Distributed VXLAN IPv4 gateway configuration example

Network requirements

As shown in Figure 19:

Figure 19: Network diagram

Configuration procedure

  1. On VM 1 and VM 3, specify 10.1.1.1 and 20.1.1.1 as the gateway address, respectively. (Details not shown.)

  2. Configure IP addresses and unicast routing settings:

    # Assign IP addresses to interfaces, as shown in Figure 19. (Details not shown.)

    # Configure OSPF on all transport network switches (Switches A through D). (Details not shown.)

    # Configure OSPF to advertise routes to networks 10.1.1.0/24, 20.1.1.0/24, and 25.1.1.0/24 on Switch B and Switch E. (Details not shown.)

  3. Configure Switch A:

    # Enable L2VPN.

    <SwitchA> system-view
    [SwitchA] l2vpn enable
    

    # Set the VXLAN hardware resource mode.

    [SwitchA] hardware-resource vxlan l3gw16k
    

    # Create VSI vpna and VXLAN 10.

    [SwitchA] vsi vpna
    [SwitchA-vsi-vpna] vxlan 10
    [SwitchA-vsi-vpna-vxlan-10] quit
    [SwitchA-vsi-vpna] quit
    

    # Create VSI vpnc and VXLAN 30.

    [SwitchA] vsi vpnc
    [SwitchA-vsi-vpnc] vxlan 30
    [SwitchA-vsi-vpnc-vxlan-30] quit
    [SwitchA-vsi-vpnc] quit
    

    # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch B and Switch C.

    [SwitchA] interface loopback 0
    [SwitchA-Loopback0] ip address 1.1.1.1 255.255.255.255
    [SwitchA-Loopback0] quit
    

    # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 1.

    [SwitchA] interface tunnel 1 mode vxlan
    [SwitchA-Tunnel1] source 1.1.1.1
    [SwitchA-Tunnel1] destination 2.2.2.2
    [SwitchA-Tunnel1] quit
    

    # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 2.

    [SwitchA] interface tunnel 2 mode vxlan
    [SwitchA-Tunnel2] source 1.1.1.1
    [SwitchA-Tunnel2] destination 3.3.3.3
    [SwitchA-Tunnel2] quit
    

    # Assign Tunnel 1 and Tunnel 2 to VXLAN 10.

    [SwitchA] vsi vpna
    [SwitchA-vsi-vpna] vxlan 10
    [SwitchA-vsi-vpna-vxlan-10] tunnel 1
    [SwitchA-vsi-vpna-vxlan-10] tunnel 2
    [SwitchA-vsi-vpna-vxlan-10] quit
    [SwitchA-vsi-vpna] quit
    

    # Assign Tunnel 1 and Tunnel 2 to VXLAN 30.

    [SwitchA] vsi vpnc
    [SwitchA-vsi-vpnc] vxlan 30
    [SwitchA-vsi-vpnc-vxlan-30] tunnel 1
    [SwitchA-vsi-vpnc-vxlan-30] tunnel 2
    [SwitchA-vsi-vpnc-vxlan-30] quit
    [SwitchA-vsi-vpnc] quit
    

    # On Ten-GigabitEthernet 1/0/1, create Ethernet service instance 1000 to match VLAN 2.

    [SwitchA] interface ten-gigabitethernet 1/0/1
    [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
    [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
    

    # Map Ethernet service instance 1000 to VSI vpna.

    [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
    [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
    [SwitchA-Ten-GigabitEthernet1/0/1] quit
    

    # Create VSI-interface 1 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 10.

    [SwitchA] interface vsi-interface 1
    [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
    [SwitchA-Vsi-interface1] mac-address 1-1-1
    

    # Specify VSI-interface 1 as a distributed gateway and enable local proxy ARP on the interface.

    [SwitchA-Vsi-interface1] distributed-gateway local
    [SwitchA-Vsi-interface1] local-proxy-arp enable
    [SwitchA-Vsi-interface1] quit
    

    # Create VSI-interface 2 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 30.

    [SwitchA] interface vsi-interface 2
    [SwitchA-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
    [SwitchA-Vsi-interface2] mac-address 2-2-2
    

    # Specify VSI-interface 2 as a distributed gateway and enable local proxy ARP on the interface.

    [SwitchA-Vsi-interface2] distributed-gateway local
    [SwitchA-Vsi-interface2] local-proxy-arp enable
    [SwitchA-Vsi-interface2] quit
    

    # Disable source MAC check on transport-facing interface Ten-GigabitEthernet 1/0/2.

    [SwitchA] interface ten-gigabitethernet 1/0/2
    [SwitchA-Ten-GigabitEthernet1/0/2] undo mac-address static source-check enable
    

    # Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.

