood traffic, disable flooding for that kind of flood traffic on the VSI bound to the
VXLAN.
You can use selective flood to exclude a remote MAC address from the remote flood suppression
done by using the flooding disable command. The VTEP will flood the frames destined for the
specified MAC address to remote sites when floods are confined to the local site.
For more information about the VXLAN commands in this task, see VXLAN Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Disable flooding for the VSI.
flooding disable { all | { broadcast | unknown-multicast | unknown-unicast }
* } [ all-direction ]
By default, flooding is enabled for a VSI.
The unknown-multicast or unknown-unicast keyword cannot be used alone. You
must specify both of them.
The all-direction keyword disables flooding traffic received from an AC or VXLAN tunnel
interface to any other ACs and VXLAN tunnel interfaces of the same VSI.
4. (Optional.) Enable selective flood for a MAC address.
selective-flooding mac-address mac-address

Enabling ARP or ND flood suppression

About this task
Use ARP or ND flood suppression to reduce ARP request broadcasts or ND request multicasts.
The aging timer is fixed at 25 minutes for ARP or ND flood suppression entries. If the flooding
disable command is configured, set the MAC aging timer to a higher value than the aging timer for
ARP or ND flood suppression entries on all VTEPs. This setting prevents the traffic blackhole that
occurs when a MAC address entry ages out before its ARP or ND flood suppression entry ages out.
To set the MAC aging timer, use the mac-address timer command.
When remote ARP or ND learning is disabled for VXLANs, the device does not use ARP or ND flood
suppression entries to respond to ARP or ND requests received on VXLAN tunnels.

47
Enabling ARP flood suppression
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enable ARP flood suppression.
arp suppression enable
By default, ARP flood suppression is disabled.
For more information about this command, see VXLAN Command Reference.
Enabling ND flood suppression
1. Enter system view.
system-view
2. Enter VSI view.
vsi vsi-name
3. Enable ND flood suppression.
ipv6 nd suppression enable
By default, ND flood suppression is disabled.
For more information about this command, see VXLAN Command Reference.

Configuring EVPN distributed relay

About this task
EVPN distributed relay virtualizes two VTEPs or EVPN gateways into one DR system to avoid single
points of failure. The VTEPs or EVPN gateways use a virtual VTEP address to establish VXLAN
tunnels to remote devices.
An AC that is attached to only one of the VTEPs in a DR system is called a single-armed AC. To
ensure that the traffic of a single-armed AC is forwarded to its attached VTEP, specify the IP
addresses of the VTEPs in the DR system by using the evpn drni local command. After you
configure this command, each VTEP in a DR system changes the next hop of the routes for
single-armed ACs to its local VTEP IP address when advertising the routes. When a VTEP receives
BGP EVPN routes from the peer VTEP IP address specified by using this command, it does not set
up a VXLAN tunnel to the peer VTEP.
You must execute the evpn drni local command if single-armed ACs are attached to a DR
system that uses an Ethernet aggregate link as the IPL. You do not need to execute this command
on a DR system that uses a VXLAN tunnel as the IPL. In such a DR system, a VTEP uses the source
IP address of the IPL as the next hop of routes for single-armed ACs to ensure correct traffic
forwarding.
Restrictions and guidelines
When you configure EVPN distributed relay, follow these restrictions and guidelines:
• In a DR system, DR member devices must have the same EVPN configuration.
• Do not configure overlapping outer VLAN IDs for Ethernet service instances of different VSIs.
• For a DR member device to re-establish VXLAN tunnels, you must execute the
address-family l2vpn evpn command in BGP instance view after you enable or disable
EVPN distributed relay.
• You cannot specify a secondary IP address of an interface as the virtual VTEP address.

48
 • You must execute the undo mac-address static source-check enable command
on the Layer 2 aggregate interfaces or Layer 2 Ethernet interfaces that act as IPPs and on
transport-facing physical interfaces.
If an Ethernet aggregate link is used as the IPL, follow these restrictions:
• You can configure only the following criteria for Ethernet service instances on DR interfaces:
 encapsulation s-vid { vlan-id | vlan-id-list }
 encapsulation untagged
• As a best practice, do not redistribute external routes on the DR member devices.
Prerequisites
In addition to EVPN distributed relay configuration, you must configure the following settings:
• Configure other DRNI and EVPN settings depending on your network. For information about
DRNI configuration, see Layer 2—LAN Switching Configuration Guide.
• Use the drni mad exclude interface command to exclude all interfaces used by EVPN
from the MAD shutdown action by DRNI. The interfaces include VSI interfaces, interfaces that
provide BGP peer addresses, interfaces used for setting up the keepalive link, and
transport-facing outgoing interfaces of VXLAN tunnels.
• Execute the drni restore-delay command to set the data restoration interval to a value
equal to or larger than 180 seconds.
If you use a VXLAN tunnel as the IPL, you must also complete the following tasks:
• Manually create the VXLAN tunnel interface and configure it as the IPP. An automatically
created VXLAN tunnel cannot be used as an IPL.
• Use the drni mad exclude interface command to exclude VXLAN tunnel interfaces and
their traffic outgoing interfaces from the MAD shutdown action by DRNI before you configure
them as IPPs.
• The source address of the IPL VXLAN tunnel must be the address used by the device to
establish BGP peer relationships with other devices.
• To prioritize transmission of DRNI protocol packets on the IPL, use the tunnel tos command
on the VXLAN tunnel interface to set a high ToS value for tunneled packets.
• Specify the virtual VTEP address and the source address of the IPL VXLAN tunnel as the IP
addresses of different loopback interfaces. Configure a routing protocol to advertise the IP
addresses.
• You must disable spanning tree on the Layer 2 Ethernet interface that acts as the physical traffic
outgoing interface of the IPL VXLAN tunnel. If you enable spanning tree on that interface, the
upstream device will falsely block the interfaces connected to the DR member devices.
• Use the reserved vxlan command to specify a reserved VXLAN to forward DRNI protocol
packets. The DR member devices in a DR system must have the same reserved VXLAN.
Procedure (IPv4)
1. Enter system view.
system-view
2. Enable EVPN distributed relay and specify the virtual VTEP address.
evpn drni group virtual-vtep-ipv4
By default, EVPN distributed relay is disabled.
To modify the virtual VTEP address, you must first delete the original virtual VTEP address.
3. Specify the IP addresses of the VTEPs in the DR system.
evpn drni local local-ipv4-address remote remote-ipv4-address
By default, the IP addresses of the VTEPs in a DR system are not specified.

49
 Make sure the IP address of the local VTEP belongs to a local interface. Make sure the local
VTEP IP address and peer VTEP IP address are reversed on the VTEPs in the DR system.
Procedure (IPv6)
1. Enter system view.
system-view
2. Enable EVPN distributed relay and specify the virtual VTEP address.
evpn drni group virtual-vtep-ipv6
By default, EVPN distributed relay is disabled.
To modify the virtual VTEP address, you must first delete the original virtual VTEP address.
3. Specify the IP addresses of the VTEPs in the DR system.
evpn drni local local-ipv6-address remote remote-ipv6-address
By default, the IP addresses of the VTEPs in a DR system are not specified.
Make sure the IP address of the local VTEP belongs to a local interface. Make sure the local
VTEP IP address and peer VTEP IP address are reversed on the VTEPs in the DR system.

Display and maintenance commands for EVPN

Execute display commands in any view and reset commands in user view.

Task
Display BGP peer group information.
Display BGP EVPN routes.
Display BGP peer or peer group
information.
Display information about BGP update
groups.
Command
display bgp [ instance instance-name ] group
l2vpn evpn [ group-name group-name ]
display bgp [ instance instance-name ] l2vpn
evpn [ peer { ipv4-address | ipv6-address }
{ advertised-routes | received-routes }
[ statistics ] | [ route-distinguisher
route-distinguisher | route-type
{ auto-discovery | es | igmp-ls | igmp-js |
imet | ip-prefix | mac-ip | s-pmsi | smet } ] *
[ { evpn-route route-length | evpn-prefix }
[ advertise-info ] | { ipv4-address |
ipv6-address | mac-address } [ verbose ] ] |
statistics ]
display bgp [ instance instance-name ] peer
l2vpn evpn [ ipv4-address mask-length |
ipv6-address prefix-length | { ipv4-address
| ipv6-address | group-name group-name }
log-info | [ ipv4-address ] verbose ]
display bgp [ instance instance-name ]
update-group l2vpn evpn [ ipv4-address |
ipv6-address ]

Display information about IPv4 peers display evpn auto-discovery { { imet |

that are automatically discovered mac-ip } [ peer ip-address ] [ vsi vsi-name ]
through BGP. | macip-prefix [ nexthop next-hop ] [ count ] }
Display DR-synchronized MAC display evpn drni synchronized-mac [ vsi
address entries. vsi-name ] [ count ]

50
Task
Display EVPN ES information.
Display EVPN instance information.
Display information about IPv6 peers
that are automatically discovered
through BGP.
Display IPv6 EVPN MAC address
entries.
Display EVPN ARP entries.
Display ARP flood suppression entries.
Display EVPN ARP mobility
information.
Display EVPN multicast routes.
Display EVPN MAC address entries.
Display EVPN MAC mobility
information.
Display EVPN ND entries.
Display EVPN ND flood suppression
entries.
Display the routing table for a VPN
instance.
Display site-facing interfaces excluded
from traffic forwarding by split horizon.
NOTE:
For more information about the display bgp group, display bgp peer, and display bgp
update-group commands, see BGP commands in Layer 3—IP Routing Command Reference.
Command
display evpn es { local [ vsi vsi-name ] [ esi
esi-id ] [ verbose ] | remote [ vsi vsi-name ]
[ esi esi-id ] [ nexthop next-hop ] }
display evpn instance [ name instance-name |
vsi vsi-name ] vxlan
display evpn ipv6 auto-discovery { imet
[ peer ipv6-address ] [ vsi vsi-name ] |
mac-ip | macip-prefix [ nexthop next-hop ]
[ count ] }
display evpn ipv6 route mac [ local | remote ]
[ vsi vsi-name ] [ count ]
display evpn route arp [ local | remote ]
[ public-instance | vpn-instance
vpn-instance-name ] [ count ]
display evpn route arp suppression [ local |
remote ] [ vsi vsi-name ] [ count ]
display evpn route arp-mobility
[ public-instance | vpn-instance
vpn-instance-name ] [ ip ip-address ]
display evpn route { igmp-js | igmp-ls |
smet } [ local | remote ] [ vsi vsi-name ]
[ count ]
display evpn route mac [ local | remote ] [ vsi
vsi-name ] [ count ]
display evpn [ ipv6 ] route mac-mobility
[ vsi vsi-name ] [ mac-address mac-address ]
display evpn route nd [ local | remote ]
[ public-instance | vpn-instance
vpn-instance-name ] [ count ]
display evpn route nd suppression [ local |
remote ] [ vsi vsi-name ] [ count ]
display evpn routing-table [ ipv6 ]
{ public-instance | vpn-instance
vpn-instance-name } [ count ]
display l2vpn forwarding evpn split-horizon
tunnel tunnel-number slot slot-number
51
EVPN VXLAN configuration examples
Example: Configuring a centralized EVPN gateway
Network configuration
As shown in Figure 20:
• Configure VXLAN 10 and VXLAN 20 on Switch A, Switch B, and Switch C to provide
connectivity for the VMs in the VXLANs across the network sites.
• Configure Switch C as a centralized IPv4 EVPN gateway to provide gateway services and
access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 20 Network diagram

Loop0
4.4.4.4/32

Switch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24

Vlan-int12
Transport
12.1.1.4/24 VSI-int1
network 10.1.1.1/24
Vlan-int13 VSI-int2
13.1.1.3/24 10.1.2.1/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 Loop0
1.1.1.1/32 12.1.1.2/24 Switch C 3.3.3.3/32
Loop0
Switch A GE1/0/1 Switch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
GE1/0/1 GE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 network
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, and Switch C. This step uses
Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?

