VXLAN Configuration

introduction introduction vxlan (virtual extensible lan) is a layer 2 vpn technology based on ip network with "mac in udp" encapsulation, providing layer 2 interconnection for scattered physical sites and forming a large layer 2 network the current vxlan tunnel establishment method supported by the device is manual creation, specifying the source ip address of the tunnel as the local loopback port ip address, and binding the vlan to the vni the packets received from the local site are judged to belong to the vxlan tunnel according to the vlan information, and for the vxlan messages received from the vxlan tunnel, the layer 2 broadcast domain to which the packets belong is judged according to the vni id establishing vxlan tunnel by static method establishing vxlan tunnel by static method network requirements network requirements an enterprise needs to build its own campus network, using static configuration to achieve layer 2 interoperability through vxlan virtual networks for users in different physical locations in the same department procedure procedure device 2 configuration \# create vlan add add member interface sonic(config)# vlan 10 sonic(config vlan 10)# vni 10 sonic(config vlan 10)# exit sonic(config)# interface ethernet 1 sonic(config if 1)# switchport access vlan 10 sonic(config)# vlan 20 sonic(config vlan 20)# vni 20 sonic(config vlan 20)# exit sonic(config)# interface ethernet 2 sonic(config if 2)# switchport access vlan 20 \# establish bgp neighbors with device 1 sonic(config)# interface ethernet 49 sonic(config if 49)# ip address 10 1 1 1/30 sonic(config)# interface loopback 0 sonic(config loif 0)# ip address 10 1 1 10/32 sonic(config)# router bgp 65100 sonic(config router)# bgp router id 10 1 1 10 sonic(config router)# no bgp ebgp requires policy sonic(config router)# no bgp default ipv4 unicast sonic(config router)# neighbor 10 1 1 2 remote as 65101 sonic(config router)# neighbor 10 1 1 2 description device1 sonic(config router)# address family ipv4 unicast sonic(config router af)# neighbor peer v4 ebgp activate sonic(config router af)# network 10 1 1 10/32 sonic(config router af)# exit \# create a vxlan tunnel and specify the remote vtep ip sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# source 10 1 1 10 this setting need save config and restart to take effect sonic(config vxlanif 0)# vni 10 peer 10 1 1 20 sonic(config vxlanif 0)# vni 20 peer 10 1 1 20 sonic(config vxlanif 0)# exit sonic# write save running config existing files will be overwritten, continue? \[y/n] y running command /usr/local/bin/sonic cfggen d print data > /etc/sonic/config db json sonic# reboot device 3 configuration \# interface configuration ip address section and bgp configuration is the same as device 1, omitted here \# create a vxlan tunnel and specify the remote vtep ip sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# source 10 1 1 20 this setting need save config and restart to take effect sonic(config vxlanif 0)# vni 10 peer 10 1 1 10 sonic(config vxlanif 0)# vni 20 peer 10 1 1 10 sonic(config vxlanif 0)# exit sonic# write save running config existing files will be overwritten, continue? \[y/n] y running command /usr/local/bin/sonic cfggen d print data > /etc/sonic/config db json sonic# reboot device 1 configuration \# configure ip address omitted here \# establish bgp neighbors with device 2, device 3 sonic(config)# router bgp 65101 sonic(config router)# bgp router id 10 1 1 30 sonic(config router)# no bgp ebgp requires policy sonic(config router)# no bgp default ipv4 unicast sonic(config router)# neighbor peer v4 ebgp peer group sonic(config router)# neighbor 10 1 1 2 remote as 65100 sonic(config router)# neighbor 10 1 1 2 description device2 sonic(config router)# neighbor 10 1 1 2 peer group peer v4 ebgp sonic(config router)# neighbor 10 1 1 5 remote as 65100 sonic(config router)# neighbor 10 1 1 5 description device3 sonic(config router)# neighbor 10 1 1 5 peer group peer v4 ebgp sonic(config router)# address family ipv4 unicast sonic(config router af)# neighbor peer v4 ebgp activate sonic(config router af)# neighbor peer v4 ebgp as override sonic(config router af)# exit verify configuration verify configuration check the vxlan tunnel information sonic(config)# do show evpn tunnel + + + \| tunnel | vni | +===========================+=======+ \| vttnl10 1 1 10 10 1 1 20 | 10 | \| | 20 | + + + pc1 and pc3, pc2 and pc4 can communicate with each other check the mac table entries sonic(config)# do show mac address no vlan macaddress port type \ 1 10 00 00 02 01 01 02 vttnl10 1 1 10 10 1 1 20 dynamic 2 10 00 00 02 01 01 03 ethernet1 dynamic 3 20 00 00 12 01 01 02 vttnl10 1 1 10 10 1 1 20 dynamic 4 20 00 00 12 01 01 03 ethernet2 dynamic establishing vxlan tunnel by evpn establishing vxlan tunnel by evpn network requirements network requirements