    [SwitchA] arp distributed-gateway dynamic-entry synchronize
    

    # Specify VSI-interface 1 as the gateway interface for VSI vpna.

    [SwitchA] vsi vpna
    [SwitchA-vsi-vpna] gateway vsi-interface 1
    [SwitchA-vsi-vpna] quit
    

    # Specify VSI-interface 2 as the gateway interface for VSI vpnc.

    [SwitchA] vsi vpnc
    [SwitchA-vsi-vpnc] gateway vsi-interface 2
    [SwitchA-vsi-vpnc] quit
    

    # Configure a PBR policy for VXLAN 10. Set the policy name to vxlan10, and set the next hop to 10.1.1.2 (VSI-interface 1 on Switch B).

    [SwitchA] acl advanced 3000
    [SwitchA-acl-ipv4-adv-3000] rule 0 permit ip
    [SwitchA-acl-ipv4-adv-3000] quit
    [SwitchA] policy-based-route vxlan10 permit node 5
    [SwitchA-pbr-vxlan10-5] if-match acl 3000
    [SwitchA-pbr-vxlan10-5] apply next-hop 10.1.1.2
    [SwitchA-pbr-vxlan10-5] quit
    

    # Configure a PBR policy for VXLAN 30. Set the policy name to vxlan30, and set the next hop to 20.1.1.2 (VSI-interface 2 on Switch B).

    [SwitchA] policy-based-route vxlan30 permit node 5
    [SwitchA-pbr-vxlan30-5] if-match acl 3000
    [SwitchA-pbr-vxlan30-5] apply next-hop 20.1.1.2
    [SwitchA-pbr-vxlan30-5] quit
    

    # Apply policies vxlan10 and vxlan30 to VSI-interface 1 and VSI-interface 2, respectively.

    [SwitchA] interface vsi-interface 1
    [SwitchA-Vsi-interface1] ip policy-based-route vxlan10
    [SwitchA-Vsi-interface1] quit
    [SwitchA] interface vsi-interface 2
    [SwitchA-Vsi-interface2] ip policy-based-route vxlan30
    [SwitchA-Vsi-interface2] quit
    
  4. Configure Switch B:

    # Enable L2VPN.

    <SwitchB> system-view
    [SwitchB] l2vpn enable
    

    # Set the VXLAN hardware resource mode.

    [SwitchB] hardware-resource vxlan border24k
    

    # Create VSI vpna and VXLAN 10.

    [SwitchB] vsi vpna
    [SwitchB-vsi-vpna] vxlan 10
    [SwitchB-vsi-vpna-vxlan-10] quit
    [SwitchB-vsi-vpna] quit
    

    # Create VSI vpnc and VXLAN 30.

    [SwitchB] vsi vpnc
    [SwitchB-vsi-vpnc] vxlan 30
    [SwitchB-vsi-vpnc-vxlan-30] quit
    [SwitchB-vsi-vpnc] quit
    

    # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch C.

    [SwitchB] interface loopback 0
    [SwitchB-Loopback0] ip address 2.2.2.2 255.255.255.255
    [SwitchB-Loopback0] quit
    

    # Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 2.

    [SwitchB] interface tunnel 2 mode vxlan
    [SwitchB-Tunnel2] source 2.2.2.2
    [SwitchB-Tunnel2] destination 1.1.1.1
    [SwitchB-Tunnel2] quit
    

    # Create a VXLAN tunnel to Switch C. The tunnel interface name is Tunnel 3.

    [SwitchB] interface tunnel 3 mode vxlan
    [SwitchB-Tunnel3] source 2.2.2.2
    [SwitchB-Tunnel3] destination 3.3.3.3
    [SwitchB-Tunnel3] quit
    

    # Assign Tunnel 2 to VXLAN 10.

    [SwitchB] vsi vpna
    [SwitchB-vsi-vpna] vxlan 10
    [SwitchB-vsi-vpna-vxlan-10] tunnel 2
    [SwitchB-vsi-vpna-vxlan-10] quit
    [SwitchB-vsi-vpna] quit
    

    # Assign Tunnel 3 to VXLAN 30.

    [SwitchB] vsi vpnc
    [SwitchB-vsi-vpnc] vxlan 30
    [SwitchB-vsi-vpnc-vxlan-30] tunnel 3
    [SwitchB-vsi-vpnc-vxlan-30] quit
    [SwitchB-vsi-vpnc] quit
    