52
 [Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify
10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 20. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchA] undo vxlan ip-forwarding
# Disable remote MAC address learning.
[SwitchA] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] arp suppression enable
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit

53
 # On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-GigabitEthernet1/0/1] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchB] undo vxlan ip-forwarding
# Disable remote MAC address learning.
[SwitchB] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] arp suppression enable
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit

54
 # Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# On GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-GigabitEthernet1/0/2] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto

55
 [SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign the interface an IP address. The IP address will be used as
the gateway address for VXLAN 10.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign the interface an IP address. The IP address will be used as
the gateway address for VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.

56
 [SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes for the
gateways and received MAC/IP advertisement routes and IMET routes from Switch A and
Switch B.
[SwitchC] display bgp l2vpn evpn

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 10

Route distinguisher: 1:10

Total number of routes: 7

* >i Network : [2][0][48][0000-1234-0001][32][10.1.1.10]/136

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][0000-1234-0003][0][0.0.0.0]/104

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][0000-1234-0003][32][10.1.1.20]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][0003-0003-0003][32][10.1.1.1]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.1.1.1]/80

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL

57
 MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:20

Total number of routes: 7

* >i Network : [2][0][48][0000-1234-0002][32][10.1.2.10]/136

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][0000-1234-0004][0][0.0.0.0]/104

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][0000-1234-0004][32][10.1.2.20]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][0005-0005-0005][32][10.1.2.1]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.1.1.1]/80

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

58
* >i Network : [3][0][32][2.2.2.2]/80
NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel interfaces are up on Switch C.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 7 bytes/sec, 56 bits/sec, 0 packets/sec
Input: 10 packets, 980 bytes, 0 drops
Output: 85 packets, 6758 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec
Last 300 seconds output rate: 9 bytes/sec, 72 bits/sec, 0 packets/sec
Input: 277 packets, 20306 bytes, 0 drops
Output: 1099 packets, 85962 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch C.
[SwitchC] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description

59
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
# Verify that Switch C has created EVPN ARP entries for the VMs.
[SwitchC] display evpn route arp

60
 Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

Public instance Interface: Vsi-interface1

IP address MAC address Router MAC VSI index Flags
10.1.1.1 0003-0003-0003 - 0 GL
10.1.1.10 0000-1234-0001 - 0 B
10.1.1.20 0000-1234-0003 - 0 B

Public instance Interface: Vsi-interface2

IP address MAC address Router MAC VSI index Flags
10.1.2.1 0005-0005-0005 - 1 GL
10.1.2.10 0000-1234-0002 - 1 B
10.1.2.20 0000-1234-0004 - 1 B
# Verify that Switch C has created FIB entries for the VMs.
[SwitchC] display fib 10.1.1.10
Destination count: 1 FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.10/32 10.1.1.10 UH Vsi1 Null
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another.

Example: Configuring distributed EVPN gateways (IPv4

underlay network)
Network configuration
As shown in Figure 21:
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to provide connectivity for the
VMs in the VXLANs across the network sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

61
 Figure 21 Network diagram
Loop0
4.4.4.4/32

Switch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
network Vlan-int12
VSI-int1
12.1.1.4/24
10.1.1.1/24
VSI-int2 VSI-int1
10.1.2.1/24 10.1.1.1/24 Vlan-int13
VSI-int2 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Switch C 3.3.3.3/32
Loop0
Switch A GE1/0/1 Switch B 2.2.2.2/32 Vlan-int20
20.1.1.3/24
GE1/0/1 GE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 network
M M M M
1 2 3 4

10.1.1.10 10.1.2.10 10.1.1.20 10.1.2.20

Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 10.1.1.1 as the gateway address. On VM 2 and VM 4, specify
10.1.2.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces, as shown in Figure 21. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.

62
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 2 3
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-GigabitEthernet1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4

63
 [SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

64
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# On GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchB-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

65
 [SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

66
 [SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# Import the default route to the BGP IPv4 unicast routing table of VPN instance vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# Associate VLAN-interface 20 with VPN instance vpna.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.

67
 [SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B.
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 14

Route distinguisher: 1:1

Total number of routes: 4

* > Network : [5][0][24][10.1.1.0]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [5][0][24][10.1.2.0]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [5][0][24][10.1.1.0]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [5][0][24][10.1.2.0]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

68
 Route distinguisher: 1:10
Total number of routes: 5

* > Network : [2][0][48][0000-1234-0001][0][0.0.0.0]/104

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][0000-1234-0001][32][10.1.1.10]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][0000-1234-0003][32][10.1.1.20]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][10][32][1.1.1.1]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][10][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:20

Total number of routes: 5

* > Network : [2][0][48][0000-1234-0002][0][0.0.0.0]/104

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][0000-1234-0002][32][10.1.2.10]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

69
* >i Network : [2][0][48][0000-1234-0004][32][10.1.2.20]/136
NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][10][32][1.1.1.1]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][10][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel interfaces are up on Switch A. (This example uses Tunnel 0.)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 9 packets, 882 bytes, 0 drops
Output: 9 packets, 882 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.)
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down

70
 MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv1000 0 Up Manual

VSI Name: vpnb

VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -

71
 MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv2000 0 Up Manual
# Verify that Switch A has created ARP entries for the VMs. (Details not shown.)
# Verify that Switch A has created EVPN ARP entries for the local VMs.
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VPN instance: vpna Interface: Vsi-interface1

IP address MAC address Router MAC VSI Index Flags
10.1.1.1 0001-0001-0001 a0ce-7e40-0400 0 GL
10.1.1.10 0000-1234-0001 a0ce-7e40-0400 0 DL
10.1.2.10 0000-1234-0002 a0ce-7e40-0400 0 DL
10.1.1.20 0000-1234-0003 a0ce-7e40-0400 0 B
10.1.2.20 0000-1234-0004 a0ce-7e40-0400 0 B
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not
shown.)

Example: Configuring distributed EVPN gateways (IPv6

underlay network)
Network configuration
As shown in Figure 22:
• Configure VXLAN 10 and VXLAN 20 on Switch A and Switch B to provide connectivity for the
VMs in the VXLANs across the network sites.
• Configure Switch A and Switch B as distributed EVPN gateways to provide gateway services.
Configure Switch C as a border gateway to provide access to the connected Layer 3 network.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv6 sites. The configuration procedure does not differ
between IPv4 and IPv6 sites.

72
 Figure 22 Network diagram
Loop0
4::4/128

Switch D
Vlan-int11 Vlan-int13
13::4/24 15::4/24
Transport
Vlan-int12
VSI-int1 network
14::4/24
11::1/64
VSI-int2 VSI-int1
12::1/64 11::1/64 Vlan-int13
VSI-int2 15::3/24
Vlan-int11
Loop0 13::1/64 Vlan-int12 12::1/64 Loop0
1::1/128 14::2/24 Switch C 3::3/128
Loop0
Switch A GE1/0/1 Switch B 2::2/128 Vlan-int20
20::1/64
GE1/0/1 GE1/0/2

VLAN 2 VLAN 3 VLAN 2 VLAN 3

V V V V L3 network
M M M M
1 2 3 4

11::7/64 12::7/64 11::8/64 12::8/64

Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, and Switch C, and reboot the
switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 3, specify 11::1 as the gateway address. On VM 2 and VM 4, specify 12::1 as
the gateway address. (Details not shown.)
3. Configure IPv6 addresses and unicast routing settings:
# Assign IPv6 addresses to interfaces, as shown in Figure 22. (Details not shown.)
# Configure OSPFv3 on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.

73
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] router-id 1.1.1.1
[SwitchA-bgp-default] peer 4::4 as-number 200
[SwitchA-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4::4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 2 3
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 3.
[SwitchA-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchA-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-GigabitEthernet1/0/1] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

74
 [SwitchA-vpn-instance-vpna] address-family ipv6
[SwitchA-vpn-ipv6-vpna] vpn-target 2:2
[SwitchA-vpn-ipv6-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ipv6 address 11::1 64
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-nd enable
[SwitchA-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ipv6 address 12::1 64
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-nd enable
[SwitchA-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] ipv6 address auto link-local
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel nd-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna

75
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] router-id 2.2.2.2
[SwitchB-bgp-default] peer 4::4 as-number 200
[SwitchB-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4::4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# On GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 3.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchB-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# Map Ethernet service instance 2000 to VSI vpnb.
[SwitchB-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-GigabitEthernet1/0/2] quit

76
 # Configure RD and route target settings for VPN instance vpna.
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv6
[SwitchB-vpn-ipv6-vpna] vpn-target 2:2
[SwitchB-vpn-ipv6-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ipv6 address 11::1 64
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-nd enable
[SwitchB-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ipv6 address 12::1 64
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-nd enable
[SwitchB-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] ipv6 address auto link-local
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ND learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel nd-learning disable

77
 # Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] router-id 3.3.3.3
[SwitchC-bgp-default] peer 4::4 as-number 200
[SwitchC-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4::4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv6
[SwitchC-vpn-ipv6-vpna] vpn-target 2:2
[SwitchC-vpn-ipv6-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# Associate VSI-interface 3 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] ipv6 address auto link-local
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Configure a default route. The next hop is the IP address of a device in the Layer 3 network.
[SwitchC] ipv6 route-static vpn-instance vpna :: 0 20::100
# Import the default route to the BGP IPv6 unicast routing table of VPN instance vpna.
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv6 unicast
[SwitchC-bgp-default-ipv6-vpna] default-route imported
[SwitchC-bgp-default-ipv6-vpna] import-route static
[SwitchC-bgp-default-ipv6-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# Associate VLAN-interface 20 with VPN instance vpna.
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ipv6 address 20::1 64
[SwitchC-Vlan-interface20] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] router-id 4.4.4.4
[SwitchD-bgp-default] group evpn

78
 [SwitchD-bgp-default] peer 1::1 group evpn
[SwitchD-bgp-default] peer 2::2 group evpn
[SwitchD-bgp-default] peer 3::3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B.
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 14

Route distinguisher: 1:1

Total number of routes: 4

* > Network : [5][0][64][11::0]/176

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [5][0][64][12::0]/176

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [5][0][64][11::0]/176

NextHop : 2::2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0

79
 Path/Ogn: i

* >i Network : [5][0][64][12::0]/176

NextHop : 2::2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:10

Total number of routes: 5

* > Network : [2][0][48][8291-87ab-0206][128][11::7]/232

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][8291-920d-0306][128][11::8]/232

NextHop : 2::2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][10][32][1.1.1.1]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][10][32][2.2.2.2]/80

NextHop : 2::2 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:20

Total number of routes: 5

* > [2][0][48][8291-87ab-0206][128][12::7]/232
NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][8291-920d-0306][128][12::8]/232

NextHop : 2::2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0

80
 Path/Ogn: i

* > [3][10][32][1.1.1.1]/80
NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][10][32][2.2.2.2]/80

NextHop : 2::2 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel interfaces are up on Switch A. (This example uses Tunnel 0.)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1::1, destination 2::2
Tunnel protocol/transport UDP_VXLAN/IPv6
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A. (This example uses VSI-interface 1.)
[SwitchA] display ipv6 interface vsi-interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
Vsi1 UP UP 11::1
Vsi2 UP UP 12::1
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled

81
 MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000

VSI Name: vpna

VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv1000 0 Up Manual

VSI Name: vpnb

VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20

82
 Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv2000 0 Up Manual
# Verify that Switch A has created EVPN ND entries for the local VMs.
[SwitchA] display evpn route nd
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VPN instance: vpna Interface: Vsi-interface1

IPv6 address : 11::1
MAC address : 0001-0001-0001 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : GL

IPv6 address : 11::7

MAC address : 06dc-98ca-0206 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : DL

IPv6 address : 11::8

MAC address : 06dc-a8dd-0506 Router MAC : 06dc-a235-0400
VSI index : 0 Flags : B

VPN instance: vpnb Interface: Vsi-interface2

IPv6 address : 12::1
MAC address : 0002-0002-0002 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : GL

IPv6 address : 12::7

MAC address : 06dc-9ca0-0306 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : DL

IPv6 address : 12::8

MAC address : 06dc-ad91-0606 Router MAC : 06dc-a235-0400
VSI index : 1 Flags : B
2. Verify that VM 1, VM 2, VM 3, and VM 4 can communicate with one another. (Details not
shown.)