an enterprise needs to build its own campus network, using static configuration to achieve layer 2 interoperability through vxlan virtual networks for users in different physical locations in the same department procedure procedure device 2 configuration \# create vlan add add member interface sonic(config)# vlan 10 sonic(config vlan 10)# vni 10 sonic(config vlan 10)# exit sonic(config)# interface ethernet 1 sonic(config if 1)# switchport access vlan 10 sonic(config)# vlan 20 sonic(config vlan 20)# vni 20 sonic(config vlan 20)# exit sonic(config)# interface ethernet 2 sonic(config if 2)# switchport access vlan 20 \# establish bgp neighbors with device 1 sonic(config)# interface ethernet 49 sonic(config if 49)# ip address 10 1 1 1/30 sonic(config)# interface loopback 0 sonic(config loif 0)# ip address 10 1 1 10/32 sonic(config)# router bgp 65100 sonic(config router)# bgp router id 10 1 1 10 sonic(config router)# no bgp ebgp requires policy sonic(config router)# no bgp default ipv4 unicast sonic(config router)# neighbor 10 1 1 2 remote as 65101 sonic(config router)# neighbor 10 1 1 2 description device1 sonic(config router)# address family ipv4 unicast sonic(config router af)# neighbor peer v4 ebgp activate sonic(config router af)# network 10 1 1 10/32 sonic(config router af)# exit \# enable l2 vpn sonic(config router)# address family l2vpn evpn sonic(config router af)# neighbor 10 1 1 2 activate sonic(config router af)# advertise all vni sonic(config router af)# exit \# create vxlan tunnel sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# source 10 1 1 10 this setting need save config and restart to take effect sonic(config vxlanif 0)# exit sonic# write save running config existing files will be overwritten, continue? \[y/n] y running command /usr/local/bin/sonic cfggen d print data > /etc/sonic/config db json sonic# reboot device 3 configuration \# interface configuration ip address section and evpn configuration is the same as device 1, omitted here \# create vxlan tunnel sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# source 10 1 1 20 this setting need save config and restart to take effect sonic(config vxlanif 0)# exit sonic# write save running config existing files will be overwritten, continue? \[y/n] y running command /usr/local/bin/sonic cfggen d print data > /etc/sonic/config db json sonic# reboot device 1 configuration \# omit the ip address configuration process \# establish evpn neighbors with device 2,3 sonic(config)# router bgp 65101 sonic(config router)# bgp router id 10 1 1 30 sonic(config router)# no bgp ebgp requires policy sonic(config router)# no bgp default ipv4 unicast sonic(config router)# neighbor peer v4 ebgp peer group sonic(config router)# neighbor 10 1 1 2 remote as 65100 sonic(config router)# neighbor 10 1 1 2 description device2 sonic(config router)# neighbor 10 1 1 2 peer group peer v4 ebgp sonic(config router)# neighbor 10 1 1 5 remote as 65100 sonic(config router)# neighbor 10 1 1 5 description device3 sonic(config router)# neighbor 10 1 1 5 peer group peer v4 ebgp sonic(config router)# address family ipv4 unicast sonic(config router af)# neighbor peer v4 ebgp activate sonic(config router af)# neighbor peer v4 ebgp as override sonic(config router af)# exit \# enable l2vpn sonic(config router)# address family l2vpn evpn sonic(config router af)# neighbor peer v4 ebgp activate sonic(config router af)# advertise all vni sonic(config router af)# exit verify configuration verify configuration check the vxlan tunnel information sonic(config)# do show evpn tunnel + + + \| tunnel | vni | +===========================+=======+ \| vttnl10 1 1 10 10 1 1 20 | 10 | \| | 20 | + + + pc1 and pc3, pc2 and pc4 can communicate with each other check the mac table entries sonic(config)# do show mac address no vlan macaddress port type \ 1 10 00 00 02 01 01 02 vttnl10 1 1 10 10 1 1 20 dynamic 2 10 00 00 02 01 01 03 ethernet1 dynamic 3 20 00 00 12 01 01 02 vttnl10 1 1 10 10 1 1 20 dynamic 4 20 00 00 12 01 01 03 ethernet2 dynamic establishing multicast vxlan tunnel establishing multicast vxlan tunnel network requirements network requirements the enterprise has established a relatively mature multimedia transmission network, with servers distributed across different departments currently, bum (broadcast, unknown unicast, multicast) traffic from audio and video collection devices is transmitted using a tunnel based head end replication method, which leads to bandwidth inefficiency the customer now wishes to build a virtual network over the existing transmission infrastructure with the following requirements deliver audio and video services (bum traffic) from collection devices scattered across different departments to respective target departments on demand, enabling flexible service deployment numerous vms are deployed on each server layer 2 