    # Create VSI-interface 1 and assign the interface an IP address.

    [SwitchB] interface vsi-interface 1
    [SwitchB-Vsi-interface1] ip address 10.1.1.2 255.255.255.0
    [SwitchB-Vsi-interface1] quit
    

    # Create VSI-interface 2 and assign the interface an IP address.

    [SwitchB] interface vsi-interface 2
    [SwitchB-Vsi-interface2] ip address 20.1.1.2 255.255.255.0
    [SwitchB-Vsi-interface2] quit
    

    # Specify VSI-interface 1 as the gateway interface for VSI vpna.

    [SwitchB] vsi vpna
    [SwitchB-vsi-vpna] gateway vsi-interface 1
    [SwitchB-vsi-vpna] quit
    

    # Specify VSI-interface 2 as the gateway interface for VSI vpnc.

    [SwitchB] vsi vpnc
    [SwitchB-vsi-vpnc] gateway vsi-interface 2
    [SwitchB-vsi-vpnc] quit
    
  5. Configure Switch C:

    # Enable L2VPN.

    <SwitchC> system-view
    [SwitchC] l2vpn enable
    

    # Set the VXLAN hardware resource mode.

    [SwitchC] hardware-resource vxlan l3gw16k
    

    # Create VSI vpna and VXLAN 10.

    [SwitchC] vsi vpna
    [SwitchC-vsi-vpna] vxlan 10
    [SwitchC-vsi-vpna-vxlan-10] quit
    [SwitchC-vsi-vpna] quit
    

    # Create VSI vpnb and VXLAN 30.

    [SwitchC] vsi vpnb
    [SwitchC-vsi-vpnb] vxlan 30
    [SwitchC-vsi-vpnb-vxlan-30] quit
    [SwitchC-vsi-vpnb] quit
    

    # Assign an IP address to Loopback 0. The IP address will be used as the source IP address of the VXLAN tunnels to Switch A and Switch B.

    [SwitchC] interface loopback 0
    [SwitchC-Loopback0] ip address 3.3.3.3 255.255.255.255
    [SwitchC-Loopback0] quit
    

    # Create a VXLAN tunnel to Switch A. The tunnel interface name is Tunnel 1.

    [SwitchC] interface tunnel 1 mode vxlan
    [SwitchC-Tunnel1] source 3.3.3.3
    [SwitchC-Tunnel1] destination 1.1.1.1
    [SwitchC-Tunnel1] quit
    

    # Create a VXLAN tunnel to Switch B. The tunnel interface name is Tunnel 3.

    [SwitchC] interface tunnel 3 mode vxlan
    [SwitchC-Tunnel3] source 3.3.3.3
    [SwitchC-Tunnel3] destination 2.2.2.2
    [SwitchC-Tunnel3] quit
    

    # Assign Tunnel 1 and Tunnel 3 to VXLAN 10.

    [SwitchC] vsi vpna
    [SwitchC-vsi-vpna] vxlan 10
    [SwitchC-vsi-vpna-vxlan-10] tunnel 1
    [SwitchC-vsi-vpna-vxlan-10] tunnel 3
    [SwitchC-vsi-vpna-vxlan-10] quit
    [SwitchC-vsi-vpna] quit
    

    # Assign Tunnel 1 and Tunnel 3 to VXLAN 30.

    [SwitchC] vsi vpnb
    [SwitchC-vsi-vpnb] vxlan 30
    [SwitchC-vsi-vpnb-vxlan-30] tunnel 1
    [SwitchC-vsi-vpnb-vxlan-30] tunnel 3
    [SwitchC-vsi-vpnb-vxlan-30] quit
    [SwitchC-vsi-vpnb] quit
    

    # On , create Ethernet service instance 1000 to match VLAN 4.

    [SwitchC] interface ten-gigabitethernet 1/0/1
    [SwitchC-] service-instance 1000
    [SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 4
    

    # Map Ethernet service instance 1000 to VSI vpnb.

    [SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnb
    [SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit
    [SwitchC-Ten-GigabitEthernet1/0/1] quit
    

    # Create VSI-interface 1 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 10.

    [SwitchC] interface vsi-interface 1
    [SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
    [SwitchC-Vsi-interface1] mac-address 1-1-1
    

    # Specify VSI-interface 1 as a distributed gateway and enable local proxy ARP on the interface.

    [SwitchC-Vsi-interface1] distributed-gateway local
    [SwitchC-Vsi-interface1] local-proxy-arp enable
    [SwitchC-Vsi-interface1] quit
    

    # Disable source MAC check on transport-facing interface Ten-GigabitEthernet 1/0/2.

    [SwitchC] interface ten-gigabitethernet 1/0/2
    [SwitchC-Ten-GigabitEthernet1/0/2] undo mac-address static source-check enable
    

    # Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.