Example: Configuring communication between EVPN

networks and the public network
Network configuration
As shown in Figure 23:
• Configure VXLAN 10, VXLAN 20, and VXLAN 30 on Switch A, Switch B, and Switch C to meet
the following requirements:

83
  VXLAN 10 and VXLAN 20 are on the private network, and VXLAN 30 is on the public
network.
 VXLAN 10 can communicate with VXLAN 20 and VXLAN 30, and VXLAN 20 is isolated from
VXLAN 30.
• Configure Switch A, Switch B, and Switch C as distributed EVPN gateways to provide gateway
services for the VXLANs.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

NOTE:
This example provides configuration of IPv4 sites over an IPv4 underlay network. The
configuration procedure does not differ between IPv4 and IPv6 sites or underlay networks.

Figure 23 Network diagram

Loop0
4.4.4.4/32

Switch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
network Vlan-int12
12.1.1.4/24
VSI-int1
VSI-int1
Vlan-int13 10.1.3.1/24
10.1.1.1/24
VSI-int1 13.1.1.3/24
Vlan-int11
Loop0 11.1.1.1/24 Vlan-int12 10.1.2.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Switch C 3.3.3.3/32
Loop0
Switch A GE1/0/1 Switch B 2.2.2.2/32 GE1/0/1

GE1/0/1

VLAN 1 VLAN 2 VLAN 3

V V V
M M M
1 2 3
10.1.1.10 10.1.2.10 10.1.3.10
Server 1 Server 2 Server 2

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, and Switch C. This step uses
Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1, VM 2, and VM 3, specify 10.1.1.1, 10.1.2.1, and 10.1.3.1 as the gateway address,
respectively. (Details not shown.)
3. Configure IP addresses and unicast routing settings:

84
 # Assign IP addresses to interfaces, as shown in Figure 23. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 1.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 1
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 1
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
# Configure RD and route target settings for VPN instance vpna.
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-ipv4-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1

85
 [SwitchA-vpn-evpn-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-evpn-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 2 with VPN instance vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# Create VSI-interface 3 and configure its L3 VXLAN ID as 2000 for matching routes from
Switch B.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] l3-vni 2000
[SwitchA-Vsi-interface3] quit
# Create VSI-interface 4 and configure its L3 VXLAN ID as 3000 for matching routes from
Switch C.
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit

86
[SwitchB-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpnb.
[SwitchB-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnb
[SwitchB-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# Configure RD and route target settings for VPN instance vpnb.
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 2:2
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 2:2
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from
Switch A.
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] qui
# Associate VSI-interface 3 with VPN instance vpnb, and configure the L3 VXLAN ID as 2000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface3] l3-vni 2000

87
 [SwitchB-Vsi-interface3] quit
# Create VSI-interface 4, and configure its L3 VXLAN ID as 3000 for matching routes from
Switch C.
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 3000
[SwitchB-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnb.
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 1
[SwitchB-vsi-vpnb] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpnc, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] evpn encapsulation vxlan
[SwitchC-vsi-vpnc-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnc-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnc-evpn-vxlan] quit
# Create VXLAN 30.
[SwitchC-vsi-vpnc] vxlan 30
[SwitchC-vsi-vpnc-vxlan-30] quit
[SwitchC-vsi-vpnc] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Configure RD, route target, and L3 VXLAN ID settings for the public instance.
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 3:3
[SwitchC-public-instance] l3-vni 3000
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance-ipv4] vpn-target 3:3
[SwitchC-public-instance-ipv4] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-ipv4] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance-evpn]vpn-target 3:3

88
 [SwitchC-public-instance-evpn] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-evpn] quit
[SwitchC-public-instance] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 3.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 3
[SwitchC-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 3
# Map Ethernet service instance 1000 to VSI vpnc.
[SwitchC-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnc
[SwitchC-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-GigabitEthernet1/0/1] quit
# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# Create VSI-interface 2, and configure its L3 VXLAN ID as 1000 for matching routes from
Switch A.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
# Create VSI-interface 3, and configure its L3 VXLAN ID as 2000 for matching routes from
Switch B.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 2000
[SwitchC-Vsi-interface3] quit
# Create VSI-interface 4 for the public instance, and configure the L3 VXLAN ID as 3000 for the
VSI interface.
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] l3-vni 3000
[SwitchC-Vsi-interface4] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpnc.
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] gateway vsi-interface 1
[SwitchC-vsi-vpnc] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0

89
 # Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the distributed EVPN gateway settings on Switch A:
# Verify that Switch A has advertised the IP prefix advertisement routes for the gateways and
the MAC/IP advertisement routes and IMET routes for each VSI. Verify that Switch A has
received the IP prefix advertisement routes for the gateways and the MAC/IP advertisement
routes and IMET routes for each VSI from Switch B and Switch C.
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 9

Route distinguisher: 1:1(vpna)

Total number of routes: 3

* >i Network : [2][0][48][582e-d6b2-0906][32][10.1.2.10]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][9a50-488c-1106][32][10.1.3.10]/136

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [5][0][24][10.1.1.0]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:10

Total number of routes: 2

90
* > Network : [2][0][48][582e-aaec-0806][32][10.1.1.10]/136
NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][1.1.1.1]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:20

Total number of routes: 1

* >i Network : [2][0][48][582e-d6b2-0906][32][10.1.2.10]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:30

Total number of routes: 1

* >i Network : [2][0][48][9a50-488c-1106][32][10.1.3.10]/136

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 2:2

Total number of routes: 1

* >i Network : [5][0][24][10.1.2.0]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 3:3

Total number of routes: 1

* >i Network : [5][0][24][10.1.3.0]/80

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel interfaces are up on Switch A.

91
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 15 packets, 1470 bytes, 0 drops
Output: 15 packets, 1470 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 22 packets, 2156 bytes, 0 drops
Output: 23 packets, 2254 bytes, 0 drops
# Verify that the VSI interfaces are up on Switch A.
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP --
Vsi3 UP UP --
Vsi4 UP UP --
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -

92
 Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 1000

VSI Name: Auto_L3VNI2000_3

VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 2000

VSI Name: Auto_L3VNI3000_4

VSI Index : 3
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 4
VXLAN ID : 3000

VSI Name: vpna

VSI Index : 0

93
 VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
ACs:
AC Link ID State Type
GE1/0/1 srv1000 0 Up Manual
# Verify that Switch A has created ARP entries for the VMs. (Details not shown.)
2. Verify that VM 1 can communicate with VM 2 and VM 3, and VM 2 cannot communicate with
VM 3. (Details not shown.)

Example: Configuring IPv4 EVPN distributed relay using an

Ethernet aggregate link as the IPL
Network configuration
As shown in Figure 24, perform the following tasks to make sure the VMs can communicate with one
another:
• Configure VXLAN 10 on Switch A and Switch B, and configure VXLAN 20 on Switch D.
• Configure EVPN distributed relay on Switch A and Switch B to virtualize them into one VTEP.
The switches use an Ethernet aggregate link as the IPL.
• Configure Switch C as a centralized EVPN gateway and RR.

94
 Figure 24 Network diagram

Loop0
VSI-int1
3.3.3.3/32
10.1.1.1/24
VSI-int2
Switch C 10.1.2.1/24

Vlan-int11 Vlan-int13
11.1.1.3/24 13.1.1.3/24

Vlan-int12
12.1.1.3/24

GE1/0/5
1.

32
GE1/0/5
Lo .1/3

2. 0
1.

2. oop
2/
Vlan-int11
op 2
1

Vlan-int12 Vlan-int13

2.
0

L
11.1.1.1/24 13.1.1.4/24
12.1.1.2/24
Switch A
GE1/0/3 IPL GE1/0/3
Loop1 Loop1 Loop0
1.2.3.4/32 GE1/0/4 GE1/0/4 1.2.3.4/32 4.4.4.4/32
60.1.1.1 60.1.1.2 Switch B GE1/0/1
GE1/0/1 Switch D
GE1/0/2 GE1/0/1 GE1/0/2

V V V
M M M
1 2 3

10.1.1.10 10.1.1.20 10.1.2.40

Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, Switch C, and Switch D, and
reboot the switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. On VM 3, specify 10.1.2.1 as the
gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces (including loopback interfaces), as shown in Figure 24.
(Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchA] undo vxlan ip-forwarding

95
# Enable EVPN distributed relay, and specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn drni group 1.2.3.4
# Configure DR system parameters.
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1
[SwitchA] drni restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# Assign GigabitEthernet 1/0/3 to link aggregation group 3.
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-GigabitEthernet1/0/3] quit
# Specify Bridge-Aggregation 3 as the IPP.
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchA-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# Assign GigabitEthernet 1/0/1 to link aggregation group 4.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-GigabitEthernet1/0/1] quit
# Assign Bridge-Aggregation 4 to DR group 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# Assign GigabitEthernet 1/0/2 to link aggregation group 5.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-GigabitEthernet1/0/2] quit
# Assign Bridge-Aggregation 5 to DR group 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# Exclude interfaces from the shutdown action by DRNI MAD.
[SwitchA] drni mad exclude interface loopback 0
[SwitchA] drni mad exclude interface gigabitethernet 1/0/4

96
 [SwitchA] drni mad exclude interface gigabitethernet 1/0/5
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk
[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port link-type trunk
[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchB] undo vxlan ip-forwarding
# Enable EVPN distributed relay, and specify the virtual VTEP address as 1.2.3.4.
[SwitchB] evpn drni group 1.2.3.4

97
# Configure DR system parameters.
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni keepalive ip destination 60.1.1.1 source 60.1.1.2
[SwitchB] drni restore-delay 180
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# Assign GigabitEthernet 1/0/3 to aggregation group 3.
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-GigabitEthernet1/0/3] quit
# Specify Bridge-Aggregation 3 as the IPP.
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchB-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# Assign GigabitEthernet 1/0/1 to aggregation group 4.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-GigabitEthernet1/0/1] quit
# Assign Bridge-Aggregation 4 to DR group 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# Assign GigabitEthernet 1/0/2 to aggregation group 5.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-GigabitEthernet1/0/2] quit
# Assign Bridge-Aggregation 5 to DR group 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# Exclude interfaces from the shutdown action by DRNI MAD.
[SwitchB] drni mad exclude interface loopback 0
[SwitchB] drni mad exclude interface gigabitethernet 1/0/4
[SwitchB] drni mad exclude interface gigabitethernet 1/0/5

98
 # Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port link-type trunk
[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port link-type trunk
[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan

99
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign it an IP address. The IP address is the gateway address of
VXLAN 10.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign it an IP address. The IP address is the gateway address of
VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb

100
 [SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchD] undo vxlan ip-forwarding
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 4.
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 4
[SwitchD-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-GigabitEthernet1/0/1] encapsulation s-vid 4
# Map Ethernet service instance 1000 to VSI vpnb.
[SwitchD-GigabitEthernet1/0/1] xconnect vsi vpnb
[SwitchD-GigabitEthernet1/0/1] quit

Verifying the configuration

1. Verify the centralized EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes of the
gateway to other devices. Verify that Switch C has received MAC/IP advertisement routes and
IMET routes from Switch A, Switch B, and Switch D.
[SwitchC] display bgp l2vpn evpn

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external

101
 a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 5

Route distinguisher: 1:100

Total number of routes: 5

* > Network : [2][0][48][0800-2700-400e][0][0.0.0.0]/104

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* i Network : [2][0][48][0800-2700-400e][0][0.0.0.0]/104
NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel to Switch A and Switch B is up, and the tunnel destination
address is the virtual VTEP address.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.2.3.4

102
 Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 4 bytes/sec, 32 bits/sec, 0 packets/sec
Input: 2 packets, 340 bytes, 0 drops
Output: 16 packets, 2793 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
2. Verify the distributed relay settings on Switch A:

103
# Verify that Switch A has BGP EVPN routes.
[SwitchA] display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 5

Route distinguisher: 1:100

Total number of routes: 5

* > Network : [2][0][48][0800-2700-400e][0][0.0.0.0]/104

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][0][48][46b2-aea0-0101][0][0.0.0.0]/104

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][0][48][ac1e-24e3-0201][0][0.0.0.0]/104

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][3.3.3.3]/80

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel to Switch C is up, and the tunnel source address is the virtual
VTEP address.
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP

104
 Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 1 bytes/sec, 8 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 33 packets, 6121 bytes, 0 drops
# Verify that ACs are automatically created on the IPL and assigned to VSIs.
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (DRNI)
BAGG5 srv1000 2 Up Manual
BAGG3 srv3 3 Up Dynamic (DRNI)
3. Verify network connectivity for the VMs:
# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are
operating correctly. (Details not shown.)
# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the
local site are disconnected. (Details not shown.)

105
Example: Configuring IPv4 EVPN distributed relay using a
VXLAN tunnel as the IPL
Network configuration
As shown in Figure 25, perform the following tasks to make sure the VMs can communicate with one
another:
• Configure VXLAN 10 on Switch A, Switch B, and Switch C, and configure VXLAN 20 on Switch
C and Switch D.
• Configure EVPN distributed relay on Switch A and Switch B to virtualize them into one VTEP.
The switches use a VXLAN tunnel as the IPL.
• Configure Switch C as a centralized EVPN gateway and RR.
Figure 25 Network diagram

Loop0
VSI-int1
3.3.3.3/32
10.1.1.1/24
VSI-int2
Switch C 10.1.2.1/24

Vlan-int11 Vlan-int13
11.1.1.3/24 13.1.1.3/24

Vlan-int12
12.1.1.3/24
1.

GE1/0/4 GE1/0/4 32
Lo .1/3

2. 0
1.

2. oop
2/
op 2
1

Vlan-int11 Vlan-int12 Vlan-int13

2.
0

11.1.1.1/24 IPL 12.1.1.2/24 13.1.1.4/24

Switch A Switch B
VXLAN tunnel Loop1 Loop0
Loop1
1.2.3.4/32 1.2.3.4/32 4.4.4.4/32

GE1/0/2 GE1/0/1 Switch D

GE1/0/1 GE1/0/2 GE1/0/1

V V V
M M M
1 2 3

10.1.1.10 10.1.1.20 10.1.2.40

Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN on Switch A, Switch B, Switch C, and Switch D, and
reboot the switches. This step uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y

106
2. On VM 1 and VM 2, specify 10.1.1.1 as the gateway address. On VM 3, specify 10.1.2.1 as the
gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to interfaces (including loopback interfaces), as shown in Figure 25.
(Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchA] undo vxlan ip-forwarding
# Enable EVPN distributed relay, and specify the virtual VTEP address as 1.2.3.4.
[SwitchA] evpn drni group 1.2.3.4
# Specify the reserved VXLAN as VXLAN 1234.
[SwitchA] reserved vxlan 1234
# Configure DR system parameters.
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni keepalive ip destination 12.1.1.2 source 11.1.1.1
[SwitchA] drni restore-delay 180
# Exclude interfaces from the shutdown action by DRNI MAD.
[SwitchA] drni mad exclude interface loopback 0
[SwitchA] drni mad exclude interface gigabitethernet 1/0/4
# Create a tunnel to Switch B and set the ToS of tunneled packets to 100.
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] tunnel tos 100
[SwitchA-Tunnel1] quit
# Exclude Tunnel 1 from the shutdown action by DRNI MAD.
[SwitchA] drni mad exclude interface tunnel 1
# Specify Tunnel 1 as the IPP.
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] port drni intra-portal-port 1
[SwitchA-Tunnel1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# Assign GigabitEthernet 1/0/1 to link aggregation group 4.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-GigabitEthernet1/0/1] quit
# Assign Bridge-Aggregation 4 to DR group 4.

107
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# Assign GigabitEthernet 1/0/2 to link aggregation group 5.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-GigabitEthernet1/0/2] quit
# Assign Bridge-Aggregation 5 to DR group 5.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk
[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port link-type trunk
[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3

108
 [SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchB] undo vxlan ip-forwarding
# Enable EVPN distributed relay, and specify the virtual VTEP address as 1.2.3.4.
[SwitchB] evpn drni group 1.2.3.4
# Specify the reserved VXLAN as VXLAN 1234.
[SwitchB] reserved vxlan 1234
# Configure DR system parameters.
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni keepalive ip destination 11.1.1.1 source 12.1.1.2
[SwitchB] drni restore-delay 180
# Exclude interfaces from the shutdown action by DRNI MAD.
[SwitchB] drni mad exclude interface loopback 0
[SwitchB] drni mad exclude interface gigabitethernet 1/0/4
# Create a tunnel to Switch A and set the ToS of tunneled packets to 100.
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] tunnel tos 100
[SwitchB-Tunnel1] quit
# Exclude Tunnel 1 from the shutdown action by DRNI MAD.
[SwitchB] drni mad exclude interface tunnel 1
# Specify Tunnel 1 as the IPP.
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] port drni intra-portal-port 1
[SwitchB-Tunnel1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# Assign GigabitEthernet 1/0/1 to aggregation group 4.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-GigabitEthernet1/0/1] quit
# Assign Bridge-Aggregation 4 to DR group 4.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4

109
[SwitchB-Bridge-Aggregation4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# Assign GigabitEthernet 1/0/2 to aggregation group 5.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-GigabitEthernet1/0/2] quit
# Assign Bridge-Aggregation 5 to DR group 5.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# On Bridge-Aggregation 4, create Ethernet service instance 1000 to match VLAN 2.
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port link-type trunk
[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# On Bridge-Aggregation 5, create Ethernet service instance 1000 to match VLAN 3.
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port link-type trunk
[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3

110
 # Map Ethernet service instance 1000 to VSI vpna.
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning.
[SwitchC] vxlan tunnel mac-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes, and configure Switch C as an RR.
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Create VSI-interface 1 and assign it an IP address. The IP address is the gateway address of
VXLAN 10.
[SwitchC] interface vsi-interface 1

111
 [SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Create VSI-interface 2 and assign it an IP address. The IP address is the gateway address of
VXLAN 20.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Enable L2VPN.
<SwitchD> system-view
[SwitchD] l2vpn enable
# Enable Layer 2 forwarding for VXLANs.
[SwitchD] undo vxlan ip-forwarding
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 4.
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-GigabitEthernet1/0/1] port trunk permit vlan 4
[SwitchD-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-GigabitEthernet1/0/1] encapsulation s-vid 4
# Map Ethernet service instance 1000 to VSI vpnb.

112
 [SwitchD-GigabitEthernet1/0/1] xconnect vsi vpnb
[SwitchD-GigabitEthernet1/0/1] quit

Verifying the configuration

1. Verify the centralized EVPN gateway settings on Switch C:
# Verify that Switch C has advertised MAC/IP advertisement routes and IMET routes of the
gateway to other devices. Verify that Switch C has received MAC/IP advertisement routes and
IMET routes from Switch A, Switch B, and Switch D.
[SwitchC] display bgp l2vpn evpn

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 5

Route distinguisher: 1:10

Total number of routes: 6

* > [2][0][48][7e9a-48e9-0100][32][10.1.1.1]/136
NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* i Network : [3][0][32][1.1.1.1]/80
NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* i Network : [3][0][32][1.2.3.4]/80
NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0

113
 Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1:20

Total number of routes: 3

* > Network : [2][0][48][7e9a-48e9-0100][32][10.1.2.1]/136

NextHop : 0.0.0.0 LocPrf : 100

PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][4.4.4.4]/80

NextHop : 4.4.4.4 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnels to Switch A and Switch B are up, and the device has
established a VXLAN tunnel to Switch A and Switch B with the destination address as the virtual
VTEP address.
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops

114
Output: 2 packets, 84 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 2 packets, 84 bytes, 0 drops

Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 1 packets, 42 bytes, 0 drops

Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0

115
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 1 packets, 42 bytes, 0 drops
# Verify that the VXLAN tunnels have been assigned to the VXLANs, and that the VSI interfaces
are the gateway interfaces of their respective VXLANs.
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled

VSI Name: vpnb

VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:

116
 Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
2. Verify the distributed relay settings on Switch A:
# Verify that Switch A has BGP EVPN routes.
[SwitchA] display bgp l2vpn evpn

BGP local router ID is 1.2.3.4

Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 3

Route distinguisher: 1:10

Total number of routes: 5

* >i Network : [2][0][48][7e9a-48e9-0100][32][10.1.1.1]/136

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][1.1.1.1]/80

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][1.2.3.4]/80

NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][3.3.3.3]/80

NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# Verify that the VXLAN tunnel to Switch C is up, and the tunnel source address is the virtual
VTEP address.

117
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops

Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 12 bytes/sec, 96 bits/sec, 0 packets/sec
Last 300 seconds output rate: 12 bytes/sec, 96 bits/sec, 0 packets/sec
Input: 239 packets, 25558 bytes, 0 drops
Output: 1241 packets, 109811 bytes, 0 drops
# Verify that ACs are automatically created on the IPL and assigned to VSIs.
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -

118
 MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Down Manual
BAGG5 srv1000 1 Down Manual
3. Verify network connectivity for the VMs:
# Verify that VM 1, VM 2, and VM 3 can communicate when both Switch A and Switch B are
operating correctly. (Details not shown.)
# Verify that VM 1, VM 2, and VM 3 can communicate when Switch A's or Switch B's links to the
local site are disconnected. (Details not shown.)

Example: Configuring IPv4 EVPN multihoming

Network configuration
As shown in Figure 26:
• Configure VXLANs as follows:
 Configure VXLAN 10 on Switch A, Switch B, and Switch C. Configure Switch A and Switch B
as redundant VTEPs for Server 2, and configure Switch B and Switch C as redundant
VTEPs for Server 3.
 Configure VXLAN 20 on Switch C.
• Configure Switch A, Switch B, and Switch C as distributed EVPN gateways.
• Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.