connectivity is required between servers in the same subnet the vxlan layer 3 gateway function is moved down to the vxlan access devices, where a distributed gateway architecture is adopted to optimize forwarding paths as shown in the diagram, for the audio and video bum traffic from the collection side on deviceb\ bum traffic in vlan 10 should be forwarded via tunnel only to the servers under devicec bum traffic in vlan 20 should be forwarded via tunnel to servers under both devicec and deviced procedure procedure configure routing protocol \# configure the ip addresses for each interface on devicea the configuration for deviceb, devicec, and deviced is similar to devicea establish bgp neighbors between devicea and deviceb, devicec, and deviced respectively advertise the loopback interface addresses to ensure reachability between loopback addresses of all devices (e g , via ping) enable pim and ip multicast forwarding on the relevant interfaces sonic(config)# interface ethernet 49 sonic(config if 49)# ip address 20 1 1 1/30 sonic(config if 49)# ip pim sonic(config if 49)# multicast enable sonic(config)# interface ethernet 50 sonic(config if 50)# ip address 30 1 1 1/30 sonic(config if 50)# ip pim sonic(config if 50)# multicast enable sonic(config)# interface ethernet 51 sonic(config if 51)# ip address 40 1 1 1/30 sonic(config if 51)# ip pim sonic(config if 51)# multicast enable sonic(config)# interface loopback 0 sonic(config loif 0)# ip address 10 1 1 1/32 sonic(config loif 0)# ip pim sonic(config)# router bgp 65100 sonic(config router)# bgp router id 10 1 1 1 sonic(config router)# no bgp ebgp requires policy sonic(config router)# no bgp default ipv4 unicast sonic(config router)# neighbor 20 1 1 2 remote as 65101 sonic(config router)# neighbor 20 1 1 2 description deviceb sonic(config router)# neighbor 30 1 1 2 remote as 65101 sonic(config router)# neighbor 30 1 1 2 description devicec sonic(config router)# neighbor 40 1 1 2 remote as 65101 sonic(config router)# neighbor 40 1 1 2 description deviced sonic(config router)# address family ipv4 unicast sonic(config router af)# neighbor 20 1 1 2 activate sonic(config router af)# neighbor 30 1 1 2 activate sonic(config router af)# neighbor 40 1 1 2 activate sonic(config router af)# network 10 1 1 1/32 sonic(config router af)# exit sonic(config router)# address family l2vpn evpn sonic(config router af)# neighbor 10 1 1 2 activate sonic(config router af)# neighbor 10 1 1 3 activate sonic(config router af)# neighbor 10 1 1 4 activate sonic(config router af)# advertise all vni configure vlan access settings on deviceb, devicec, and deviced respectively sonic(config)# vlan 10 sonic(config vlan 10)# vni 10 sonic(config vlan 10)# arp trap enable sonic(config)# vlan 20 sonic(config vlan 20)# vni 20 sonic(config vlan 20)# arp trap enable sonic(config)# interface ethernet 1 sonic(config if 1)# switchport trunk vlan 10 sonic(config if 1)# switchport trunk vlan 20 sonic(config)# interface vlan 10 sonic(config vlanif 10)# ip address 100 1 1 1/24 sonic(config vlanif 10)# arp proxy mode evpn sonic(config)# interface vlan 20 sonic(config vlanif 20)# ip address 200 1 1 1/24 sonic(config vlanif 20)# arp proxy mode evpn configure vxlan tunnel settings on deviceb, devicec, and deviced respectively, specifying the destination address and corresponding vni the following example uses deviceb for illustration sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# source 10 1 1 2 sonic(config vxlanif 0)# vni 10 peer 10 1 1 3 sonic(config vxlanif 0)# vni 10 peer 10 1 1 4 sonic(config vxlanif 0)# vni 20 peer 10 1 1 3 sonic(config vxlanif 0)# vni 20 peer 10 1 1 4 configure multicast vxlan tunnels on deviceb, devicec, and deviced sonic(config)# interface vxlan 0 sonic(config vxlanif 0)# vni 10 mcast group 224 1 1 10 sonic(config vxlanif 0)# vni 20 mcast group 224 1 1 20 configure static multicast route on deviceb sonic(config)# interface loopback 0 sonic(config loif 0)# ip mroute ethernet 49 224 1 1 10 10 1 1 2 sonic(config loif 0)# ip mroute ethernet 49 224 1 1 20 10 1 1 2 configure static multicast routes on devicea\ forward bum traffic from vlan10 to devicec forward bum traffic from vlan20 to both devicec and deviced sonic(config)# interface ethernet 49 sonic(config if 49)# ip mroute ethernet 50 224 1 1 10 10 1 1 2 sonic(config if 49)# ip mroute ethernet 50 224 1 1 20 10 1 1 2 sonic(config if 49)# ip mroute ethernet 51 224 1 1 20 10 1 1 2 verify configuration verify configuration bum traffic from vlan 10 on deviceb is forwarded only to servers in vlan 10 under devicec through the multicast tunnel bum traffic from vlan 20 on deviceb is forwarded to servers in vlan 20 under both devicec and deviced through the multicast tunnel unicast traffic between endpoints connected to deviceb, devicec, and deviced continues to be forwarded using unicast tunnels