    [SwitchC] arp distributed-gateway dynamic-entry synchronize
    

    # Specify VSI-interface 1 as the gateway interface for VSI vpna.

    [SwitchC] vsi vpna
    [SwitchC-vsi-vpna] gateway vsi-interface 1
    [SwitchC-vsi-vpna] quit
    

    # Create VSI-interface 2 and assign the interface an IP address and a MAC address. The IP address will be used as the gateway address for VXLAN 30.

    [SwitchC] interface vsi-interface 2
    [SwitchC-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
    [SwitchC-Vsi-interface2] mac-address 2-2-2
    

    # Specify VSI-interface 2 as a distributed gateway and enable local proxy ARP on the interface.

    [SwitchC-Vsi-interface2] distributed-gateway local
    [SwitchC-Vsi-interface2] local-proxy-arp enable
    [SwitchC-Vsi-interface2] quit
    

    # Specify VSI-interface 2 as the gateway interface for VSI vpnb.

    [SwitchC] vsi vpnb
    [SwitchC-vsi-vpnb] gateway vsi-interface 2
    [SwitchC-vsi-vpnb] quit
    

    # Configure a PBR policy for the VXLANs. Set the policy name to vxlan and set the next hop to 20.1.1.2 (VSI-interface 1 on Switch B).

    [SwitchC] acl advanced 3000
    [SwitchC-acl-ipv4-adv-3000] rule 0 permit ip
    [SwitchC-acl-ipv4-adv-3000] quit
    [SwitchC] policy-based-route vxlan permit node 5
    [SwitchC-pbr-vxlan-5] if-match acl 3000
    [SwitchC-pbr-vxlan-5] apply next-hop 20.1.1.2
    [SwitchC-pbr-vxlan-5] quit
    

    # Apply policy vxlan to VSI-interface 2.

    [SwitchC] interface vsi-interface 2
    [SwitchC-Vsi-interface2] ip policy-based-route vxlan
    [SwitchC-Vsi-interface2] quit
    

Verifying the configuration

  1. Verify the VXLAN IP gateway settings on Switch A:

    # Verify that the VXLAN tunnel interfaces are up on Switch A.

    [SwitchA] display interface tunnel 2
    Tunnel2
    Current state: UP
    Line protocol state: UP
    Description: Tunnel2 Interface
    Bandwidth: 64 kbps
    Maximum transmission unit: 1464
    Internet protocol processing: Disabled
    Last clearing of counters: Never
    Tunnel source 1.1.1.1, destination 3.3.3.3
    Tunnel protocol/transport UDP_VXLAN/IP
    Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
    Input: 0 packets, 0 bytes, 0 drops
    Output: 0 packets, 0 bytes, 0 drops
    

    # Verify that VSI-interface 1 is up.

    [SwitchA] display interface vsi-interface 1
    Vsi-interface1
    Current state: UP
    Line protocol state: UP
    Description: Vsi-interface1 Interface
    Bandwidth: 1000000 kbps
    Maximum transmission unit: 1444
    Internet address: 10.1.1.1/24 (primary)
    IP packet frame type: Ethernet II, hardware address: 0001-0001-0001
    IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001
    Physical: Unknown, baudrate: 1000000 kbps
    Last clearing of counters: Never
    Input (total):  0 packets, 0 bytes
    Output (total):  0 packets, 0 bytes
    

    # Verify that the VXLAN tunnels have been assigned to VXLAN 10, and VSI-interface 1 is the gateway interface for VSI vpna.

    [SwitchA] display l2vpn vsi name vpna verbose
    VSI Name: vpna
      VSI Index               : 0
      VSI State               : Up
      MTU                     : 1500
      Bandwidth               : Unlimited
      Broadcast Restrain      : Unlimited
      Multicast Restrain      : Unlimited
      Unknown Unicast Restrain: Unlimited
      MAC Learning            : Enabled
      MAC Table Limit         : -
      MAC Learning rate       : -
      Drop Unknown            : -
      Flooding                : Enabled
      Statistics              : Disabled
      Gateway Interface       : VSI-interface 1
      VXLAN ID                : 10
      Tunnels:
        Tunnel Name          Link ID    State  Type        Flood proxy
        Tunnel1              0x5000001  Up     Manual      Disabled
        Tunnel2              0x5000002  Up     Manual      Disabled
      ACs:
         AC                               Link ID    State    Type
         XGE1/0/1 srv1000                 0          Up       Manual
    