119
 Figure 26 Network diagram
Loop0
4.4.4.4/32

Switch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
network Vlan-int12
12.1.1.4/24 VSI-int1
10.1.1.1/24
VSI-int1
Vlan-int13 VSI-int2
10.1.1.1/24
13.1.1.3/24 20.1.1.1/24
Vlan-int11 VSI-int1
Loop0 11.1.1.1/24 Vlan-int12 10.1.1.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Switch C 3.3.3.3/32
Loop0
Switch A GE1/0/2 Switch B 2.2.2.2/32 GE1/0/1 GE1/0/2
GE1/0/1 GE1/0/1 GE1/0/2
ES1 ES2

VLAN 2 VLAN 2 VLAN 2 VLAN 2

V V V V
M M M M
1 2 3 4

10.1.1.10 10.1.1.20 10.1.1.30 20.1.1.10

Server 1 Server 2 Server 3 Server 4

Procedure
1. Set the system operating mode to VXLAN mode on Switch A, Switch B, and Switch C. This step
uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1, VM 2, and VM 3, specify 10.1.1.1 as the gateway address. On VM 4, specify 20.1.1.1
as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to the interfaces, as shown in Figure 26. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

120
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
[SwitchA-GigabitEthernet1/0/1] quit
# Assign an ESI to GigabitEthernet 1/0/2.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchA-GigabitEthernet1/0/2] esi 0.0.0.0.1
# On GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 2.
[SwitchA-GigabitEthernet1/0/2] service-instance 2000
[SwitchA-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/2-srv2000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/2-srv2000] quit
[SwitchA-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn

121
 [SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Assign an ESI to GigabitEthernet 1/0/1.

122
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] esi 0.0.0.0.1
# On GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 2.
[SwitchB-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/1-srv2000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv2000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# Assign an ESI to GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/2] esi 0.0.0.0.2
# On GigabitEthernet 1/0/2, create Ethernet service instance 3000 to match VLAN 2.
[SwitchB-GigabitEthernet1/0/2] service-instance 3000
[SwitchB-GigabitEthernet1/0/2-srv3000] encapsulation s-vid 2
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/2-srv3000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/2-srv3000] quit
[SwitchB-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.

123
 [SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Create an EVPN instance on VSI vpnb, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# Create VXLAN 20.
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Assign an ESI to GigabitEthernet 1/0/1.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchC-GigabitEthernet1/0/1] esi 0.0.0.0.2
# On GigabitEthernet 1/0/1, create Ethernet service instance 3000 to match VLAN 2.
[SwitchC-GigabitEthernet1/0/1] service-instance 3000
[SwitchC-GigabitEthernet1/0/1-srv3000] encapsulation s-vid 2

124
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchC-GigabitEthernet1/0/1-srv3000] xconnect vsi vpna
[SwitchC-GigabitEthernet1/0/1-srv3000] quit
[SwitchC-GigabitEthernet1/0/1] quit
# On GigabitEthernet 1/0/2, create Ethernet service instance 4000 to match VLAN 3.
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchC-GigabitEthernet1/0/2] service-instance 4000
[SwitchC-GigabitEthernet1/0/2-srv4000] encapsulation s-vid 3
# Map Ethernet service instance 4000 to VSI vpnb.
[SwitchC-GigabitEthernet1/0/2-srv4000] xconnect vsi vpnb
[SwitchC-GigabitEthernet1/0/2-srv4000] quit
[SwitchC-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# Configure VSI-interface 2.
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] distributed-gateway local
[SwitchC-Vsi-interface2] local-proxy-arp enable
[SwitchC-Vsi-interface2] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna

125
 [SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Specify VSI-interface 2 as the gateway interface for VSI vpnb.
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. Verify the EVPN multihoming configuration on Switch C.
# Verify that Switch C has advertised and received the following BGP EVPN routes:
 IP prefix advertisement routes for the gateways.
 IMET routes for VSIs.
 MAC/IP advertisement routes.
 Ethernet auto-discovery routes and Ethernet segment routes.
<SwitchC> display bgp l2vpn evpn

BGP local router ID is 3.3.3.3

Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 17

Route distinguisher: 1:1

Total number of routes: 1

* >i Network : [5][0][24][10.1.1.0]/80

NextHop : 1.1.1.1 LocPrf : 100

126
 PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 2:2

Total number of routes: 1

* >i Network : [5][0][24][10.1.1.0]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 3:3(l3vpna)

Total number of routes: 10

* >i Network : [1][0000.0000.0000.0000.0001][2]/120

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* i Network : [1][0000.0000.0000.0000.0001][2]/120
NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0001][4294967295]/120

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* i Network : [1][0000.0000.0000.0000.0001][4294967295]/120
NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0002][2]/120

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0002][4294967295]/120

NextHop : 2.2.2.2 LocPrf : 100

127
 PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0010][32][10.1.1.10]/136

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0020][32][10.1.1.20]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [5][0][24][10.1.1.0]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [5][0][24][20.1.1.0]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1.1.1.1:0

Total number of routes: 1

* >i Network : [4][0000.0000.0000.0000.0001][32][1.1.1.1]/128

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 1.1.1.1:1

Total number of routes: 5

* >i Network : [1][0000.0000.0000.0000.0001][2]/120

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0001][4294967295]/120

NextHop : 1.1.1.1 LocPrf : 100

128
 PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0010][0][0.0.0.0]/104

NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0010][32][10.1.1.10]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][1.1.1.1]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 2.2.2.2:0

Total number of routes: 2

* >i Network : [4][0000.0000.0000.0000.0001][32][2.2.2.2]/128

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [4][0000.0000.0000.0000.0002][32][2.2.2.2]/128

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 2.2.2.2:1

Total number of routes: 7

* >i Network : [1][0000.0000.0000.0000.0001][2]/120

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0001][4294967295]/120

NextHop : 2.2.2.2 LocPrf : 100

129
 PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0002][2]/120

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [1][0000.0000.0000.0000.0002][4294967295]/120

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0020][0][0.0.0.0]/104

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [2][2][48][0001-0001-0020][32][10.1.1.20]/136

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

* >i Network : [3][0][32][2.2.2.2]/80

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 3.3.3.3:0

Total number of routes: 1

* > Network : [4][0000.0000.0000.0000.0002][32][3.3.3.3]/128

NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 3.3.3.3:1

Total number of routes: 5

* > Network : [1][0000.0000.0000.0000.0002][2]/120

NextHop : 0.0.0.0 LocPrf : 100

130
 PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [1][0000.0000.0000.0000.0002][4294967295]/120

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][2][48][0001-0001-0030][0][0.0.0.0]/104

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][2][48][0001-0001-0030][32][10.1.1.30]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

Route distinguisher: 3.3.3.3:2

Total number of routes: 3

* > Network : [2][2][48][0002-0001-0010][0][0.0.0.0]/104

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [2][2][48][0002-0001-0010][32][20.1.1.10]/136

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

* > Network : [3][0][32][3.3.3.3]/80

NextHop : 0.0.0.0 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i

131
# Verify that Switch C has ECMP routes to VM 2.
<SwitchC> display evpn routing-table vpn-instance l3vpna
Flags: E - with valid ESI A - AD ready L - Local ES exists

VPN instance:l3vpna Local L3VNI:1000

IP address Next hop Outgoing interface NibID Flags
10.1.1.10 1.1.1.1 Vsi-interface3 0x18000001 -
10.1.1.20 2.2.2.2 Vsi-interface3 0x18000000 EA
1.1.1.1 Vsi-interface3 0x18000001 EA
# Verify that Switch C has equal-cost L2VPN MAC address entries for VM 2.
<SwitchC> display l2vpn mac-address
MAC Address : 0001-0001-0010
VSI Name : vpna
State : EVPN
Link ID/Name Aging
Tunnel0 NotAging

MAC Address : 0001-0001-0020

VSI Name : vpna
State : EVPN
Link ID/Name Aging
Tunnel0 NotAging
Tunnel1 NotAging

MAC Address : 0001-0001-0030

VSI Name : vpna
State : Dynamic
Link ID/Name Aging
GE1/0/1 NotAging

MAC Address : 0002-0001-0010

VSI Name : vpnb
State : Dynamic
Link ID/Name Aging
GE1/0/2 NotAging
--- 4 mac address(es) found ---
# Verify that Switch C has EVPN MAC address entries for VM 2.
<SwitchC> display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid

VSI name: vpna

EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0001-0001-0030 0 DL VXLAN -
0001-0001-0010 Tunnel0 B VXLAN 1.1.1.1
0001-0001-0020 Tunnel0 B VXLAN 1.1.1.1
Tunnel1 B VXLAN 2.2.2.2

132
 VSI name: vpnb
EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0002-0001-0010 0 DL VXLAN -
# Verify that Switch C has information about local and remote ESs.
<SwitchC> display evpn es local
Redundancy mode: A - All active, S - Single active

VSI name : vpna

EVPN instance: -
ESI Tag ID DF address Mode State ESI label
0000.0000.0000.0000.0002 - 2.2.2.2 A Up -
<SwitchC> display evpn es remote
Control Flags: P – Primary, B – Backup, C - Control word
VSI name : vpna
EVPN instance: -
ESI : 0000.0000.0000.0000.0001
A-D per ES routes :
Peer IP Remote Redundancy mode
1.1.1.1 All active
2.2.2.2 All active
A-D per EVI routes :
Tag ID Peer IP
- 1.1.1.1
- 2.2.2.2

ESI : 0000.0000.0000.0000.0002
Ethernet segment routes :
2.2.2.2
A-D per ES routes :
Peer IP Remote Redundancy mode
2.2.2.2 All active
A-D per EVI routes :
Tag ID Peer IP
- 2.2.2.2
2. Verify that the VMs can communicate with one another. (Details not shown.)

Example: Configuring EVPN multicast

Network configuration
As shown in Figure 27:
• Enable multicast on Switch A, Switch B, and Switch C.
• Configure VXLAN 10 on Switch A, Switch B, and Switch C. Configure Switch A and Switch B as
redundant VTEPs for Server 2, and configure Switch B and Switch C as redundant VTEPs for
Server 3.
• Configure Switch A, Switch B, and Switch C as distributed EVPN gateways.

133
 • Configure Switch D as an RR to reflect BGP EVPN routes between Switch A, Switch B, and
Switch C.
Figure 27 Network diagram
Loop0
4.4.4.4/32

Switch D
Vlan-int11 Vlan-int13
11.1.1.4/24 13.1.1.4/24
Transport
Vlan-int12
network
12.1.1.4/24 VSI-int1
10.1.1.1/24
VSI-int1
Vlan-int13 VSI-int2
10.1.1.1/24
13.1.1.3/24 20.1.1.1/24
Vlan-int11 VSI-int1
Loop0 11.1.1.1/24 Vlan-int12 10.1.1.1/24 Loop0
1.1.1.1/32 12.1.1.2/24 Switch C 3.3.3.3/32
Loop0
Switch A GE1/0/2 Switch B 2.2.2.2/32 GE1/0/1
GE1/0/1 GE1/0/1 GE1/0/2

ES1 ES2

VLAN 2 VLAN 2 VLAN 2

V V V
M M M
1 2 3
10.1.1.10 10.1.1.20 10.1.1.30
Server 1 Server 2 Server 3

Procedure
1. Set the system operating mode to VXLAN mode on Switch A, Switch B, and Switch C. This step
uses Switch A as an example.
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
2. On VM 1, VM 2, and VM 3, specify 10.1.1.1 as the gateway address. (Details not shown.)
3. Configure IP addresses and unicast routing settings:
# Assign IP addresses to the interfaces, as shown in Figure 27. (Details not shown.)
# Configure OSPF on all transport network switches (Switches A through D) for them to reach
one another. (Details not shown.)
4. Configure Switch A:
# Enable L2VPN.
<SwitchA> system-view
[SwitchA] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable

134
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# On GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# Map Ethernet service instance 1000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
[SwitchA-GigabitEthernet1/0/1] quit
# Assign an ESI to GigabitEthernet 1/0/2.
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchA-GigabitEthernet1/0/2] esi 0.0.0.0.1
# On GigabitEthernet 1/0/2, create Ethernet service instance 2000 to match VLAN 2.
[SwitchA-GigabitEthernet1/0/2] service-instance 2000
[SwitchA-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchA-GigabitEthernet1/0/2-srv2000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/2-srv2000] quit
[SwitchA-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn

135
 [SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# Enable IGMP snooping globally.
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# Enable IGMP snooping, IGMP snooping proxying, and dropping unknown multicast data on
VSI vpna.
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
[SwitchA-vsi-vpna] igmp-snooping drop-unknown
# Set the IGMP snooping version and enable the IGMP snooping querier on VSI vpna.
[SwitchA-vsi-vpna] igmp-snooping version 3
[SwitchA-vsi-vpna] igmp-snooping querier
[SwitchA-vsi-vpna] quit
5. Configure Switch B:
# Enable L2VPN.
<SwitchB> system-view
[SwitchB] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit

136
# Create VXLAN 10.
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# Assign an ESI to GigabitEthernet 1/0/1.
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/1] esi 0.0.0.0.1
# On GigabitEthernet 1/0/1, create Ethernet service instance 2000 to match VLAN 2.
[SwitchB-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2
# Map Ethernet service instance 2000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/1-srv2000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv2000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# Assign an ESI to GigabitEthernet 1/0/2.
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchB-GigabitEthernet1/0/2] esi 0.0.0.0.2
# On GigabitEthernet 1/0/2, create Ethernet service instance 3000 to match VLAN 2.
[SwitchB-GigabitEthernet1/0/2] service-instance 3000
[SwitchB-GigabitEthernet1/0/2-srv3000] encapsulation s-vid 2
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchB-GigabitEthernet1/0/2-srv3000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/2-srv3000] quit
[SwitchB-GigabitEthernet1/0/2] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchB] interface vsi-interface 1

137
 [SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# Enable IGMP snooping globally.
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# Enable IGMP snooping, IGMP snooping proxying, and dropping unknown multicast data on
VSI vpna.
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
[SwitchB-vsi-vpna] igmp-snooping drop-unknown
# Set the IGMP snooping version and enable the IGMP snooping querier on VSI vpna.
[SwitchB-vsi-vpna] igmp-snooping version 3
[SwitchB-vsi-vpna] igmp-snooping querier
[SwitchB-vsi-vpna] quit
6. Configure Switch C:
# Enable L2VPN.
<SwitchC> system-view
[SwitchC] l2vpn enable
# Disable remote MAC address learning and remote ARP learning.
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# Create an EVPN instance on VSI vpna, and configure the switch to automatically generate an
RD and a route target for the EVPN instance.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# Create VXLAN 10.
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# Configure BGP to advertise BGP EVPN routes.

138
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# Assign an ESI to GigabitEthernet 1/0/1.
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchC-GigabitEthernet1/0/1] esi 0.0.0.0.2
# On GigabitEthernet 1/0/1, create Ethernet service instance 3000 to match VLAN 2.
[SwitchC-GigabitEthernet1/0/1] service-instance 3000
[SwitchC-GigabitEthernet1/0/1-srv3000] encapsulation s-vid 2
# Map Ethernet service instance 3000 to VSI vpna.
[SwitchC-GigabitEthernet1/0/1-srv3000] xconnect vsi vpna
[SwitchC-GigabitEthernet1/0/1-srv3000] quit
[SwitchC-GigabitEthernet1/0/1] quit
# Configure RD and route target settings for VPN instance l3vpna.
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# Configure VSI-interface 1.
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# Associate VSI-interface 3 with VPN instance l3vpna, and configure the L3 VXLAN ID as 1000
for the VPN instance.
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# Specify VSI-interface 1 as the gateway interface for VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# Enable IGMP snooping globally.

139
 [SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# Enable IGMP snooping, IGMP snooping proxying, and dropping unknown multicast data on
VSI vpna.
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable
[SwitchC-vsi-vpna] igmp-snooping drop-unknown
# Set the IGMP snooping version and enable the IGMP snooping querier on VSI vpna.
[SwitchC-vsi-vpna] igmp-snooping version 3
[SwitchC-vsi-vpna] igmp-snooping querier
[SwitchC-vsi-vpna] quit
7. Configure Switch D:
# Establish BGP connections with other transport network switches.
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# Configure BGP to advertise BGP EVPN routes, and disable route target filtering for BGP
EVPN routes.
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# Configure Switch D as an RR.
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit

Verifying the configuration

1. On Server 1, send an IGMP membership report to multicast group address 225.0.0.1.
2. Verify that Switch B has received the SMET route advertised by Switch A and created a
multicast forwarding entry.
<SwitchB> display evpn route smet
VSI name: vpna
Source address : 0.0.0.0
Group address : 225.0.0.1
Local version : -
Peers :
Nexthop Tunnel name Link ID Remote version
1.1.1.1 Tunnel0 0x5000000 v3(E)
<SwitchB> display igmp-snooping evpn-group
Total 1 entries.
VSI vpna: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):

140
 Tun0 (VXLAN ID 10)
3. Verify that Switch B has received the IGMP join synch route advertised by Switch A.
<SwitchB> display evpn route igmp-js
VSI name: vpna
Source address : 0.0.0.0
Group address : 225.0.0.1
Local version : -
Remote version : v3(E)
ESI : 0000.0000.0000.0000.0001
Ethernet tag ID : 2
Interface : GE1/0/1 srv2000
Peers : 1.1.1.1

141
Document conventions and icons
Conventions
This section describes the conventions used in the documentation.
Command conventions

Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.

[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.

Square brackets enclose a set of optional syntax choices separated by vertical bars,
[ x | y | ... ]
from which you select one or none.

Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.

Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.

The argument or keyword and argument combination before the ampersand (&) sign
&<1-n>
can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description
Window names, button names, field names, and menu items are in Boldface. For
Boldface
example, the New User window opens; click OK.
Multi-level menus are separated by angle brackets. For example, File > Create >
>
Folder.

Symbols

Convention Description
An alert that calls attention to important information that if not understood or followed
WARNING! can result in personal injury.
An alert that calls attention to important information that if not understood or followed
CAUTION: can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT: An alert that calls attention to essential information.

NOTE: An alert that contains additional or supplementary information.

TIP: An alert that provides helpful information.

142
Network topology icons
Convention Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access

controller engine on a unified wired-WLAN switch.

Represents an access point.

T Represents a wireless terminator unit.

T Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL

VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model,
configuration, or software version. It is normal that the port numbers, sample output, screenshots,
and other information in the examples differ from what you have on your device.

143
Support and other resources
Accessing Hewlett Packard Enterprise Support
• For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
• To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect
• Technical support registration number (if applicable)
• Product name, model or version, and serial number
• Operating system name and version
• Firmware version
• Error messages
• Product-specific reports and logs
• Add-on products or components
• Third-party products or components

Accessing updates
• Some software products provide a mechanism for accessing software updates through the
product interface. Review your product documentation to identify the recommended software
update method.
• To download product updates, go to either of the following:
 Hewlett Packard Enterprise Support Center Get connected with updates page:
www.hpe.com/support/e-updates
 Software Depot website:
www.hpe.com/support/softwaredepot
• To view and update your entitlements, and to link your contracts, Care Packs, and warranties
with your profile, go to the Hewlett Packard Enterprise Support Center More Information on
Access to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials

IMPORTANT:
Access to some updates might require product entitlement when accessed through the Hewlett
Packard Enterprise Support Center. You must have an HP Passport set up with relevant
entitlements.

144
Websites
Website Link
Networking websites

Hewlett Packard Enterprise Information Library for

Networking
Hewlett Packard Enterprise Networking website
Hewlett Packard Enterprise My Networking website
Hewlett Packard Enterprise My Networking Portal
Hewlett Packard Enterprise Networking Warranty
General websites
www.hpe.com/networking/resourcefinder
www.hpe.com/info/networking
www.hpe.com/networking/support
www.hpe.com/networking/mynetworking
www.hpe.com/networking/warranty

Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs

Hewlett Packard Enterprise Support Center
Hewlett Packard Enterprise Support Services Central
Contact Hewlett Packard Enterprise Worldwide
Subscription Service/Support Alerts
Software Depot
Customer Self Repair (not applicable to all devices)
Insight Remote Support (not applicable to all devices)
www.hpe.com/support/hpesc
ssc.hpe.com/portal/site/ssc/
www.hpe.com/assistance
www.hpe.com/support/e-updates
www.hpe.com/support/softwaredepot
www.hpe.com/support/selfrepair
www.hpe.com/info/insightremotesupport/docs

Customer self repair

Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If
a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your
convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized
service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
www.hpe.com/support/selfrepair

Remote support
Remote support is available with supported devices as part of your warranty, Care Pack Service, or
contractual support agreement. It provides intelligent event diagnosis, and automatic, secure
submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast
and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly
recommends that you register your device for remote support.
For more information and device support details, go to the following website:
www.hpe.com/info/insightremotesupport/docs

Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help
us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback ([email protected]). When submitting your feedback, include the document title,

145
part number, edition, and publication date located on the front cover of the document. For online help
content, include the product name, product version, help edition, and publication date located on the
legal notices page.

146
Index
A EVPN import target, 2
AC
EVPN AC > VSI mapping, 30
address
EVPN remote MAC address entry
management, 40
advertisement
BGP EVPN route advertisement, 45
EVPN multicast, 17, 18, 18
EVPN multihoming, 14
EVPN multihoming DF election, 15
EVPN multihoming IP aliasing, 17
EVPN multihoming redundancy mode, 17
EVPN multihoming split horizon, 16
advertising
BGP EVPN route advertisement (local site),
46
EVPN ARP information advertisement, 42
EVPN ARP mobility event suppression, 42
EVPN ARP request proxy, 43
EVPN BGP route advertisement, 27
EVPN BGP route advertisement enable, 27
EVPN BGP route configuration, 27
EVPN IP prefix advertisement route
generation disable, 38
EVPN IP prefix route advertisement, 37
EVPN MAC address advertisement, 40
EVPN MP-BGP extension advertisement
routes, 2
EVPN VXLAN MAC mobility event
suppression, 41
RA message transmission over VXLAN
tunnels enable, 39
ARP
EVPN ARP flood suppression, 19, 47
EVPN ARP information advertisement, 42
EVPN ARP mobility event suppression, 42
EVPN ARP request proxy, 43
EVPN Layer 3 forwarding distributed gateway
ARP information, 12
EVPN remote ARP learning management, 40
EVPN remote MAC address+ARP or ND
learning, 40
assigning
EVPN VXLAN traffic assignment, 6
attribute
EVPN export target, 2
147
auto
EVPN MP-BGP extension Ethernet
auto-discovery route, 2
B
BGP
EVPN ARP flood suppression, 19
EVPN BGP route advertisement enable, 27
EVPN BGP route advertisement restrictions, 27
EVPN BGP route configuration, 27
EVPN BGP session maintenance, 30
EVPN distributed relay, 20
EVPN multicast, 17
EVPN multicast (multihomed), 18
EVPN multicast (single-homed), 18
EVPN multihoming, 14
EVPN multihoming DF election, 15
EVPN multihoming IP aliasing, 17
EVPN multihoming redundancy mode, 17
EVPN multihoming split horizon, 16
EVPN ND flood suppression, 19
EVPN route advertisement, 27
EVPN route advertisement (local site), 46
C
centralized
EVPN Layer 3 forwarding centralized gateway
deployment, 9
configuration automation (EVPN), 6
configuring
BGP EVPN route redistribution and
advertisement, 45
EVPN, 22, 52
EVPN BGP route, 27
EVPN BGP route advertisement, 27
EVPN communication (IPv4 private-public
network), 83
EVPN distributed relay, 48
EVPN Ethernet service instance traffic match
mode (MAC-based), 31
EVPN gateway (centralized IPv4), 52
EVPN gateway (centralized), 32
EVPN gateway (distributed IPv4)(IPv4 underlay),
61
EVPN gateway (distributed IPv6)(IPv6 underlay),
72
EVPN gateway (distributed), 33
 EVPN global MAC address, 38 EVPN ARP request proxy, 43
EVPN IP prefix route advertisement, 37 EVPN BGP route advertisement, 27
EVPN IPv4 distributed relay (Ethernet EVPN conversational learning (host route FIB
aggregate link as IPL), 94 entry), 44
EVPN IPv4 distributed relay (VXLAN tunnel as EVPN conversational learning (IPv6 host route
IPL), 106 FIB entry), 44
EVPN multihoming, 25 EVPN forwarding entry conversational learning,
EVPN VSI interface, 33 44
EVPN VSI interface L3 VXLAN ID, 34 EVPN ND flood suppression, 47
EVPN VSI interface L3 VXLAN ID (public EVPN VXLAN MAC mobility event suppression,
instance), 36 41
EVPN VSI interface L3 VXLAN ID (VPN RA message transmission over VXLAN tunnels,
instance), 34 39
EVPN VXLAN, 5 Ethernet
IPv4 EVPN multicast, 133 Ethernet Virtual Private Network. Use EVPN
IPv4 EVPN multihoming, 119 EVPN configuration, 22
MAC/IP advertisement route redistribution, 45 EVPN Ethernet segment route, 2
VXLAN EVPN instance, 25 EVPN Ethernet service instance > VSI mapping
VXLAN EVPN instance (VSI view created), 25 (dynamic), 31
VXLAN on VSI, 24 EVPN Ethernet service instance > VSI mapping
(static), 30
VXLAN VSI parameters, 24
EVPN overview, 1
conversational learning
EVPN VXLAN configuration, 5
EVPN forwarding entry conversational
learning, 44 EVPN
creating AC > VSI mapping, 30
VXLAN on VSI, 24 ARP flood suppression, 19
ARP flood suppression enable, 47
D
ARP information advertisement disable, 42
disabling ARP mobility event suppression enable, 42
EVPN ARP information advertisement, 42 ARP request proxy enable, 43
EVPN flooding (for VSI), 47 benefits, 1
EVPN IP prefix advertisement route BGP EVPN route advertisement (local site), 46
generation, 38 BGP route advertisement, 27
EVPN MAC address advertisement, 40 BGP route advertisement enable, 27
EVPN MAC address learning, 41 BGP route advertisement restrictions, 27
EVPN remote MAC address+ARP or ND BGP route configuration, 27
learning, 40
BGP route RD+route target selection, 3
displaying
BGP session maintenance, 30
EVPN, 50
centralized EVPN gateway restrictions, 32
distributed
communication configuration (IPv4 private-public
EVPN Layer 3 forwarding distributed gateway network), 83
ARP information, 12
configuration, 22
EVPN Layer 3 forwarding distributed gateway
conversational learning enable (host route FIB
deployment, 10
entry), 44
EVPN Layer 3 forwarding distributed gateway
conversational learning enable (IPv6 host route
traffic forwarding, 12
FIB entry), 44
E conversational learning enable restrictions (host
enabling route FIB entry), 44
BGP EVPN route advertisement (local site), conversational learning enable restrictions (IPv6
46 host route FIB entry), 45
EVPN ARP flood suppression, 47 display, 50
EVPN ARP mobility event suppression, 42 distributed relay, 20