    # Verify that Switch A has created ARP entries for the VMs.

    [SwitchA] display arp
      Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid
    IP address      MAC address    VLAN/VSI   Interface/Link ID        Aging Type
    11.1.1.4        000c-29c1-5e46 11         Vlan11                   19    D
    10.1.1.2        0003-0000-0000 N/A        Vsi1                     20    D
    10.1.1.11       0cda-41b5-cf09 N/A        Vsi1                     20    D
    20.1.1.12       0000-fc00-0b01 N/A        Vsi2                     19    D
    
  2. Verify the configuration on the border gateway Switch B:

    # Verify that the VXLAN tunnel interfaces are up on Switch B.

    [SwitchB] display interface tunnel 2
    Tunnel2
    Current state: UP
    Line protocol state: UP
    Description: Tunnel2 Interface
    Bandwidth: 64 kbps
    Maximum transmission unit: 1464
    Internet protocol processing: Disabled
    Last clearing of counters: Never
    Tunnel source 2.2.2.2, destination 1.1.1.1
    Tunnel protocol/transport UDP_VXLAN/IP
    Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
    Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
    Input: 0 packets, 0 bytes, 0 drops
    Output: 0 packets, 0 bytes, 0 drops
    

    # Verify that VSI-interface 1 is up.

    [SwitchB] display interface vsi-interface 1
    Vsi-interface1
    Current state: UP
    Line protocol state: UP
    Description: Vsi-interface1 Interface
    Bandwidth: 1000000 kbps
    Maximum transmission unit: 1444
    Internet address: 10.1.1.2/24 (primary)
    IP packet frame type: Ethernet II, hardware address: 0011-2200-0102
    IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102
    Physical: Unknown, baudrate: 1000000 kbps
    Last clearing of counters: Never
    Input (total):  0 packets, 0 bytes
    Output (total):  0 packets, 0 bytes
    

    # Verify that the VXLAN tunnels have been assigned to VXLAN 10, and VSI-interface 1 is the gateway interface for VSI vpna.

    [SwitchB] display l2vpn vsi name vpna verbose
    VSI Name: vpna
      VSI Index               : 0
      VSI State               : Up
      MTU                     : 1500
      Bandwidth               : Unlimited
      Broadcast Restrain      : Unlimited
      Multicast Restrain      : Unlimited
      Unknown Unicast Restrain: Unlimited
      MAC Learning            : Enabled
      MAC Table Limit         : -
      MAC Learning rate       : -
      Drop Unknown            : -
      Flooding                : Enabled
      Statistics              : Disabled
      Gateway interface       : VSI-interface 1
      VXLAN ID                : 10
      Tunnels:
        Tunnel Name          Link ID    State  Type        Flood proxy
        Tunnel2              0x5000002  Up     Manual      Disabled
    

    # Verify that Switch B has created ARP entries for the VMs.

    [SwitchB] display arp
      Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid
    IP address      MAC address    VLAN/VSI   Interface/Link ID        Aging Type
    12.1.1.4        0000-fc00-00ab 12         Vlan12                   14    D
    25.1.1.5        4431-9234-24bb 20         Vlan20                   17    D
    10.1.1.1        0000-fc00-00ab N/A        Vsi1                     17    D
    10.1.1.11       0000-fc00-00ab N/A        Vsi1                     20    D
    20.1.1.1        0000-fc00-00aa N/A        Vsi3                     17    D
    20.1.1.12       0000-fc00-00aa N/A        Vsi3                     20    D
    

    # Verify that Switch B has created FIB entries for the VMs.

    [SwitchB] display fib 10.1.1.11
    Destination count: 1 FIB entry count: 1
    Flag:
      U:Useable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static
      R:Relay     F:FRR
    Destination/Mask   Nexthop         Flag     OutInterface/Token       Label
    10.1.1.11/32       10.1.1.11       UH       Vsi1                     Null
    [SwitchB] display fib 20.1.1.12
    Destination count: 1 FIB entry count: 1
    Flag:
      U:Useable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static
      R:Relay     F:FRR
    Destination/Mask   Nexthop         Flag     OutInterface/Token       Label
    20.1.1.12/32       20.1.1.12       UH       Vsi1                     Null
    
  3. Verify that the network connectivity for VMs meets the requirements:

    # Verify that VM 1 and VM 3 can ping each other. (Details not shown.)

    # Verify that VM 1 and VM 3 can ping VLAN-interface 20 (25.1.1.5) on Switch E for WAN access. (Details not shown.)