148
distributed relay configuration, 48
distributed relay configuration restrictions, 48
Ethernet service instance > VSI mapping
(dynamic), 31
Ethernet service instance > VSI mapping
(static), 30
Ethernet service instance > VSI mapping
restrictions (dynamic), 31
Ethernet service instance > VSI mapping
restrictions (static), 30
EVPN multihoming configuration, 25
EVPN VXLAN solutions, 1
flooding disable (for VSI), 47
forwarding entry conversational learning, 44
forwarding entry conversational learning
restrictions, 44
gateway configuration (centralized IPv4), 52
gateway configuration (centralized), 32
gateway configuration (distributed IPv4)(IPv4
underlay), 61
gateway configuration (distributed IPv6)(IPv6
underlay), 72
gateway configuration (distributed), 33
gateway configuration restrictions (distributed),
33
global MAC address configuration, 38
IMET route configuration automation, 6
IP prefix advertisement route configuration
automation, 6
IP prefix advertisement route generation
disable, 38, 38
IP prefix advertisement route generation
disable restrictions, 38
IP prefix route advertisement, 37
IP prefix route advertisement restrictions, 37
IPv4 distributed relay configuration (Ethernet
aggregate link as IPL), 94
IPv4 distributed relay configuration (VXLAN
tunnel as IPL), 106
IPv4 EVPN multicast configuration, 133
IPv4 EVPN multihoming configuration, 119
Layer 2 MAC address learning, 7
Layer 2 traffic forwarding, 7
Layer 2 traffic forwarding flooding, 8
Layer 2 unicast traffic forwarding, 7
layered transport network, 2
MAC address advertisement, 40
MAC address learning disable, 41
MAC mobility, 20
MAC/IP advertisement route configuration
automation, 6
MP-BGP extension, 2
149
multicast, 17
multicast (multihomed), 18
multicast (single-homed), 18
multihoming, 14
multihoming DF election, 15
multihoming IP aliasing, 17
multihoming redundancy mode, 17
multihoming split horizon, 16
ND flood suppression, 19
ND flood suppression enable, 47
network model, 5
overview, 1
RA message transmission over VXLAN tunnels
enable, 39, 39
remote MAC address entry management, 40
remote MAC address+ARP or ND learning, 40
VSI interface configuration, 33
VSI interface L3 VXLAN ID, 34
VXLAN configuration, 5
VXLAN configuration on VSI, 24
VXLAN configuration on VSI restrictions, 24
VXLAN creation on VSI, 24
VXLAN EVPN instance configuration, 25
VXLAN EVPN instance configuration (VSI view
created), 25
VXLAN EVPN instance configuration restrictions,
25
VXLAN forwarding mode, 23
VXLAN forwarding mode setting restrictions, 23
VXLAN MAC mobility event suppression enable,
41
VXLAN traffic assignment, 6
VXLAN tunnel configuration restrictions, 22
VXLAN VSI parameter configuration, 24
exporting
EVPN export target attribute, 2
F
FIB
EVPN conversational learning enable (host route
FIB entry), 44
EVPN conversational learning enable (IPv6 host
route FIB entry), 44
flooding
EVPN ARP flood suppression, 19, 47
EVPN flooding disable (for VSI), 47
EVPN Layer 2 traffic forwarding flooding, 8
EVPN ND flood suppression, 19, 47
forwarding
EVPN Layer 2 traffic forwarding, 7
EVPN Layer 3 forwarding distributed gateway
traffic forwarding, 12
 VXLAN forwarding mode, 23
G IP routing
gateway
EVPN communication configuration (IPv4
private-public network), 83
EVPN distributed relay, 20
EVPN distributed relay configuration, 48
EVPN gateway configuration (centralized
IPv4), 52
EVPN gateway configuration (centralized), 32
EVPN gateway configuration (distributed
IPv4)(IPv4 underlay), 61
EVPN gateway configuration (distributed
IPv6)(IPv6 underlay), 72
EVPN gateway configuration (distributed), 33
EVPN Layer 3 forwarding, 12
EVPN Layer 3 forwarding centralized gateway
deployment, 9
EVPN Layer 3 forwarding distributed gateway
deployment, 10
EVPN Layer 3 forwarding distributed gateway
traffic forwarding, 12
global
EVPN global MAC address, 38
H EVPN multihoming IP aliasing, 17
host route
EVPN conversational learning enable (host
route FIB entry), 44
EVPN conversational learning enable (IPv6
host route FIB entry), 44
I EVPN conversational learning enable (IPv6 host
IMET
EVPN IMET route, 2
EVPN IMET route configuration automation, 6
importing
EVPN import target attribute, 2
inclusive multicast Ethernet tag. See IMET
information
EVPN ARP information advertisement, 42
EVPN ARP mobility event suppression, 42
EVPN ARP request proxy, 43
EVPN VXLAN MAC mobility event
suppression, 41
instance
VXLAN EVPN instance configuration, 25
VXLAN EVPN instance configuration (VSI
view created), 25
IP networking
EVPN configuration, 22
EVPN overview, 1
150
EVPN VXLAN configuration, 5
EVPN communication configuration (IPv4
private-public network), 83
EVPN gateway configuration (centralized IPv4),
52
EVPN gateway configuration (centralized), 32
EVPN gateway configuration (distributed
IPv4)(IPv4 underlay), 61
EVPN gateway configuration (distributed
IPv6)(IPv6 underlay), 72
EVPN gateway configuration (distributed), 33
EVPN IP prefix advertisement route configuration
automation, 6
EVPN IPv4 distributed relay configuration
(Ethernet aggregate link as IPL), 94
EVPN IPv4 distributed relay configuration
(VXLAN tunnel as IPL), 106
EVPN MP-BGP extension IP prefix advertisement
route, 2
EVPN multicast, 17
EVPN multicast (multihomed), 18
EVPN multicast (single-homed), 18
EVPN multihoming, 14
EVPN multihoming DF election, 15
EVPN multihoming redundancy mode, 17
EVPN multihoming split horizon, 16
EVPN VSI interface configuration, 33
EVPN VSI interface L3 VXLAN ID, 34
IPv6
route FIB entry), 44
L
Layer 2
EVPN configuration, 22
EVPN MAC address learning, 7
EVPN overview, 1
EVPN traffic forwarding, 7
EVPN traffic forwarding flooding, 8
EVPN unicast traffic forwarding, 7
EVPN VXLAN configuration, 5
Layer 3
EVPN communication configuration (IPv4
private-public network), 83
EVPN configuration, 22
EVPN gateway configuration (centralized IPv4),
52
EVPN gateway configuration (centralized), 32
EVPN gateway configuration (distributed
IPv4)(IPv4 underlay), 61
 EVPN gateway configuration (distributed
IPv6)(IPv6 underlay), 72
EVPN gateway configuration (distributed), 33
EVPN IPv4 distributed relay configuration
(Ethernet aggregate link as IPL), 94
EVPN IPv4 distributed relay configuration
(VXLAN tunnel as IPL), 106
EVPN Layer 3 forwarding centralized gateway
deployment, 9
EVPN Layer 3 forwarding distributed gateway
ARP information, 12
EVPN Layer 3 forwarding distributed gateway
deployment, 10
EVPN Layer 3 forwarding distributed gateway
traffic forwarding, 12
EVPN overview, 1
EVPN VSI interface configuration, 33
EVPN VSI interface L3 VXLAN ID, 34
EVPN VXLAN configuration, 5
learning
EVPN conversational learning enable (host
route FIB entry), 44
EVPN conversational learning enable (IPv6
host route FIB entry), 44
EVPN forwarding entry conversational
learning, 44
EVPN Layer 2 MAC address learning, 7
EVPN MAC address learning disable, 41
EVPN remote ARP or ND learning, 40
EVPN remote MAC address+ARP or ND
learning, 40
local
BGP EVPN route advertisement (local site),
46
EVPN Layer 2 MAC address learning, 7
EVPN Layer 3 forwarding distributed gateway
ARP information, 12
EVPN VXLAN traffic assignment (local to
remote), 6
EVPN VXLAN traffic assignment (remote to
local), 7
M
MAC
EVPN remote ARP or ND learning, 40
EVPN VXLAN ARP mobility event
suppression, 41
MAC addressing
EVPN global MAC address, 38
EVPN Layer 2 MAC address learning, 7
EVPN Layer 2 unicast traffic forwarding, 7
EVPN MAC address advertisement, 40
EVPN MAC address learning disable, 41
151
EVPN MAC mobility, 20
EVPN remote MAC address entry management,
40
EVPN remote MAC address learning, 40
MAC-IP
EVPN MAC/IP advertisement route configuration
automation, 6
EVPN MP-BGP extension MAC/IP advertisement
route, 2
maintaining
EVPN BGP session, 30
managing
EVPN remote ARP or ND learning, 40
EVPN remote MAC address entries, 40
mapping
EVPN AC > VSI, 30
EVPN Ethernet service instance > VSI (dynamic),
31
EVPN Ethernet service instance > VSI (static), 30
mobility
EVPN MAC mobility, 20
mode
EVPN Layer 3 forwarding distributed gateway
traffic forwarding, 12
VXLAN forwarding, 23
MP-BGP
EVPN configuration, 22
EVPN overview, 1
EVPN VXLAN configuration, 5
N
ND
EVPN ND flood suppression, 19, 47
EVPN remote MAC address+ARP or ND learning,
40
EVPN remote ND learning management, 40
network
BGP EVPN route advertisement (local site), 46
EVPN AC > VSI mapping, 30
EVPN ARP flood suppression, 19, 47
EVPN ARP information advertisement, 42
EVPN ARP mobility event suppression, 42
EVPN ARP request proxy, 43
EVPN benefits, 1
EVPN BGP route advertisement, 27
EVPN BGP route RD+route target selection, 3
EVPN communication configuration (IPv4
private-public network), 83
EVPN distributed relay, 20, 20
EVPN distributed relay configuration, 48
EVPN Ethernet service instance > VSI mapping
(dynamic), 31
 EVPN Ethernet service instance > VSI
mapping (static), 30
EVPN flooding disable (for VSI), 47
EVPN forwarding entry conversational
learning, 44
EVPN gateway configuration (centralized
IPv4), 52
EVPN gateway configuration (centralized), 32
EVPN gateway configuration (distributed
IPv4)(IPv4 underlay), 61
EVPN gateway configuration (distributed
IPv6)(IPv6 underlay), 72
EVPN gateway configuration (distributed), 33
EVPN global MAC address, 38
EVPN IPv4 distributed relay configuration
(Ethernet aggregate link as IPL), 94
EVPN IPv4 distributed relay configuration
(VXLAN tunnel as IPL), 106
EVPN Layer 2 traffic forwarding, 7
EVPN layered transport, 2
EVPN MAC mobility, 20, 20
EVPN model, 5
EVPN MP-BGP extension, 2
EVPN multihoming configuration, 25
EVPN ND flood suppression, 19, 47
EVPN remote MAC address entry
management, 40
EVPN VSI interface configuration, 33
EVPN VSI interface L3 VXLAN ID, 34
EVPN VXLAN MAC mobility event
suppression, 41
EVPN VXLAN solutions, 1
EVPN VXLAN traffic assignment, 6
IPv4 EVPN multicast configuration, 133
IPv4 EVPN multihoming configuration, 119
v configuration, 52
VXLAN configuration on VSI, 24
VXLAN EVPN instance configuration, 25
VXLAN EVPN instance configuration (VSI
view created), 25
network management
EVPN configuration, 22
EVPN overview, 1
EVPN VXLAN configuration, 5
NMM
EVPN configuration, 52
node
EVPN layered transport network, 2
P displaying EVPN, 50
parameter
VXLAN VSI parameter configuration, 24
152
procedure
configuring BGP EVPN route redistribution and
advertisement, 45
configuring EVPN, 22
configuring EVPN BGP route advertisement, 27
configuring EVPN BGP routes, 27
configuring EVPN communication (IPv4
private-public network), 83
configuring EVPN distributed relay, 48
configuring EVPN gateway (centralized IPv4), 52
configuring EVPN gateway (centralized), 32
configuring EVPN gateway (distributed
IPv4)(IPv4 underlay), 61
configuring EVPN gateway (distributed
IPv6)(IPv6 underlay), 72
configuring EVPN gateway (distributed), 33
configuring EVPN global MAC address, 38
configuring EVPN IP prefix route advertisement,
37
configuring EVPN IPv4 distributed relay (Ethernet
aggregate link as IPL), 94
configuring EVPN IPv4 distributed relay (VXLAN
tunnel as IPL), 106
configuring EVPN multihoming, 25
configuring EVPN VSI interface, 33
configuring EVPN VSI interface L3 VXLAN ID, 34
configuring EVPN VSI interface L3 VXLAN ID
(public instance), 36
configuring EVPN VSI interface L3 VXLAN ID
(VPN instance), 34
configuring IPv4 EVPN multicast, 133
configuring IPv4 EVPN multihoming, 119
configuring MAC/IP advertisement route
redistribution, 45
configuring VXLAN EVPN instance, 25
configuring VXLAN EVPN instance (VSI view
created), 25
configuring VXLAN on VSI, 24
configuring VXLAN VSI parameters, 24
creating VXLAN on VSI, 24
disabling EVPN ARP information advertisement,
42
disabling EVPN flooding (for VSI), 47
disabling EVPN IP prefix advertisement route
generation, 38, 38
disabling EVPN MAC address advertisement, 40
disabling EVPN MAC address learning, 41
disabling EVPN remote MAC address+ARP or
ND learning, 40
enabling BGP EVPN route advertisement (local
site), 46
 enabling EVPN ARP flood suppression, 47
enabling EVPN ARP mobility event
suppression, 42
enabling EVPN ARP request proxy, 43
enabling EVPN BGP route advertisement, 27
enabling EVPN conversational learning (host
route FIB entry), 44
enabling EVPN conversational learning (IPv6
host route FIB entry), 44
enabling EVPN forwarding entry
conversational learning, 44
enabling EVPN ND flood suppression, 47
enabling EVPN VXLAN MAC mobility event
suppression, 41
enabling RA message transmission over
VXLAN tunnels, 39, 39
maintaining EVPN BGP session, 30
managing EVPN remote ARP learning, 40
managing EVPN remote MAC address entries,
40
managing EVPN remote ND learning, 40
mapping EVPN AC > VSI, 30
mapping EVPN Ethernet service instance >
VSI (dynamic), 31
mapping EVPN Ethernet service instance >
VSI (static), 30
mapping EVPN Ethernet service instance
traffic match mode (MAC-based), 31
setting VXLAN forwarding mode, 23
R EVPN multihoming split horizon, 16
reachability
EVPN distributed relay, 20
redistribution
BGP EVPN route redistribution, 45
MAC/IP advertisement route redistribution, 45
remote
EVPN Layer 2 MAC address learning, 7
EVPN Layer 3 forwarding distributed gateway
ARP information, 12
EVPN VXLAN traffic assignment (local to
remote), 6
EVPN VXLAN traffic assignment (remote to
local), 7
restrictions
centralized EVPN gateway configuration, 32
EVPN BGP route advertisement, 27
EVPN conversational learning enable (host
route FIB entry), 44
EVPN conversational learning enable (IPv6
host route FIB entry), 45
EVPN distributed relay configuration, 48
153
EVPN Ethernet service instance > VSI mapping
(dynamic), 31
EVPN Ethernet service instance > VSI mapping
(static), 30
EVPN forwarding entry conversational learning,
44
EVPN gateway configuration (distributed), 33
EVPN IP prefix advertisement route generation
disable, 38
EVPN IP prefix route advertisement, 37
EVPN VXLAN tunnel configuration, 22
VXLAN configuration on VSI, 24
VXLAN EVPN instance configuration, 25
VXLAN forwarding mode setting, 23
route
BGP EVPN route advertisement (local site), 46
BGP EVPN route redistribution and
advertisement, 45
EVPN BGP route RD+route target selection, 3
EVPN IP prefix advertisement route generation
disable, 38
EVPN IP prefix route advertisement, 37
EVPN multicast, 17
EVPN multicast (multihomed), 18
EVPN multicast (single-homed), 18
EVPN multihoming, 14
EVPN multihoming DF election, 15
EVPN multihoming IP aliasing, 17
EVPN multihoming redundancy mode, 17
MAC/IP advertisement route redistribution, 45
RA message transmission over VXLAN tunnels
enable, 39
routing
EVPN Layer 3 forwarding distributed gateway
traffic forwarding mode, 12
S
segment
EVPN network model, 5
service instance
EVPN Ethernet service instance > VSI mapping
(dynamic), 31
EVPN Ethernet service instance > VSI mapping
(static), 30
session
EVPN BGP session maintenance, 30
setting
VXLAN forwarding mode, 23
suppressing
EVPN ARP flood suppression, 19, 47
EVPN ND flood suppression, 19, 47
switching EVPN Layer 2 MAC address learning, 7
EVPN Layer 3 forwarding distributed gateway EVPN Layer 2 traffic forwarding flooding, 8
traffic forwarding mode, 12 EVPN Layer 2 unicast traffic forwarding, 7
synchronizing EVPN MAC mobility, 20
EVPN distributed relay, 20 EVPN ND flood suppression, 19
T EVPN network model, 5
EVPN VXLAN traffic assignment, 6
traffic
IPv4 EVPN multicast configuration, 133
EVPN configuration, 52
IPv4 EVPN multihoming configuration, 119
EVPN Layer 2 traffic forwarding, 7
VXLAN IP gateway configuration (centralized
EVPN Layer 3 forwarding distributed gateway
IPv4), 52
traffic forwarding, 12
VXLAN IP gateway configuration (distributed
EVPN VXLAN traffic assignment (local to
IPv4)(IPv4 underlay), 61
remote), 6
VXLAN IP gateway configuration (distributed
EVPN VXLAN traffic assignment (remote to
IPv6)(IPv6 underlay), 72
local), 7
VXLAN
VXLAN forwarding mode, 23
configuration on VSI, 24
tunneling
configuration on VSI restrictions, 24
EVPN configuration, 52
creation on VSI, 24
EVPN VXLAN tunnel, 5
EVPN configuration, 22
U EVPN configuration automation, 6
unicast EVPN flooding disable (for VSI), 47
EVPN Layer 2 unicast traffic forwarding, 7 EVPN instance configuration, 25
V EVPN instance configuration (VSI view created),
25
VPN EVPN IPv4 distributed relay configuration
Ethernet Virtual Private Network. Use EVPN (Ethernet aggregate link as IPL), 94
EVPN BGP route RD+route target selection, 3 EVPN IPv4 distributed relay configuration
VSI (VXLAN tunnel as IPL), 106
EVPN AC > VSI mapping, 30 EVPN Layer 2 traffic forwarding flooding, 8
EVPN Ethernet service instance > VSI EVPN MAC mobility event suppression enable,
mapping (dynamic), 31 41
EVPN Ethernet service instance > VSI EVPN overview, 1
mapping (static), 30 EVPN VXLAN configuration, 5
EVPN network model, 5 EVPN VXLAN traffic assignment, 6
EVPN VSI interface configuration, 33 EVPN VXLAN tunnel, 5
EVPN VSI interface L3 VXLAN ID, 34 forwarding mode setting, 23
VXLAN configuration on VSI, 24 VSI parameter configuration, 24
VXLAN creation on VSI, 24
VXLAN VSI parameter configuration, 24
VTEP
EVPN ARP flood suppression, 19
EVPN configuration automation, 6
EVPN distributed relay, 20
EVPN distributed relay configuration, 48
EVPN flooding disable (for VSI), 47
EVPN gateway configuration (centralized), 32
EVPN gateway configuration (distributed), 33
EVPN IPv4 distributed relay configuration
(Ethernet aggregate link as IPL), 94
EVPN IPv4 distributed relay configuration
(VXLAN tunnel as IPL), 106

154